There have been multiple accounts created with the sole purpose of posting advertisement posts or replies containing unsolicited advertising.

Accounts which solely post advertisements, or persistently post them may be terminated.

N0x0n

@[email protected]

This profile is from a federated server and may be incomplete. Browse more on the original instance.

N0x0n ,

Well, you still have to open wireguard’s UDP port to make it reachable outside your LAN.

Just sayin’ 🤷

N0x0n ,

Thank your for the write up 😁 Glad you solved your issue !!

N0x0n ,

Try to open the web developer tools in your web browser, to look if there is anything useful. It’s different for every browser but on firefox: ≡ > more tools > Web Developer tools. Look into the network tab and refresh your page and try to login again. This can sometimes give you some hints what’s going wrong.

Also have you tried to log every container from the compose?

When you ls all containers do they seem healthy or does one do not start? docker container ls -a ?

N0x0n ,

I just spinned up the docker compose bare bone without any modification just to see if it actually works on localhost. Just a checkup to see if by default it works, and yes I can login from my host IP:PORT without any issues.

github.com/mediacms-io/mediacms/…/admins_docs.md#…

I just changed the default port, because 80 is already used and gave the admin account a password.

Maybe this github anwser can be helpful ??

The compose stack seems not that easy to customize, In your position I would mount it bare bone a change things one/one reading through their admin docs !

My guess would be that changing the volume a few things are missing? I don’t know, docker issues a hard to troubleshoot when you’re not infront of the computer.

N0x0n ,

Yeah, sorry about that… Seems alot of python is involved.

Can you check your permission on “pg_logical/snapshots” in your folder ?

drwx------ 1 70 root 512 Apr 21 15:40 postgres_data

drwx------ 1 70 70 0 Apr 21 14:41 pg_snapshots

N0x0n , (edited )

Here is something you can work on. You could try to mount your volumes as named volume as per this docker-compose file, so that docker takes care of permissions and ownership of the files.

If I understand it correctly you want to use an external drive or a drive partition ? You can’t directly use those partitions as named volume. You can also mount a SAMBA/CIF mounted volume from your external drive/drive partition or NFS (read here).

Do not change this part in the docker-compose I shared above. This files needs to be located where It can find it.


<span style="color:#323232;">    volumes:
</span><span style="color:#323232;">      - ./deploy/docker/local_settings.py:/home/mediacms.io/mediacms/deploy/docker/local_settings.py
</span>

This is what I would give a try. Apart from that, I can’t help you any further, maybe someone else would come up with a better idea :/.

This seems like a stupid permission issue ˆˆ’. Hope you will find your way arround !

Repairing bad sectors in an external drive

So I have this external 2.5" drive salvaged from an old laptop of mine. I was trying to use it to backup/store data but the transfer to the drive fails repeatedly at the ~290GB mark leading me to believe that maybe there is a bad sector on the drive. I tried to inspect the drive using smartmontools and smartctl but since it is...

N0x0n , (edited )

Also interested ! But I read through my long search that bad sectors on a drive… Is a sign that your drive is failing and that there is nothing you can do about it.

Your drive will probably accumulate more and more bad sectors until it becomes unusable (there is some threshold).

There is however a way to “mark” them but thats just a temporary solution. I wouldn’t put important/critical data on it (pictures, backups, OS…)

N0x0n OP ,

Isn’t samba a fork and open source package from Windows’s samba/cif ? I think I read something like that on the web, but not sure about that information. So it hasn’t anything to do with windows. I may be wrong on that tough !

N0x0n OP ,

Then I learnt it’s no longer maintained so switched to NFS.

Ohhh wasn’t aware of that information ! Thank you.

N0x0n OP ,

Thank you for the hint ! Yeah it’s in a multiOS environement.

N0x0n OP ,

Yeah, multi-OS environemment… Thanks for your comment :)

N0x0n OP ,

Thanks !! Yeah I think I don’t need enterprise grade security :) Not right now I suppose… Do you know what Kerberos actually solves in an Enterprise environnement?

N0x0n OP ,

Thanks for the link :) I have already setup a samba share (actually I have setup all 3 on my server xD). But Didn’t knew they have a whole tutorial on it :) Thanks for the resource, I think I will stay with samba :) Looks the most versatil and has also “easier” security function setup. I mean I don’t think I need Kerberos in my homelab setup and SSHFS… Yeah people tend to argue it’s a pain in the ass with Windows !

