Hello All,
Recently switched over to ntfs in windows just to explore its security level and was quite impressed by its similarity to linux. It gives only r-x access to the windows dir to unpreviledged users, so the chances of a virus writing itself to the c:\windows\ or c:\windows\system32\ folders is practically eliminated. One user cannot view the other's documents.
The next issue was mounting the ntfs partition in linux. It got mounted easily without any hassles ( Kubuntu 5.10 ) but it was read only. No amount of tweaking the mount defaults changed it. Then I found this utility that I installed and now I am able to mount as well as write to the ntfs partition even as a user by simply replacing the file system type in fstab from 'ntfs' to 'captive-ntfs'.
http://www.jankratochvil.net/project/captive/
Regards,
Rony.
___________________________________________________________ Yahoo! Messenger - NEW crystal clear PC to PC calling worldwide with voicemail http://uk.messenger.yahoo.com
Rony Bill wrote: now I am able to mount as well as write to the ntfs
partition even as a user by simply replacing the file system type in fstab from 'ntfs' to 'captive-ntfs'.
There is a monir problem though, which was noticed on restart. The 'mounting local filesystems' during startup takes some time and hangs after it gives the message of 'fuse' filesystem mounted. After a ctrl+c it moves further and I can access the partition. However right now I have disabled the line in fstab and I manually mount the partition after my system is up. Will look into whats happenning.
Regards,
Rony.
___________________________________________________________ To help you stay safe and secure online, we've developed the all new Yahoo! Security Centre. http://uk.security.yahoo.com
Rony Bill wrote:
There is a monir problem though, which was noticed on restart. The 'mounting local filesystems' during startup takes some time and hangs after it gives the message of 'fuse' filesystem mounted. After a ctrl+c it moves further and I can access the partition. However right now I have disabled the line in fstab and I manually mount the partition after my system is up. Will look into whats happenning.
A workaround was available on the captive mailing list archives. The option 'noauto' was added in the fstab. This disabled mounting during bootup which is now smooth. The partition is then manually mounted using mount /mount_point and the options in fstab get selected.
Sorry for the 3 continuous mails.
Regards,
Rony.
___________________________________________________________ Yahoo! Messenger - NEW crystal clear PC to PC calling worldwide with voicemail http://uk.messenger.yahoo.com
--- Rony Bill ronbillypop@yahoo.co.uk wrote:
A workaround was available on the captive mailing list archives. The option 'noauto' was added in the fstab. This disabled mounting during bootup which is now smooth. The partition is then manually mounted using mount /mount_point and the options in fstab get selected.
If you add the "user" option, then any user can mount the partition with file perms uid:gid.
Typically, NTFS partitions are mounted 'ro' to ensure it does not get corrrupted by writes.
Have you modified, created, deleted files on this mount point and rebooted to Windows? Did it complaint of any file system corruption?
-- Arun Khan
Arun Khan wrote:
Have you modified, created, deleted files on this mount point and rebooted to Windows? Did it complaint of any file system corruption?
Yes, I created a test folder and created a sample test file. I made and deleted files a couple of times. Then I booted into windows and checked that partition too, it was fine. This utility uses ntfs and ntoskrnl drivers so that must be the trick to a safe write process. :)
Regards,
Rony.
___________________________________________________________ Yahoo! Photos – NEW, now offering a quality print service from just 8p a photo http://uk.photos.yahoo.com
On Tuesday 14 March 2006 12:39 am, Rony Bill wrote:
Hello All,
Recently switched over to ntfs in windows just to explore its security level and was quite impressed by its similarity to linux. It gives only r-x access to the windows dir to unpreviledged users,
Check on the net for privilege escalation.
so the chances of a virus writing itself to the c:\windows\ or c:\windows\system32\ folders is practically eliminated.
don't be fooled even for a second.
The next issue was mounting the ntfs partition in linux. It got mounted easily without any hassles ( Kubuntu 5.10 ) but it was read only. No amount of tweaking the mount defaults changed it.
NTFS module by default is compiled without write. Recompile the module with rw. W A R N I N G experimental.
Then I found this utility that I installed and now I am able to mount as well as write to the ntfs partition even as a user by simply replacing the file system type in fstab from 'ntfs' to 'captive-ntfs'. http://www.jankratochvil.net/project/captive/
Captive uses the native drivers. U still need a licenced copy of windows. But it does work.
JTD wrote:
Check on the net for privilege escalation.
I saw it. http://secunia.com/advisories/8635/?show_all_related=1
But it would still be better than giving the same users access in FAT32 which is anyway less secure.
Captive uses the native drivers. U still need a licenced copy of windows. But it does work.
I use a licensed XP Pro in my system. Anyway, the files can be copied directly from the sub folders in the existing windows directory of the Windows partition.
I want to add another experience on this. If I copy a file from linux to a mounted captive-ntfs partition folder, I can see the file while I am still in linux. Once I reboot into XP, I cannot see that file. Next time I tried it again but unmounted the partition manually before shutdown of linux and now the file is visible in XP too.
So when using Captive, the ntfs partition should be manually mounted and unmounted in linux.
Regards,
Rony.
___________________________________________________________ Yahoo! Messenger - NEW crystal clear PC to PC calling worldwide with voicemail http://uk.messenger.yahoo.com
On Wednesday 15 March 2006 03:15 pm, Rony Bill wrote:
So when using Captive, the ntfs partition should be manually mounted and unmounted in linux.
I'm not sure why you needed to do that but it seems that for some reason, Linux did not sync the disk's cache at reboot. You should report this to the developers.
Dinesh A. Joshi wrote:
On Wednesday 15 March 2006 03:15 pm, Rony Bill wrote:
So when using Captive, the ntfs partition should be manually mounted and unmounted in linux.
I'm not sure why you needed to do that but it seems that for some reason, Linux did not sync the disk's cache at reboot. You should report this to the developers.
My guess is that since Captive is a third party application, it has to be running properly during both startup and shutdown for the ntfs partition to be properly mounted and unmounted. During shutdown, all applications are closed first then the disks are unmounted so that must be the reason.
Regards,
Rony.
___________________________________________________________ Yahoo! Messenger - NEW crystal clear PC to PC calling worldwide with voicemail http://uk.messenger.yahoo.com
On Wednesday 15 March 2006 06:09 pm, Rony Bill wrote:
My guess is that since Captive is a third party application, it has to be running properly during both startup and shutdown for the ntfs partition to be properly mounted and unmounted. During shutdown, all applications are closed first then the disks are unmounted so that must be the reason.
I doubt captive runs in usermode. It must be running in Kernelmode.
On Wednesday 15 March 2006 8:33 pm, Dinesh A. Joshi wrote:
On Wednesday 15 March 2006 06:09 pm, Rony Bill wrote:
My guess is that since Captive is a third party application, it
I doubt captive runs in usermode. It must be running in Kernelmode.
afair it is usermode and use lufs. Porting to fuse was in progress. lufs is no longer maintained and is likely to cause problems. http://www2.jankratochvil.net/pipermail/ captive-devel-list/2004-July/000034.html
Linuxers, We had installed RH EL ver 4.0 on an IBM x 346 server and configured Qmail for multiple domains. We are having trouble in setting up a Global Disclaimer that will go as a part of every message sent through the Qmail server. We need to know if it is possible to have this Disclaimer attached by default on all outgoing mails from the server or if there are any alternate solutions for this problem.
Thanks in advance
Ravishekar
Hi Ravishekar !
On Friday 17 March 2006 12:02 PM, Ravishekar wrote:
Linuxers, We had installed RH EL ver 4.0 on an IBM x 346 server and configured Qmail for multiple domains. We are having trouble in setting up a Global Disclaimer that will go as a part of every message sent through the Qmail server.
I assumed that you are using stock qmail. But there is not such facility of "Global Disclaimer" with stock qmail. If you are using any patch then let us know.
We need to know if it is possible to have this Disclaimer attached by default on all outgoing mails from the server or if there are any alternate solutions for this problem.
Yes it is possible ...
If you have install stock qmail then you need qmail-queue patch to call alternate queue[1], then you can use Qmail-Scanner[2] with altermime patch[3] for attaching Global Disclaimer to all outgoing mail for both plain and html mail.
There is also lot of benefit of Qmail-Sanner[2].
[1] http://www.qmail.org/qmailqueue-patch [2] http://qmail-scanner.sourceforge.net [3] http://msgs.securepoint.com/cgi-bin/get/qmail0409/18.html
Hardik Dalwadi.
Hardik Dalwadi wrote:
Hi Ravishekar !
On Friday 17 March 2006 12:02 PM, Ravishekar wrote:
Linuxers, We had installed RH EL ver 4.0 on an IBM x 346 server and configured Qmail for multiple domains. We are having trouble in setting up a Global Disclaimer that will go as a part of every message sent through the Qmail server.
I assumed that you are using stock qmail. But there is not such facility of "Global Disclaimer" with stock qmail. If you are using any patch then let us know.
We need to know if it is possible to have this Disclaimer attached by default on all outgoing mails from the server or if there are any alternate solutions for this problem.
Yes it is possible ...
If you have install stock qmail then you need qmail-queue patch to call alternate queue[1], then you can use Qmail-Scanner[2] with altermime patch[3] for attaching Global Disclaimer to all outgoing mail for both plain and html mail.
There is also lot of benefit of Qmail-Sanner[2].
[1] http://www.qmail.org/qmailqueue-patch [2] http://qmail-scanner.sourceforge.net [3] http://msgs.securepoint.com/cgi-bin/get/qmail0409/18.html
Hardik Dalwadi.
Many thanks for the pointer towards the elusive solution for Disclaimers on Qmail. We will revert back with the result. Ravishekar
On Fri, Mar 17, 2006 at 12:02:45PM +0530, Ravishekar wrote:
We are having trouble in setting up a Global Disclaimer that will go as a part of every message sent through the Qmail server. We need to know if it is possible to have this Disclaimer attached by default on all outgoing mails from the server or if there are any alternate solutions for this problem.
Disclaimers are annoying and serve no useful purpose.
On Fri, Mar 17, 2006 at 07:00:41AM -0500, Satya wrote:
On Fri, Mar 17, 2006 at 12:02:45PM +0530, Ravishekar wrote:
We are having trouble in setting up a Global Disclaimer that will go as a part of every message sent through the Qmail server. We need to know if it is possible to have this Disclaimer attached by default on all outgoing mails from the server or if there are any alternate solutions for this problem.
Disclaimers are annoying and serve no useful purpose.
I should finish. Why do you want a disclaimer?
On Saturday 18 March 2006 03:03 am, Satya wrote:
Disclaimers are annoying and serve no useful purpose.
I should finish. Why do you want a disclaimer?
did it possibly cross your mind that they might be deploying the server in a corporate environment and disclaimers are just a requirement of their company?
Dinesh A. Joshi wrote:
On Saturday 18 March 2006 03:03 am, Satya wrote:
Disclaimers are annoying and serve no useful purpose.
I should finish. Why do you want a disclaimer?
did it possibly cross your mind that they might be deploying the server in a corporate environment and disclaimers are just a requirement of their company?
You hit the nail on the head, thanks, BTW any leads as to how to move on with the global disclaimer on a multiple domain environment
On Saturday 18 March 2006 03:02 pm, Ravishekar K wrote:
You hit the nail on the head, thanks, BTW any leads as to how to move on with the global disclaimer on a multiple domain environment
I did a little bit of searching and found this: http://www.gossamer-threads.com/lists/qmail/users/107782
Be warned that they too did go a bit off topic but eventually the guy got his answer, I hope. Besides, I think someone has already suggested you to patch qmail.
On Saturday 18 March 2006 12:29 pm, Dinesh A. Joshi wrote:
On Saturday 18 March 2006 03:03 am, Satya wrote:
Disclaimers are annoying and serve no useful purpose.
I should finish. Why do you want a disclaimer?
did it possibly cross your mind that they might be deploying the server in a corporate environment and disclaimers are just a requirement of their company?
That is besides the point. It serves no purpose legally or otherwise. So why waste server bandwidth. The fact that the recipients email id is in one of the headers is sufficient for you to use that email in any legal way.
On Saturday 18 March 2006 03:13 pm, JTD wrote:
That is besides the point. It serves no purpose legally or otherwise. So why waste server bandwidth. The fact that the recipients email id is in one of the headers is sufficient for you to use that email in any legal way.
I dont think the OP wanted anybody to drag this thread off topic. If you want to discuss disclaimers and their uselessness then please start a new thread. Please don't drag this one off topic. Besides the OP has stated that its the clients requirements so questioning him about the reasons that they want the disclaimer is pointless.
On Saturday 18 March 2006 3:23 pm, Dinesh A. Joshi wrote:
On Saturday 18 March 2006 03:13 pm, JTD wrote:
It serves no purpose legally or otherwise. So why waste server bandwidth. The fact that the recipients email id is in one of the headers is sufficient for you to use that email in any legal way.
I dont think the OP wanted anybody to drag this thread off topic. If you want to discuss disclaimers and their uselessness then please start a new thread. Please don't drag this one off topic. Besides the OP has stated that its the clients requirements so questioning him about the reasons that they want the disclaimer is pointless.
This is a bit late. But it wasn't ot at all. I am sick of receiving one line mails with 20 line disclaimers from banks, phone cos., credit card cos, sundry 2bitmarketroids etc etc etc etc. My point is that customers want a lot of crap without knowing anything about it's usefulness. GNU/Linux vendors should do better than continue shoddy practices. Do educate the customer instead. Particularly when they are paying you $-).
On Monday 20 March 2006 05:37, JTD wrote:
This is a bit late. But it wasn't ot at all. I am sick of receiving one line mails with 20 line disclaimers from banks, phone cos., credit card cos, sundry 2bitmarketroids etc etc etc etc. My point is that customers want a lot of crap without knowing anything about it's usefulness. GNU/Linux vendors should do better than continue shoddy practices. Do educate the customer instead. Particularly when they are paying you $-).
Look I too agree with you completely on the uselessness of disclaimers. But I strongly feel when a person requests help he shouldn't get answers which question the very necessity of what he is trying to do. He should get a solution.
If we want to stop companies from putting in disclaimers then we should write to them asking for appointments and show them how annoying & pointless their disclaimers are. I dont know the legal aspect of the disclaimer but if its no use even from a legal point of view then the companies should understand. It will definitely save them a lot of bandwidth too.
The OP is just the messenger and we don't want to kill the messenger do we? ;-)
On Monday 20 March 2006 7:47 pm, Dinesh Joshi wrote:
Look I too agree with you completely on the uselessness of disclaimers. But I strongly feel when a person requests help he shouldn't get answers which question the very necessity of what he is trying to do. He should get a solution.
Agreed. Somewhat.
The OP is just the messenger and we don't want to kill the messenger do we? ;-)
Only if he does not implement disclaimers. Ravi ;-)?
Rightly said. Terrence, but in this case we have no choice...Client is persistent with his need for a Disclaimer with every outgoing mail. Thanks Ravishekar
JTD wrote:
On Monday 20 March 2006 7:47 pm, Dinesh Joshi wrote:
Look I too agree with you completely on the uselessness of disclaimers. But I strongly feel when a person requests help he shouldn't get answers which question the very necessity of what he is trying to do. He should get a solution.
Agreed. Somewhat.
The OP is just the messenger and we don't want to kill the messenger do we? ;-)
Only if he does not implement disclaimers. Ravi ;-)?
On Monday 20 March 2006 10:25, Ravishekar wrote:
Rightly said. Terrence, but in this case we have no choice...Client is persistent with his need for a Disclaimer with every outgoing mail. Thanks
From a legal standpoint how exactly does the company lose out if the disclaimer is missing?
On 20/03/06 16:58 +0000, Dinesh Joshi wrote:
On Monday 20 March 2006 10:25, Ravishekar wrote:
Rightly said. Terrence, but in this case we have no choice...Client is persistent with his need for a Disclaimer with every outgoing mail. Thanks
From a legal standpoint how exactly does the company lose out if the disclaimer is missing?
It doesn't.
Devdas Bhagat
On Tuesday 21 March 2006 1:30 am, Dinesh Joshi wrote:
On Monday 20 March 2006 12:40, Devdas Bhagat wrote:
From a legal standpoint how exactly does the company lose out if the disclaimer is missing?
It doesn't.
Then why do they insist so much? :)
Clueless PHBs. Just tell him the cost of disclaimers per year. Should make his pointy hair fallout. The sobs think that transport errors in snail mail (resulting in wrong delivery) are also possible with email. Finally a disclaimer cannot make u liable if your email id is in a header.
On Sat, Mar 18, 2006 at 12:29:33PM +0530, Dinesh A. Joshi wrote:
On Saturday 18 March 2006 03:03 am, Satya wrote:
Disclaimers are annoying and serve no useful purpose.
I should finish. Why do you want a disclaimer?
did it possibly cross your mind that they might be deploying the server in a corporate environment and disclaimers are just a requirement of their company?
Why are you so confrontational. No it didn't cross my puny mind. I'm onviously not as smart as you are!
On Saturday 18 March 2006 05:53 pm, Satya wrote:
Why are you so confrontational. No it didn't cross my puny mind. I'm onviously not as smart as you are!
I get irritated when people hijack threads and the OP doesnt get a straight forward answer. I've observed this in almost all Linux communities. Dunno about windoze. But it annoys me to a great extent when someone can't answer a straight forward question and tries to divert the topic to something which is absolutely useless to the OP.
Have a look at this article. It's full of crap except one part which makes perfect sense.
http://www.adequacy.org/public/stories/2001.10.2.33542.4010.html
This might just give you some insight into whats it like being on the other side. I might not be a 1337 linux geek like you are but I appreciate if people keep threads clean and just give to-the-point answers.
On 18/03/06 18:57 +0530, Dinesh A. Joshi wrote:
On Saturday 18 March 2006 05:53 pm, Satya wrote:
Why are you so confrontational. No it didn't cross my puny mind. I'm onviously not as smart as you are!
I get irritated when people hijack threads and the OP doesnt get a straight forward answer. I've observed this in almost all Linux
As opposed to people hijacking threads and changing the subject and thread content?
communities. Dunno about windoze. But it annoys me to a great extent when someone can't answer a straight forward question and tries to divert the topic to something which is absolutely useless to the OP.
No. We were pointing out that the proposed course is wrong. The correct thing to do is to put the disclaimer in the MUA.
It might help to actually think about what we are saying, intead of trying to read tones of voice into it.
Devdas Bhagat
On Sunday 19 March 2006 02:14 am, Devdas Bhagat wrote:
No. We were pointing out that the proposed course is wrong. The correct thing to do is to put the disclaimer in the MUA.
Human tendency is to take the easiest way out which may not always be the correct way. Any sysadmin will prefer to configure the MTA than go around the entire office configuring multiple MUAs. Besides the latter means that each individual user can decide whether to display the disclaimer or not and a lot more work for the sysadmin.
It might help to actually think about what we are saying, intead of trying to read tones of voice into it.
Questioning ones requirement isn't something nice especially after the OP has stated that it is the client's requirement and he can't do anything about it.
On 19/03/06 13:02 +0530, Dinesh A. Joshi wrote:
On Sunday 19 March 2006 02:14 am, Devdas Bhagat wrote:
No. We were pointing out that the proposed course is wrong. The correct thing to do is to put the disclaimer in the MUA.
Human tendency is to take the easiest way out which may not always be the correct way. Any sysadmin will prefer to configure the MTA than go around the entire office configuring multiple MUAs. Besides the latter
Wrong. Message body modification is to be done in the MUA. Any good sysadmin implements it correctly.
means that each individual user can decide whether to display the disclaimer or not and a lot more work for the sysadmin.
You mean, like writing/implementing a plugin for the MUA to automatically insert the disclaimer when sending? So that the user really can't avoid it?
It might help to actually think about what we are saying, intead of trying to read tones of voice into it.
Questioning ones requirement isn't something nice especially after the OP has stated that it is the client's requirement and he can't do anything about it.
He can actually *gasp* educate the client.
Devdas Bhagat
On Sunday 19 March 2006 01:32 pm, Devdas Bhagat wrote:
Wrong. Message body modification is to be done in the MUA. Any good sysadmin implements it correctly.
Right way isn't always the easiest way.
You mean, like writing/implementing a plugin for the MUA to automatically insert the disclaimer when sending? So that the user really can't avoid it?
Tell me something. If the disclaimer was to be set in the MUA and it was the "right" way to do it then why aren't there plugins already for them? Excuse my ignorance but I am not aware of such plugins so educate me. Besides, individuals in the office might not use the same MUA or the same version of MUA or the same platform for that matter. That means he needs to write plugins for each and every MUA...
He can actually *gasp* educate the client.
Yeah right.
Satya wrote:
On Fri, Mar 17, 2006 at 07:00:41AM -0500, Satya wrote:
On Fri, Mar 17, 2006 at 12:02:45PM +0530, Ravishekar wrote:
We are having trouble in setting up a Global Disclaimer that will go as a part of every message sent through the Qmail server. We need to know if it is possible to have this Disclaimer attached by default on all outgoing mails from the server or if there are any alternate solutions for this problem.
Disclaimers are annoying and serve no useful purpose.
I should finish. Why do you want a disclaimer?
The requirement is stated by the client and to peak for myself, I hate and avoid disclaimers
On 18/03/06 15:00 +0530, Ravishekar K wrote:
<snip>
The requirement is stated by the client and to peak for myself, I hate and avoid disclaimers
Try explaining this:
The disclaimer would need to be inserted before the body of the message. If it is entered afterwards, the reader could very well claim that (s)he did not know about the restrictions imposed.
Also, if your mail lands in my mailbox, I have the right to do what I like with it, except in the case of a previously agreed upon contract.
This disclaimer will also break digital signatures.
The disclaimer attached by the server will merely cause more problems and it will still be invalid anyway. And if the client is worried about infected mail/UBE being relayed via their system, then the disclaimer won't help them anyway.
http://www.goldmark.org/jeff/stupid-disclaimers/
Devdas Bhagat
On Sat, Mar 18, 2006 at 04:12:51PM +0530, Dinesh A. Joshi wrote:
On Saturday 18 March 2006 04:03 pm, Devdas Bhagat wrote:
This disclaimer will also break digital signatures.
Be realistic. How many people in corporates use digital signatures?
I do.
Evening,
We are having trouble in setting up a Global
Disclaimer that will go as a part of every message
sent
through the Qmail server. We need to know if it is
possible
to have this Disclaimer attached by default on all outgoing mails from the server or if there are any alternate solutions for this
problem. Yes it is possible to have disclamer for Qmail.
Disclaimers are annoying and serve no useful
purpose. It is not by choice, it is driven by policy.
We are very soon releasing the entire messaging solution under GPL, in sometime ( a part of that is already listed on sourceforge ) . But offline you can always get in touch with us or Abhishek Sawant ( who has worked on disclamer part and is also LUG member. )
Animesh.
__________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
On Saturday 18 March 2006 8:36 pm, Animesh Singh wrote:
Disclaimers are annoying and serve no useful
purpose. It is not by choice, it is driven by policy.
Could'nt get worse i suppose :-(. counterproductive policies.
We are very soon releasing the entire messaging solution under GPL,
what solution? did i miss something.
On Wednesday 15 March 2006 8:33 pm, Dinesh A. Joshi wrote:
I doubt captive runs in usermode. It must be running in Kernelmode.
http://www.linux-ntfs.org/content/view/15/29/
Kernel mode ntfs is considered stable now. Switch over to 2.6.16 and enjoy. I am going to get hold of a licenced copy of yikeespee for testing. Ya I am switching over to the evil empire (sob-shiver-faint).
-
Animesh Singh -
Arun Khan -
Devdas Bhagat -
Dinesh A. Joshi -
Dinesh Joshi
-
Hardik Dalwadi -
JTD -
Ravishekar -
Ravishekar K
-
Rony Bill -
Satya