Search Results

Search found 1047 results on 42 pages for 'restrict'.

Page 10/42 | < Previous Page | 6 7 8 9 10 11 12 13 14 15 16 17  | Next Page >

  • Is it possible to restrict fileserver access to domain users using computers that are members of the domain?

    - by Chris Madden
    It seems domain isolation can be used to accomplish, but I'd like a solution that doesn't require IPsec, or more accurately, doesn't require IPsec on the fileserver. IPsec if done in software has a large CPU overhead and our NAS boxes don't support any kind of offload. The goal is to avoid authenticated users using non-managed machines to access network resources. Network Access Protection (NAP) and the various enforcement points looked promsiing but I couldn't find a bulletproof way to use them [which doesn't require IPsec on the fileserver]. I was thinking when a domain user accesses the NAS box it will first need a Kerberos ticket from AD, so if AD could somehow verify the computer that was requesting the ticket was in the domain I'd have a solution.

    Read the article

  • What's the max Windows 7 access possible to restrict tampering with single service?

    - by Crawford Comeaux
    I'm developing an ADHD management system for myself. Without going into detail (and as silly as it may sound for a grown man to need something like this), I need to build a me-proof service to run on my Windows 7 Ultra laptop. I still need fairly complete access to the system, though. How can I set things up so that I'm unable to "easily" (ie. within 3-5 mins without rebooting) stop the service or prevent it from running?

    Read the article

  • How to restrict access to a specific wireless network to only 1 user profile in Windows 7.

    - by Mathlight
    Hi all, I'm using Win7 SP1. I've got multiple users on the laptop that can / must connect to a wireless network, lets call it Wireless1. I've got an second wireless network, (lets call it Wireless2), which I want to limit access to only the admin user of the laptop. Now I can remove Wireless2 in the network manager every time, but i want a more user friendly solution, so that only the admin can connect to Wireless2, and all the other users cannot ( they may see the network, but must enter the password, like all other networks ). Any ideas?

    Read the article

  • How Would I Restrict a Linux Binary to a Limited Amount of RAM?

    - by Ken S.
    I would like to be able to limit an installed binary to only be able to use up to a certain amount of RAM. I don't want it to get killed if it exceeds it, only that that would be the max amount that it could use. The problem I am facing is that I am running an Apache 2.2 server with PHP and some custom code that a developer is writing for us. The problem is that somewhere in there code they launch a PHP exec call that launches ImageMagick's 'convert' to create a resized image file. I'm not privy to a lot of details to the project or the code, but need to find a solution to keep them from killing the server until they can find a way to optimize the code. I had thought that I could do this with /etc/security/limits.conf and setting a limit on the apache user, but it seems to have no effect. This is what I used: www-data hard as 500 If I understand it correctly, this should have limited any apache user process to a maximum to 500kb, however, when I ran a test script that would chew up a lot of RAM, this actually got up to 1.5GB before I killed it. Here is the output of 'ps auxf' after the setting change and a system reboot: USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND root 5268 0.0 0.0 401072 10264 ? Ss 15:28 0:00 /usr/sbin/apache2 -k start www-data 5274 0.0 0.0 402468 9484 ? S 15:28 0:00 \_ /usr/sbin/apache2 -k start www-data 5285 102 9.4 1633500 1503452 ? Rl 15:29 0:58 | \_ /usr/bin/convert ../tours/28786/.…. www-data 5275 0.0 0.0 401072 5812 ? S 15:28 0:00 \_ /usr/sbin/apache2 -k start Next I thought I could do it with Apache's RlimitMEM setting, but get the same result of it not getting limited. Here is what I have in my apache.conf file: RLimitMEM 500000 512000 It wasn't until many hours later that I figured out that if the process actually reached that amount that it would die with an OOM error. Would love any ideas on how to set this limit so other things could function on the server, and all of them could play together nicely.

    Read the article

  • How to restrict ssh port forwarding, without denying it?

