|
|
Sponsored Content
Top Forums
UNIX for Advanced & Expert Users
Files disappearing from /users/home
Post 302507021 by methyl on Tuesday 22nd of March 2011 02:55:01 PM
03-22-2011
|
|
10 More Discussions You Might Find Interesting
1. AIX
What would be the best approach to configure one external /home f/s in simple two node config and have concurrent access ? (1 Reply)
Discussion started by: zz2kzq
1 Replies
2. HP-UX
Hello all,
Most of our users have the same home directory, I know it's weird but it has been like this before me and we don't want to change that for now. When creating a new user using command useradd, it is not allowing me to create it because it is using the home directory of someone else. I... (2 Replies)
Discussion started by: qfwfq
2 Replies
3. Solaris
Hi Friends,,
I installed solaris 10 in vmware just now.I got a simple problem while i want to create users in /home directory.It is saying "cannot create ".So i checked the permission and then i find that the perm to user(root) is r-x.So i tried to change it to rwx using chmod but again i got a... (4 Replies)
Discussion started by: sdspawankumar
4 Replies
4. UNIX for Dummies Questions & Answers
Suse 10.3
ispconfig
Using as a web server, mail server.
I'm the only user.
These files:
/var/log/httpd/ispconfig_access_log_2008_08_28
/var/log/httpd/ispconfig_access_log_2008_08_29
vanished without a trace.
I still have older and newer files, but not these.
I have not deleted... (5 Replies)
Discussion started by: KillerDog
5 Replies
5. UNIX for Dummies Questions & Answers
I'm using HPUX 11i. The other day a user logon to the workstation and was not able to find the /home/directory (tom is the directory) I login myself and it is the same thing.
The home directory is on the server, so I was thinking of using sam to map it again. does anyone know how to do it... (5 Replies)
Discussion started by: blizzgamer
5 Replies
6. Shell Programming and Scripting
i have users home directories in /home
all the users have some files starting with character e
and i want to copy all these files in a folder in my (root) home
using a script
i tried the script
for i in m5
do
cd m5
cp e1* /home/pc/exam
cd ..
done
but get these... (3 Replies)
Discussion started by: pcrana
3 Replies
7. Solaris
Hi Guys,
I have a problem with configuring a server. this is a solaris 10 with sparc platform.
I have setup so that the server is Authenticating through NIS but I dont want the server to Mount the Home directories. The users need to logged in through the CDE/display.
I have over 200 users... (2 Replies)
Discussion started by: Luky
2 Replies
8. Cybersecurity
Hey guys,
Hmm.. I'm not quite sure where to open this. If any mod thinks this is not the place, please move it to wherever its suited :)
So,
I want to allow some trusted users to scp files into my server (to an specific user), but I do not want to give these users a home, neither ssh... (1 Reply)
Discussion started by: flpgdt
1 Replies
9. Shell Programming and Scripting
Hello guys,
I have to create a sh script which return users who have un-sanctioned(forbidden) files in their home directory.
I tried to do:
#!/bin/sh -x
SHADOW_FILE="/etc/shadow"
PASSWORD_FILE="/etc/passwd"
for i in `grep -v '^+' $PASSWORD_FILE | cut -d: -f1,6`
do
username=`echo... (6 Replies)
Discussion started by: catalint
6 Replies
10. Solaris
# ls -l
total 10
-rw-r--r-- 1 dummy2 other 140 Jun 19 21:37 local.cshrc
-rw-r--r-- 1 dummy2 other 136 Jun 19 21:37 local.cshrc~
-rw-r--r-- 1 dummy2 other 157 Jun 19 21:37 local.login
-rw-r--r-- 1 dummy2 other 178 Jun 19 21:37 local.profile... (6 Replies)
Discussion started by: chidori
6 Replies
LEARN ABOUT CENTOS
sftpd_selinux
sftpd_selinux(8) SELinux Policy sftpd sftpd_selinux(8) NAME
sftpd_selinux - Security Enhanced Linux Policy for the sftpd processes DESCRIPTION
Security-Enhanced Linux secures the sftpd processes via flexible mandatory access control. The sftpd processes execute with the sftpd_t SELinux type. You can check if you have these processes running by executing the ps command with the -Z qualifier. For example: ps -eZ | grep sftpd_t PROCESS TYPES
SELinux defines process types (domains) for each process running on the system You can see the context of a process using the -Z option to ps Policy governs the access confined processes have to files. SELinux sftpd policy is very flexible allowing users to setup their sftpd pro- cesses in as secure a method as possible. The following process types are defined for sftpd: sftpd_t Note: semanage permissive -a sftpd_t can be used to make the process type sftpd_t permissive. SELinux does not deny access to permissive process types, but the AVC (SELinux denials) messages are still generated. BOOLEANS
