Search Results

Search found 89593 results on 3584 pages for 'just user'.

Page 120/3584 | < Previous Page | 116 117 118 119 120 121 122 123 124 125 126 127  | Next Page >

  • How to whitelist a user agent for nginx?

    - by djb
    I'm trying to figure out how to whitelist a user agent from my nginx conf. All other agents should be shown a password prompt. In my naivity, I tried to put the following in before deny all: if ($http_user_agent ~* SpecialAgent ) { allow; } but I'm told "allow" directive is not allowed here (!). How can I make it work? A chunk of my config file: server { server_name site.com; root /var/www/site; auth_basic "Restricted"; auth_basic_user_file /usr/local/nginx/conf/htpasswd; allow 123.456.789.123; deny all; satisfy any; #other stuff... } Thanks for any help.

    Read the article

  • Log with iptalbes which user is delivering email to port 25

    - by Maus
    Because we got blacklisted on CBL I set up the following firewall rules with iptables: #!/bin/bash iptables -A OUTPUT -d 127.0.0.1 -p tcp -m tcp --dport 25 -j ACCEPT iptables -A OUTPUT -p tcp -m tcp --dport 25 -m owner --gid-owner mail -j ACCEPT iptables -A OUTPUT -p tcp -m tcp --dport 25 -m owner --uid-owner root -j ACCEPT iptables -A OUTPUT -p tcp -m tcp --dport 25 -m owner --uid-owner Debian-exim -j ACCEPT iptables -A OUTPUT -p tcp -m limit --limit 15/minute -m tcp --dport 25 -j LOG --log-prefix "LOCAL_DROPPED_SPAM" iptables -A OUTPUT -p tcp -m tcp --dport 25 -j REJECT --reject-with icmp-port-unreachable I'm not able to connect to port 25 from localhost with another user than root or a mail group member - So it seems to work. Still some questions remain: How effective do you rate this rule-set to prevent spam coming from bad PHP-Scripts hosted on the server? Is there a way to block port 25 and 587 within the same statement? Is the usage of /usr/sbin/sendmail also limited or blocked by this rule-set? Is there a way to log the username of all other attempts which try to deliver stuff to port 25?

    Read the article

  • Spam mail through SMTP and user spoofing

    - by Josten Moore
    I have noticed that it's possible to telnet into a mailserver that I own and send spoofed messages to other clients. This only works for the domain that the mail server is regarding; I cannot do it for other domains. For example; lets say that I own example.com. If I telnet example.com 25 I can successfully send a message to another user without authentication: HELO local MAIL FROM: [email protected] RCPT TO: [email protected] DATA SUBJECT: Whatever this is spam Spam spam spam . I consider this a big problem; how do I secure this?

    Read the article

  • Apollo linux boot into single user

    - by Spirit
    We have a device that runs Appolo Linux and I have to boot that device into a single user mode so that i can run a fsck to check the hard drive for errors. I've been goggling this during the past hour and so far I haven't found any specific method on how can I do that on this version on Linux. The device is known formerly as a NFX Cinxi One - now re-branded into BlackStratus LOG Storm. If any of you have any experience with this one you may know it is a device that is used to collect logs from other servers. I know that the above info isn't much but that is everything that I can provide up until now since tomorrow I have to follow up closely on this problem.

    Read the article

  • 'Singleton' application - or let the user only launch one instance of a program at the time

    - by Disco
    I'm running a few linux desktops; mainly for kids (yeah, trying to teach them the right OS at early stage) (running Ubuntu 10.10, Gnome) The problem is that they found very funny to make their workstations (actually, old 512 Mb pentium 4) by launching thousands of firefox instances. I'm looking for a way to restrict them to launch 'N' instances of a particular application. Haven't figured yet how. Thought of a monitoring daemon but I think that would be too ressources hungry. Any idea of a script/trick to achieve this ? Note: i might have 1-2 level of users (the kids, and the more grown up kids) so i have also to limit per user; something like user1: 3firefox, user2: 2firefox instances.