    - by Kaz
    Suppose I have created an account whose login shell is actually a script which does not permit an interactive login, and only allows a very limited, specific set of commands to be remotely executed. Nevertheless, ssh allows the user of this account to forward ports, which is a hole. Now, the twist is that I actually want that account to set up a specific port forwarding configuration when the ssh session is established. But it must be impossible configure arbitrary port forwarding. (It is an acceptable solution if the permitted port forwarding configuration is unconditionally established as part of the every session.)

    Read the article

  • How can I restrict the backuppc client user as much as possible? (rsync)

    - by jxn
    I have backuppc making full backups of servers, but I'd like to be sure that my set up is as paranoid as possible. BackupPC is set up to backup via rsync, and it is set up to use a specific user on each client to be backed up. Because the backuppc client user has to have access to every file on the client machine and the ability to ssh into the machine without an interactive password, I'm a little nervous about securing the clients, and I'd like to know I haven't overlooked any options. Here's what I have in place: in the client user's authorized_keys file, i've included from="IPTOSERVER",command="/usr/bin/rsync" before the user's public key, so that the user can only login coming from the BackupPC server. Next, in the sudoers file, I've added this line: backuppc ALL=NOPASSWD: /usr/bin/rsync to allow root-level permissions only for the rsync command for that user. Are there other user, policy, or ssh restrictions that I can add while still allowing the backup pc client user to rsync all files?

    Read the article

  • How can one restrict network activity to only the VPN on a Mac and prevent unsecured internet activity?

    - by John
    I'm using Mac OS and connect to a VPN to hide my location and IP (I have the 'send all traffic over VPN connection' box checked in teh Network system pref), I wish to remain anonymous and do not wish to reveal my actual IP, hence the VPN. I have a prefpan called pearportVPN that automatically connects me to my VPN when I get online. The problem is, when I connect to the internet using Airport (or other means) I have a few seconds of unsecured internet connection before my Mac logs onto my VPN. Therefore its only a matter of time before I inadvertently expose my real IP address in the few seconds it takes between when I connect to the internet and when I log onto my VPN. Is there any way I can block any traffic to and from my Mac that does not go through my VPN, so that nothing can connect unless I'm logged onto my VPN? I suspect I would need to find a third party app that would block all traffic except through the Server Address, perhaps Intego Virus Barrier X6 or little snitch, but I'm afraid I'm not sure which is right or how to configure them. Any help would be much appreciated. Thanks!

    Read the article

  • How can one restrict network activity to only the VPN on a Mac and prevent unsecured internet activity?

    - by John
    I'm using Mac OS and connect to a VPN to hide my location and IP (I have the 'send all traffic over VPN connection' box checked in teh Network system pref), I wish to remain anonymous and do not wish to reveal my actual IP, hence the VPN. I have a prefpan called pearportVPN that automatically connects me to my VPN when I get online. The problem is, when I connect to the internet using Airport (or other means) I have a few seconds of unsecured internet connection before my Mac logs onto my VPN. Therefore its only a matter of time before I inadvertently expose my real IP address in the few seconds it takes between when I connect to the internet and when I log onto my VPN. Is there any way I can block any traffic to and from my Mac that does not go through my VPN, so that nothing can connect unless I'm logged onto my VPN? I suspect I would need to find a third party app that would block all traffic except through the Server Address, perhaps Intego Virus Barrier X6 or little snitch, but I'm afraid I'm not sure which is right or how to configure them. Any help would be much appreciated. Thanks!

    Read the article

  • How to restrict access to other Wifi networks in range?

    - by meetpd
    Is there a way to access connecting to other wifi networks in range? I have an office and there are few wifi networks in range. Some of them are not password protected and invariably I get connected to that wifi first. I have talked to the person who owns that wifi. But he is somehow not listening about adding password to his network. So, is there a way I can block that Wifi network completely so that I do not connect to it? I have Win 7 and Mac at my office.

    Read the article

  • Do best-practices say to restrict the usage of /var to sudoers?

