Re: Mandrake 8.1 Desktop Gone
- From: Unruh <unruh-spam@xxxxxxxxxxxxxx>
- Date: Thu, 22 Mar 2007 19:50:58 +0100 (CET)
ibuprofin@xxxxxxxxxxxxxxxxxxxxxx (Moe Trin) writes:
On 20 Mar 2007, in the Usenet newsgroup alt.os.linux, in article
<1174425448.294854.3860@xxxxxxxxxxxxxxxxxxxxxxxxxxxx>, ffitz2@xxxxxxxxx wrote:
I screwed up... but I'm not sure how. I'm afraid I'm knowledgable
enough to get into trouble, but not quite enough to get out of it.
That happens - that's how you learn
This is on Mandrake 8.1.
EIGHT POINT ONE??? Wow that is obsolete. Support for that ended
over three years ago. Is there any specific reason you have to be
using something that old?
What I wanted to do:
Tighten down permissions so that ms ie7 ftp wouldn't navigate into the
root.
??? What has msie to do with it?
You want to set up anonymous ftp with a chroot jail. You do not tell us
which ftp daemon you use, but I suspect it is wu-ftpd, which is what was
used then. ( It has had many security issues over the years. Mandriva now
uses vsftpd instead, which is a more secure server).
You have to set up the conf file for the server properly.
iThe /etc/vsftpd/vsftpd.conf file is pretty extensively documented to all
you to know what you are doing.
Read the man page for the FTP server (what-ever it is) and look for the
word 'chroot'.
What I did:
Use chmod to remove "others" access to all directories in root.
AAAAAARGH That is terrible. Many many directories HVE TO be accessible by
others. How do you thing people get to their home directories? /home/user
needs to get into and be able to read ( or at least traverse ) /home.
At this point I would STRONGLY suggest reinstalling a newer version of
Mandriva.
And how exactly? Well, you know not to do THAT again.
What happened:
Websites were no longer accessible. GUI (KDE) wouldn't come up.
Then I restored the r-x for others for all directories in root.
Again - what did you do exactly? By the way, /tmp/ wants to be
'drwxrwxrws' which you get as 'chmod 1777 /tmp'
Websites came back up.
GUI (KDE) still down.
As root '/bin/rpm -Va' and see what all has gotten screwed. It's
probably going to be a lot. You can use rpm to restore permissions
of the stuff it knows about using
[compton ~]$ rpm --help | grep -A2 -- --set
--setperms - set the file permissions to those in the package
database using the same package specification
options as -q
--setugids - set the file owner and group to those in the
package database using the same package
specification options as -q
[compton ~]$
so if I read this correctly, that would be 'rpm --setperms -a' but no
guarantees. Repeat the 'rpm -Va' and see how it improves things.
So...
1. How do I prevent IE7 ftp from getting to places it shouldn't
get to, without killing websites.
You don't give access to idiots using IE7 as root. If you do want to give
them access and want to limit their access, man the FTP server and look at
setting it up in a chroot jail. AT THE VERY LEAST set them up in an
account with minimal access.
[compton ~]$ whatis chroot
chroot (1) - run command or interactive shell with special root directory
chroot (2) - change root directory
[compton ~]$
Warning - this can be more hassle than it's worth. Better way is to not to
allow idiots near the system.
2. How do I get KDE back?
Install a current distribution. The permissions of /tmp are probably wrong
as well.
Old guy.
- Follow-Ups:
- Re: Mandrake 8.1 Desktop Gone
- From: Linuxiac
- Re: Mandrake 8.1 Desktop Gone
- References:
- Mandrake 8.1 Desktop Gone
- From: ffitz2@xxxxxxxxx
- Re: Mandrake 8.1 Desktop Gone
- From: Moe Trin
- Mandrake 8.1 Desktop Gone
- Prev by Date: Re: Newbie question ....
- Next by Date: Re: Disk Defragmenter
- Previous by thread: Re: Mandrake 8.1 Desktop Gone
- Next by thread: Re: Mandrake 8.1 Desktop Gone
- Index(es):
Relevant Pages
|
