From: Sarah T. <sar...@ya...> - 2004-12-09 16:36:48
|
I got coLinux 0.62 with debian running smoothly on my windows server. Unless I started colinux with Administrator priviledge, the networking won't work. Is this a (default)requirements or is there any other way to run colinux with networking enabled without using administrator priviledge? Thanks Sarah |
From: Nuno L. <li...@xp...> - 2004-12-09 16:42:24
|
Sarah Tanembaum, dando pulos de alegria, escreveu : > I got coLinux 0.62 with debian running smoothly on my windows server. > Unless I started colinux with Administrator priviledge, the networking > won't work. Is this a (default)requirements or is there any other way to > run colinux with networking enabled without using administrator priviledge? Unfortunely no, but I confess I never investigated the issue. Maybe version 1.0 will allow it ;) Regards, ~Nuno Lucas |
From: Sarah T. <sar...@ya...> - 2004-12-09 17:39:53
|
Nuno Lucas wrote: > Sarah Tanembaum, dando pulos de alegria, escreveu : > >> I got coLinux 0.62 with debian running smoothly on my windows server. >> Unless I started colinux with Administrator priviledge, the networking >> won't work. Is this a (default)requirements or is there any other way >> to run colinux with networking enabled without using administrator >> priviledge? > > > Unfortunely no, but I confess I never investigated the issue. > > Maybe version 1.0 will allow it ;) > > Regards, > ~Nuno Lucas > > > > ------------------------------------------------------- > SF email is sponsored by - The IT Product Guide > Read honest & candid reviews on hundreds of IT Products from real users. > Discover which products truly live up to the hype. Start reading now. > http://productguide.itmanagersjournal.com/ May be Dan Aloni can give us some light, perhaps. Thanks |
From: Hilmar P. <hi...@we...> - 2004-12-09 18:27:06
|
On 09.12.04 Sarah Tanembaum (sar...@ya...) wrote: Hi, > I got coLinux 0.62 > Where did you get coLinux 0.62 from? > Unless I started colinux with Administrator priviledge, the > networking won't work. Is this a (default)requirements or is there > any other way to run colinux with networking enabled without using > administrator priviledge? > http://www.colinux.org/wiki/index.php/coLinuxFAQ#A0 * Q0. Do I need Administrator rights on my Windows computer ? YES - coLinux tells Windows to use a fairly low level driver and it needs administrative rights to do that. Of course, if you run as "Administrator" all the time, you won't notice it. H. -- All things are possible, except skiing thru a revolving door. |
From: Sarah T. <sar...@ya...> - 2004-12-09 19:23:09
|
Hilmar Preusse wrote: > On 09.12.04 Sarah Tanembaum (sar...@ya...) wrote: > > Hi, > > >>I got coLinux 0.62 >> > > Where did you get coLinux 0.62 from? > > >>Unless I started colinux with Administrator priviledge, the >>networking won't work. Is this a (default)requirements or is there >>any other way to run colinux with networking enabled without using >>administrator priviledge? >> > > http://www.colinux.org/wiki/index.php/coLinuxFAQ#A0 > > * Q0. Do I need Administrator rights on my Windows computer ? > > YES - coLinux tells Windows to use a fairly low level driver and it > needs administrative rights to do that. Of course, if you run as > "Administrator" all the time, you won't notice it. > > H. That doesn't help isn't it. Can we tweak the windows security so it will let regular user start/stop a specific network driver without being administrator or in the administrator group? This would help me cause I do not like working under Administrator priviledge. |
From: Hilmar P. <hi...@we...> - 2004-12-10 10:18:04
|
On 09.12.04 Sarah Tanembaum (sar...@ya...) wrote: Hi, > That doesn't help isn't it. Can we tweak the windows security so it > will let regular user start/stop a specific network driver without > being administrator or in the administrator group? This would help > me cause I do not like working under Administrator priviledge. > You probably better ask that question on a W$ specific ML. H. -- ... Had this been an actual emergency, we would have fled in terror, and you would not have been informed. |
From: Sarah T. <sar...@ya...> - 2004-12-09 20:30:42
|