    - by NewAlexandria
    I wrote a package, and would like to use /var to persist some data. The data I'm storing would perhaps even be thought of as an addition for /var/db. The pattern I observe is that files in /var/db, and the surrounds, are owned by root. The primary (intended) use of the package filters cron jobs - meaning you would need permissions to edit the crontab. Should I presume a sudo install of the package? Should I have the package gracefully degrade to a /usr subdir, and if so then which one? If I 'opinionate' that any non-sudo install requires a configrc (with paths), where should the package look (presuming a shared-host environment) for that config file? Incidentally, this package is a ruby gem, and you can find it here.

    Read the article

  • Best way to restrict FTP access to a single directory?

    - by John Debs
    I have a VPS running Ubuntu 10.04, and I'd like to give someone SFTP access to a single directory, but prevent them from seeing anything else on the system. What's the best way to pull this off? I considered removing "everyone" permissions from everything on the system, but that seems like a really blunt tool for this problem (and one that'll cause other issues) - I'm hoping there's a better option here. Edit: I appreciate the answers! (And I learned a bunch reading/researching through them). I ended up finding and using this guide from Linode as it spelled all the steps: http://library.linode.com/security/sftp-jails/

    Read the article

  • How to restrict deletion of a folder on NTFS share, but still allow modify access within folder

    - by thinkdreams
    I am setting up a set of scan folders from a scanning copier device, and would like to know the best way to protect the folders (for each department) from moving or deletion, but yet still allow access for the users to modify (i.e. create/add/delete) the scanned files within the folder. Structure is: Share Name Departmental Folder User files The writing of the files initially is taken care of by a service account which has full control. We'd just like to ensure the users cannot accidentally delete the folder (which has already happened) containing all the files, etc. This is for a Windows 2003 server, NTFS permissions. Suggestions would be most appreciated.

    Read the article

  • Apache2: How do I restrict access to a directory, but allow access to one file within it?

    - by Nick
    I've inherited a poorly designed web app, which has a certain file that needs to be publicly accessible, but that file is inside a directory which should not. In other words, I need a way to block all files and sub-directories within a directory, but over-ride it for a single file. I'm trying this: # No one needs to access this directly <Directory /var/www/DangerousDirectory/> Order Deny,allow Deny from all # But this file is OK: <Files /var/www/DangerousDirectory/SafeFile.html> Allow from all </Files> </Directory> But it's not working- it just blocks everything including the file I want to allow. Any suggestions?

    Read the article

  • How to restrict deletion of a folder on NTFS share, but still allow modify access within folder

    - by thinkdreams
    I am setting up a set of scan folders from a scanning copier device, and would like to know the best way to protect the folders (for each department) from moving or deletion, but yet still allow access for the users to modify (i.e. create/add/delete) the scanned files within the folder. Structure is: Share Name Departmental Folder User files The writing of the files initially is taken care of by a service account which has full control. We'd just like to ensure the users cannot accidentally delete the folder (which has already happened) containing all the files, etc. This is for a Windows 2003 server, NTFS permissions. Suggestions would be most appreciated.

    Read the article

  • How to restrict all services to single domain in Ubuntu?

    - by harold
    Someone has pointed an unknown domain to my server's IP address likely via A records. I would like to reject access to ALL services (httpd, ssh, mail, etc.) from this domain and only allow requests from my domain. I want to make it so when I connect to that domain it's completely rejected from my server. I can disallow access from HTTP by changing my web server settings, but I want to do this for every single type of connection. How can I do this?

    Read the article

  • Windows XP alt-tab: How to restrict options to certain applications, in certain order and exclude others?

    - by Rob
    In Windows XP Alt-tab keypress sequence to select applications, how can I ensure that certain applications always appear, in a certain order, with others always excluded? Background for asking is that most XP-based machines that I am working with on a shop floor present the list of shortcuts in a certain order and certain applications. There is one machine however, that displays an additional application. This is a hindrance to the users of the machines, as the nature of their work is routine and this variation disrupts the remembered sequence, "disrupts their flow". Thoughts? Being a good superuser, I research first before asking, and I found: Applications randomly alt-tab? (especially full screen games) Restore Alt-Tab behavior so that minimizing an app once again moves it to the end? (2. looks close to the control I need, but would need more finer, preciser control over what appears in the selection). Suggestions? (Thanks in advance.)

