0

Well, members of the restricted group should be able to navigate the restricted directory, and read files that have group read permissions on them. So, what precisely is going on? As root, create a file in /home/restricted with some text. Make the file's group "restricted", and make sure that the group permissions include +r (read access).

0

Dear Rubberman,
Ok I did this now. The problem when I do a remote connection I can not even go into the folder of /home/restricted. If you notice the user1 is not part of restricted group can that be a problem?

[root@localhost restricted]# vi test1.txt
[root@localhost restricted]# ls -la
total 16
drwxr-x--- 2 root restricted 4096 Nov  9 15:03 .
drwxr-xr-x 6 root root       4096 May 11 19:58 ..
-rw-r--r-- 1 root root          9 Nov  9 15:03 test1.txt
0

Yes. User1 has to be a member of the restricted group in order to access the directory, which is why you need to use the groupadd command to add that user to the group.

0

Dear Rubberman,
I have run this command many times useradd -g restricted user1
useradd: user user1 exists. So which command must I use usermod -a -G restricted user1?

0

Dear Rubberman,
I tried this groupadd -g restricted user1
and got this message groupadd: invalid group ID 'restricted'. I am not too sure about SE Linux ACL I never handle that before so what to check in there?

0

To add the restricted group, just use the command: groupadd restricted
To add user1 to group restricted, do this: usermod -G restricted user1

0

Dear Rubberman,
I have try this command few times and reboot my machine usermod -G restricted user1 but still if you notice user1 group is user1 not restricted.

ls -la
total 32
drwxr-xr-x  6 root  root       4096 May 11 19:58 .
drwxr-xr-x 23 root  root       4096 Nov  9 15:28 ..
drwx------  3 adam  adam       4096 Oct 26 01:48 adam
drwxr-x---  2 root  restricted 4096 Nov  9 15:03 restricted
drwx------  3 test1 test1      4096 Nov  8 02:27 test1
drwx------  3 user1 user1      4096 Nov  8 02:39 user1
0

Dear Rubberman,
It looks ok now as I can go into the restricted folder ready for user1. But why under the group it shows user1 and not resctricted?

0

Dear Rubberman,
Below is what I did. But when I do a ls -la for home the group for user1 is still user1? So via root can we know user group.

[user1@localhost home]$ groups
restricted
[user1@localhost home]$ ls -la
total 36
drwxr-xr-x  7 root  root       4096 Nov  9 15:56 .
drwxr-xr-x 23 root  root       4096 Nov  9 15:28 ..
drwx------  3 adam  adam       4096 Oct 26 01:48 adam
drwxr-x---  2 root  restricted 4096 Nov  9 15:03 restricted
drwx------  3 test1 test1      4096 Nov  8 02:27 test1
drwx------  3 test2 test2      4096 Nov  9 15:56 test2
drwx------  3 user1 user1      4096 Nov  8 02:39 user1
[user1@localhost home]$
0

Well, there shouldn't be a problem then. I don't know why your system is keeping user1 out of the directory. Can they CD to it and list the contents?

0

Dear Rubberman,
By right when I do ls -la the user1 group should be restricted right? Yes I can cd and view the file but cant change it so is correct.

0

If you want to allow members of the restricted group to edit (but not delete) specific files, then then owner (or root) can change the group file permissions with the g+w option to chmod on the file: chmod g+w filename

In order for a member of the restricted group to delete or create a file, then the containing directory must have the write permission set as well as read+execute.

0

Dear Rubberman,
Now my challenge is how can I make sure if the user1 logged into the system he can only be in restricted folder and cannot cd to any other folders? I want to lock him just here?

0

Kind of a "view only in one directory" user? You can use the usermod command to change their login directory to /home/restricted and learn how to use chroot so that when they login, all they can see of the system is that directory

Anyway, that's about all the time I have for helping you with this topic. I think you are more than 1/2 of the way to where you want to get, but you need to do more reading/studying of Linux user administration to accomplish what you need. There are a lot of online documents, FAQ's, and How-To's that will help. Remember, Google is your friend! Also, the Wikipedia.

0

Dear Rubberman,
Ok I actually read and collected some material. Some are talking about doing the chroot via openssh and some talking about pam. I am kind of confuse and lost here too. I have actually find a number of site like below.If you look some say need to upgrade openssh to version 5 etc. So what is the recommended method cause too many avaialable on google.

http://geek.co.il/wp/2010/03/14/how-to-build-a-chroot-jail-environment-for-centos
http://blogs4linux.blogspot.com/2011/08/set-up-chroot-sftp-on-red-hat.html
http://v2.robbyt.com/2008/howto/chrooted-sftp-with-openssh-5/

0

i am trying to install pf_ring in my ubuntu12.04. i followed every step given in its user guide and was successfull to execute every step given in it. but moment i run the examples given in example directory i get following error:after executing # gcc pfcount.c -lpcap -lpthread
any suggession why this is coming .