Hilmar Preusse wrote: > On 09.12.04 Sarah Tanembaum (sar...@ya...) wrote: > > Hi, > > >>I got coLinux 0.62 >> > > Where did you get coLinux 0.62 from? > > >>Unless I started colinux with Administrator priviledge, the >>networking won't work. Is this a (default)requirements or is there >>any other way to run colinux with networking enabled without using >>administrator priviledge? >> > > http://www.colinux.org/wiki/index.php/coLinuxFAQ#A0 > > * Q0. Do I need Administrator rights on my Windows computer ? > > YES - coLinux tells Windows to use a fairly low level driver and it > needs administrative rights to do that. Of course, if you run as > "Administrator" all the time, you won't notice it. > > H. It's a snapshot release. http://www.colinux.org/snapshots/coLinux-20041024.exe Enjoy Sarah |
From: Sarah T. <sar...@ya...> - 2004-12-10 23:33:32
|
Hilmar Preusse wrote: > On 09.12.04 Sarah Tanembaum (sar...@ya...) wrote: > > Hi, > > >>I got coLinux 0.62 >> > > Where did you get coLinux 0.62 from? > > >>Unless I started colinux with Administrator priviledge, the >>networking won't work. Is this a (default)requirements or is there >>any other way to run colinux with networking enabled without using >>administrator priviledge? >> > > http://www.colinux.org/wiki/index.php/coLinuxFAQ#A0 > > * Q0. Do I need Administrator rights on my Windows computer ? > > YES - coLinux tells Windows to use a fairly low level driver and it > needs administrative rights to do that. Of course, if you run as > "Administrator" all the time, you won't notice it. > > H. Well, I gave the user Load/Unload device drivers and still it does not work. I am not too comfortable to (mis)use Administrator rights for general apps such as CoLinux. Is it by design or it's an overlooked? Thanks |
From: Martin K. <ka...@po...> - 2004-12-11 10:14:09
|
> Well, I gave the user Load/Unload device drivers and still it does not > work. I am not too comfortable to (mis)use Administrator rights for > general apps such as CoLinux. Is it by design or it's an overlooked? if you see colinux to be a general application, you have something missed. if you familliar with linux, than see colinux as a bunch of kernel modules, which are configured through /etc. this part shouldn't be touched from a common user. to run console is just a common task,sure, that should work. as module runs in another context the networking should work. so let's move to windows. it's OS like Linux - has kernel, has priviliges. the situation is different, but not really different. you have to use admin rights to configure and start drivers(modules) and the user should be able to use the console or so. if you're a user which has some power user permissions it's not so better than using administration accout all the time. just my 2 euro-cents :-) |
From: Vincent M. <Vin...@un...> - 2004-12-11 11:48:57
|
Hi all, On my PC, I have a windows XP installation and a fedora core 3=20 installation, in multi-boot. Is-it possible with colinux to use my fedora installation under windows X= P ? Thank's Vincent --=20 Vincent MATHIEU Universit=E9 Nancy 2 - CRI Equipe syst=E8me et r=E9seaux tel : 03 83 39 64 06 coordonn=E9es : http://www.univ-nancy2.fr/ANNUAIRE/PERS/detail_pres.php?u= id=3Dvmathieu=09 |
From: Henry N. <Henry.Ne@Arcor.de> - 2004-12-11 15:54:07
|
Vincent MATHIEU wrote: > Hi all, > > On my PC, I have a windows XP installation and a fedora core 3 > installation, in multi-boot. > > Is-it possible with colinux to use my fedora installation under windows > XP ? I do with FC2. FC3 should work also. Hint: Use Alias hda1 and so for your Partion inside coLinux, and you must not change fstab. You can also detect coLinux kernel with a grep of "uname -a" and disable some hardware accesses in booting scripts (such keyboard, CMOS RTC) Disable fsck with fastboot option in kernel args: <bootparams>root=/dev/cobd0 ro fastboot</bootparams> See also in wiki http://www.colinux.org/wiki/index.php/TopoHowTo -- Henry Nestler |
From: Hilmar P. <hi...@we...> - 2004-12-15 17:11:47
|
On 11.12.04 Henry Nestler (Henry.Ne@Arcor.de) wrote: Hi, > Hint: Use Alias hda1 and so for your Partion inside coLinux, and > you must not change fstab. > Does that work on others distributions than FCX? I have the snapshot as of 14th of Oct installed.. Regards, Hilmar -- Magpie, n.: A bird whose theivish disposition suggested to someone that it might be taught to talk. -- Ambrose Bierce, "The Devil's Dictionary" |
From: Sarah T. <sar...@ya...> - 2004-12-11 21:24:13
|
Martin Kanich wrote: >> Well, I gave the user Load/Unload device drivers and still it does not >> work. I am not too comfortable to (mis)use Administrator rights for >> general apps such as CoLinux. Is it by design or it's an overlooked? > > > if you see colinux to be a general application, you have something > missed. if you familliar with linux, than see colinux as a bunch of > kernel modules, which are configured through /etc. this part shouldn't > be touched from a common user. to run console is just a common > task,sure, that should work. as module runs in another context the > networking should work. so let's move to windows. it's OS like Linux - > has kernel, has priviliges. the situation is different, but not really > different. you have to use admin rights to configure and start > drivers(modules) and the user should be able to use the console or so. > if you're a user which has some power user permissions it's not so > better than using administration accout all the time. > > just my 2 euro-cents :-) > > > > ------------------------------------------------------- > SF email is sponsored by - The IT Product Guide > Read honest & candid reviews on hundreds of IT Products from real users. > Discover which products truly live up to the hype. Start reading now. > http://productguide.itmanagersjournal.com/ Perhaps you are right but still, just like in Unix/Linux, we try to avoid doing anything with root(unix/linux) or administrator(windows) but administration purposes --- Systems Management 101, I guess. And I'm a big believer of the Murphy's Law. |
From: Nuno L. <ml-...@xp...> - 2004-12-11 22:19:42
|
Sarah Tanembaum, dando pulos de alegria, escreveu : > Perhaps you are right but still, just like in Unix/Linux, we try to > avoid doing anything with root(unix/linux) or administrator(windows) but > administration purposes --- Systems Management 101, I guess. And I'm a > big believer of the Murphy's Law. Did you try to make colinux start as a service on boot and just let the normal users attach a console (or use Putty, XWin, etc...) ? It seems a good compromise... The only problem I see is that the reboot functionality doesn't work right now, so an admin would have to restart the service if it stops. Regards, ~Nuno Lucas |
From: Sarah T. <sar...@ya...> - 2004-12-12 08:25:02
|
Nuno Lucas wrote: > Sarah Tanembaum, dando pulos de alegria, escreveu : > >> Perhaps you are right but still, just like in Unix/Linux, we try to >> avoid doing anything with root(unix/linux) or administrator(windows) >> but administration purposes --- Systems Management 101, I guess. And >> I'm a big believer of the Murphy's Law. > > > Did you try to make colinux start as a service on boot and just let the > normal users attach a console (or use Putty, XWin, etc...) ? > > It seems a good compromise... > > The only problem I see is that the reboot functionality doesn't work > right now, so an admin would have to restart the service if it stops. > > Regards, > ~Nuno Lucas > > > ------------------------------------------------------- > SF email is sponsored by - The IT Product Guide > Read honest & candid reviews on hundreds of IT Products from real users. > Discover which products truly live up to the hype. Start reading now. > http://productguide.itmanagersjournal.com/ Thanks Nuno. I have not tried it as a service. I thought about it but have reservation about it - IMO, it gives too much control on an apps uncessarily. Though undesirable, you can always do it using a command-line as "runas /user:<domain>\administrator '<any commands>'". Its like 'setuid root' in linux/unix. But, ya know, it becomes hackers favs ...... Perhaps Mr. Aloni and the gang can give us some direction on how to make coLinux runs under regular user account. Thanks |
From: peter g. <plu...@bi...> - 2004-12-12 17:07:59
|
maybe it hasn't sunk in how colinux works ;) the colinux daemon running as admin or localsystem is the least of your worries :) the main bulk of what colinux does it done in kernel mode a user that can load code into the colinux kernel (thtough modules or whatever) has just as much power on colinux as on a real linux box. > -----Original Message----- > From: col...@li... > [mailto:col...@li...]On Behalf Of Sarah > Tanembaum > Sent: 12 December 2004 08:25 > To: col...@li... > Subject: [coLinux-users] Re: colinux networking: administrator > priviledge? > > > Nuno Lucas wrote: > > Sarah Tanembaum, dando pulos de alegria, escreveu : > > > >> Perhaps you are right but still, just like in Unix/Linux, we try to > >> avoid doing anything with root(unix/linux) or administrator(windows) > >> but administration purposes --- Systems Management 101, I guess. And > >> I'm a big believer of the Murphy's Law. > > > > > > Did you try to make colinux start as a service on boot and just let the > > normal users attach a console (or use Putty, XWin, etc...) ? > > > > It seems a good compromise... > > > > The only problem I see is that the reboot functionality doesn't work > > right now, so an admin would have to restart the service if it stops. > > > > Regards, > > ~Nuno Lucas > > > > > > ------------------------------------------------------- > > SF email is sponsored by - The IT Product Guide > > Read honest & candid reviews on hundreds of IT Products from real users. > > Discover which products truly live up to the hype. Start reading now. > > http://productguide.itmanagersjournal.com/ > > Thanks Nuno. I have not tried it as a service. I thought about it but > have reservation about it - IMO, it gives too much control on an apps > uncessarily. > Though undesirable, you can always do it using a command-line as > "runas /user:<domain>\administrator '<any commands>'". Its like 'setuid > root' in linux/unix. But, ya know, it becomes hackers favs ...... > > Perhaps Mr. Aloni and the gang can give us some direction on how to make > coLinux runs under regular user account. > > Thanks > > > > ------------------------------------------------------- > SF email is sponsored by - The IT Product Guide > Read honest & candid reviews on hundreds of IT Products from real users. > Discover which products truly live up to the hype. Start reading now. > http://productguide.itmanagersjournal.com/ > _______________________________________________ > coLinux-users mailing list > coL...@li... > https://lists.sourceforge.net/lists/listinfo/colinux-users |
From: Sarah T. <sar...@ya...> - 2004-12-13 08:49:10
|
peter green wrote: > maybe it hasn't sunk in how colinux works ;) > > the colinux daemon running as admin or localsystem is the least of your > worries :) > > the main bulk of what colinux does it done in kernel mode a user that can > load code into the colinux kernel (thtough modules or whatever) has just as > much power on colinux as on a real linux box. > > >>-----Original Message----- >>From: col...@li... >>[mailto:col...@li...]On Behalf Of Sarah >>Tanembaum >>Sent: 12 December 2004 08:25 >>To: col...@li... >>Subject: [coLinux-users] Re: colinux networking: administrator >>priviledge? >> >> >>Nuno Lucas wrote: >> >>>Sarah Tanembaum, dando pulos de alegria, escreveu : >>> >>> >>>>Perhaps you are right but still, just like in Unix/Linux, we try to >>>>avoid doing anything with root(unix/linux) or administrator(windows) >>>>but administration purposes --- Systems Management 101, I guess. And >>>>I'm a big believer of the Murphy's Law. >>> >>> >>>Did you try to make colinux start as a service on boot and just let the >>>normal users attach a console (or use Putty, XWin, etc...) ? >>> >>>It seems a good compromise... >>> >>>The only problem I see is that the reboot functionality doesn't work >>>right now, so an admin would have to restart the service if it stops. >>> >>>Regards, >>>~Nuno Lucas >>> >>> >>>------------------------------------------------------- >>>SF email is sponsored by - The IT Product Guide >>>Read honest & candid reviews on hundreds of IT Products from real users. >>>Discover which products truly live up to the hype. Start reading now. >>>http://productguide.itmanagersjournal.com/ >> >>Thanks Nuno. I have not tried it as a service. I thought about it but >>have reservation about it - IMO, it gives too much control on an apps >>uncessarily. >>Though undesirable, you can always do it using a command-line as >>"runas /user:<domain>\administrator '<any commands>'". Its like 'setuid >>root' in linux/unix. But, ya know, it becomes hackers favs ...... >> >>Perhaps Mr. Aloni and the gang can give us some direction on how to make >> coLinux runs under regular user account. >> >>Thanks >> >> >> >>------------------------------------------------------- >>SF email is sponsored by - The IT Product Guide >>Read honest & candid reviews on hundreds of IT Products from real users. >>Discover which products truly live up to the hype. Start reading now. >>http://productguide.itmanagersjournal.com/ >>_______________________________________________ >>coLinux-users mailing list >>coL...@li... >>https://lists.sourceforge.net/lists/listinfo/colinux-users > > > > > ------------------------------------------------------- > SF email is sponsored by - The IT Product Guide > Read honest & candid reviews on hundreds of IT Products from real users. > Discover which products truly live up to the hype. Start reading now. > http://productguide.itmanagersjournal.com/ Well, that is my concern. Imagine if I want to use one huge server running Windows Server 2003, with a few Virtual PCs, and a bunch of coLinuxes where each of those virtual machine administered by individual users. I'd like to have assurance that, for now, colinux administrator will not be able to do anything harmful to the Windows 2003 Server host nor other virtual machines. Does coLinux running on its own space or it is shared with the Windows Host? Thanks |
From: <sl...@bl...> - 2004-12-13 14:26:17
|
Sarah Tanembaum <sar...@ya...> writes: > Well, that is my concern. Imagine if I want to use one huge server > running Windows Server 2003, with a few Virtual PCs, and a bunch of > coLinuxes where each of those virtual machine administered by > individual users. I'd like to have assurance that, for now, colinux > administrator will not be able to do anything harmful to the Windows > 2003 Server host nor other virtual machines. Does coLinux running on > its own space or it is shared with the Windows Host? CoLinux shares control of the machine with the Windows host. Hence, a user that has superuser privileges in coLinux can (after much work) find a way to subvert Windows. I hope this helps. -- Joe |
From: Reini U. <ru...@x-...> - 2004-12-13 16:05:23
|
Joe Wells (reverse mailbox letters only for non-public replies) schrieb: > Sarah Tanembaum <sar...@ya...> writes: >>Well, that is my concern. Imagine if I want to use one huge server >>running Windows Server 2003, with a few Virtual PCs, and a bunch of >>coLinuxes where each of those virtual machine administered by >>individual users. I'd like to have assurance that, for now, colinux >>administrator will not be able to do anything harmful to the Windows >>2003 Server host nor other virtual machines. Does coLinux running on >>its own space or it is shared with the Windows Host? > > CoLinux shares control of the machine with the Windows host. Hence, > a user that has superuser privileges in coLinux can (after much work) > find a way to subvert Windows. Any colinux user can easily use as root the ntfs file-system drivers to mount any windows drive (gentoo kernel for example comes with ntfs read-write ) and change any windows setting. Even the Administrator password in the system registry. Regardless if the colinux daemon runs as windows administrator or normal windows user. This is a linux kernel, not windows anymore! It runs in its own memory space, but the hardware and filesystem is the same. You have to tighten linux not windows! But this has nothing to do with colinux per se. -- Reini Urban http://xarch.tu-graz.ac.at/home/rurban/ |
From: Hilmar P. <hi...@we...> - 2004-12-13 16:36:06
|
On 13.12.04 Reini Urban (ru...@x-...) wrote: Hi, > Any colinux user can easily use as root the ntfs file-system > drivers to mount any windows drive (gentoo kernel for example comes > with ntfs read-write ) and change any windows setting. Even the > Administrator password in the system registry. > ... if you're able to read the reg. Does coLinux delivers a driver to write on NTFS? > You have to tighten linux not windows! But this has nothing to do > with colinux per se. > So far you must not give a away the rights to reconfigure coLinux and tighten what the normal user is allowed to. H. -- The rule on staying alive as a forcaster is to give 'em a number or give 'em a date, but never give 'em both at once. -- Jane Bryant Quinn |
From: Henry N. <Henry.Ne@Arcor.de> - 2004-12-13 21:29:54
|
Hilmar Preusse wrote: > On 13.12.04 Reini Urban (ru...@x-...) wrote: > > Hi, > > >>Any colinux user can easily use as root the ntfs file-system >>drivers to mount any windows drive (gentoo kernel for example comes >>with ntfs read-write ) and change any windows setting. Even the >>Administrator password in the system registry. >> > > ... if you're able to read the reg. Does coLinux delivers a driver to > write on NTFS? No, and big warning!!! Do never write to any drives that currently use on host system (WinNT). This will damage your filesystem. That applies also for FAT. -- Henry Nestler |
From: Reini U. <ru...@x-...> - 2004-12-14 12:12:27
|
Hilmar Preusse schrieb: > On 13.12.04 Reini Urban wrote: >>Any colinux user can easily use as root the ntfs file-system >>drivers to mount any windows drive (gentoo kernel for example comes >>with ntfs read-write ) and change any windows setting. Even the >>Administrator password in the system registry. > > ... if you're able to read the reg. Does coLinux delivers a driver to > write on NTFS? It's not a matter of coLinux! coLinux doesn't bother too much about the linux distributions and the drivers. Gentoo e.g. comes with write-NTFS access and registry writing. But you might be able to install that on every distro. See http://sysresccd.org or some password recovery CD or bootdisk. http://www.petri.co.il/forgot_administrator_password.htm http://home.eunet.no/~pnordahl/ntpasswd/bootdisk.html You just have to install the packages. CaptiveNtfs 1.1, chntpw, regedit or nt_pass from Autrumi. >>You have to tighten linux not windows! But this has nothing to do >>with colinux per se. > > So far you must not give a away the rights to reconfigure coLinux and > tighten what the normal user is allowed to. -- Reini Urban http://xarch.tu-graz.ac.at/home/rurban/ |
From: Hilmar P. <hi...@we...> - 2004-12-14 17:44:01
|
On 14.12.04 Reini Urban (ru...@x-...) wrote: > Hilmar Preusse schrieb: Hi, > >... if you're able to read the reg. Does coLinux delivers a driver to > >write on NTFS? > > It's not a matter of coLinux! > coLinux doesn't bother too much about the linux distributions and the > drivers. > At my site coLinux runs an own kernel and installs own kernel modules on the Linux partition. > But you might be able to install that on every distro. > See http://sysresccd.org or some password recovery CD or bootdisk. > http://www.petri.co.il/forgot_administrator_password.htm > http://home.eunet.no/~pnordahl/ntpasswd/bootdisk.html > You just have to install the packages. > CaptiveNtfs 1.1, chntpw, regedit or nt_pass from Autrumi. > Correct. I just asked if the modules tar.gz delivered with coLinux has any of that stuff by it's own. I guess, this is not the case. H. -- "He flung himself on his horse and rode madly off in all directions" |
From: Hilmar P. <hi...@we...> - 2004-12-15 09:55:22
|
On 14.12.04 Reini Urban (ru...@x-...) wrote: Hi, > It's not a matter of coLinux! > coLinux doesn't bother too much about the linux distributions and the > drivers. > Gentoo e.g. comes with write-NTFS access and registry writing. > But you might be able to install that on every distro. > See http://sysresccd.org or some password recovery CD or bootdisk. > http://www.petri.co.il/forgot_administrator_password.htm > http://home.eunet.no/~pnordahl/ntpasswd/bootdisk.html > You just have to install the packages. > CaptiveNtfs 1.1, chntpw, regedit or nt_pass from Autrumi. > If you do not trust the users of coLinux, simply don't give them root access and then restrict the rights of a normal user. H. -- Hollywood is where if you don't have happiness you send out for it. -- Rex Reed |
From: peter g. <plu...@bi...> - 2004-12-13 17:47:34
|
colinux is not a jail tool if you wan't to offer jailed virtual machines then you should use an appropriate tool (zen,uml,vmware esx,vmware gsx). The linux kernel in colinux runs in kernel mode and has full access to all physical hardware and memory. i don't think anyone really knows how hard it would be to takeover windows from there but its definately possible. it may be possible to combine colinux with other kernel patches to stop users getting thier own code running in kernel mode in the first place but it would require great care to close up all possibilities. |