msgbartop
A chronological documentation test project, nothing serious, really!
msgbarbottom

31 Jan 2007 Samba share permissions simplified

Permission precedence

Samba comes with different types of permissions for share. Try to remember few things about UNIX and Samba permissions.

(a) Linux system permissions take precedence over Samba permissions. For example if a directory does not have Linux write permission, setting samba writeable = Yes (see below) will not allow to write to shared directory / share.

(b) The filesystem permission cannot be take priority over Samba permission. For example if filesystem mounted as readonly setting writeable = Yes will not allow to write to any sharred directory or share via samba server.

How do I set permissions to Samba shares?

Samba Basic permissions are as follows (configuration file is smb.conf [/etc/samba/smb.conf]):

* read only: This parameter controls whether an user has the ability to create or modify files within a share. This is default.
* guest ok: Uf this parameter is set to yes, the users will have access to the share without
having to enter a password. This can pose security risk.
* writeable: Specifies users should have write access to the share.

You can create the share called helpfiles with read only permission
[helpfiles]
path = /usr/share/docs
read only = Yes

You can create the share called salesdoc with write permission
[salesdoc]
path = /home/shared/sales
writeable = Yes

You can also create a list of users to give write access to the share with write list option. For example allow rocky and tony to write to the share called sales:
[salesdoc]
path = /home/shared/sales
write list = rocky tony

You can use following options

* read list: This option accepts a list of usernames or a group as its value. Users will be given read-only access to the share.
* valid users: You can make a share available to specific users. Usernames or group names can be passed on as its value.
* invalid users: Users or groups listed will be denied access to this share.

Samba mask permission

It is also possible to specify samba default file creation permission using mask.

* create mask: This option is set using an octal value when setting permissions for files.
* directory mask: Directories must have the execute bit for proper access. Default parameter is 0755.

[salesdoc]
path = /home/shared/sales
write list = rocky sys
create mask = 0775

Tags: ,

Posted by

30 Jan 2007 chkrootkit

chkrootkit -x lkm gives more info about the rootkit lmk

chkrootkit creates a separate binary called chkproc that allows you to search for hidden processes.

Tags: ,

Posted by

29 Jan 2007 Taffic shaping

Source http://www.void.gr/kargig/blog/2007/01/14/traffic-shaping-torrentflux/

Tags: ,

Posted by

29 Jan 2007 Using a usb stick to login to gentoo Linux

It was kinda late, and I wanted to do something tonight…something interesting. I was looking at my usb key when I had this flash…”Could I use my usb key to login to my pc with a certain account ?”.
Googling … googling… I need a PAM module to do it. eix time now!

#eix pam usb
* sys-libs/pam_usb
Available versions: 0.3.1 0.3.2
Homepage: http://www.pamusb.org/
Description: A PAM module that enables authentication using an USB-Storage device (such as an USB Pen) through DSA private/public keys.

Bingo!

I emerged it and edited /etc/pam.d/system-auth and /etc/pam.d/login
In the very first line of the files I added:
auth sufficient /lib/security/pam_usb.so !check_device allow_remote=1 force_device=/dev/sda1 fs=vfat debug=1 log_file=/var/log/pam_usb.log

Then I just did:

mount /mnt/corsair
usbadm keygen /mnt/corsair root 4096

as the great quickstart of pam_usb describes and I am set!

just a test then…:

$ su
#

Damn! I liked that!

and you can check the debug log too:

[device.c:371] Forcing device /dev/sda1
[device.c:346] Creating temporary mount point...
[device.c:354] Scheduling [/tmp/pam_usbI7wL6Z] for dropping
[device.c:358] Using /tmp/pam_usbI7wL6Z as mount point
[device.c:237] Trying to mount /dev/sda1 on /tmp/pam_usbI7wL6Z using vfat
[device.c:253] Device mounted, trying to open private key
[device.c:181] Opening /tmp/pam_usbI7wL6Z/.auth/root.XXXXXX
[device.c:261] Private key opened
[auth.c:207] Private key imported
[auth.c:218] Public key imported
[device.c:455] Dropping [/tmp/pam_usbI7wL6Z]
[dsa.c:77] Checking DSA key pair...
[dsa.c:87] Signing pseudo random data [1 time(s)]...
[dsa.c:94] Valid signature
[dsa.c:87] Signing pseudo random data [2 time(s)]...
[dsa.c:94] Valid signature
[dsa.c:87] Signing pseudo random data [3 time(s)]...
[dsa.c:94] Valid signature
[pam.c:207] Access granted

What about if I remove the usb key ?

$ su
Password:
su: Authentication failure
Sorry.
$

and the debug log:

[device.c:371] Forcing device /dev/sda1
[device.c:346] Creating temporary mount point...
[device.c:354] Scheduling [/tmp/pam_usbTMRHEZ] for dropping
[device.c:358] Using /tmp/pam_usbTMRHEZ as mount point
[device.c:237] Trying to mount /dev/sda1 on /tmp/pam_usbTMRHEZ using vfat
[device.c:242] mount failed: No such file or directory
[device.c:249] Unable to mount /dev/sda1, tried with 1 fs
[device.c:376] Device forcing failed, back to guess mode
[device.c:419] Cannot find any device
[device.c:455] Dropping [/tmp/pam_usbTMRHEZ]
[auth.c:186] Invalid device
[pam.c:203] Cannot authenticate user "root"

Source: http://www.void.gr/kargig/blog/2005/04/15/using-a-usb-stick-to-login-to-gentoo/

Tags: , , , , ,

Posted by

28 Jan 2007 Virtual Mailhosting System with Postfix Guide

Source: http://www.gentoo.org/doc/en/virt-mail-howto.xml

Tags: , , , ,

Posted by