/tmp/ccJEMuAO.o: In function print_stats': pfcount.c:(.text+0xe6): undefined reference topfring_stats'
pfcount.c:(.text+0x307): undefined reference to pfring_format_numbers' pfcount.c:(.text+0x34e): undefined reference topfring_format_numbers'
pfcount.c:(.text+0x3a4): undefined reference to pfring_format_numbers' pfcount.c:(.text+0x41f): undefined reference topfring_format_numbers'
pfcount.c:(.text+0x556): undefined reference to pfring_format_numbers' /tmp/ccJEMuAO.o:pfcount.c:(.text+0x594): more undefined references topfring_format_numbers' follow
/tmp/ccJEMuAO.o: In function drop_packet_rule': pfcount.c:(.text+0x813): undefined reference topfring_handle_hash_filtering_rule'
pfcount.c:(.text+0x930): undefined reference to pfring_add_filtering_rule' /tmp/ccJEMuAO.o: In functionsigproc':
pfcount.c:(.text+0xa03): undefined reference to pfring_close' /tmp/ccJEMuAO.o: In functiondummyProcesssPacket':
pfcount.c:(.text+0xe17): undefined reference to pfring_parse_pkt' pfcount.c:(.text+0x1469): undefined reference topfring_parse_pkt'
/tmp/ccJEMuAO.o: In function packet_consumer_thread': pfcount.c:(.text+0x18bb): undefined reference topfring_recv'
/tmp/ccJEMuAO.o: In function main': pfcount.c:(.text+0x1c4d): undefined reference topfring_config'
pfcount.c:(.text+0x1c99): undefined reference to pfring_open' pfcount.c:(.text+0x1cf8): undefined reference topfring_set_application_name'
pfcount.c:(.text+0x1d0d): undefined reference to pfring_version' pfcount.c:(.text+0x1d8e): undefined reference topfring_get_bound_device_address'
pfcount.c:(.text+0x1dd9): undefined reference to pfring_get_bound_device_ifindex' pfcount.c:(.text+0x1e21): undefined reference topfring_get_num_rx_channels'
pfcount.c:(.text+0x1e68): undefined reference to pfring_set_bpf_filter' pfcount.c:(.text+0x1ecb): undefined reference topfring_set_cluster'
pfcount.c:(.text+0x1ef9): undefined reference to pfring_set_direction' pfcount.c:(.text+0x1f12): undefined reference topfring_set_socket_mode'
pfcount.c:(.text+0x1f59): undefined reference to pfring_set_poll_watermark' pfcount.c:(.text+0x1fa7): undefined reference topfring_set_reflector_device'
pfcount.c:(.text+0x1fed): undefined reference to pfring_enable_rss_rehash' pfcount.c:(.text+0x200b): undefined reference topfring_set_poll_duration'
pfcount.c:(.text+0x207d): undefined reference to pfring_enable_ring' pfcount.c:(.text+0x209a): undefined reference topfring_close'
pfcount.c:(.text+0x2132): undefined reference to pfring_loop' pfcount.c:(.text+0x2157): undefined reference topfring_close'
collect2: ld returned 1 exit status

0

i am trying to install pf_ring in my ubuntu12.04. i followed every step given in its user guide and was successfull to execute every step given in it. but moment i run the examples given in example directory i get following error:after executing # gcc pfcount.c -lpcap -lpthread
any suggession why this is coming .

/tmp/ccJEMuAO.o: In function print_stats': pfcount.c:(.text+0xe6): undefined reference topfring_stats'
pfcount.c:(.text+0x307): undefined reference to pfring_format_numbers' pfcount.c:(.text+0x34e): undefined reference topfring_format_numbers'
pfcount.c:(.text+0x3a4): undefined reference to pfring_format_numbers' pfcount.c:(.text+0x41f): undefined reference topfring_format_numbers'
pfcount.c:(.text+0x556): undefined reference to pfring_format_numbers' /tmp/ccJEMuAO.o:pfcount.c:(.text+0x594): more undefined references topfring_format_numbers' follow
/tmp/ccJEMuAO.o: In function drop_packet_rule': pfcount.c:(.text+0x813): undefined reference topfring_handle_hash_filtering_rule'
pfcount.c:(.text+0x930): undefined reference to pfring_add_filtering_rule' /tmp/ccJEMuAO.o: In functionsigproc':
pfcount.c:(.text+0xa03): undefined reference to pfring_close' /tmp/ccJEMuAO.o: In functiondummyProcesssPacket':
pfcount.c:(.text+0xe17): undefined reference to pfring_parse_pkt' pfcount.c:(.text+0x1469): undefined reference topfring_parse_pkt'
/tmp/ccJEMuAO.o: In function packet_consumer_thread': pfcount.c:(.text+0x18bb): undefined reference topfring_recv'
/tmp/ccJEMuAO.o: In function main': pfcount.c:(.text+0x1c4d): undefined reference topfring_config'
pfcount.c:(.text+0x1c99): undefined reference to pfring_open' pfcount.c:(.text+0x1cf8): undefined reference topfring_set_application_name'
pfcount.c:(.text+0x1d0d): undefined reference to pfring_version' pfcount.c:(.text+0x1d8e): undefined reference topfring_get_bound_device_address'
pfcount.c:(.text+0x1dd9): undefined reference to pfring_get_bound_device_ifindex' pfcount.c:(.text+0x1e21): undefined reference topfring_get_num_rx_channels'
pfcount.c:(.text+0x1e68): undefined reference to pfring_set_bpf_filter' pfcount.c:(.text+0x1ecb): undefined reference topfring_set_cluster'
pfcount.c:(.text+0x1ef9): undefined reference to pfring_set_direction' pfcount.c:(.text+0x1f12): undefined reference topfring_set_socket_mode'
pfcount.c:(.text+0x1f59): undefined reference to pfring_set_poll_watermark' pfcount.c:(.text+0x1fa7): undefined reference topfring_set_reflector_device'
pfcount.c:(.text+0x1fed): undefined reference to pfring_enable_rss_rehash' pfcount.c:(.text+0x200b): undefined reference topfring_set_poll_duration'
pfcount.c:(.text+0x207d): undefined reference to pfring_enable_ring' pfcount.c:(.text+0x209a): undefined reference topfring_close'
pfcount.c:(.text+0x2132): undefined reference to pfring_loop' pfcount.c:(.text+0x2157): undefined reference topfring_close'
collect2: ld returned 1 exit status

