Fedora Security :: Administrative Login In User Account?
Sep 25, 2009
I am a new Linux user and have a question about the administrative authentication. When I am logged in as a user and I need to do something that requires root privileges the little password window comes up and I enter the root password. My question is how long are the root privileges granted for?I noticed that a few minutes after finishing checking out the firewall configuration tool and closing the window that I was still able to re-enter the fire wall tool and other administrative tools. How do I log out of the root privileges without logging out and then back into my account?
I just installed opensuse 11.1 with only the standard user account, not root account. Therefore, my question is regarding this ... is safe running linux with no root account? Should I create a root account for adminstrative purposes? If so, how can I do that?
I created an account using the following command:#useradd -g developers john and successfully changed the user password with:#passwd johnThe user is unable to login using the New Password using SSH. As a root I can login (#su - john) with no problem.
If I'm getting good at anything with Fedora, it would be making mistakes. I have Fedora 12 installed and it was running fine until I attempted to set the path in bashrc and cshrc for jdk. Now I am unable to login using the only user account I created at install. When I enter my password the login screens goes blank then my mouse pointer appears with the circling dashed loading symbol for a few secs and then brings me back to the login screen asking for my password again.
I often get responses from people who first say: "Are you sure? You want your network to be exposed to the outside world?" I am not experimenting on a Production Server of NASA or any Security Concern Department. Friends, there is no harm in experimenting on your personal computer or on a test computer which is isolated from the production environment. Look at hackers! What do they do? If they don't know how security is breached then how would they come up with security measures?
If my question reads... "How to let any user perform Administrative Tasks on a Linux System irrespective of his/her privileges on that particular system?" then I would not get the right answers in the first place. They will say... "You are letting everyone destroy your system... are you sure you want to do that?" My question is: Why should we restrict ourselves from experimenting even if it sounds weird to other people?
I give you an example where it is desirable to let an unprivileged user perform certain tasks. You want to know if there are any employees in your office who are storing videos in their home directory and filling up the disk space to a great amount. You have a department called "Command Center or Data Center Operations or Help Desk" call it whatever you would, whose work is to monitor such activities, and you create an account "monitor" for them to monitor such activities but they are not able to do them:
This netbook only has a user with non-administrative privs on it and root user but I do not have root's password.Is there a way that I can create a new administrative user of change the current user's group so that it can do sudo commands or have more privs?
I started up my computer and suddenly, I saw that there was a new user account. I didn't create it and no one else uses my computer (let alone has access to user account creations). It was called dtc. It didn't seem to have any privileges and the only file in its home folder was called Examples. Should I worry that I might have some kind of malware? I deleted the user and the folder (and it came back after a while). It's main group is dtcgrp. The User ID is 1004.
I ran a test where I login a test user several times using the wrong password to see that he gets locked out after several attempts. Now that I got the test user locked out, how do I unlock the test user? I tried passwd -u <test user>, but it says passwd: Error (password not set?).
I recently made a computer for someone who decided to get a new one instead.. so i thought i'd make a server out of it lk i had it before. so i deleted their account (while on their account) and made me an account.. but now when i try to login to my account it's.. not there? such as when i type my username and pass it says i entered an invalid user/pass. any idea how i can get my user accounts back or atleast logon to this system? i know the root password if there's any way i can login under the root account.
I'm looking for a script that can do two things: (1) determine the shortname of the user with the largest account in /Users and (2) look up their full/long name. I'm going to use this script to help identify who the user on a computer and while I know that's possible that a sometime-user may have a larger account than the normal-user on any given computer, the results of a script should be sufficient in most cases for my needs.I'm not sure the best way to around this. I know that can use "du -m -d1 /Users" as root:
root on torchwood [ ~ ]$ du -m -d1 /Users 157 /Users/admin
I wanted to set up Computer Lab. loading Fedora 11 OS and one system acting as a Server to store Users(Student) Login Informations. When students do a programs, all programs (eg, C++ programs) files should be saved in the local fedora system but when login to the system, the login should be validate by a Server System.
