Search Results

Search found 5 results on 1 pages for 'farinspace'.

Page 1/1 | 1 

• What is the correct configuration for multiple apache2 vhosts and multiple php5-fpm pools?

  - by farinspace

  I have a group of sites (group A) which I would like to run using one php5-fpm pool and a second group of sites (group B) which I would like to run using a second php5-fpm pool. I can effectively define/create the pool in the fpm.conf file and I confirmed that it is running with the different user/group I've defined. However I am unclear as to how to setup the apache virtual host config. I've tried a few apache2 configurations but I seem to not be able to add the second pool. If you've done this please help.

  Read the article

• How to make Shared Keys .ssh/authorized_keys and sudo work together?

  - by farinspace

  I've setup the .ssh/authorized_keys and am able to login with the new "user" using the pub/private key ... I have also added "user" to the sudoers list ... the problem I have now is when I try to execute a sudo command, something simple like: $ sudo cd /root it will prompt me for my password, which I enter, but it doesn't work (I am using the private key password I set) Also, ive disabled the users password using $ passwd -l user What am I missing? Somewhere my initial remarks are being misunderstood ... I am trying to harden my system ... the ultimate goal is to use pub/private keys to do logins versus simple password authentication. I've figured out how to set all that up via the authorized_keys file. Additionally I will ultimately prevent server logins through the root account. But before I do that I need sudo to work for a second user (the user which I will be login into the system with all the time). For this second user I want to prevent regular password logins and force only pub/private key logins, if I don't lock the user via" passwd -l user ... then if i dont use a key, i can still get into the server with a regular password. But more importantly I need to get sudo to work with a pub/private key setup with a user whos had his/her password disabled. Edit: Ok I think I've got it (the solution): 1) I've adjusted /etc/ssh/sshd_config and set PasswordAuthentication no This will prevent ssh password logins (be sure to have a working public/private key setup prior to doing this 2) I've adjusted the sudoers list visudo and added root ALL=(ALL) ALL dimas ALL=(ALL) NOPASSWD: ALL 3) root is the only user account that will have a password, I am testing with two user accounts "dimas" and "sherry" which do not have a password set (passwords are blank, passwd -d user) The above essentially prevents everyone from logging into the system with passwords (a public/private key must be setup). Additionally users in the sudoers list have admin abilities. They can also su to different accounts. So basically "dimas" can sudo su sherry, however "dimas can NOT do su sherry. Similarly any user NOT in the sudoers list can NOT do su user or sudo su user. NOTE The above works but is considered poor security. Any script that is able to access code as the "dimas" or "sherry" users will be able to execute sudo to gain root access. A bug in ssh that allows remote users to log in despite the settings, a remote code execution in something like firefox, or any other flaw that allows unwanted code to run as the user will now be able to run as root. Sudo should always require a password or you may as well log in as root instead of some other user.

  Read the article

• How can I limit a wordpress meta_box to a single page?

  - by farinspace

  I need a way to limit the meta box to a single page (ID=84) ... if I do the following it works, but sbumit data does not go through and data is not saved ... add_action('admin_init','violin_init'); function violin_init() { if ($_GET['post'] == '84') { wp_enqueue_style('violin_admin_css', VIOLIN_THEME_PATH . '/custom/meta.css'); add_meta_box('violin_options_meta', 'Highlight Content', 'violin_options_meta', 'page', 'normal', 'high'); add_action('save_post','violin_save_meta'); } }

  Read the article

• Securing Plugin Data in WordPress From Access by Other Plugins?

  - by farinspace

  There probably is some solution to this, whether it involves code running on just the wordpress installation or a combination of a wordpress installation and a master server I am not sure yet, but please remember not to have tunnel vision and consider any and all possible solutions: The scenario is this: A WordPress plugin (plugin-A) that manages some sort of valuable data (something that the admin would not want stolen), lets say, lead data with user's name and email addresses, the plugin uses its own db tables. Other than the obvious (which is the admin installing plugin-B, not knowing its malicious intent), what is to prevent another WordPress plugin (plugin-B) from accessing plugin-A data or hacking plugin-A files to circumvent security.

  Read the article

• What are some ways to identify a logged in user on the web?

  - by farinspace

  Here is the scenario: There are 5 websites (different domain names) that need to share a session. I am using a bit of code on each site which returns a "blank.gif" image and at the same time sets the session (syncing it up to the current session). Each of the sites calls a session-img from each of the other sites. Also, all sites have access to the same database (where the session is stored). This works great on FF and Chrome, but not on IE (or Safari PC)... I need to come up with an alternative method to keep a session active? The app is a small custom CMS, so really only 2-3 people will be using it. I can probably identify user logins by IP and then continue to check for the IP accross all sites... Is there something more granular such as a computer uuid that i can check for?

  Read the article

1