calling all linux lovers

[Electric Amish]

Originally posted by: manly

Originally posted by: Electric Amish
Couldn't you use IP-tables as well...at least for system and resource access??

amish

IP Tables has nothing to do with this question.

It could, except it's based by system rather than user.

amish

 

[wyvrn]

Well I know you can use the chgrp command for group membership. And you can limit system access by modding the /etc/hots.equiv file.

For file restriction based on specific users, use the setfacl command, where 7=read, write, and execute; 4=read only; 5=read and execute; and 6=read and write.

For instance, setfacl -m u:user8:6 filename.txt creates an ACL entry on filename.txt for user8 with permissions to read and write to the file. The command setfacl -m u:user9:7, g:group7:4, o:0 filename.txt sets user9's permissions on filename.txt to read, write and execute; group7's permissions to read only; and other permissions to none. In addition, the command setfacl -m m:4 filename.txt sets the mask permissions to read only, where the mask permission supercedes all other permissions on the file. To view the ACL on a file, type getfacl filename.txt which shows permissions set and effective permissions (as when using a mask).

Does that help?


edit: If you want to setup a shared directory, use the setgid permission. Files created in the directory belong to the group in which the directory belongs instead of the group(s) the user that created the file belongs to. The command chmod g+s shared_directory adds the setgid permission to the directory. To protect files in the directory, use the sticky bit permission. If a directory has sticky bit set, only the owner of a file in the directory or root can delete it. The syntax is chmod 1777 shared_directory .

 

[nord1899]

Originally posted by: Mucman
I am really curious on how this is done, so here is a bump 🙂

btw, at school I used the same username and password to check my E-mail, login to the Solaris machines, RedHat machines, and the web proxy. I'm not totally sure how they do it though.
We were given seperate username and passwords to login to the Win2k machines.

This might be a fun thing to play with next time I redo my home network...

Hold on. I get two possible ideas with what you stated here.

The first is that you login once and you never have to login again to any of the machines.
The second is that you have to login to each machine individually, its just that each one uses the same username/password combo. BTW, this is very insecure.

So which is it?

 

[Mucman]

Originally posted by: nord1899

Originally posted by: Mucman
I am really curious on how this is done, so here is a bump 🙂

btw, at school I used the same username and password to check my E-mail, login to the Solaris machines, RedHat machines, and the web proxy. I'm not totally sure how they do it though.
We were given seperate username and passwords to login to the Win2k machines.

This might be a fun thing to play with next time I redo my home network...

Hold on. I get two possible ideas with what you stated here.

The first is that you login once and you never have to login again to any of the machines.
The second is that you have to login to each machine individually, its just that each one uses the same username/password combo. BTW, this is very insecure.

So which is it?

I can login with the same username and password on any unix computer. If I am logged in and I want to ssh to the quad cpu Sun box, I will be prompted for my username and password again (albeit the info is the same).
My home directory is the same no matter what machine I am at since it is mounted via NFS from the file server.

Pretty crazy since there are over 30,000 home directories!

 

[Nemesis77]

Originally posted by: Ameesh
If linux cant support this how do people expect it to get deployed in the corporate environment?

How do you expect Windows to get deployed in corporate environment since it doesn't have the stability, security, openness nor the price 😉? But as to the question at hand. Single sign-on can be done with NIS for example.

FWIW: Extended attributes and ACL's were merged in 2.5.46.

Link

 

[n0cmonkey]

Between LDAP, NIS, and more advanced file systems like XFS Linux can handle this quite well.

AD is another rip off of better technologies.

There are filesystems out there much better than NTFS that have ACLs. XFS being one of the big ones.

Do you have an enterprise firewall shipping with all of your OSes yet? So when will Apache be ready to ship as IIS 6? Did you all ever find those Russian hackers and your source code?

 

[n0cmonkey]

Originally posted by: thawolfman
why is slashdot red?

Because they are a media source, and like every other media source on the planet they are biased, but unlike other media sources (like the horribly hosted MSNBC) they are not allowe to be biased. Ameesh is worried that free software will show people what good software is supposed to be like and that he will have to actually work one of these days to code something stable and secure and stop playing with his PPTP.