Permissions 

File Permissions


Action --- r-- -w- --x rw- r-x -wx rwx r-s
read - cat file no yes no no yes yes no yes
write - ls /tmp >> file no no yes no yes no yes yes
write - ls /tmp > file no no yes no yes no yes yes
remove file yes* yes* yes yes* yes yes* yes yes
executing a script no no no no no yes no yes yes**

yes*: These files gave a "rm: remove write-protected file 'filename'?" error. Saying "yes" removes these files. Also performing a "rm -rf" file removes the file without any warning. The ability to remove a file is controlled at the directory level.
yes**: execute a file with permission of owner or group

Directory Permissions


Action --- r-- -w- --x rw- r-x -wx rwx
cd into directory no no no yes no yes yes yes
ls directory no yes* no no yes* yes no yes
file name completion no yes no no yes yes no yes
create new file in dir. no no no no no no yes yes
read file in dir. no no no yes no yes yes yes
modify file in dir. no no no yes no yes yes yes
remove files no no no no no no yes yes
execute script no no no yes no yes yes yes

ls = yes* - Only the files are listed with error. No other file attributes are able to be listed. File name completion works in these cases as well.

t - Save text attribute (sticky bit): The user may delete or modify only those files in the directory that they own or have write permission for (/tmp).

s - Set group ID: files in that directory will have the group ownership as the directory, instead of than the group of the user that created the file


If you want to have full access to a directory with 2 different users in different groups make a new group and add both users.

addgroup newgroup
adduser user1 newgroup
adduser user2 newgroup

chown root:newgroup /directory
chmod 775 /directory

You do not need to use group ID (s-Flag).


You can use these commands to set 755 on directories and 644 on files

find -type f -exec chmod 644 {} \;
find -type d -exec chmod 755 {} \;


[ view entry ] ( 911 views )   |  print article
Monitoring filesystem activity under Linux with block_dump 
sudo sysctl vm.block_dump=1

or

echo 1 > /proc/sys/vm/block_dump


tail -f /var/log/kern.log

[ view entry ] ( 2729 views )   |  print article
ntfs read/write with feisty 
apt-get install ntfs-g3

/etc/group
+fuse:x:100:users

vol_id /dev/sda1

/etc/fstab
UUID=5EFC7B02FC7AD42D   /media/usbhdd ntfs-3g rw,users,uid=1000,guid=1000,umask=007,locale=de_AT.utf8,force   0    0
user can mount but not unmount
https://bugs.launchpad.net/ubuntu/+source/util-linux/+bug/71609/comments/7

wget http://launchpadlibrarian.net/7435949/u ... ount.patch

$ sudo apt-get update
$ sudo apt-get install build-essential
$ sudo apt-get build-dep mount
$ cd /tmp
$ apt-get source mount
$ cd util-linux-2.12r
$ ./debian/rules patch
$ patch -Np1 -i ../util-linux_user_mount.patch
$ ./configure
$ make lib
$ make -C mount
$ sudo chown root:root mount/umount
$ sudo chmod 4755 mount/umount
$ sudo mv mount/umount /bin

automount with udev:

06-usbsticks.rules
BUS=="usb", KERNEL=="sd*", SYSFS{serial}=="DEF10000CC2DAB6", NAME="%k", run+="/bin/mount /media/usbhdd"


[ view entry ] ( 1196 views )   |  print article
blocking ads with squid 
/etc/squid/squid.conf
+acl ads dstdom_regex -i "/etc/squid.adservers"
+http_access deny ads

# INSERT YOUR OWN RULE(S) HERE TO ALLOW ACCESS FROM YOUR CLIENTS

update-squid-adservers.sh:
#!/bin/sh

### short script that downloads a list of ad servers for use with
### squid to block ads.
###
### details on configuring squid itself can be found here:
###
### http://pgl.yoyo.org/adservers/#withsquid
###
### - originally by Stephen Patterson <steve@lexx.uklinux.net>
### - butchered by Peter Lowe <pgl@yoyo.org>
###

## set things
##

# URL of the ad server list to download
#listurl='http://pgl.yoyo.org/adservers/serverlist.php?hostformat=nohtml'
listurl='http://pgl.yoyo.org/adservers/serverlist.php?hostformat=squid-dstdom-regex;showintro=0'
# location of the list of ad servers used by Squid
targetfile='/etc/squid.adservers'

# location of a file where hostnames not listed can be added
extrasfile='/etc/squid-extra.adservers'

# command to reload squid - change according to your system
reloadcmd='/etc/init.d/squid reload'

# temp file to use
tmpfile="/tmp/.adlist.$$"

# command to fetch the list (alternatives commented out)
fetchcmd="wget -q $listurl -O $tmpfile"
#fetchcmd="lynx -dump $listurl > $tmpfile"
#fetchcmd="fetch -qo $tmpfile $listurl"


## do things
##

# get a fresh list of ad server addresses for squid to refuse
$fetchcmd

# add the extras
[ -f "$extrasfile" ] && cat $extrasfile >> $tmpfile

# check the temp file exists OK before overwriting the existing list
if [ ! -s $tmpfile ]
then
echo "temp file '$tmpfile' either doesn't exist or is empty; quitting"
exit
fi

# sort and filter out duplicates
sort $tmpfile > $targetfile

# clean up
rm $tmpfile

# delete needed trackers
#sed -i -e '/etracker\\\.de/d' -e '/sitestat\\\.com/d' $targetfile

# restart Squid
$reloadcmd


[ view entry ] ( 1189 views )   |  print article
Internetaccess via modem 
apt-get install ppp

edit /etc/ppp/pap-secrets

/etc/network/interfaces

auto modem
iface modem inet ppp
provider modem

/etc/ppp/peers/modem
ttyS0
38400
connect "/usr/sbin/chat -v -f /etc/ppp/peers/modem.chat"
disconnect "/usr/sbin/chat -v -f /etc/ppp/peers/modem.hangup"

192.168.1.3:192.168.1.1

user USERNAME
noauth
asyncmap 0
crtscts
lock
modem
lcp-echo-interval 30
lcp-echo-failure 4
ipcp-accept-local
ipcp-accept-remote
noproxyarp
noipx
noipv6
nodefaultroute
mru 542

debug
#updetach

demand
idle 120
holdoff 10

/etc/ppp/peers/modem.chat
ABORT        BUSY
ABORT "NO CARRIER"
ABORT VOICE
ABORT "NO DIALTONE"
SAY "\nConnecing..."
"" ATDTnumber
TIMEOUT 90
CONNECT ""
SAY "\nConnected.

/etc/ppp/peers/modem.hangup
"" '\K\d'
"" '+++\d'
"" 'ATH\d'
"" 'ATZ'


[ view entry ] ( 1023 views )   |  print article

<<First <Back | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | Next> Last>>