    Read the article

  • Is it possible to restrict the connection duration per client on the router (say with OpenWRT)?

    - by static
    How to limit the connection duration per client per period (say, one MAC-address can connect only for 3 hours per week to the network). Where could be defined such a rule? In the firewall? So the rule should define not statically times (this is simple), when the client is allowed to access the network, but the duration of the connection per day/week/month, etc. How/where to implement such rules? Is it possible to do so with OpenWRT/DD-WRT?

    Read the article

  • website and protocol restriction (firewall application)

    - by Smith
    Am developing a firewall application that is suppose to restrict website/protocols/webs directories system wide that i choose for example restrict login.domain.com, but not domain.com restrict domain.com/passport not domain.com restrict .tld types e.g .org pls give me some ideas? [edit] Am developing on the windows plat form , from win 2000 to win7, using any vb language vb6 upwards also i want to be able to block any protocol http ftp etc.

    Read the article

  • parallel_for_each from amp.h – part 1

    - by Daniel Moth
    This posts assumes that you've read my other C++ AMP posts on index<N> and extent<N>, as well as about the restrict modifier. It also assumes you are familiar with C++ lambdas (if not, follow my links to C++ documentation). Basic structure and parameters Now we are ready for part 1 of the description of the new overload for the concurrency::parallel_for_each function. The basic new parallel_for_each method signature returns void and accepts two parameters: a grid<N> (think of it as an alias to extent) a restrict(direct3d) lambda, whose signature is such that it returns void and accepts an index of the same rank as the grid So it looks something like this (with generous returns for more palatable formatting) assuming we are dealing with a 2-dimensional space: // some_code_A parallel_for_each( g, // g is of type grid<2> [ ](index<2> idx) restrict(direct3d) { // kernel code } ); // some_code_B The parallel_for_each will execute the body of the lambda (which must have the restrict modifier), on the GPU. We also call the lambda body the "kernel". The kernel will be executed multiple times, once per scheduled GPU thread. The only difference in each execution is the value of the index object (aka as the GPU thread ID in this context) that gets passed to your kernel code. The number of GPU threads (and the values of each index) is determined by the grid object you pass, as described next. You know that grid is simply a wrapper on extent. In this context, one way to think about it is that the extent generates a number of index objects. So for the example above, if your grid was setup by some_code_A as follows: extent<2> e(2,3); grid<2> g(e); ...then given that: e.size()==6, e[0]==2, and e[1]=3 ...the six index<2> objects it generates (and hence the values that your lambda would receive) are:    (0,0) (1,0) (0,1) (1,1) (0,2) (1,2) So what the above means is that the lambda body with the algorithm that you wrote will get executed 6 times and the index<2> object you receive each time will have one of the values just listed above (of course, each one will only appear once, the order is indeterminate, and they are likely to call your code at the same exact time). Obviously, in real GPU programming, you'd typically be scheduling thousands if not millions of threads, not just 6. If you've been following along you should be thinking: "that is all fine and makes sense, but what can I do in the kernel since I passed nothing else meaningful to it, and it is not returning any values out to me?" Passing data in and out It is a good question, and in data parallel algorithms indeed you typically want to pass some data in, perform some operation, and then typically return some results out. The way you pass data into the kernel, is by capturing variables in the lambda (again, if you are not familiar with them, follow the links about C++ lambdas), and the way you use data after the kernel is done executing is simply by using those same variables. In the example above, the lambda was written in a fairly useless way with an empty capture list: [ ](index<2> idx) restrict(direct3d), where the empty square brackets means that no variables were captured. If instead I write it like this [&](index<2> idx) restrict(direct3d), then all variables in the some_code_A region are made available to the lambda by reference, but as soon as I try to use any of those variables in the lambda, I will receive a compiler error. This has to do with one of the direct3d restrictions, where only one type can be capture by reference: objects of the new concurrency::array class that I'll introduce in the next post (suffice for now to think of it as a container of data). If I write the lambda line like this [=](index<2> idx) restrict(direct3d), all variables in the some_code_A region are made available to the lambda by value. This works for some types (e.g. an integer), but not for all, as per the restrictions for direct3d. In particular, no useful data classes work except for one new type we introduce with C++ AMP: objects of the new concurrency::array_view class, that I'll introduce in the post after next. Also note that if you capture some variable by value, you could use it as input to your algorithm, but you wouldn’t be able to observe changes to it after the parallel_for_each call (e.g. in some_code_B region since it was passed by value) – the exception to this rule is the array_view since (as we'll see in a future post) it is a wrapper for data, not a container. Finally, for completeness, you can write your lambda, e.g. like this [av, &ar](index<2> idx) restrict(direct3d) where av is a variable of type array_view and ar is a variable of type array - the point being you can be very specific about what variables you capture and how. So it looks like from a large data perspective you can only capture array and array_view objects in the lambda (that is how you pass data to your kernel) and then use the many threads that call your code (each with a unique index) to perform some operation. You can also capture some limited types by value, as input only. When the last thread completes execution of your lambda, the data in the array_view or array are ready to be used in the some_code_B region. We'll talk more about all this in future posts… (a)synchronous Please note that the parallel_for_each executes as if synchronous to the calling code, but in reality, it is asynchronous. I.e. once the parallel_for_each call is made and the kernel has been passed to the runtime, the some_code_B region continues to execute immediately by the CPU thread, while in parallel the kernel is executed by the GPU threads. However, if you try to access the (array or array_view) data that you captured in the lambda in the some_code_B region, your code will block until the results become available. Hence the correct statement: the parallel_for_each is as-if synchronous in terms of visible side-effects, but asynchronous in reality.   That's all for now, we'll revisit the parallel_for_each description, once we introduce properly array and array_view – coming next. Comments about this post by Daniel Moth welcome at the original blog.