    Read the article

  • Active Directory management with low user rights

    - by DemonWareXT
    Our problem: The client, a normal user, has to be able to reset multiple passwords at once. Around 30 in one go. This would call for powershell or something along these lines, but for AD and Powershell one needs to be domain administrator. My solution would be to make a service that runs on the AD server and take connections from a program. The service would then do the AD changes. So far so good, I would just like to hear some other thoughts on this problem. Because I sure can't be the only one with it

    Read the article

  • How can I restrict the backuppc client user as much as possible? (rsync)

    - by jxn
    I have backuppc making full backups of servers, but I'd like to be sure that my set up is as paranoid as possible. BackupPC is set up to backup via rsync, and it is set up to use a specific user on each client to be backed up. Because the backuppc client user has to have access to every file on the client machine and the ability to ssh into the machine without an interactive password, I'm a little nervous about securing the clients, and I'd like to know I haven't overlooked any options. Here's what I have in place: in the client user's authorized_keys file, i've included from="IPTOSERVER",command="/usr/bin/rsync" before the user's public key, so that the user can only login coming from the BackupPC server. Next, in the sudoers file, I've added this line: backuppc ALL=NOPASSWD: /usr/bin/rsync to allow root-level permissions only for the rsync command for that user. Are there other user, policy, or ssh restrictions that I can add while still allowing the backup pc client user to rsync all files?

    Read the article

  • Verifying that a user comes from a 'partner' site?

    - by matt_tm
    We're building a Drupal module that is going to be given to trusted 'corporate partners'. When a user clicks on a link, he should be redirected to our site as if he's a logged in user. How should I verify that the user is indeed coming from that site? It does not look like 'HTTP_REFERER' is enough because it appears it can be faked. We are providing these partner sites with API Keys. If I receive the API-key as a POST value, sent over https, would that be a sufficient indicator that the user is a genuine partner-site user?

    Read the article

  • user related commands hang on open("/etc/localtime", O_RDONLY) = 4 in CentOS 5.5

    - by fuzzy lollipop
    I am logged in as root when doing a strace -etrace=open adduser git it hangs on open("/etc/localtime", O_RDONLY) = 4 for like 2 minutes then continues on. Also when I try and strace -etrace=open su git it just hangs at the same place as well, I can't login via ssh as the git user either. Some other users I created work just fine, like su tomcat and I can ssh in as tomcat as well. I deleted the file that was at /etc/localtime and replaced it with a symlink to ln -s /usr/share/zoneinfo/US/Eastern /etc/localtime and it didn't change the behavior in any way.

    Read the article

  • nginx caching per user agent

    - by Tuinslak
    I'm currently using nginx as reverse proxy with caching enabled. However, the main site has two different layouts, depending on the user-agent (mobile or not). I've tried something similar to this: # mobile users if ($http_user_agent ~* '(iPhone|iPod|mobile|Android|2.0\ MMP|240x320|AvantGo|BlackBerry|Blazer|Cellphone|Danger|DoCoMo|Elaine/3.0|EudoraWeb|hiptop|IEMobile)') { set $iphone_request '1'; } if ($iphone_request = '1') { proxy_cache mobile; } if ($iphone_request = '') { proxy_cache site; } proxy_cache_key "$scheme://$host$request_uri"; proxy_pass http://real-site.tld; However, nginx gives an error, stating proxy_cache can't be used in an if-structure. Any other way to serve from a different cache depending on the browser? Thanks, Tuinslak

    Read the article

  • Tool to test a user account and password (test login)

    - by TheCleaner
    Yeah, I can fire up a VM or remote into something and try the password...I know...but is there a tool or script that will simulate a login just enough to confirm or deny that the password is correct? Scenario: A server service account's password is "forgotten"...but we think we know what it is. I'd like to pass the credentials to something and have it kick back with "correct password" or "incorrect password". I even thought about a drive mapping script with that user account and password being passed to see if it mapped the drive successfully or not but got lost in the logic of making it work correctly...something like: -Script asks for username via msgbox -script asks for password via msgbox -script tries to map a drive to a common share that everyone has access to -script unmaps drive if successful -script returns popup msgbox stating "Correct Password" or else "Incorrect Password" Any help is appreciated...you'd think this would be a rare occurrence not requiring a tool to support it but...well....

    Read the article

  • Tons of spam on dreamhost mail user account

    - by user122022
    I use dreamhost for my webserver/ email host. I have about 25 users on one domain. and 1 of these users is absolutely inundated with spam every day. I have tried using dreamhosts poor blacklist feature, which was semi working (still letting a lot through) but I reached the 1000 email blacklist maximum very quickly. I have the ability to switch to google apps but that would be very expensive for 25 users. What options do I have aside from changing hosts with better spam filtering? I don't think its possible to only switch 1 user to google apps, it has to be the whole domain. There are other benefits to switching but I don't think they outweigh the cost for this company.