SELinux policy is customizable based on least access required. sftpd policy is extremely flexible and has several booleans that allow you to manipulate the policy and run sftpd with the tightest access possible. If you want to determine whether sftpd-can read and write files in user home directories, you must turn on the sftpd_enable_homedirs bool- ean. Disabled by default. setsebool -P sftpd_enable_homedirs 1 If you want to determine whether sftpd-can login to local users and read and write all files on the system, governed by DAC, you must turn on the sftpd_full_access boolean. Disabled by default. setsebool -P sftpd_full_access 1 If you want to determine whether sftpd can read and write files in user ssh home directories, you must turn on the sftpd_write_ssh_home boolean. Disabled by default. setsebool -P sftpd_write_ssh_home 1 If you want to deny any process from ptracing or debugging any other processes, you must turn on the deny_ptrace boolean. Enabled by default. setsebool -P deny_ptrace 1 If you want to allow all domains to use other domains file descriptors, you must turn on the domain_fd_use boolean. Enabled by default. setsebool -P domain_fd_use 1 If you want to allow all domains to have the kernel load modules, you must turn on the domain_kernel_load_modules boolean. Disabled by default. setsebool -P domain_kernel_load_modules 1 If you want to allow all domains to execute in fips_mode, you must turn on the fips_mode boolean. Enabled by default. setsebool -P fips_mode 1 If you want to enable reading of urandom for all domains, you must turn on the global_ssp boolean. Disabled by default. setsebool -P global_ssp 1 If you want to support ecryptfs home directories, you must turn on the use_ecryptfs_home_dirs boolean. Disabled by default. setsebool -P use_ecryptfs_home_dirs 1 If you want to support fusefs home directories, you must turn on the use_fusefs_home_dirs boolean. Disabled by default. setsebool -P use_fusefs_home_dirs 1 If you want to support NFS home directories, you must turn on the use_nfs_home_dirs boolean. Disabled by default. setsebool -P use_nfs_home_dirs 1 If you want to support SAMBA home directories, you must turn on the use_samba_home_dirs boolean. Disabled by default. setsebool -P use_samba_home_dirs 1 MANAGED FILES
The SELinux process type sftpd_t can manage files labeled with the following file types. The paths listed are the default paths for these file types. Note the processes UID still need to have DAC permissions. cifs_t non_security_file_type user_home_t /home/[^/]*/.+ user_tmp_t /var/run/user(/.*)? /tmp/hsperfdata_root /var/tmp/hsperfdata_root /tmp/gconfd-.* SHARING FILES
If you want to share files with multiple domains (Apache, FTP, rsync, Samba), you can set a file context of public_content_t and pub- lic_content_rw_t. These context allow any of the above domains to read the content. If you want a particular domain to write to the pub- lic_content_rw_t domain, you must set the appropriate boolean. Allow sftpd servers to read the /var/sftpd directory by adding the public_content_t file type to the directory and by restoring the file type. semanage fcontext -a -t public_content_t "/var/sftpd(/.*)?" restorecon -F -R -v /var/sftpd Allow sftpd servers to read and write /var/sftpd/incoming by adding the public_content_rw_t type to the directory and by restoring the file type. You also need to turn on the sftpd_anon_write boolean. semanage fcontext -a -t public_content_rw_t "/var/sftpd/incoming(/.*)?" restorecon -F -R -v /var/sftpd/incoming setsebool -P sftpd_anon_write 1 If you want to determine whether sftpd can modify public files used for public file transfer services. Directories/Files must be labeled public_content_rw_t., you must turn on the sftpd_anon_write boolean. setsebool -P sftpd_anon_write 1 COMMANDS
semanage fcontext can also be used to manipulate default file context mappings. semanage permissive can also be used to manipulate whether or not a process type is permissive. semanage module can also be used to enable/disable/install/remove policy modules. semanage boolean can also be used to manipulate the booleans system-config-selinux is a GUI tool available to customize SELinux policy settings. AUTHOR
This manual page was auto-generated using sepolicy manpage . SEE ALSO
selinux(8), sftpd(8), semanage(8), restorecon(8), chcon(1), sepolicy(8) , setsebool(8) sftpd 14-06-10 sftpd_selinux(8)