also sprach Alexandros Papadopoulos <[EMAIL PROTECTED]> [2004.11.08.0734 +0100]:
> changing /etc/apt-cacher/apt-cacher.conf and then
> reloading/restarting apache2 does not honor the changes.
Well, you should not need to restart apache2 since apt-cacher is
a CGI. Apparently, apache2 loads it perma
[sent this to debian-user, got no suggestions - I hope this is not too
OT on this list]
On a sarge system, I was using apt-cacher with apache. No problems
there. Once I replaced apache with apache2, apt-cacher works but no
longer accepts any configuration changes. I.e.
changing /etc/apt-cacher
Hi all,
I'm in trouble on setting up a gateway to diul-up
users. I'm using iptables with mstate module to
masquerade the clients' ip addresses.
I have a RAS Server (Ikon 4400) that receives PPP
and PPPoE connections. The RAS's gateway is pointing
to the server i'm setting up.
Now araises
Hi all,
I'm in trouble on setting up a gateway to diul-up
users. I'm using iptables with mstate module to
masquerade the clients' ip addresses.
I have a RAS Server (Ikon 4400) that receives PPP
and PPPoE connections. The RAS's gateway is pointing
to the server i'm setting up.
Now araises
> On Fri, Nov 05, 2004 at 07:53:33PM +0200, [EMAIL PROTECTED] wrote:
>> >In regards to the latter method, would it be possible for me to change
>> >the group ownership of the commands I don't want users to have access
>> to
>> >and revoke execute permission from that group?
>>
>> Yes, you can make
I wrote:
> No need for C. Perl suffices.
Stephen Le writes:
> I should be able to restrict a user's Perl scripts using Apache's
> suEXEC. I don't see how a user would be able to remotely execute a
> compiled C program outside of their priviledges.
I meant that they can do anything with Perl that
On Sun, 7 Nov 2004 14:41:42 -0500, Stephen Gran <[EMAIL PROTECTED]> wrote:
> apt-get remove --purge ftp telnet wget gcc
> rm /usr/bin/ssh /usr/bin/scp
Unfortunately, I can't do that since I still want some users to be
able to access those commands. I just want to restrict access to those
commands
This one time, at band camp, Stephen Le said:
> On Sun, 7 Nov 2004 14:14:16 +, Steve Kemp <[EMAIL PROTECTED]> wrote:
> > Lots of people have commented already, but I've not seen any
> > discussion on why you might want to do this. What kind of bad
> > commands are you trying to prevent?
>
On Sun, 07 Nov 2004 10:10:31 -0600, John Hasler <[EMAIL PROTECTED]> wrote:
> Steve Kemp writes:
> > If you give people the ability to upload CGI scripts, like the perl
> > example you mention, you've already lost - a malicious user could compile
> > some C code statically and exectute that remotely
On Sun, 7 Nov 2004 14:14:16 +, Steve Kemp <[EMAIL PROTECTED]> wrote:
> Lots of people have commented already, but I've not seen any
> discussion on why you might want to do this. What kind of bad
> commands are you trying to prevent?
>
> Most of the dangerous commands like fdisk, etc, w
Am 2004-11-07 01:12:49, schrieb Mark Ferlatte:
> Okay. I guess my next question is: why do you want your user
> crontabs NFS
> mounted from your clients? Since they are local configs, why not
> just let them
> be local? If you feel that you have to backup your crontabs for each
> host,
> have a
Steve Kemp writes:
> If you give people the ability to upload CGI scripts, like the perl
> example you mention, you've already lost - a malicious user could compile
> some C code statically and exectute that remotely.
No need for C. Perl suffices.
--
John Hasler
--
To UNSUBSCRIBE, email to [E
also sprach Teófilo Ruiz Suárez <[EMAIL PROTECTED]> [2004.11.07.1529 +0100]:
> Do you have an URL with more info about that policy framework?.
Not handy. Please write to , he's the author.
--
Please do not send copies of list mail to me; I read the list!
.''`. martin f. krafft <[EMAIL PRO
On Sun, Nov 07, 2004 at 02:02:35PM +0100, martin f krafft wrote:
> [...]
> I can't wait until I have time to try/use/improve Md's policy
> framework.
Do you have an URL with more info about that policy framework?.
Thanks,
--
teo - http://blog.eltridente.org
"Res publica non dominetur"
--
also sprach Steve Kemp <[EMAIL PROTECTED]> [2004.11.07.1514 +0100]:
> If you're operating a shared system and want to keep seperate
> web users isolated from each other using rbash, chroots or
> similar should be sufficient.
Neither rbash not chroots are security measures. They are hurdles at
On Fri, Nov 05, 2004 at 03:35:11PM -0800, Stephen Le wrote:
> See the example above. Users would still be able to upload their own
> Perl scripts and get Apache to execute them without restriction - the
> Perl script could call commands that I want to ban the users from
> executing.
Lots of peo
also sprach Brett Parker <[EMAIL PROTECTED]> [2004.11.07.1440 +0100]:
> Then, I've always prefered exim, I like having control at my
> finger tips, and things to do what I expect :)
Ha! Flamebait! Consider yourself whacked. I won't even respond to
this. :)
/me embraces /etc/postfix/main.cf
> Jus
On Sun, Nov 07, 2004 at 02:02:35PM +0100, martin f krafft wrote:
> also sprach Brett Parker <[EMAIL PROTECTED]> [2004.11.07.1226 +0100]:
> > exim4 and postfix, depending on the machine, and who origionally set it
> > up. New machines are getting exim4 because it is far more flexible and
> > powerfu
also sprach Mark Ferlatte <[EMAIL PROTECTED]> [2004.11.07.1012 +0100]:
> Okay. I guess my next question is: why do you want your user
> crontabs NFS mounted from your clients?
The cluster nodes are frequently reinstalled, so the crontabs need
to be installed automatically.
> This actually closes
also sprach Mark Ferlatte <[EMAIL PROTECTED]> [2004.11.07.1013 +0100]:
> Don't know about most; I use Postfix. I don't think exim is a bad choice,
> though; I just liked Postfix better, and it performs well enough to meet my
> needs.
Well said.
also sprach Brett Parker <[EMAIL PROTECTED]> [2004.
On Sat, Nov 06, 2004 at 09:19:40PM -0600, Rodney Richison wrote:
> Are most of you using exim or postfix? Just curious. I've never tried
> exim.
exim4 and postfix, depending on the machine, and who origionally set it
up. New machines are getting exim4 because it is far more flexible and
powerfu
On Fri, Nov 05, 2004 at 07:53:33PM +0200, [EMAIL PROTECTED] wrote:
> >In regards to the latter method, would it be possible for me to change
> >the group ownership of the commands I don't want users to have access to
> >and revoke execute permission from that group?
>
> Yes, you can make somethin
Rodney Richison said on Sat, Nov 06, 2004 at 09:19:40PM -0600:
> Are most of you using exim or postfix? Just curious. I've never tried
> exim.
Don't know about most; I use Postfix. I don't think exim is a bad choice,
though; I just liked Postfix better, and it performs well enough to meet my
n
martin f krafft said on Sat, Nov 06, 2004 at 12:30:06PM +0100:
> also sprach Mark Ferlatte <[EMAIL PROTECTED]> [2004.11.06.0123 +0100]:
> > Do you really want your user's crontabs to run on every host in your
> > cluster?
>
> They are mounted from master:/srv/var/spool/crontabs/${HOSTNAME}, so
>
24 matches
Mail list logo
