I am using Samba 3.6.6 on Debian Wheezy.
I want to be able to change www files on my dev server using my macbook.
So I setup samba and made a share for the /var/www directory.
I added the users bart & root to samba to connect. And connect using command K and then smb://192.168.2.100 (my samba server).
As apache uses www-data as a user and group for the www files I use force user and force group in samba to prevent errors in the rights.
However it does force the group www-data, but doesn't force the user. Every file I create is being owned by root in the group www-data.
To seek for errors I tailed the logs in /var/log/samba and only found an error in the log.smbd when restarting the samba service. See the log here:
smbd version 3.6.6 started.
Copyright Andrew Tridgell and the Samba Team 1992-2011
[2013/09/23 11:14:22.601031, 0] printing/print_cups.c:110(cups_connect)
Unable to connect to CUPS server localhost:631 - Connection refused
[2013/09/23 11:14:22.602215, 0] printing/print_cups.c:487(cups_async_callback)
failed to retrieve printer list: NT_STATUS_UNSUCCESSFUL
And here is my smb.conf:
[global]
server string = %h server
map to guest = Bad User
obey pam restrictions = Yes
pam password change = Yes
passwd program = /usr/bin/passwd %u
passwd chat = *Enter\snew\s*\spassword:* %n\n *Retype\snew\s*\spassword:* %n\n *password\supdated\ssuccessfully* .
unix password sync = Yes
syslog = 0
log file = /var/log/samba/log.%m
max log size = 1000
dns proxy = No
usershare allow guests = Yes
panic action = /usr/share/samba/panic-action %d
idmap config * : backend = tdb
[homes]
comment = Home Directories
valid users = %S
create mask = 0700
directory mask = 0700
browseable = No
[printers]
comment = All Printers
path = /var/spool/samba
create mask = 0700
printable = Yes
print ok = Yes
browseable = No
[print$]
comment = Printer Drivers
path = /var/lib/samba/printers
[www]
comment = www
path = /var/www/
valid users = bart, root
admin users = bart, root
write list = bart, root
force user = www-data
force group = www-data
read only = No
I even tried adding www-data to the valid users as well as the admin users and the write list. This of course did not have any effect.
Can you help me out? Thanks in advance!
With a little help from someone else who said:
"I think that in this case the option admin users overrides the option force user."
I removed the admin users and my issue was solved!
Related
Everytime I run a sudo command, I get the following error message:
/etc/sudoers: syntax error near line 1 <<<
sudo: parse error in /etc/sudoers near line 1
sudo: no valid sudoers sources found, quitting
sudo: unable to initialize policy plugin
My sudoers file within /etc/ is empty. How do I resolve this issue? I'm on Mac OS High Sierra
You could try this link to grab some sudoer file examples. Re-create your sudoers file using the visudo command
http://www.softpanorama.org/Access_control/Sudo/sudoer_file_examples.shtml
In case the link breaks, here is a "default" sudoer file that is described on that page:
# Sample /etc/sudoers file.
#
# This file MUST be edited with the 'visudo' command as root.
#
# See the sudoers man page for the details on how to write a sudoers file.
#
##
# User alias specification
##
User_Alias FULLTIMERS = millert, mikef, dowdy
User_Alias PARTTIMERS = bostley, jwfox, crawl
User_Alias WEBMASTERS = will, wendy, wim
##
# Runas alias specification
##
Runas_Alias OP = root, operator
Runas_Alias DB = oracle, sybase
##
# Host alias specification
##
Host_Alias SPARC = bigtime, eclipse, moet, anchor:\
SGI = grolsch, dandelion, black:\
ALPHA = widget, thalamus, foobar:\
HPPA = boa, nag, python
Host_Alias CUNETS = 128.138.0.0/255.255.0.0
Host_Alias CSNETS = 128.138.243.0, 128.138.204.0/24, 128.138.242.0
Host_Alias SERVERS = master, mail, www, ns
Host_Alias CDROM = orion, perseus, hercules
##
# Cmnd alias specification
##
Cmnd_Alias DUMPS = /usr/sbin/dump, /usr/sbin/rdump, /usr/sbin/restore, \
/usr/sbin/rrestore, /usr/bin/mt
Cmnd_Alias KILL = /usr/bin/kill
Cmnd_Alias PRINTING = /usr/sbin/lpc, /usr/bin/lprm
