Linux - EnterpriseThis forum is for all items relating to using Linux in the Enterprise.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Originally posted by chort Perhaps if you educate them instead of letting them think it's a huge issue that you need to find a solution to, they might drop that complaint.
... and with any luck, look at they way they secure windows systems and improve the security on them instead.
What i mean, is what stops someone by physically walking up to the computer, booting it up with a livecd (gentoo) and changing files and changing to the root password (assuming that they had access to the server)? I know there is a boot loader password, but isn't there a way to make the root pw iron clad??
I keep telling them that i can change passwords on windows machines and access data with boot disks, but they want to see it. And i don't know how. I can boot it up and format it, but how would i get a "command prompt" on a NTFS file system with a boot disk?
Besides, that's not the point, everything seems fine now - for the moment any way. They are upstairs playing with it right now. I guess i'll have to dig deeper on this password issue.
Exactly the same thing - if you stop the system from booting from another disk it will be much more secure. At the end of the day though anyone with physical access to the drives in the computer can get to the data if it is not encrypted by transplanting them to another machine or reseting the bios.
Distribution: OpenBSD 4.6, OS X 10.6.2, CentOS 4 & 5
Posts: 3,660
Rep:
Phorem,
You can use the Win2K recovery CD to change admin passwords on WinXP, etc. There's also a bootable Linux toolkit for chaging Windows passwords. Some of the Linux LiveCDs have NTFS write support enabled, and of course any system running FAT/FAT32 is completely vulnerable to data modification from any type of bootable media.
Someone can probably provide you with the name of the Linux boot image that has Windows password tools, the name escapes me right now. Knoppix STD (Security Toolkit Distribution) can probably do it.
I'll try using some live cd's and see what i can wreck for them. I also got the chance to bring the server upstairs and plug it in. It all went well, but when i access the server, for example, \\PDF or \\192.168.1.102, it is painfully slowwwwwwwwwwwwwwwwww! I mean, smoke a cig while you're waiting slow. I have tried doing some tweaks to smb.conf, but every time i go to access the printer, the shares or anything from windoze XP, 2000 or whatever, it is so slow. The actual printing and the transfer of files is sweeeeeeeeeeeet, but i can't seem to speed up the initial view and browsing through folders. After, i get that going, i think it'll sell itself. They loved how fast it was on such a minuscule machine - P3 733 Coppermine, 256m, 9gig ide hard drive and an 100m eth0 card - and they want it to do more. So it looks good. But the browsing and the initial connection thing sucks.
Edit** - don't worry about the speed issue, i think i have found a couple solutions in the Samba manual.
every time i go to access the printer, the shares or anything from windoze XP, 2000 or whatever, it is so slow. The actual printing and the transfer of files is sweeeeeeeeeeeet, but i can't seem to speed up the initial view and browsing through folders.
I like david ross 's script - I'd like to make a few changes tho :
Code:
tempdir = /tmp/pdfs
pdfmount = /mnt/pdfmover
pdfuser = pdfs
pdfpass = pdfpass
# If the IP has a directory already then there must be another conversion
# alread happening so wait until it goes (you may want to limit this a bit more)
while [ -x "/mnt/pdflock" ];do
sleep 30;
done
# Mount the remote share
mount -t smbfs //$1/pdfs $pdfmount -o username=$pdfuser,password=$pdfpass
# Do whatever you do to put the pdf in /mnt/pdfmover
mv /tmp/pdfs/*.pdf $pdfmount
# Unmount the drive
umount $pdfmount
# Remove the directory to release the lock
rm -f /mnt/pdflock
For this script to work :
all machines must have a share called pdfs, accessable by the user $pdfuser with the password $pdfpass (constants at the top of the script, so changeable)
the following line must be in your smb.conf :
postexec sh /path/to/script/pdfmover.sh %I
that is, of course assuming that post/pre exec works properly for printers with samba (has anyone tried it? the example given in smb.conf is for cdroms)
I suppose it depends how may conversion you want to allow at once. I was thinking of allowing one per client IP rather than one per server. I suppose it depends on the usage of the system. You could also generate a random number and use it as themount point - this would let you convert as many as needed.
