Thank you both
Awesome now I understand what you and the other commenter were talking about with aliasing. Well this works perfect without the alias, many thanks
Well my other comement saying this is exactly what i need did not get posted as a reply to your comment, my mistake. I followed rhe example for “/usr/bin/wg/” intending to be able to use
wg show
but it still requires sudo. I tried rebooting and nothing changed, any ideas? I did
type -a wg
to get the command location for the sudoer file.
Thank you
This does seem to be exactly what i am looking for. I implemented this and tested it and the command still isn’t working yet but i will keep troubleshooting, its probably a silly quirk on my end. Thank you very much!
Thank you for the info! This is very helpful to me.
But the router must forward the port to allow the VPN to be utilized , meaning that port being forwarded can be scanned/detected i thought?
This is the first that I have heard about setting the SSH port to only accept connections from the VPN, is there a term or something I can search about this online? Or is this basically just allowing port 22 open on a device and not forwarding the port on the router as when a different device tunnels into the same network through the VPN it can already talk to the first device?
But wouldn’t the port being open alert anyone who looks for that? Network security is not my specialty but I believe I have read that people can ping/scan ip addresses easily and quickly to determine if any ports are open / forwarded, so if Wireguard was used or any VPN software, they could pick up on that as an attack vector?
I am aware that opening / forwarding ports are attack vectors and they become unavoidable though if i need the vpn and ssh capability, however, in theory the ssh port could be closed/not forwarded if traffic/connection was tunneled through the VPN. Those are my thoughts
Both require opening a port but theoretically ssh going through the vpn would mean port 22 does not need to be open/forwarded right, as opposed to both port 22 and whichever for the VPN open?
Thank you for this excellent answer
I’m looking for the same thing, simply an app that allows 2 people to edit a list with no ads. No luck so far.
Honestly i never see any resistance to these kinds of steps forward
What you proposed with sgid sounds like it might be what i need. All of the users are controlled my me, it’s just when they connect to the smb share of the main system from other devices, i figured it was good security to use an account that is separate from my main account on the system, so they can’t access the entire system or execute sudo commands
Thanks for chiming in, im glad its not just me. I feel like i have a much stronger understanding on things more complicated tham groups! That makes it feel worse
But what if user A in a new group creates dir “abc” - will dir “abc” automatically be set to the correct group? I would think the group permission would be just like the user permission, not set until manually set.
Thanks for adding that tidbit at the end. The reason that permissions get out alignment is due to different non-privledged accounts (for saftey) will write or copy files somewhat regularly from outside of the main system. I am the furthest thing from a linux expert so maybe you would have a recommendation or better insight after explaining that? This necessitates changing the owner and permissions regularly, especially when I need to interact with the files adhoc and have to wait for my script to run and complete.
I figured its another black box hell like a google meets or something similar where itll try to grab any detail, data or info about what i am connecting with, and also how trustworthy the E2E encryption is if its proprietary