    Read the article

  • Determining the State of a User using their Hostname

    - by PhpMyCoder
    Not sure if this is the right SE site. I figured this question doesn't belong on SO, but if you think it doesn't belong here either, I apologize. I've been looking into determining the location, specifically the state, of a user accessing my website. One of the options I've known about for a while is the GeoIP City Database, however this isn't the most cost effective solution and I'm cheap so I was looking for a less expensive way. Something that occurred to me was that my state was in the public hostname assigned to me by Comcast: (Dash Separated IP).hsd1.ma.comcast.net Could it be possible that other ISPs follow this same pattern of inserting the state abbreviation into their users' hostnames? I've been looking around for a list of hostnames for other ISPs, but I haven't found anything. Can anyone verify that this holds true for other major ISPs?

    Read the article

  • Installing a personal security certificate for Windows Server 2008 Terminal Services user

    - by Rick
    We use StoneEdge Order Manager, which runs under Microsoft Access, on several Windows computers as well as through Terminal Services on Windows Server 2008. Terminal Services users are unable to process credit cards using the First Data Global Gateway on the server. We have followed the necessary setup instructions provided under the user account, which involves adding a certificate in the Internet Options control panel. The Windows XP desktops require this to be done, or a generic 'unable to connect' message is shown when attempting to charge a card. On the server, this message is shown regardless of whether the certificate has been installed. Is there anything else that needs to be done that is specific to Windows Server that is not mentioned in the workstation instructions? Setup Instructions

    Read the article

  • Windows IPSec computer authentication using *user* account?

    - by Tim Brigham
    For some reason every once in a while it happens that my IPSec authentication is from a user account to a computer account, not computer to computer. How can I fix it? Sometimes - notably when I try to add a new workstation through ePO but it's happened other times as well I'm getting strange behavior from my Windows Advanced Firewall IPSec. This causes the authentication to be invalid (as the group memberships, etc all assume computer accounts). I have no idea why this is happening or how to fix it but the IDs to match up between servers (the opposite server in my second example has remote ID timb).

    Read the article

  • Windows Server 2003 - Give User Full Admin Privileges

    - by APShredder
    I am running Windows Server 2003. There are a couple of user accounts that I would like to promote to Administrator accounts. I've tried several ways to do so, but I am still relatively new to setting up a server. If anyone has any ideas on how to go about promoting these users, I thank you in advance. EDIT: I should probably mention that this a domain controller. I didn't realize that this changed the answer I was looking for. I apologize, like I said before I am new to the world of servers. EDIT #2: I've added the users to the Administrator group like most of the answer recommended, but the users don't seem to have admin rights yet. I think this might be because they are also in the Domain Users group, which I can't seem to be able to remove them from.

    Read the article

  • ldap samba user access issue

    - by ancillary
    I have a samba share that is on the LAN. It is auth'd via ldap. Users access file system via ad windows shares. There are shortcuts in directories that point to dir's on samba. Typically a user will click the shortcut to the smb dir, and will be met with a permission denied error. Upon closing explorer and reopening, it will work. DNS is handled by the domain controller, and that is the only server any of the machines use for DNS. Nothing in eventvwr. Only see successful auth entries in samba log. Any ideas?

    Read the article

  • Putting shortcuts onto user's machines using AD

    - by Rod
    I just handled a small task, which I would like to automate through Active Directory. We’ve written a few Intranet applications which get used a lot here. Occasionally someone will have to go to the front desk and work on something there, while one of the receptionists are away. They’ll always call us to have us put a shortcut onto their desktop linking to these Intranet applications. It’s just a bit of a nuisance, and I’m sure that AD could be used to automate creating shortcuts on user’s desktops pointing to our Intranet applications. The only thing is, I don’t know how to do this, and being a small shop that we are, we don’t have a system administrator at this time. So, how do we automate the creation of desktop shortcuts to websites, using AD in a Windows 2003 Server environment?