2

This is a thread almost a year old. Please don't hijack it, even if your subject is similar. I spent a LOT of time helping newbie14 with his problems. Read the thread, and check with Google Search. So, post as a new thread after you have done some research and tried to sort out your problems, then someone will probably help you through the rougher parts. FWIW, I do this on a consulting basis, and my clients pay me $200USD per hour for my expertise, and in my regular job as a senior systems engineer I make a good fraction of that on a daily basis. Time and my expertise/experience is my only asset. I like to contribute to this and The Linux Forums (also under the Rubberman handle), but try to understand that everyone who contributes to answering questions here has limited time on their hands - use it wisely! :-)

Votes + Comments
well said!
0

Dear Rubberman,Appreciate for all the help and yes you spend a lot of time for me. Unfortunately when I downloaded the latest pf ring 5.5.2 from sourceforge and just try to run make command on centos 6.3 gives me a new error which I am also lost. Any idea.
[test1@capture PF_RING-5.5.2]$ make
cd kernel; make
make[1]: Entering directory /home/test1/PF_RING-5.5.2/kernel' make -C /lib/modules/2.6.32-279.el6.i686/build SUBDIRS=/home/test1/PF_RING-5.5.2/kernel EXTRA_CFLAGS='-I/home/test1/PF_RING-5.5.2/kernel -DSVN_REV="\"exported\""' modules make[2]: Entering directory/usr/src/kernels/2.6.32-279.el6.i686'
CC [M] /home/test1/PF_RING-5.5.2/kernel/pf_ring.o
Assembler messages:
Fatal error: can't create /home/test1/PF_RING-5.5.2/kernel/.tmp_pf_ring.o: Permission denied
/home/test1/PF_RING-5.5.2/kernel/pf_ring.c: In function âbuffer_ring_handlerâ:
/home/test1/PF_RING-5.5.2/kernel/pf_ring.c:4568: warning: pointer targets in assignment differ in signedness
/home/test1/PF_RING-5.5.2/kernel/pf_ring.c: In function âring_getsockoptâ:
/home/test1/PF_RING-5.5.2/kernel/pf_ring.c:7903: warning: pointer targets in passing argument 4 of âplugin_registration[(int)rule->rule.plugin_action.plugin_id]->pfring_plugin_get_statsâ differ in signedness
/home/test1/PF_RING-5.5.2/kernel/pf_ring.c:7903: note: expected âu_char *â but argument is of type âchar *â
/home/test1/PF_RING-5.5.2/kernel/pf_ring.c: In function âpf_ring_inject_packet_to_ringâ:
/home/test1/PF_RING-5.5.2/kernel/pf_ring.c:8579: warning: pointer targets in passing argument 3 of âadd_raw_packet_to_ringâ differ in signedness
/home/test1/PF_RING-5.5.2/kernel/pf_ring.c:2945: note: expected âu_char *â but argument is of type âchar *â
/home/test1/PF_RING-5.5.2/kernel/pf_ring.c:8589: warning: pointer targets in passing argument 3 of âadd_raw_packet_to_ringâ differ in signedness
/home/test1/PF_RING-5.5.2/kernel/pf_ring.c:2945: note: expected âu_char *â but argument is of type âchar *â
make[3]: *** [/home/test1/PF_RING-5.5.2/kernel/pf_ring.o] Error 2
make[2]: *** [_module_/home/test1/PF_RING-5.5.2/kernel] Error 2
make[2]: Leaving directory /usr/src/kernels/2.6.32-279.el6.i686' make[1]: *** [all] Error 2 make[1]: Leaving directory/home/test1/PF_RING-5.5.2/kernel'
make: *** [all] Error 2
[test1@capture PF_RING-5.5.2]$

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.