LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - General
User Name
Password
Linux - General This Linux forum is for general Linux questions and discussion.
If it is Linux Related and doesn't seem to fit in any other forum then this is the place.

Notices


Reply
  Search this Thread
Old 11-15-2002, 04:59 PM   #1
forand
Member
 
Registered: May 2002
Location: SF Bay Area
Posts: 54

Rep: Reputation: 15
naughty user must be stopped


Hello,
This is a rather annoying problem but I hope there is a solution. I have a user on my server, whom I cannot just kick off, that insists upon setting up webpages which link to mp3s(also on the server). I have been pretty quick about catching him and setting things straight but I was hoping that there might be a more certain way that wouldn't require my constant attention. I have come up with a few ideas but none seem perfect:
1) make a script that searches the web server for *.mp3 and deletes them and then make it a cron job run every so often.
2) set the umask so no one can read files by default and since he doesn't know how to use linux very well he won't be able to access them.
Ideally I would like something like umask but only for filenames that are formated a specific way, I know that he could simply rename them but I don't think it would occur to him. A solution that doesn't use a lot of server time when nothing needs to be fixed would also be good.
Thanks!
 
Old 11-15-2002, 07:58 PM   #2
sharper
Member
 
Registered: Aug 2002
Location: MN USA
Distribution: slakware 9.0
Posts: 121

Rep: Reputation: 15
This might be more trouble than it's worth, but could you put him in a user group all by himself and put some serious restrictions on what that user can read or write?
 
Old 11-15-2002, 08:15 PM   #3
adam_boz
Member
 
Registered: Jul 2002
Location: Santa Cruz, CA
Distribution: lfs
Posts: 538

Rep: Reputation: 30
can't you just fiddle around with the permissions on the mp3's and do as said above... create one group that can access the mp3's, and don't put him, or anybody else you don't want to get to the mp3's in a different group?
 
Old 11-15-2002, 08:23 PM   #4
trickykid
LQ Guru
 
Registered: Jan 2001
Posts: 24,149

Rep: Reputation: 256Reputation: 256Reputation: 256
If you have a set of rules for this server, post them. After so many times when they break it, ban them from the system after giving them warnings. If they know they aren't suppose to put mp3's on the server, let them know they will lose access to it.
 
Old 11-16-2002, 04:19 AM   #5
finegan
LQ Guru
 
Registered: Aug 2001
Location: Dublin, Ireland
Distribution: Slackware
Posts: 5,700

Rep: Reputation: 65
You have to become drunk with power, proper UNIX administration is all about machiavellian tactics. Cronjobbing a Chmod'ding of his files 700 would do the trick, but confound him and give him a reason to fiddle with things that might lead to a bigger headache. You gotta let him know he's messing with powers that be. For instance, at the college where I work we have 20, 50 or 100 MB quotas on our generic university accounts. One of the ways to dodge this for a semester or so was to drop things in /tmp where they wouldn't get cleared out for a while. It was cute, we could stuff a couple hundred megs there and feel like we were getting away with something. One joker though started abusing the heck out of it; directories full of gigs of goop... one day he found all of his files still there, still the same size with the same file names, but every file was just the sentence "Stop abusing temp space" repeated over and over in plain text.

What I'm wondering is why you can't just bounce this guy? If I'm not being to nosy.

I don't know, maybe replacing every mp3 he puts up with the exact same Bob Dylan tune over and over again but leave the file names the same?

Cheers,

Finegan
 
Old 11-16-2002, 08:04 PM   #6
forand
Member
 
Registered: May 2002
Location: SF Bay Area
Posts: 54

Original Poster
Rep: Reputation: 15
sharper - I don't know of a way that you can make files with specifically formated file name have different permissions when they are UPLOADED to the server. If I could do this then I wouldn't need to make a specific group but your solution only works if I can do that first. Thanks though.

adam_boz - The files are uploaded by him so I would have to run a cron job to find the files then change their permissions, which is what I already figured out. Thanks though.

trickykid - I can't ban him. There are very complex reasons for this but the easiest way to put it is say: he partly owns the server but chooses not to follow the rules that have been posted. I am trying to find a way to make it not worth his time to go against the rules. Basically he can't complain that he can no longer break the rules if I find a solution.

finegan - your suggestions are along the lines I was thinking but still require running some cron job that changes things around on him, which might be the only solution, but I was hoping that someone might have a less processor intensive solution. Thanks for the suggestions!
 
Old 11-16-2002, 10:55 PM   #7
RijilV
Member
 
Registered: Sep 2002
Location: somewhere
Distribution: gentoo
Posts: 123

Rep: Reputation: 15
well if all he is doing is doing http transfers, you can put in a mime type in apache and point it over to /bin/true

that *might* work, it might not, but it would be nifty if it did.
 