With a little extra work you could have 2 files "maxpdfs" and "curpdfs". maxpdfs simply containing the maximum number of PDFs that can be created at once and curpdfs containing the current number of conversions taking place. You could also throw another file into the equation to make sure that the queuing is done fairly.
You can completely lock it up. Just turn the cdrom off in your bios. Then put a password on the bios. Seams pretty simple and "inexpensive" to me. Also if you dont want them access through other components (ex. usb drives, and other components that can be hacked through) you can do something about that. just compile the kernel so it only supports the hardware in it. Any time you want to upgrade just rebuild the modules :P. seams pretty simple..
The best people to ask about that is hardware manufacturers. You could also buy a device that would only allow the system to come on with a key. Every night you could take that key out, and bam no way they can access it. This technoligy was around since the 286 computer.
Distribution: red hat ,suse 9.0 ,dsl-dam small linux
Posts: 42
Rep:
:O printer
Hi i just red some of the posting i just want to ask you before you switch your workstation to linux What kind of printer you guys have becarfull its not all the models that supports linux of course you can always mount the device just let me no if you got any printer problems il try to help ya and make sure you give me make and model.
PS if its not a xerox i don't want to hear about it
i red a post and you wer saing that pdf was slow if your are using a xerox system try downloading a ps driver you probaly have a pcl driver witch id better for txt file printing a pcl driver spools to mutch with adobe(pdf) files the ps driver handels it mutch better
oh one more thing have you tried suse 9.1 it have samba built it
let me no houw you make out
Last edited by ziggis-soft; 05-09-2004 at 10:53 AM.
I thought i would just drop a line and let people know what has happened with my Samba/PDF server. Well nothing! I got everything working sweet and i got it on the network to test the feasibility of this type of system in a windoze network environment. It all went very well. Very solid and of course i love my little server. But then the proposal got sent to our main office in the US. I don't think the reader (i want to call him/her something else but i will act civil here) even got past the subject in the email - Linux PDF Server. It was a big fat NO! I couldn't believe it. They gave me some shi**y explanation as to why but it really comes down to Microsoft and the Nazi-like contracts they enforce on people and corporations. I'm not even mad. More depressed that they couldn't see the light at the end of the tunnel. Oh well, their loss. It was a good experience and i am currently looking to work elsewhere so i can apply my Linux skills to a company that really isn't scared to try something new and obviously a hell of a lot better than Microsh*t. I'm starting to realize that a medium to small business can benefit highly from Linux.
The reason i even wrote this stuff is so people can see that Linux has no trouble getting people to eoooo and ahhhhhhh when i show them, the problem is - and always will be - POLITICS. If anyone is considering to implement Linux into their network and they are not the boss or the decision maker than be ready for a fight.
1. People fear and shy away from the unknown.
2. Microsoft sucks and will fail. Like it does randomly every hour on our network.
3. I really have to stop ranting. :-)
Originally posted by Phorem The reason i even wrote this stuff is so people can see that Linux has no trouble getting people to eoooo and ahhhhhhh when i show them, the problem is - and always will be - POLITICS. If anyone is considering to implement Linux into their network and they are not the boss or the decision maker than be ready for a fight.
I couldn't agree more - I face the same things every day be it against Microsoft or Novell.
Quote:
Originally posted by Phorem 1. People fear and shy away from the unknown.
2. Microsoft sucks and will fail. Like it does randomly every hour on our network.
3. I really have to stop ranting. :-)
1. The disturbing thing is that the people who make the decisions are always so mis informed and rely on information from only certain members of technical staff whether they know the subject matter or not.
2. Fingers are crossed (yet another ie exploit was announced yesterday)
3. Keep on ranting. If you stop who is going to improve things?
Distribution: red hat ,suse 9.0 ,dsl-dam small linux
Posts: 42
Rep:
Well if it helps the only thing i can tell you guys is that a work for one of the largest corporation in the world ye enploye over 67 000 pepole
and almost all of out equipment is linx (unix) software . What i meen by that is that the software of our main pwb is linx so now you have it dont loose faith guys any one with a head on their shoulder knowes that unix is the king of all so far the only thing they have to work on is to get into gaming alot of pepole wont go with linux just for the simple fact that gaming isint there yet .
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.