Cmnd_Alias SHUTDOWN = /usr/sbin/shutdown
Cmnd_Alias HALT = /usr/sbin/halt
Cmnd_Alias REBOOT = /usr/sbin/reboot
Cmnd_Alias SHELLS = /sbin/sh, /usr/bin/sh, /usr/bin/csh, /usr/bin/ksh, \
/usr/local/bin/tcsh, /usr/bin/rsh, \
/usr/local/bin/zsh
Cmnd_Alias SU = /usr/bin/su
Cmnd_Alias VIPW = /usr/sbin/vipw, /usr/bin/passwd, /usr/bin/chsh, \
/usr/bin/chfn
##
# Override built-in defaults
##
Defaults syslog=auth
Defaults>root !set_logname
Defaults:FULLTIMERS !lecture
Defaults:millert !authenticate
Defaults#SERVERS log_year, logfile=/var/log/sudo.log
##
# User specification
##
# root and users in group wheel can run anything on any machine as any user
root ALL = (ALL) ALL
%wheel ALL = (ALL) ALL
# full time sysadmins can run anything on any machine without a password
FULLTIMERS ALL = NOPASSWD: ALL
# part time sysadmins may run anything but need a password
PARTTIMERS ALL = ALL
# jack may run anything on machines in CSNETS
jack CSNETS = ALL
# lisa may run any command on any host in CUNETS (a class B network)
lisa CUNETS = ALL
# operator may run maintenance commands and anything in /usr/oper/bin/
operator ALL = DUMPS, KILL, SHUTDOWN, HALT, REBOOT, PRINTING,\
sudoedit /etc/printcap, /usr/oper/bin/
# joe may su only to operator
joe ALL = /usr/bin/su operator
# pete may change passwords for anyone but root on the hp snakes
pete HPPA = /usr/bin/passwd [A-z]*, !/usr/bin/passwd root
# bob may run anything on the sparc and sgi machines as any user
# listed in the Runas_Alias "OP" (ie: root and operator)
bob SPARC = (OP) ALL : SGI = (OP) ALL
# jim may run anything on machines in the biglab netgroup
jim +biglab = ALL
# users in the secretaries netgroup need to help manage the printers
# as well as add and remove users
+secretaries ALL = PRINTING, /usr/bin/adduser, /usr/bin/rmuser
# fred can run commands as oracle or sybase without a password
fred ALL = (DB) NOPASSWD: ALL
# on the alphas, john may su to anyone but root and flags are not allowed
john ALPHA = /usr/bin/su [!-]*, !/usr/bin/su *root*
# jen can run anything on all machines except the ones
# in the "SERVERS" Host_Alias
jen ALL, !SERVERS = ALL
# jill can run any commands in the directory /usr/bin/, except for
# those in the SU and SHELLS aliases.
jill SERVERS = /usr/bin/, !SU, !SHELLS
# steve can run any command in the directory /usr/local/op_commands/
# as user operator.
steve CSNETS = (operator) /usr/local/op_commands/
# matt needs to be able to kill things on his workstation when
# they get hung.
matt valkyrie = KILL
# users in the WEBMASTERS User_Alias (will, wendy, and wim)
# may run any command as user www (which owns the web pages)
# or simply su to www.
WEBMASTERS www = (www) ALL, (root) /usr/bin/su www
# anyone can mount/unmount a cd-rom on the machines in the CDROM alias
ALL CDROM = NOPASSWD: /sbin/umount /CDROM,\
/sbin/mount -o nosuid\,nodev /dev/cd0a /CDROM
Never open sudoer file with a normal editor. always use visudo
just type
sudo visudo
this will take you to /etc/sudoers and upon saving it will make sure that there is no error in formatting.
if you make an error in sudoer file, you will lose sudo access, so always use visudo
You can use pkexec if you are stuck.
pkexec allows you to execute program as another user. If you don't specify a user then the program will be executed as root
Root Escalation
pkexec bash
Fix your syntax error
visudo
Ubuntu 20.04 encounter this error upon "sudo anycommand"
/etc/sudoers.d/sudoers: too many levels of includes near line 29 <<<
sudo: parse error in /etc/sudoers.d/sudoers near line 29
sudo: no valid sudoers sources found, quitting
sudo: unable to initialize policy plugin
My solution:
Though not know how the sudoers file created in /etc/sudoers.d.
After reading README in /etc/sudoers.d,
Extract of README
Note that there must be at least one file in the sudoers.d directory (this one will do), and all files in this directory should be mode 0440.
Removed the sudoers in /etc/sudoers.d
pkexec rm /etc/sudoers.d/sudoers
System will prompt for user password.
Can execute sudo command as usual.