    Read the article

  • What is the correct syntax for XSD to restrict attrributes values in the elements list?

    - by Leonard
    What is the correct syntax for XSD schema to define the following restriction: In the list of elements we have to specify that attribute can contain value of "c" unlimited number of times, but value of "b" - the zero or only one time. For example, the correct xml looks like this: <root> <elem atr="c">111</elem> <elem atr="c">222</elem> <elem atr="b">333</elem> <elem atr="c">444</elem> <elem atr="c">555</elem> </root> And incorrect one is: <root> <elem atr="c">111</elem> <elem atr="c">222</elem> <elem atr="b">333</elem> <elem atr="c">444</elem> <elem atr="b">555</elem> </root>

    Read the article

  • How to restrict access to a class's data based on state?

    - by Marcus Swope
    In an ETL application I am working on, we have three basic processes: Validate and parse an XML file of customer information from a third party Match values received in the file to values in our system Load customer data in our system The issue here is that we may need to display the customer information from any or all of the above states to an internal user and there is data in our customer class that will never be populated before the values have been matched in our system (step 2). For this reason, I would like to have the values not even be available to be accessed when the customer is in this state, and I would like to have to avoid some repeated logic everywhere like: if (customer.IsMatched) DisplayTextOnWeb(customer.SomeMatchedValue); My first thought for this was to add a couple interfaces on top of Customer that would only expose the properties and behaviors of the current state, and then only deal with those interfaces. The problem with this approach is that there seems to be no good way to move from an ICustomerWithNoMatchedValues to an ICustomerWithMatchedValues without doing direct casts, etc... (or at least I can't find one). I can't be the first to have come across this, how do you normally approach this? As a last caveat, I would like for this solution to play nice with FluentNHibernate :) Thanks in advance...

    Read the article

< Previous Page | 6 7 8 9 10 11 12 13 14 15 16 17  | Next Page >