I've written an article on my site which lays out steps for installing Wine and running it under its own, separate user account, so that Windows applications cannot access personal files (particularly those in your home directory).[URL}..i'm hoping that there are people on this forum who know Ubuntu inside-out, as I'd like to know how effective the described method is at trapping Windows applications so that they cannot read or write personal files or directories.
The way I understand it, once the process is running under user account wine, it's stuck with the access privileges of user wine. But are there ways in which a rogue application could break out of this prison and gain access to whatever it wishes? I'm guessing that such behaviour would mean someone customising Windows software to recognise Linux, and that such a thing is very unlikely, but I'm still interested to hear what gurus of the Ubuntu internals think of this method.
I need to create such an account that the user wouldn't be able to r/w any file which doesn't belong to it, even if access mode is set to o+rw. I guess normal chmod/chown won't help here... How can i do this?
There is a shared account (not by choice, and not my choice). I ssh into it, along with many other users.Some users share the password, others use the public key method (each user has their own pair of keys).I have a number of shell preferences that I would not want to affect other users. So changing .bashrc, .profile, .kshrc, etc types of scripts in the shared account is not practical, because changing them would affect everyone. What would be a practical way to have a script execute automatically, only when logging in by way of my private (id_rsa) key? Could I perhaps change the .profile in a way that it runs some commands only if my public key was used to authenticate the login?I've considered this:ssh sharedUser@host 'bash -s' < my_local_script.shbut it simply terminates when done. I want it to hand the shell over to me.Also, when many users are logged in, the "w" command shows several users with the same shared username. Is there anything I can do to make my own session distinct? E.g. instead of showing username "sharedUser",
Network server to administer accounts for all users, one login ie at login select or type in user name and password to login - so that I don't have to setup users separately on all PC's so that they can login from any computer.
Recently I deleted files from my root/share folder in an attempt to remove a program which had made the system virtually unusable. Upon reboot of the system I accessed the partition I had just edited and I found that I was unable to login using the login manager, every time I hit login it just returns me to the same screen displaying the message: unable to start session.
I want to create an unprivileged user account, say 'shutdown', which can be used only to shutdown the system. I followed the instructions in ut when I login into the system, I get this error 'Cannot execute /usr/bin/sudo /sbin/shutdown -h now: No such file or directory'.These are the configurations that I did
/etc/sudoers: Code: shutdown localhost=/sbin/shutdown -h now
I remember my password very well and have no need of password recovery. Everywhere I look it's how to recover and I don't want that. The kind where you boot into root recovery console to change the password.
I made a Desktop User account. When I went on that account, it allowed me to execute sudo as if I was an administrator. I don't know what might be causing this. I do have ufw set up and blocking incoming connections. Do you guys know what might be at the root of this?Also, when I used sudo from the user account (which I shouldn't have been able to do), I provided the password for my admin account.
Is there a way to set Linux to automatically log in to a specific user account and at the same time lock the screen? I want to save time and trigger various software that always should start up on boot, while leaving the computer unattended during startup (extra important and practical for remote control boots), by enforcing a 'screen lock' so that no-one can see what happens behind the login screen without entering the login credentials.
I'm seeing really bad user login format under a standard installation and am wondering why ubuntu does this as default. I have noticed that the graphical login for gnome sizes itself to accommodate a user's exact password length. This indicates to me that somewhere on the unencrypted part of a standard installation with user encryption contains at least some indication of the content of the password length which seems a security flaw even if not a complete hole, it majorly reduces the number of attempts a cracker would have to cycle through.
And that's assuming that *only* the length is contained. Furthermore it seems that it would be MUCH better to simply display the number of characters entered into the pw field and allowing the gui to expand itself from an fixed size as the field is filled out so the the user still receives visual feedback for entering characters. Either a simple character count display should be entered into the field or a 10 dot to new line so that one can visually quickly count the number enter by multiplying from a 10base graphical observation.