N0x0n OP ,

Good to know samba works well with truenas. Seeing all the comments, the tendency seems to go in samba’s direction !

N0x0n OP ,

Thank you for your friendly and detailed response !!!

Look at the Arch wiki article for Kerberos, I think that’s what I used mostly. Feel free to ask if you need help setting it up.

It’s always Arch wiki :D. Thank you, but I will probably stay with samba at the moment which will probably fullfil my current needs and seems more complex than I thought ! Also, it’s in a multi-OS environnement (Windows, MacOS, Linux) and NFS seems to not work very well with Windows :/ If I could I would switch my whole family to Linux, but old habits die hard…

Anyway, will keep Kerberos under my radar ! I really want to learn more about it seems very interesting, especially the cybersecurity aspect !

If you don’t mind… Can you tell very briefly what kerberos actually solves in a coporate environnement ? Please, give me a sneek peak of the subject that awaits me :) !!

N0x0n OP ,

I read/heard that alot of NAS server users tend to use NFS shares :/ Don’t actually know why, but that’s what I found out while reading server/NAS configurations on the web.

Maybe because NFS’s speed compared to samba and SSHFS?

N0x0n , (edited )

You are probably talking about video content? I don’t have any advice concercing those, and I’m also interested if someone has some good self-hosted alternative for this kind of content.

On contrary, if you’re an ebook/webpage hoarder I had a long run in finding the best solution to keep my learning ebooks tidy and well organized.

If you are serious about learning through written textbook and web, having everything in one spot and also a buildin pdf reader, I really advise you to have a look at Zotero. Even if you are not a researcher it’s a very useful tool !

Also would suggest you to give the Zotero 7 beta a try instead of 6. Better UX, native macOS m1, linux, better pdf reader, webp reader… Alot of improvement !!

One thing you should be aware of, it’s their cloud syncing, which allow you to continue your work on another computer, which cost a bit of money. Nothing to exagerated though ! BUT if you’re a self-hoster you can sync your personal data folder through a bind volume/samba share/nfs/syncthing… What ever your poison is :).

Sorry if this doesn’t help in your quest of video content organization, but chances are, you’re also hoarding alot of pdf/web page content !

N0x0n ,

Maybe something worthwhile looking at (was roaming the web to find something that could actually fit your request!) Mediacms it looks promising, but never tested it so you have to give it a try yourself :).

But seeing from the github repo, it looks like a selfhosted youtube CMS :) Just keep in mind to backup your data before giving it a try. I have no idea how stable it is.

Hope it helps !

N0x0n ,

It’s true, it’s not a silverbullet, but it’s probably the next step to piracy and illegal content, IF someday they find a working solution to break torrent over the clearnet.

They already found a simple elegant working solution for the common user: Block at the DNS level in the router. While this works for most non techy user, most of us already use a VPN or know how to change the default DNS server.

N0x0n ,

Just because of the loading bar? You’re easy to please 😁.

N0x0n ,

Was just kidding 😁 Keep that feeling, it’s a great one ! I love to see other people enjoying such simple but powerful brain flooding dopamine ! That awwwwww moment is really enjoayble, for others and yourself !

Hope you will have fun with openSUSE ! I’m also thinking to switch from Debian to OpenSUSE for my daily drive. Debian as server is fantastic, but got some quirks running it with backports and testing.

Maybe a skill issue? Probably, but trying something different will give me the necessary boost to find out 😄

N0x0n ,

The Debian wiki is awsome. But it’s less noob friendly than Arch wiki.

The web UI looks like an old forum from 2000. Don’t get me wrong, a well written manpage style webpage is way better than an eye candy bloated scripted webpage (IMO) and I really like how detailed the Debian wiki is. But in today’s “mental standards”, the Debian wiki is not attractive enough for most new comer.

Also, It seems the Debian wiki is not as indexed as Arch wiki on the web.

Finally… I can’t access their wiki with my VPN ! :/.

But I do agree, The Debian wiki is a gold mine !!!

Basic docker networking?

Hi guys! I’m going at my first docker attempt…and I’m going in Proxmox. I created an LXC container, from which I installed docker, and portainer. Portainer seems happy to work, and shows its admin page on port 9443 correctly. I tried next running the image of immich, following the steps detailed in their own guide....