Old 11-16-2002, 11:37 PM   #8
markus1982
Senior Member
 
Registered: Aug 2002
Location: Stuttgart (Germany)
Distribution: Debian/GNU Linux
Posts: 1,467

Rep: Reputation: 46
Block MP3 files at the server level, e. g. if you're using ProFTPd then use
Quote:
PathDenyFilter "(*.mp3)$"
A complete example of a ProFTPd configuration can be found here
 
Old 11-18-2002, 10:14 AM   #9
forand
Member
 
Registered: May 2002
Location: SF Bay Area
Posts: 54

Original Poster
Rep: Reputation: 15
RijilV - That seems like a really good idea, I will try it out when I get a chance. I will post the results. Thanks!

markus1982 - I am worried about his http sharing the files, I don't run ftp because it is insecure. Thanks though.
 
Old 11-18-2002, 11:20 AM   #10
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,415
Blog Entries: 55

Rep: Reputation: 3592Reputation: 3592Reputation: 3592Reputation: 3592Reputation: 3592Reputation: 3592Reputation: 3592Reputation: 3592Reputation: 3592Reputation: 3592Reputation: 3592
Couldn't you just add an extra process in the upload script, so when he uploads files to his dir and larger than say 1.5 megs and/or with mp3 extension they'll get uploaded but automagically truncated?
That way he would be doing the cleaning up himself :-]
 
Old 11-18-2002, 02:41 PM   #11
markus1982
Senior Member
 
Registered: Aug 2002
Location: Stuttgart (Germany)
Distribution: Debian/GNU Linux
Posts: 1,467

Rep: Reputation: 46
I meant with the FTP stuff that you block him at THE SERVER LEVEL = BEFORE stuff gets spread at all ... that's the idea behind it. If you want to block him at the HTTP level check out the Files-Directive!

Like to deny access to all file starting with .ht* u'd use something like:
Quote:
<Files ~ "^\.ht">
Order allow,deny
Deny from all
Satisfy All
</Files>
 
Old 11-18-2002, 05:55 PM   #12
forand
Member
 
Registered: May 2002
Location: SF Bay Area
Posts: 54

Original Poster
Rep: Reputation: 15
markus1982 - Ah! I miss-understood you, that is exactly what I want. Someone had suggested something similar. Thanks!
 
Old 11-19-2002, 12:17 PM   #13
forand
Member
 
Registered: May 2002
Location: SF Bay Area
Posts: 54

Original Poster
Rep: Reputation: 15
Arg! I read up on <FilesMatch> and added the below code to my httpd.conf file:

<FilesMatch "\.(?i:mp3|wma)$">
Order allow,deny
Deny from all
</FilesMatch>

I restarted httpd and I could still dl mp3s and wmas. I tried a few different formats thinking that might be the problem but nothing worked. I even rebooted the server. Maybe I should try <File> does anyone know when <FilesMatch> was implemented? Perhaps my version is too old(I hope not).
Thanks for all the help!
 
Old 11-19-2002, 02:56 PM   #14
markus1982
Senior Member
 
Registered: Aug 2002
Location: Stuttgart (Germany)
Distribution: Debian/GNU Linux
Posts: 1,467

Rep: Reputation: 46
If it would be invalid you'd get an error and would not be able to startup apache at all! As far as I know apache v2 and apache v1 have different opportunities here ...

Quote:
<FilesMatch "\.(?i:mp3|wma)$">
Order allow,deny
Deny from all
</FilesMatch>
Look here it matches files with a name like .mp3 (so just the suffix) ... instead you want something like:

Code:
# apache v1
<Files ~ "\.(mp3|wma)$">
order deny,allow
deny from all
</Files>

# apache v2
<FilesMatch ~ "\.(mp3|wma)$">
order deny,allow
deny from all
</FilesMatch>

Last edited by markus1982; 11-19-2002 at 02:58 PM.
 
Old 11-19-2002, 03:00 PM   #15
markus1982
Senior Member
 
Registered: Aug 2002
Location: Stuttgart (Germany)
Distribution: Debian/GNU Linux
Posts: 1,467

Rep: Reputation: 46
I'm running apache v1 and well I get (in the error log)

[Tue Nov 19 22:27:46 2002] [error] [client xxx.xxx.xxx.xxx] client denied by server configuration: /server/apache/htdocs/download/1.mp3


So as you can see it works flawlessly ...
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
amarok suddently stopped working with my user negatory Linux - Software 3 04-26-2005 10:16 AM
Naughty Icons! estatik Mandriva 7 02-01-2004 02:50 PM
Naughty Nautilus lub0 Linux - Software 4 10-23-2003 05:51 PM
Is this someone naughty trying something nasty on my system? neo77777 Linux - Security 4 07-16-2002 11:45 PM
naughty printer esteeven Linux - General 1 02-08-2002 09:21 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - General

All times are GMT -5. The time now is 03:34 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration