In a Bourne Shell script, a distinguished name (DN) for performing an LDAP-query is held in a variable: dn=“cn=Malmø,ou=County Capitals,dc=Sweden,dc=Europe“ For the purpose of demonstration, this example DN contains a non-ASCII character. Let’s write a Bourne Shell function that escapes such special characters as requested by RFC 4514 using perl’s Net::LDAP::Util: canonical_dn() { perl -s […]
Artikel in Kategorie "Administration"
Determining User Access on a Linux Filesystem with „Classic Permissions“
30. November 2021 in Administration, GNU/Linux.
Introduction Looking at a Linux filesystem, checking if a certain file or directory is accessible for reading, writing or executing by certain users or groups poses interesting challenges. Let the basic and seemingly simple question be: „Given a user X and a file Y, can it be determined if X has access to Y, and […]
AD-Precreation using ktutil, kinit and adcli
4. Dezember 2019 in Administration, GNU/Linux.
Using computer object precreation you can enable machines to join an Active Directory domain with knowledge of just one dedicated one-time-password. Combined with delegation you can offload management of computer objects to an otherwise unprivileged AD user.
In Powershell das Piepen bei Backspace abstellen
7. April 2017 in Administration.
Folgendes Verfahren habe ich auf Windows 10 Home durchgeführt: In einer Powershell werden einige Vorbereitungen durchgeführt: # Profil erstellen, falls nicht vorhanden if (!(test-path $PROFILE)) { new-item -type file -path $PROFILE -force } # Skript-Ausführungs-Richtlinie ändern: Set-ExecutionPolicy RemoteSigned -Scope CurrentUser -Force # Profil-Skript editieren: notepad $PROFILE Hinweis: Die Ausführungsrichtlinie RemoteSigned erlaubt das Ausführen von Skripten auf […]
Rejecting Microsoft Executables and Office Documents with Postfix
16. Juli 2020 in Administration, GNU/Linux.
Update July 16th 2020: A reader has pointed out to me that the regular expression did not (or did not always) match if the filename of the attachment contained non-ASCII characters, opening a simple way to circumvent this header check. I was able to reproduce this behavior by sending a mail with a single attachment […]
Basic Example for Response-Policy-Zones with BIND
31. Oktober 2015 in Administration, GNU/Linux.
I would like to emulate a public DNS entry that does not exist yet, while i am developing the service that will use this name on an intranet server. Let a public domain name i develop the service for be myservice.my-cool-domain.biz. When working in my intranet 192.168.2.0/24, i want to override whatever public DNS resolves […]
Providing XDG Runtime Directories
19. Februar 2018 in Administration, GNU/Linux, Programmierung.
Introduction The intended audience for this document are application programmers and providers of init-systems for managing features of installations of the GNU/Linux operating system and POSIX-compliant operating systems in general, who are concerned with per-user temporary file management based on the XDG Base Directory Specification, [XDG]. Many applications that follow XDG guidelines and specifications expect […]
Ad-Blocking with BIND9 and NGINX
31. Oktober 2015 in Administration, GNU/Linux.
In my intranet, where hosts are in a subnet 192.168.2.0/24 and domain names in a domain mydomain, I use BIND9 as DNS, running on host intradns.mydomain , and NGINX as a webserver running on intraweb.mydomain. I would like to rewrite all subdomains of certain public domains (spammers and trackers) using my intranet DNS to a […]