N0x0n , (edited )

Docker networking is fun :) (IMO).

Without having a look at your container and how you configured it, if you have correctly mapped your ports and didn’t change anything fancy and don’t use a reverse proxy

Your container should be accessible on your host’s IP mapped with you Immich docker port:

HostIP:2283

Edit: Also, don’t run a docker container in… Another container (LXC).

Containerinception

How do we know if there aren't a bunch of more undetected backdoors?

I have been thinking about self-hosting my personal photos on my linux server. After the recent backdoor was detected I’m more hesitant to do so especially because i’m no security expert and don’t have the time and knowledge to audit my server. All I’ve done so far is disabling password logins and changing the ssh port....

N0x0n , (edited )

Call me names… But sometimes the story has far more branched backstories than they actually shed into light.

Trust nobody, not even yourself.

your favorite homelab applications

Hi, just recently it’s foss had an article about homelabs. Of course I digged in, since there is a small nuc working tirelessly in the corner of my routers closet. So far it just crawls some web pages for me and sends emails accordingly to my filters. So I hoped to find new exciting stuff to let it crunch through. The articles...

N0x0n ,

But why the cat butt? Because cats are assholes, but you love them anyway.

So true !

N0x0n OP , (edited )

Heyha !

Thanks for your input, you pointed the right direction ! After some more reading, this is what I found.

Adding the following line in sudoers file after @includedir /etc/sudoers.d:

server ALL = NOPASSWD: /usr/lib/openssh/sftp-server

Works without the need of a sudo session for the sftp-server. I have no idea if this is good security practice but If i had to guess I would say no. Having the NOPASSWD argument for something critical as an ftp server seems… Not a good idea ! But I’m not an expert, so I’m just guessing :/.

If I may, how would you tackle such an use case ? My first solution seems way more secure with the right permissions on the bind mount, what do you think ?

Thanks for your nice tip to right direction :D !

N0x0n OP ,

Heyyy !

Thank you, that’s actually a good workaround ! Haven’t though about it !

In case you’re interested @Successful_Try543 pointed to the right direction with sshfs.


<span style="color:#323232;">sshfs [email protected]:/var/lib/docker/volumes/syncthing_data/_data/folder /home/user/folder/ -o sftp_server="/usr/bin/sudo /usr/lib/openssh/sftp-server"
</span>

Adding the following line in sudoers file after @includedir /etc/sudoers.d:

server ALL = NOPASSWD: /usr/lib/openssh/sftp-server

This works, even tough I’m not sure if this is actually good security practice :/.

I will keep in mind your solution if I find out that this workaround is bad practice. What’s your opinion on this?

Thank you !

N0x0n OP ,

Hii !

Ohh maybe I misunderstood the sudoers file. I though having the sudo commands gives you actually full control over your system? Am I wrong?

Do you have any tips or workaround for my specific use case?

Thank you :)

N0x0n OP ,

Sorry for the late response !

As far as I understand, the user server is not the user running your web server e.g. www-data, right?

Are you sure about that? I mean, in the sudoers file I added the user server with NOPASSWD and not www-data for the specific service. And it works that way.

Maybe I misunderstand something here, if so please correct me. Is there anyway I could check this out? Do I need to check the owner on my host or my client trying to mount the path?

Thank you !!

N0x0n OP ,

Hey thank you for the nice tip ! This looks actually promising and exactly what I needed !

Going with this route, which seems way more secure. Fiddling with sudoers permissions seems a bad idea in the first place !

Thank you very much 👋

N0x0n , (edited )

Another solution is to use something like wireguard tunnel, where all your traffic is routed through the tunnel.

This also hides your DNS requests from anyone whose not allowed to and hasn’t access to your private key/wg0 configuration.

N0x0n ,

Last time I saw them, I was filled with infinite inner white light power and joy. So hard to explain that I didn’t even tried, because I was sure nobody would understand.

So powerful I couldn’t keep my eyes closed, so bright and colorful and the patterns infinitly beautiful.

The CEV mandala patterns are amazing, but the fractal patterns are on another level, and You can really feel how they ARE on another level, plane of comprehension.

What a blissful experience !

Longtime Arch user, first time Debian enjoyer

As the title says, I’ve been using various flavours of Arch basically since I started with Linux. My very first Linux experience was with Ubuntu, but I quickly switched to Manjaro, then Endeavour, then plain Arch. Recently I’ve done some spring cleaning, reinstalling my OS’s. I have a pretty decent laptop that I got for...

N0x0n , (edited )

Maybe try this:

shutdown -P now

-P argument is for poweroff, there is probably one for reboot.

You must be root to use this command.

N0x0n ,

Fossil looks really cool ! To bad they don’t approve a container setup ! They surely have their reason.

N0x0n OP ,

Thank you for testing it out and give some nice insights on how to improve the command. Just curious what’s about the parenthesis (sudo cd ./testar && sudo find . -maxdepth 1 -type d,f)? I have never seen a command structured like that !

Regarding my question, someone lead me to the right direction. This could overwrite my actual folder structure (tarbomb) depending on where it’s extracted and the absolute path in the tar. It will also extract the permission and ownership to the current directory… source

N0x0n OP ,

Thank you ! Your edit is related to what’s called a tarbomb. I also found out that it will overwrite the owner and permission to the current directory… Very odd behavior ! source


<span style="color:#323232;">I noticed that you are also getting duplicates in your output 2 tar file, because you are feeding it the folder, and then the folder contents. 
</span>

Haha, that was only an example xD to get context. My english is not that good, so I have to somehow show what I mean.

N0x0n OP ,

Hey :) Thanks for your input but after some insight from other users I actually found out it could overwrite my folder structure (tarbomb) and also overwrite the permission/owner to the current directory (see my edited post for source). My example is probably really bad because it doesn’t contain any absolute path, but the permission/owner change still holds in the current directory.

Sorry if my question was badly written.

N0x0n OP ,

Haha, thank you xD I think I wouldn’t lose my sleep over it, except if I tarbomb my server !! My question was probably baddly written, but this kind of structure could actually be dangerous !

N0x0n OP ,

Thank youuu !! I learned something really interesting !!! :)

(sudo cd ./testar && sudo find . -maxdepth 1 -type d,f) | cut -c3- | sudo tar -czvf ./xtractar/tar2/testbackup2.tgz -C ./testar -T -

So, you’re trying to sudo cd ? :P I tried a hacky way I found on superuser.com sudo sh -c ‘cd dirname’ doesn’t work -_- !

Thank you very much :))) The cut -c3- is a nice alternative !!

N0x0n OP ,

You’re right :) In my current example it’s probably “harmless” if extracted properly in a separated folder. Maybe I do not understand how it works (please educate me :)) but if my tar contains the following folder./home/user/ and I extract it in my current home folder (which would be kinda stupid but It happens) this will overwrite the home folder (which is the principle of a tarbomb? mess up and overwrite directories?).

A related problem is the use of absolute paths or parent directory references when creating tar files. Files extracted from such archives will often be created in unusual locations outside the working directory and, like a tarbomb, have the potential to overwrite existing files. However, modern versions of FreeBSD and GNU tar do not create or extract absolute paths and parent-directory references by default, unless it is explicitly allowed with the flag -P or the option --absolute-names. source

There’s still another odd behavior with ./ ! When extracted it will overwrite the permission/owner to the current directory source

N0x0n OP ,

Thank you very much for the clarification ! That’s exactly the kind of input I was looking for ! I tried it out and your absolutely right ! I will edit my post.

N0x0n OP ,

Thanks after a long sleep I edited my post to avoid misinformation and errors due of my lacked knowledge ! Thanks for your time and clarifications on that specific point !

N0x0n OP , (edited )

Thanks ! I changed that specific point my command looks way cleaner now ! But I still use the find command to extract the names with -printf “%Pn” to tar only the files without the parent folder and ./ ./files. I prefere it that way, it looks cleaner. But -type d,f is useless !

use find to export the list, and then check it before you let tar run on that output

This seems a more secure way of doing things. Do you have any personal experience with piped tar commands that back slashed and put your system at risk?

Edit: I just found an easier way… (cd testar/ && tar -czvf …/mydir.tgz {*,.*}) Which includes hidden files without parent folder and ./ !

N0x0n OP ,

Thank you for the clarification ! That’s way most post are from 2007 and couldn’t find any recent documentation !

Will take a look at path-traversal vulnerability thanks for the info !

N0x0n OP ,

Thanks !!

  • All
  • Subscribed
  • Moderated
  • Favorites
  • random
  • lifeLocal
  • goranko
  • All magazines
    •