I have installed Asterisk and Asterisk GUI on an Ubuntu Desktop 14.04. When I go to the GUI page and login it comes up and says "Checking write permission for gui folder" and stays on that screen.
http.conf file:
[general]
enabled = yes
bindaddr = 10.0.0.16
bindport = 8088
prefix = asterisk
;sessionlimit=100
enablestatic = yes
redirect = / /asterisk/static/config/index.htm
manager.conf file:
[general]
enabled = yes
webenabled = yes
port = 5038
bindaddr = 10.0.0.16
;#include "manager.d/*.conf"
[admin]
secret = admin
read = system,call,log,verbose,command,agent,user,config
write = system,call,log,verbose,command,agent,user,config,originate
Those config files have no any relation.
1) check in asterisk.conf which user it use(usualy asterisk)
2) do
chown asterisk /var/lib/asterisk/ /var/spool/asterisk -R
chmod 777 should only be required, when the user asterisk has not been added or when it's group membership is somehow messed up - otherwise a chown should be enough to open the astdb.sqlite3 in read/write mode.
chown -R asterisk:asterisk /etc/asterisk/ /var/lib/asterisk /usr/share/asterisk
chmod 644 /etc/asterisk/*
wiki
Can someone explain what I am getting an access denied message when I try accessing the folders via Windows 8
[global]
workgroup = WORKGROUP
usershare allow guests = yes
security=share
#security=user
follow symlinks = yes
wide links = no
unix extensions = no
lock directory = /var/cache/samba
realm = localdomain
server role = domain controller
[pi]
browsable = yes
read only = no
guest ok = yes
path = /home/pi
#force user = pi (no longer needed)
[devices]
browsable = yes
guest ok = yes
writable = yes
path = /media
[Toshiba HDD]
browsable = yes
guest ok = yes
writable = yes
path = /ToshibaHDD
That may depend on the directory and file rights. If the us who runs smb have no access rights, you can't read or write files. You can find out file permissions with ls -la you will also see owner and owner group.
You can try to set read and write permissions for all (chmod 777 directory -R). If this was the problem, then you should give read and write permissions only to the user that runs smb. Set permissions for all back to 0 (770) because of security reasons.
Here you find a tutorial on set up samba for Rasapberry Pi.
I have installed maradns in windows 7 machine, I have configured it, It can able to handle internal requests, But not external ones
marac file
ipv4_bind_addresses = "127.0.0.1"
timestamp_type = 2
random_seed_file = "secret.txt"
csv2 = {}
csv2["myapp.com."] = "db.lan.txt"
upstream_servers = {} # Initialize dictionary variable
upstream_servers["."] = "8.8.8.8, 8.8.4.4"
db.lan.txt
private.% 192.168.1.21 ~
blog.% 192.168.1.16 ~
For external requests, its giving me the below error
C:\Program Files\maradns-2-0-06-win32>askmara.exe Agoogle.com.
# Querying the server with the IP 127.0.0.1
# Remote server said: REFUSED
# NS replies:
# AR replies:
For internal requests, Its working fine as below
C:\Program Files\maradns-2-0-06-win32>askmara.exe Aprivate.myapp.com.
# Querying the server with the IP 127.0.0.1
# Question: Aprivate.myapp.com.
private.myapp.com. +86400 a 192.168.1.21
# NS replies:
#myapp.com. +86400 ns synth-ip-7f000001.myapp.com.
# AR replies:
#synth-ip-7f000001.myapp.com. +86400 a 127.0.0.1
And when i start the server, I am getting a prompt with a warning as well
How to resolve this issue.
i had the same problem.. fixed it by replacing the latest version with the version 1.4..
after that the only i did was run the mkSecretTxt.exe to create the secret.txt file and configured the mararc file like this:
this is my current mararc file:
# Win32-specific MaraRC file; this makes a basic recursive DNS
# server.
hide_disclaimer = "YES"
ipv4_bind_addresses = "127.0.0.1"
recursive_acl = "127.0.0.1/8"
timestamp_type = 2
csv2 = {}
csv2["local.com."] = "db.lan.txt"
# This is insecure until the secret.txt file is edited
random_seed_file = "secret.txt"
upstream_servers = {}
upstream_servers["."] = "208.67.222.222,208.67.220.220"
db.lan.txt
% 192.168.1.33 ~
As you can see i've used the openDNS servers, if your still get the error try them as well.
http://www.opendns.com/support/article/105
cheers
For anyone following along with this, it seems the current solution as of MaraDNS > 2.0 is to use MaraDNS in conjunction with the included Deadwood recursive server to be able to handle both local and external resolution. I was able to get this working on my Windows 10 machine with the following configs...
