Dominic Coulombe wrote:
On 7/11/06, John Summerfied <[EMAIL PROTECTED]> wrote:
Rob van der Heij wrote:
On RHL & derivatives, "service" is the "one true way" to run the init.d
scripts. I don't currently have a SUSE system to check for myself, but I
think it does have something.
You just ha
It seems that option appeared with version 1.6.8. It is available on
SLE[SD} 10.
Mark Post
-Original Message-
From: Linux on 390 Port [mailto:[EMAIL PROTECTED] On Behalf Of
Rob van der Heij
Sent: Tuesday, July 11, 2006 2:42 AM
To: LINUX-390@VM.MARIST.EDU
Subject: Re: starting apache
On Tuesday 11 July 2006 02:41, Rob van der Heij wrote:
>On 7/11/06, Rick Troth <[EMAIL PROTECTED]> wrote:
>> Consider what Kris said about the '-i' flag on 'sudo'.
>
>It appears there's no such flag in the sudo that I have with SuSE so I
>can't tell.
I like using sudo to control root access for
On 7/11/06, John Summerfied <[EMAIL PROTECTED]> wrote:
Rob van der Heij wrote:
On RHL & derivatives, "service" is the "one true way" to run the init.d
scripts. I don't currently have a SUSE system to check for myself, but I
think it does have something.
You just have to run rcapache restart
Dominic Coulombe wrote:
The C program is a good idea but :
1) remove the gcc and other build tools after the development !
2) you will still need Tripwire to be sure nobody replaces your binary...
or use a RR dasd.
The SETUID bit is a good idea if you are sure that the binary is not
modified
Rob van der Heij wrote:
On 7/11/06, Rick Troth <[EMAIL PROTECTED]> wrote:
Consider what Kris said about the '-i' flag on 'sudo'.
It appears there's no such flag in the sudo that I have with SuSE so I
can't tell.
It's fairly new: not in RHEL 4 or Fedora Core 3. I think SUSE 10 has it,
D
Rob van der Heij wrote:
On 7/11/06, John Summerfied <[EMAIL PROTECTED]> wrote:
Does "sudo service apache restart" work?
Don't see that on my SuSE system. There's rcapache but that is just a
symlink into /etc/init.d/apache so that does not buy anything. But as
I said, even if it were setting
The C program is a good idea but :
1) remove the gcc and other build tools after the development !
2) you will still need Tripwire to be sure nobody replaces your binary...
or use a RR dasd.
The SETUID bit is a good idea if you are sure that the binary is not
modified by a malicious user.
A q
> Consider letting the user only executing your own hardened scripts
> that does not require ANY environment variables - hardcode every
> binary path - and do run Tripwire to verify that nobody alters the
> critical files on the system. If you do not want to run Tripwire,
> just put the scripts an
Hi,
There is a lot of critical stuff in /sbin and /usr/sbin... First, you need
to fully harden the Linux installation. The lesser you have packages, the
better you are protected against vulnerabilities.
I would definitely not let non-admin user run the whole thing on these
folders...
I'm neit
On 7/11/06, Rick Troth <[EMAIL PROTECTED]> wrote:
Consider what Kris said about the '-i' flag on 'sudo'.
It appears there's no such flag in the sudo that I have with SuSE so I
can't tell.
I believe my approach with coding su for one command is similar in effect?
And even the auditing is as
> I'd argue that these are bugs that should be fixed, not ignored. The
> Debian init scripts function properly using sudo because they're
> required to. Apparently the SuSE ones still need a little work.
...
David ...
Personally, I try to code for more robust behaviour,
but I cannot fault SuSE
On 7/11/06, John Summerfied <[EMAIL PROTECTED]> wrote:
Does "sudo service apache restart" work?
Don't see that on my SuSE system. There's rcapache but that is just a
symlink into /etc/init.d/apache so that does not buy anything. But as
I said, even if it were setting the PATH and what else you
Rob van der Heij wrote:
On 7/10/06, David Boyes <[EMAIL PROTECTED]> wrote:
That's why you allow them only the init script. The init template
provided with most distributions does not depend on the environment
beyond the basics. If you let them run a shell in any form, then yes,
you will lose.
Dominic Coulombe wrote:
Hi Alan,
I would use "sudo" for this purpose.
You can configure this user to execute only selected commands as root. The
user only need to provide his own password. Every attemps to run unallowed
commands is reported (logged).
You can allow the startup/shutdown script
> You made me double check, and I found I was indeed right...
I was sure you would...8-)
> [EMAIL PROTECTED]:~> sudo /etc/init.d/apache restart
> Shutting down httpd/etc/init.d/apache: line 158: killproc: command not
> found
>
> failed
> Starting httpd [ Mailman PERL PHP4 Python ]/etc/init.d/ap
Many problems with running scripts like this through sudo can often be solved
by using the -i option to sudo, to force the script to run in a like-login
environment for the user sudo is going to execute as (root in this case).
Kris
On Mon, Jul 10, 2006 at 02:18:13PM -0400, David Boyes wro
On 7/10/06, David Boyes <[EMAIL PROTECTED]> wrote:
That's why you allow them only the init script. The init template
provided with most distributions does not depend on the environment
beyond the basics. If you let them run a shell in any form, then yes,
you will lose.
