08-05-2009
I would recommend moving closer to a least privilege security model. If your OS has security labels, RBAC, or sudo you should convince your higher ups to implement them immediately. Now wouldn't be a bad time to test your backups either.
10 More Discussions You Might Find Interesting
1. Cybersecurity
restricted access...
Hi
I need to restrict users shell access to only $HOME under /home for each user. I don't want them getting out of their own directories. From what I understand chroot is something I could use, but I want to avoid this since it involves creating symbolic links to a number... (9 Replies)
Discussion started by: alwayslearningunix
9 Replies
2. UNIX for Dummies Questions & Answers
I need to create a user that only has access to 1 directory (e.g. /vol/mita/test). The user needs to be able to rsh into that directory to run a script. The user should not be able to navigate to any other directories above /vol/mita/test. Any help would be appreciated! (4 Replies)
Discussion started by: ngagne
4 Replies
3. UNIX for Dummies Questions & Answers
I have a need to allow only certain IP addresses to access a machine running solaris 9. I am not sure how this can be accomplished.
Thanks in advance for your help.
Patch (2 Replies)
Discussion started by: patch
2 Replies
4. Solaris
Hi All,
I'm on Solaris 8, I need to provide Read-only access to a user to 2 directories only.
Using rsh (restricted shell) as the user's login shell, I can restrict the user's access to a certain directory only, but how can I set in such a way that the user can access only the 2 directories... (4 Replies)
Discussion started by: max_min
4 Replies
5. UNIX for Advanced & Expert Users
I'm the admin in a shop in which my developers have and use the root account, all UNIX newbies.
I've been unable to convince management myself that this is an unacceptable practice.
I've looked in a couple books I have and can't find any chapters, discussions, etc that make the argument that... (2 Replies)
Discussion started by: keith.m
2 Replies
6. Solaris
We want to secure access to a server by restricting the number of users who can login to it. Our users are NIS users. Only few of them can telnet/ssh this server.
Do you have any idea on how to implement that?
thanks. (1 Reply)
Discussion started by: melanie_pfefer
1 Replies
7. UNIX for Dummies Questions & Answers
Hi all,
I have user called "Z". The home directory is /home/Z. I have another directory /home/Z/OP. Within /home/Z/OP, i have 2 directories
/home/Z/OP/OP1 and /home/Z/OP2.
I want to restrict access for Z to only access
/home/Z/OP and
/home/Z/OP1 and
/home/Z/OP2.
What kind of... (4 Replies)
Discussion started by: new2ss
4 Replies
8. Solaris
Dear All,
I have created a user called "x" who is allowed only to FTP and it is working fine. Here my problem is, I want to give access to a particular directory say for eg:- /dump/test directory. I don't find any option in the useradd command to restrict access to this particular directory only... (1 Reply)
Discussion started by: Vijayakumarpc
1 Replies
9. Solaris
Hi all.
I've had a quick look around but cant see anything exactly matching my requirements.
I have a new T2000 running S10. Im looking to restrict the no. cores that a S10 non-global zone can use to 1 only. The box is single CPU but 8core.
I want to do this to save on some software... (4 Replies)
Discussion started by: boneyard
4 Replies
10. UNIX for Dummies Questions & Answers
Hello,
I am using MySecureShell to chroot all sftp accesses. The problem that I have is that my boss does not want root to be able to use sftp. Root should still be able to ssh. Any ideas? (2 Replies)
Discussion started by: mojoman
2 Replies
LEARN ABOUT SUSE
net::ldap::message
Net::LDAP::Message(3) User Contributed Perl Documentation Net::LDAP::Message(3)
NAME
Net::LDAP::Message - Message response from LDAP server
SYNOPSIS
use Net::LDAP;
DESCRIPTION
Net::LDAP::Message is a base class for the objects returned by the Net::LDAP methods abandon, add, bind, compare, delete, modify, moddn,
search and unbind.
The sub-class Net::LDAP::Search returned by search also defines many methods.
If the Net::LDAP object is in async mode then all these methods, except "done" and "mesg_id", will cause a wait until the request is
completed.
METHODS
code ( )
The code value in the result message from the server. Normally for a success zero will be returned. Constants for the result codes can
be imported from the Net::LDAP or Net::LDAP::Constant module.
control ( )
Return a list of controls that were returned from the server.
control ( OID, ... )
Return a list of controls with the given OIDs that were returned from the server.
dn ( )
The DN in the result message from the server.
done ( )
Returns true if the request has been completed.
error ( )
Returns the error message in the result message from the server. If the server did not include an error message, then the result of
ldap_error_desc with the error code from the result message.
error_name ( )
Returns the name of the error code in the result message from the server. See ldap_error_name for a detailed description of the return
value.
error_text ( )
Returns the short text description of the error code in the result message from the server. See ldap_error_text for a detailed
description of the return value.
error_desc ( )
Returns a long text description of the error code in the result message from the server. See ldap_error_desc for a detailed description
of the return value.
is_error ( )
Returns true if the result code is considered to be an error for the operation.
mesg_id ( )
The message id of the request message sent to the server.
referrals ( )
Returns a list of referrals from the result message.
server_error ( )
The error message returned by the server, or "undef" if the server did not provide a message.
sync ( )
Wait for the server to complete the request.
SEE ALSO
Net::LDAP, Net::LDAP::Search, Net::LDAP::Constant, Net::LDAP::Util
ACKNOWLEDGEMENTS
This document is based on a document originally written by Russell Fulton <r.fulton@auckland.ac.nz>.
AUTHOR
Graham Barr <gbarr@pobox.com>
Please report any bugs, or post any suggestions, to the perl-ldap mailing list <perl-ldap@perl.org>.
COPYRIGHT
Copyright (c) 1997-2004 Graham Barr. All rights reserved. This program is free software; you can redistribute it and/or modify it under the
same terms as Perl itself.
perl v5.12.1 2008-06-30 Net::LDAP::Message(3)