    Read the article

  • Verify linux user passwords

    - by zero_r
    Hi there I got a linux server that has several dozen users. I also have the cleartext password for every user (i know - bad security). I would like to know if the passwords are correct. Since the users are all ftp users and have the nologin shell, I cannot just write a script to check if login works. How can I do a local check on passwords? Script output could look like this: $ check_userpw < user_pw_list.txt user1 ok user2 ok user3 mismatch! user4 ok Thanks

    Read the article

  • Access denied for user 'root@localhost' (using password:NO)

    - by murgatroid99
    I am attempting to install a network management package called cacti onto Ubuntu running under Windows Virtual PC. I attempted to install MySQL as it is one of cacti's dependencies. I can install and start the MySQL server, but whenever I try to access it in any other way, such as to change the password, I get the error message Access denied for user 'root@localhost' (using password:NO). I would like to know what is causing this and how to fix it. Edit: (just in case my comments are not visible) The answers from HD and Devin Ceartas did not work for me.

    Read the article

  • Multiple public/private key pairs for the same user

    - by bruceb
    First, sorry if this question has already been asked/answered - I've searched but perhaps I haven't recognised the answer.... What we have is a cluster of servers which need to access a single remote server using sftp. We are migrating from one remote server to another at the same (remote) location. We also want to refresh the public/private key pairs on the configuration as part of an ongoing security review. My question is - can we have multiple public/private key pairs for the same user between server A and server B? I want to do this to allow for cutover testing - but am concerned that the software checking keys may only try one of each type (rsa/dsa?) before rejecting the connection method and moving to the next type of key. Hope it's a straightforward question - please let me know if I need to supply more details. Thanks in advance Bruce

    Read the article

  • Resolve local subdomain on apache for paths within user dir

    - by MaoPU
    On Apache 2.2.x I've activated mod_userdir. I used the default setup, so that http://localhost/~name/ will be connect with ~name/public_html/ and a path within public_html, e.g. ~name/public_html/mySite can be reached through http://localhost/~name/mySite. How can I achieve, that the same path can be reached through http://mySite.name.localhost/? I don't want a manual approach like it is suggested in other SF questions (such as http://serverfault.com/q/133921/53624), but rather want an automatic mapping of all available paths to the corresponding URL. I think, several steps will need to be taken: Change mod_userdir configuration, so that the subdomain of localhost will be connected with all available user names on the machine. The second step would maybe include the usage of mod_rewrite, so that the subsubdomain could be matched to the path within ~name/public_html... What would be your prefered way?

    Read the article

  • adding ftp user on ubuntu

    - by user46250
    I followed this tut http://www.trainsignal.com/blog/how-to-set-up-safe-ftp-in-linux to setup an ftp server with user account sudo mkdir -p /home/ftp/ftpuser sudo useradd ftpuser -d /home/ftp/ftpuser -s /bin/false sudo passwd ftpuser when I tried to connect with login ftpuser remotely it didn't work. It didn't work even with root UNLESS I removed root from ftpusers. I am confused ftpusers are the users NOT allowed to do ftp ? Where are the list of users allowed then and why can't I connect with ftpuser I created ?

    Read the article

  • How to disable password change for openldap user?

    - by Keve
    Considering possible solutions for some improvements I run into this theoretical question and I couldn't find a satisfying answer. Some of you may have first-hand experience with this in practice, so here the question goes: How can I disable password changing for an OpenLDAP user? The account must stay enabled, allowed to log on to workstations and work as usual, but should not be able to change its own password. Can this be done? If so, how difficult is it to implement it? All suggestions are appreciated! For reference: Servers and workstations are to run a mixture of FreeBSD and OpenBSD. Accounts to get password disabled are student or generic workstation accounts. Environment is a school.

    Read the article

  • What does the red x icon mean next to a user in folder permissions (Windows 7)

    - by Scott Szretter
    In trying to debug various strange issues on a machine, I found something strange - when I go to C:\Users\administrator and get properties, security tab, it lists the users (the local admin account, system, and 'administrator' which is the domain administrator account). It all looks fine in terms of permissions (full control, etc.) compared to other machines. The one difference is there is a small red circle with an X to the left of the user icon/name. Additionally, there are various folders where it says access denied under there - for example, my documents! Even logged in as the local machine administrator account (which is not named administrator), I am unable to change the permissions - it says access denied. Any ideas what this means and how to fix it? I even tried re-joining the machine to the domain.

    Read the article

< Previous Page | 116 117 118 119 120 121 122 123 124 125 126 127  | Next Page >