You made me double check
by: Linux on 390 Port
07/10/2006 01:56 PM
Please respond to Linux on 390 Port
From
Rob van der Heij <[EMAIL PROTECTED]>
To
LINUX-390@VM.MARIST.EDU
cc
Subject
Re: starting apache
On 7/10/06, David Boyes <[EMAIL PROTECTED]> wrote:
> That's why you allow them only the init
> While I have not looked at the apache boot script, with most of them
> it does not work because the script was supposed to run as root and
> expects the typical root environment (e.g. for the PATH). If you end
> up allowing them to do somehting likesudo sh -c
> '/etc/init.d/apache start'
Tha
On 7/10/06, David Boyes <[EMAIL PROTECTED]> wrote:
Use sudo and permit them to run the init script in /etc/init.d. Install the
sudo package and 'man sudo'.
Be aware that sudo is only as secure as the command you let them
invoke. When the customer also has write access to some of the
configurat
I found it.
Thanks to all.
Alan Levy
W: 718-403-8020
C: 347-401-4629
-Original Message-
From: Linux on 390 Port [mailto:[EMAIL PROTECTED] On Behalf Of
David Boyes
Sent: Monday, July 10, 2006 11:52 AM
To: LINUX-390@VM.MARIST.EDU
Subject: Re: starting apache
It should be on your
It should be on your distribution media.
> Where can I find sudo for s390 ? Is there an RPM somewhere ?
--
For LINUX-390 subscribe / signoff / archive access instructions,
send email to [EMAIL PROTECTED] with the message: INFO LI
essage-
From: Linux on 390 Port [mailto:[EMAIL PROTECTED] On Behalf Of
David Boyes
Sent: Monday, July 10, 2006 11:42 AM
To: LINUX-390@VM.MARIST.EDU
Subject: Re: starting apache
> One of my clients has a request that his users not be given root
access
> but should be allowed to stop/sta
Where can I find sudo for s390 ? Is there an RPM somewhere ?
Alan Levy
W: 718-403-8020
C: 347-401-4629
-Original Message-
From: Linux on 390 Port [mailto:[EMAIL PROTECTED] On Behalf Of
David Boyes
Sent: Monday, July 10, 2006 11:42 AM
To: LINUX-390@VM.MARIST.EDU
Subject: Re: starting
Hi Alan,
I would use "sudo" for this purpose.
You can configure this user to execute only selected commands as root. The
user only need to provide his own password. Every attemps to run unallowed
commands is reported (logged).
You can allow the startup/shutdown script to be run by this user,
> One of my clients has a request that his users not be given root access
> but should be allowed to stop/start the httpd process.
> Does anyone have any suggestions/documentation on how to do this ?
Use sudo and permit them to run the init script in /etc/init.d. Install the
sudo package and 'man
One of my clients has a request that his users not be given root access
but should be allowed to stop/start the httpd process.
Does anyone have any suggestions/documentation on how to do this ?
TIA
--
For LINUX-
At 17:38 31-07-02 -0400, Post, Mark K wrote:
>Install mm-1.1.3-35.s390.rpm off CD2
A popular way to get into this unpleasant situation is
when the mount points for your SuSE ISO images do not
match the original names that SuSE used. Each ISO image
has a copy of an index that lists the packages
gt; search of the archive never get an answer either.
>
> -Original Message-
> From: Kittendorf, Craig [mailto:[EMAIL PROTECTED]]
> Sent: Wednesday, July 31, 2002 4:34 PM
> To: [EMAIL PROTECTED]
> Subject: Starting apache problem
>
>
> I am installing the beta
Now I got your response, only two days later.
Thanks,
Craig
-Original Message-
From: Post, Mark K [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, July 31, 2002 5:39 PM
To: [EMAIL PROTECTED]
Subject: Re: Starting apache problem
Install mm-1.1.3-35.s390.rpm off CD2.
Mark Post
I am installing the beta SuSE SLES. Trying to start apache I get the
following:
cdcl:~ # rcapache start
Starting httpd [ LDAP PERL ]
/usr/sbin/httpd: error while loading shared libraries: libmm.so.11: cannot
load
shared object file: No such file or directoryunused
cdcl:~
, Alpha and SPARC - so it's available for all supported SuSE
architectures except S/390.
Mark Post
-Original Message-
From: Kittendorf, Craig [mailto:[EMAIL PROTECTED]]
Sent: Friday, August 02, 2002 3:50 PM
To: [EMAIL PROTECTED]
Subject: FW: Starting apache problem (re-sent)
Any on
TECTED]
Subject: Starting apache problem
I am installing the beta SuSE SLES. Trying to start apache I get the
following:
cdcl:~ # rcapache start
Starting httpd [ LDAP PERL ]
/usr/sbin/httpd: error while loading shared libraries: libmm.so.11: cannot
load
shared object file: No such fi
bject: Starting apache problem
I am installing the beta SuSE SLES. Trying to start apache I get the
following:
cdcl:~ # rcapache start
Starting httpd [ LDAP PERL ]
/usr/sbin/httpd: error while loading shared libraries: libmm.so.11: cannot
load
shared object file: No such file or dire
Post, Mark K wrote:
> Install mm-1.1.3-35.s390.rpm off CD2.
This version has a temporary file vulnerability which can be exploited
to gain root access. You should not install this version on a public web
server since this race could be used in conjunction with a remote
exploit for Apache (e.g. b
Install mm-1.1.3-35.s390.rpm off CD2.
Mark Post
-Original Message-
From: Kittendorf, Craig [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, July 31, 2002 4:34 PM
To: [EMAIL PROTECTED]
Subject: Starting apache problem
I am installing the beta SuSE SLES. Trying to start apache I get the
> I am installing the beta SuSE SLES. Trying to start apache I get the
> following:
>
> cdcl:~ # rcapache start
> Starting httpd [ LDAP PERL ]
>
> /usr/sbin/httpd: error while loading shared libraries: libmm.so.11: cannot
> load
> shared object file: No such file or directory
> unused
> cdcl:~ #
38 matches
Mail list logo