Questions tagged [access-control-list]
An access-list is a list of rules, usually held on network devices such as switches, routers or firewalls, that matches network traffic. The specific term 'access-list' is used in the context of Cisco devices, although the concept of an 'access list' is more generic.
783
questions
1
vote
1
answer
18
views
How to Secure Database Credentials in a Windows Desktop App Without a Service Layer: Preventing Unauthorized Access to DBMS?
Given is a Windows desktop application (written in Java) that communicates directly with a DBMS (SQL). There is no service layer between the desktop application and the DBMS.
How can one secure the ...
0
votes
0
answers
7
views
sonic os acl for ip of vlan interface
I'm trying to apply simple acl rules to IP address vlan100, but it always responds to ping.
"VLAN100_ACL": {
"policy_desc": "VLAN100 Ingress ACL",
"type": &...
0
votes
0
answers
62
views
Linux ACL of a shared folder for specific group
I need to make a shared folder: I have separated my work between several users on the same computer and need them to access the same folder without restriction. They all belong to a "work" ...
1
vote
2
answers
735
views
IP Whitelisting in (AKS) Kubernetes / ingress-nginx
Hello anyone who reads this,
I'm looking for a way to restrict access to a publically exposed service (type LoadBalancer) at 234.234.234.234:1234 to a specific trusted IP at 123.123.123.123.
The way ...
1
vote
4
answers
290
views
NFS and ACLs in a Kerberos context on Rocky Linux 8.9
We're running a Rocky Linux 8.9 (so, essentially RHEL 8.9) shop and I've been tasked with investigating ACLs on filesystems mounted via NFS. We're using FreeIPA/IdM as well.
I've set up a test machine,...
1
vote
0
answers
57
views
Windows: not moving permissions when moving files on the same volume
For a service we are setting up, one of our Linux servers has a CIFS mount to one of our central storage servers, using a specific service account dedicated for this purpose. The remote directory is ...
0
votes
1
answer
282
views
How to chown a directory on a mounted samba share?
I have a linux client mounting a samba share with the following fstab entry:
//<serverip>/<nameofshare> /home/user -o nofail,x-systemd.device-timeout=15s,vers=3.11,user=<sambauser>,...
0
votes
1
answer
91
views
Permission error when setting global-acls in dovecot
Dovecot's ACL plugin instructions indicate that for global acl's, we're supposed to create an acl file in /etc/dovecot/. and to include the access control list items in it. So I've created /etc/...
0
votes
1
answer
285
views
how to block outgoing traffic in ec2 without blocking ssh
I have an EC2 with has public subnet and traffic is flowing through internet gateway.
Now, i have an requirement like I have to block all outgoing traffic in EC2.
I have tried to restrict the traffic ...
0
votes
0
answers
69
views
Default ACL to backup another user's home directory
I have written a script to backup our servers.
It runs as the "backup" user on multiple Oracle Linux 7/8/9 systems and has to backup other users homes directories, among other things, using ...
0
votes
1
answer
83
views
OpenLDAP peername.ip ACL not working for subnets
I have the following ACL stored in my /etc/openldap/slapd.conf file:
access to dn.regex="^([^,]+,)?ou=(groups|addressbook),dc=ldap$"
by dn.exact="cn=directory,ou=users,dc=ldap&...
0
votes
0
answers
90
views
ACL permissions on Chroot directory
I have the Named service in a Chroot environment, I need a user to be able to modify the live files of the path /var/named/chroot/etc and I do not want to give full permissions with sudo, I have used ...
1
vote
1
answer
8k
views
nginx, only allow certain IPs to access a URL prefix
In nginx, how can I restrict access to a certain URL prefix by IP address. i.e. “only these IPs are allowed to access $URL?”.
I have a location … { directive, but it looks like the nginx allow & ...
0
votes
0
answers
370
views
How to restrict ssh access only to users within multiple groups?
I would like to know how to allow ssh access to users who are in multiple groups. For example, in general, if the user is part of the group shell then they may access a number of servers. However, I ...
0
votes
1
answer
24
views
Aruba Access list redundant entries
I am using Aruba switches, and the configuration that I have been given to review has redundant entries in the ACL per below:
14 permit tcp 10.255.252.0/255.255.255.0 any eq ssh
15 permit tcp 10.255....