Assume that the Windows machine's IP address is 192.168.1.2
In the MaraDNS mararc file:
ipv4_bind_addresses = "127.0.0.1"
timestamp_type = 2
random_seed_file = "secret.txt"
csv2 = {}
csv2["mylocalnet.com."] = "db.lan.txt"
In the db.lan.txt file:
% 192.168.1.XXX ~
And in the Deadwood dwood3rc.txt config file:
upstream_servers = {}
upstream_servers["."]="8.8.8.8, 8.8.4.4"
upstream_servers["mylocalnet.com."]="127.0.0.1"
bind_address="192.168.1.2"
recursive_acl = "127.0.0.1/16, 192.168.1.1/24"
# By default, for security reasons, Deadwood does not allow IPs in the
# 192.168.x.x, 172.[16-31].x.x, 10.x.x.x, 127.x.x.x, 169.254.x.x,
# 224.x.x.x, or 0.0.x.x range. If using Deadwood to resolve names
# on an internal network, uncomment the following line:
filter_rfc1918 = 0
You could potentially set up multiple machines to act as independent servers, but my config above was particular in that in enabled me to run both servers on the same machine. You can see that in the Deadwood config, I'm using Google's DNS servers to handle all upstream requests with the exception of mylocalnet.com. which gets forwarded to localhost and handled by MaraDNS.
From here, you just need to launch both programs and point DNS to 192.168.1.2. Should be good to go!
I am trying to send an email from R, using the sendmailR package. The code below works fine when I run it on my PC, and I recieve the email. However, when I run it with my macbook pro, it fails with the following error:
library(sendmailR)
from <- sprintf("<sendmailR#%s>", Sys.info()[4])
to <- "<myemail#gmail.com>"
subject <- "TEST"
sendmail(from, to, subject, body,
control=list(smtpServer="ASPMX.L.GOOGLE.COM"))
Error in socketConnection(host = server, port = port, blocking = TRUE) :
cannot open the connection
In addition: Warning message:
In socketConnection(host = server, port = port, blocking = TRUE) :
ASPMX.L.GOOGLE.COM:25 cannot be opened
Any ideas as to why this would work on a PC, but not a mac? I turned the firewall off on both machines.
Are you able to send email via the command-line?
So, first of all, fire up a Terminal and then
$ echo “Test 123” | mail -s “Test” user#domain.com
Look into /var/log/mail.log, or better use
$ tail -f /var/log/mail.log
in a different window while you send your email. If you see something like
... setting up TLS connection to smtp.gmail.com[xxx.xx.xxx.xxx]:587
... Trusted TLS connection established to smtp.gmail.com[xxx.xx.xxx.xxx]:587:\
TLSv1 with cipher RC4-MD5 (128/128 bits)
then you succeeded. Otherwise, it means you have to configure you mailing system. I use postfix with Gmail for two years now, and I never had have problem with it. Basically, you need to grab the Equifax certificates, Equifax_Secure_CA.pem from here: http://www.geotrust.com/resources/root-certificates/. (They were using Thawtee certificates before but they changed last year.) Then, assuming you used Gmail,
Create relay_password in /etc/postfix and put a single line like this (with your correct login and password):
smtp.gmail.com login#gmail.com:password
then in a Terminal,
$ sudo postmap /etc/postfix/relay_password
to update Postfix lookup table.
Add the certificates in /etc/postfix/certs, or any folder you like, then
$ sudo c_rehash /etc/postfix/certs/
(i.e., rehash the certificates with Openssl).
Edit /etc/postfix/main.cf so that it includes the following lines (adjust the paths if needed):
relayhost = smtp.gmail.com:587
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/relay_password
smtp_sasl_security_options = noanonymous
smtp_tls_security_level = may
smtp_tls_CApath = /etc/postfix/certs
smtp_tls_session_cache_database = btree:/etc/postfix/smtp_scache
smtp_tls_session_cache_timeout = 3600s
smtp_tls_loglevel = 1
tls_random_source = dev:/dev/urandom
Finally, just reload the Postfix process, with e.g.
$ sudo postfix reload
(a combination of start/stop works too).
You can choose a different port for the SMTP, e.g. 465.
It’s still possible to use SASL without TLS (the above steps are basically the same), but in both case the main problem is that your login informations are available in a plan text file... Also, should you want to use your MobileMe account, just replace the Gmail SMTP server with smtp.me.com.