Questions tagged [access-control]
The access-control tag has no usage guidance, but it has a tag wiki.
183
questions
0
votes
0
answers
33
views
Prevent a program from writing the HOME directory using SMACK
I have a binary program that creates an empty folder in the HOME directory everytime it starts up. I don't like that and want to use the SMACK mechanism to stop it from doing that. My idea is to label ...
0
votes
1
answer
282
views
Apache 2.4: Restrict access to reverse proxy by IP range, and redirect requests from all other hosts
We have a front-end proxy server that serves pages from a back-end website (both running Apache 2.4):
# Apache config snippet from frontend server
SSLProxyEngine on
ProxyPass "/blah" "...
- 389
1
vote
1
answer
57
views
Restrict login to the active user
How can I restrict login so that only I can log into my linux machine, and only directly into the console (active user) I do not want anyone, including me, to be able to log in remotely. Are there ...
- 13
1
vote
1
answer
49
views
ssh-jailed access restrict all groups, but allow one group
Requirement
ssh-jailed access restrict all groups, but allow one group.
login to VM-GP324911 for users in GP324911, deny others.
login to VM-GP9e68e for users in GP9e68ea, deny others.
login to VM-...
- 27
0
votes
0
answers
212
views
Allow sudo but no local login with pam access
Assume we have two servers A and B
A: Heavily locked down. Requires TOTP (google authenticator), password and valid public key. This server allows users to log into B
with their adm accounts (...
- 165
1
vote
3
answers
897
views
How to restrict user login for specific IP-address (private address)?
I have two users on my ssh-server machine, user_A and user_B. user_B is permitted to log in with private key only for security reasons, because he needs to log in from remote. All this works.
My ...
- 13
1
vote
1
answer
182
views
Restrict access to SocketCAN to a certain user group
I have a PC to which a robot is connected via CAN (using SocketCAN). I'd like to control who can send commands to the robot, ideally through a group (i.e. only users who are in the "use_robot&...
- 180
0
votes
0
answers
82
views
Accessing OneDrive Folder on ElementaryOS
I have a computer with Windows 11 and Elementary OS 7. I can't access my OneDrive folder. I tried fsutil reparsepoint delete "C:\Path\To\OneDrive\Folder" but it output an access permission ...
3
votes
1
answer
510
views
What effect has "+:ALL:cron crond" in /etc/security/access.conf?
I am refining our rules in /etc/securiy/access.conf. I found the following rule and I am not sure what it is used for:
+:ALL:cron crond
According to the man page of access.conf it means something ...
- 39
0
votes
1
answer
70
views
What is the best way to manage multiple access using same user?
Scenario:
We have a couple of Ubuntu servers, each with a single user.
The user account has some specific software that bind to the host IP address and a specific port (we cannot change the port ...
- 109
0
votes
1
answer
381
views
Limiting sudo access for certain tasks
I am trying to implement an functionality where I need to limit the acccess of user that currently has sudo permissions to certain processes or files. I need the user to be able to certain tasks like ...
0
votes
0
answers
32
views
How to allow every admin access except viewing and editing a single directory?
We have some servers running our web application as well as nginx, redis and a few other services. I want to grant access to these servers to a system administrator to manage these systems, but I want ...
- 145
1
vote
1
answer
4k
views
Access denied for rsyslog
Good Morning,
I am trying to sends Zeek logs to another host on my local network with rsyslog.
So far I have a configuration file in /etc/rsyslog.d which looks like this :
module(load="imfile&...
- 33
1
vote
0
answers
491
views
Setting ACL recursive execute permission on a folder makes files executable
Running Ubuntu 20.04 LTS running Nginx 1.18.0 and PHP-FPM to serve a website.
I create a new folder as document root in /var/www, owned by the the FPM user foo, that will host a site:
$ sudo mkdir foo
...
- 111
0
votes
1
answer
1k
views
restrict sudo user acess to file/folder
First, sorry in advance, I know there are a billion of these questions but nothing worked for me...
I got a certain file in a directory that shall not be deleted by a sudo user. I know that sudo is ...
user541118