|[Home] [Credit Search] [Category Browser] [Staff Roll Call]||The LINUX.COM Article Archive|
|Originally Published: Tuesday, 3 October 2000||Author: Mike Baker|
|Published to: interact_articles_irc_recap/IRC Recap||Page: 1/1 - [Printable]|
Best of IRC for Tuesday, October 3rd!
Welcome to yet another edition of Best of IRC. As always, we'll be taking an indepth look at some of the questions asked on #Linuxhelp. If you haven't already been to #Linuxhelp you'll find instructions on how to get there at the bottom of the Live! page; feel free to stop by and ask questions or possibly even answer a few.
|Page 1 of 1|
Welcome to yet another edition of Best of IRC. As always we'll be taking an indepth look at some of the questions asked on #Linuxhelp. If you haven't already been to #Linuxhelp you'll find instructions on how to get there at the bottom of the Live! page; feel free to stop by and ask questions or possibly even answer a few.
TcpdAnyone know a daemon which can trigger a script on port activity?
You don't need a special daemon to do this; you can accomplish what you're trying to do through the used of tcpd. When a connection is established to your pop3 port, a program called tcpwrappers (/sbin/tcpd) is run to check if the client is allowed to connect. If tcpd parses through hosts.allow and hosts.deny and finds nothing saying that the client isn't allowed to connect. If everthing is cool, it passes control to the actual service for that port. In a normal situation, that's all you see of tcpd, but it can do much more.
There's a few options you can add to your hosts.allow and hosts.deny file to make tcpd more useful. If you look carefully through the tcpd documentation, you'll find references to the spawn and twist commands. The spawn command is used to launch a program upon connect to that service, while the twist command is used to launch a program instead of that service. Let's take at how inetd spawns tcpd and the pop3 service:
While you may find that your inetd.conf is slightly different, the principal is still the same. The inetd.conf file is separated out into fields separated by spaces; the first four fields describe the port while the remainder tell inetd which program to run. We're only interested in the latter portion of the line for this example, specifically '/usr/sbin/tcpd in.pop3d.' The first argument given to tcpd represents both the program to be run and the keyword in hosts.allow and hosts.deny that refer to it. To get tcpd to run fetchmail before in.pop3d, we need to add the following line to our hosts.allow:
Now, what does this mean? The 'in.pop3d' comes because that's the first argument to the tcpd program; the keyword 'ALL' refers to who this line applies to. The last part of the line is the command to spawn, and this gets loaded before our in.pop3d answers. If we want to avoid a delay, we could background fetchmail with an & but that defeats the purpose since the mail would still be downloading as the client was checking.
What other settings can I put in my hosts.allow/hosts.deny?
The other option you can use is twist. Twist is useful for if you want to deny access to a port while leaving an error message. If you want to deny all access to your telnet except from 192.168.0.0/24 you'd add these lines:
For abit more fun you can use user@host syntax instead of ALL
The username used by this line is based on the remote username as reported by their inetd. You may find this syntax useful to allow only certain users from the remote machine, such as allowing yourself access from the school computer lab.
chmodWhat do the various chmod numbers mean?
Often times you'll see references to commands like
+1 execute permissionIn our above example of 660, the owner of the file and the group it belongs to can both read and write to /dev/dsp while anyone else has no permissions. In the case of directories, the permissions are slightly different. The execute permission when used on ad irectory allows the user to access that directory while the read permission allows the user to list files. You may find it useful to only give execute in cases where you want to give access to a subdirectory only, such as chmod 751.
|Page 1 of 1|