With Linux ACL, can you have multiple groups with default access to a folder? I want this for sharing code repositories between different coding groups + several processes. My thinking is, if a user from one group creates contents inside the shared repository, even though the owner is that user, the default permissions are propagated to that new file and the other users can still access the contents. Here’s what I tried as root: mkdir [...]Continue Reading »
In squid, is it possible to enable access logging only on a specific ACL? If so, how? We have done quite a few searches and were unable to find the proper conf syntax Asked by anonymous-one acl log_this src x.x.x.x. y.y.y.y.y z.z.z.z.z access_log /var/log/squid common log_this Answered by diegows Check more discussion of this question. Bookmark on Delicious Digg this post Recommend on Facebook share via Reddit Share with Stumblers Tweet about it Print for [...]Continue Reading »
I’m transitioning away from an old tool that initiates an rsync (copying from a local path to a remote path w/SSH hostkeys) via a web form (completely behind a firewall w/multiple authentication layers, not that that’s an excuse) hosted on Mac OS X 10.6 Snow Leopard Server. To work around the fact that rsync is run by _www, but the files are owned by someuser (plus the SSH hostkeys are for someuser), the original author [...]Continue Reading »
Currently, the company I work for has nothing in the way of password management – everything is in a big excel spreadsheet that everyone has access to. Obviously this has a whole rash of issues attached to it, namely: Staff have access to passwords they shouldn’t have/don’t need. Anyone who can get access to a machine on the network can get full access to all the passwords. So, I’m pushing for us to move to [...]Continue Reading »
I have a need for a free rsync-like tool for Windows (very preferably with some sort of delta encoding) that supports synchronizing Windows ACLs and can copy open files, probably via VSS/Shadow Volumes. (I have zero budget for this, as it is a one-time project.) Many tools come close, but fail on one or more of those accounts. I don’t have a problem with a multistep procedure, but I want to avoid multiple steps to [...]Continue Reading »
I am almost positive this is an issue of missing a key component or not declaring/applying the ACL properly, but I am unable to figure out the fix on my own. What I am trying to do is only allow PC2 to send any traffic to PC3 and PC1. Essentially PC4 should be inaccessible to PC2. Since I am unable to post images yet, I will try to explain the topology which is very simple. [...]Continue Reading »
I would like the Linux filing system to set a specific group when new files and directories are created by different users under a specific directory. I know I can use chmod to change existing files and directories but I want it to happen automatically. Does anyone know how? Asked by James The standard user/group/other security model in Unix doesn’t support this. The closest you can get are the “sticky” bits to assign ownership and [...]Continue Reading »
It might be the time of night, but this is puzzling me. Picture the following. [root@node1 acltest]# getfacl foo/ # file: foo # owner: root # group: testuser user::rwx group::r-x other::—[root@node1 acltest]# ls -la . total 24 drwxr-xr-x 3 root root 4096 Feb 9 21:53 . drwxr-xr-x 25 root root 4096 Feb 9 21:54 .. drwxr-x— 2 root testuser 4096 Feb 9 21:53 foo [root@node1 acltest]# setfacl -m m::rwx foo [root@node1 acltest]# getfacl foo/ # [...]Continue Reading »
I need to allow HR people to edit some attributes for all Active Directory users (phone numbers, address, and similar contact informations), without giving them full administrative rights. They will need the right to edit those attributes on all user accounts, regardless of the OU they’re in, and this security setting should also be automatically applied to new user accounts when they are created. How can I accomplish this? Asked by Massimo You want to [...]Continue Reading »
I have an ASA 5505 on 8.2 in the field already working. It has two interfaces, LAN/inside and WAN/outside. There is an L2 site-to-site IPSec tunnel configured from the outside interface of the local ASA to the outside interface of a remote F/W (between local internal host .1/32 and remote internal host .1/32). I want to enable port forwarding for a single port to the outside IP of the local ASA to forward to the [...]Continue Reading »
- Is there a way for administrators to disable users from installing Firefox extensions?
- Is there research material on NTP accuracy available?
- How to create a limited “domain admin” that does not have access to domain controllers?
- Can Windows RDC admin users be immune from being kicked?
- Domain Administrators account policy (After PCI audit)