Fedora Security :: Few User Accounts Created - Cannot Be Deleted?
Jan 1, 2011
My Linux is Fedora release 13. I found there are a few users created not by me. I am not sure if the system got hacked somehow. Then the hackers created these users, i.e. (1) oracle, (2) exim, (3) test, (4) cox. I tried to delete all of these four users by using "usrdel" command but the system said "I cannot delete these users as the users are logging in". If my system got hacked ?? or these users are created by the system itself?
way to automate adding and removing users from 10 different Fedora 7 servers. We use them as print servers and our users have a user name and password to authenticate with when printing. We also use Samba to talk to a W2k3 server that tracks and charges the users for what they print. The set up was done by a vendor and after 6 months of being in production the scripts they created has flaws.
I need a way for a script to run as often as possible that will remove, change, or delete user accounts from the servers and from Samba. how to most effectively achieve this?
It would be ideal to have a file that gets written to when a change needs to be made then a script to make these changes?
created a user but i forgot to change the home directory permission.so after user created when i go to the user and group mangement i cant see that permission filed related to the home permission directory.my purpose is to stop accessing other user to my home directory,how it can be possible??
I have a windows 2003 active directory and dansguardian transparent web filter. I want that dansguardian filters according by whom is logged on the workstation. Can this be possible?
I am looking at creating two user accounts for "contract system admins"..These guys will be performing sys admin duties for a sever -- however, I am still concerned about security of data. For example, the server contains password information for our database, etc.Besides making them sign an NDA, etc. what other security mechanisms could I put in place to ensure that they don't just go buck wild. For example, when someone makes a sudo command, is this logged?
what are some recommendations for general security practices?
I am trying to disable accounts after 5 unsuccessful login attempts. I am following the guidelines in this article:
[URL]
This is on an Oracle Enterprise 5.4 box, which is essentially RHEL 5.4 Here is what my /etc/pam.d/system-auth looks like:
-------- #%PAM-1.0 # This file is auto-generated. # User changes will be destroyed the next time authconfig is run.
[code]....
Unfortunately, the account does not seem to be locked or disabled. As root, runninng 'su test2 -c <some-command>' always sucessfully runs <some-command>, and leaves the failed attempt count at 6. /etc/shadow does not have an * or ! anywhere in the encrypted password for the 'test1' user.
What am I doing wrong? I thought that with the max attempts set to 0 in faillog, that the deny= parameter would be used. I thought I should be using su <user> -c <command> from the root account to test if the disable feature is working.
Once again, nobody seems to understand security properly when they decide to add nifty new features. After upgrading to 10.04 from 9.10, I now have a listing of all the user accounts under "Switch from" when I go the the logout menu at the upper right side of the task bar. This is a terrible security hole that should never have been allowed in the first place, and is just as annoying as the default behavior of listing all the user accounts on the login screen.
We have 4 servers having rhel 5.2. We have several users logged in on one of them. We have nis server/client running on them and have common home area mounted on all of them. Now we want to disable/block the accounts of the users who have not accessed our servers in last 2 months from today.What logic should we apply to do so? We were checking stat of .bashrc of each user but is not correct logic. We are going to write shell script for the same. We dont want to do anything in users home area or their files.
I have an encrypted /home partition but would like to set up a guest account for my brother. Obviously, encryption doesn't work so well when you give out the key so what I'd like to do is specify a different, unencrypted location as a home directory for the guest account so he doesn't need access to that partition. Is there a way of doing this?
I've got fedora 10, dual boot with windows, 2 hard drives, 1st is NTFS windows. 2nd is split into a swap, ext3 for the OS, and an encrypted partition for /home.
fedora 10 and im trying to set up some user accounts on a computer. My current problem is that we set up 2 root accounts and we need both to be able to authenticate. So far this works on the command line but whenever i'm on the GUI it seems that it only allows root to give its password for things. How do i enable the second account to do that as well.as a note, i am doing this for someone else so i have little to no control how this is set up, so please, i am not looking for reasons why this is not a good idea i would just like to figure this out
I'm having a CentOS 4.4 X86_64 server. Without any warning all users account including root got disabled. As the server was still logged in as root, i was able to enable all the users account. But for root i couldn't.Without thinking i rebooted the server and except root, other users can log in to the server. I should've tried to enable root account from the /etc/passwd. But now i realize its too late for that.Now i want to change from root: x:0:0:root:/root:/bin/false to root: x:0:0:root:/root:/bin/bash. Can anyone guide me to accomplish this or is there any other way to fix this?
I have a small office network here which consists of three machines running Fedora 10 and a dev server running CentOS 5.2. I have no Windows machines, and have no intention of having any. I would like to use the CentOS server as the Linux equivalent to a domain controller in Windows. Use case is simple - I will still have a local root account on each machine, obviously, but I want the three staff users to be network accounts. I want them (like a Windows domain) to be able to login on any computer using their network user credentials and *not* have local credentials on any computer.
I've been Googling like mad on this, but I can't find a definitive answer or a sensible HOWTO for this use case in Linux. Others have suggested I do it all in Samba, but I cannot find an example Samba configuration that behaves as I describe above. Another article I found suggested OpenLDAP.I'm lost. What's the best way to do this with a CentOS controller machine and Fedora 10 workstations? Can anyone point me to some good resources on the matter?
I created a new user /etc/passwd joe:1005:0::/home/joe:/bin/bash Also added him to the group root vi /etc/group root:0:root,joe When I do su joe Gives me ERROR: NO LOGNAME
I have a kickstart script that attempts to create user "joeblow" with an encrypted password. The user is created okay, but the password does not seem to "take". After installation is complete, and the system is rebooted, this is the relevant portion of /etc/passwd:
Code:
This is the relevant portion of /etc/shadow:
Code:
Where there are two exclamation points, I would expect the encrypted password (as is the case for the root user, which is also created in the kickstart file).
The relevant line in my kickstart file looks like this:
Code:
That password string, which is 34 characters, is the word "password", encrypted with this command:
Code:
Also in my kickstart file is this line:
Code:
After the install is complete, I reboot and attempt to log in as "joeblow", but no dice. If I log in as root, and manually put the above encrypted password into /etc/shadow for jowblow, I can then log in as joeblow.
Original HOWTO can be found at: [URL]... So the other day I was in IRC and someone had brought up a problem where they created a new Administrative user, but didnt have rights to use sudo. Looked into the problem a little bit to figure out what was wrong, and it turns out that when you create a new user through the user manager (in kubuntu, anyways. Havent tested in Gnome.) the user gets added to the adm group, however, a quick look at the sudoers file shows that its looking for users in the admin group to allow the use of sudo. So, to solve the problem we do the following: If youre on the new admin user (which Im assuming you are) use the following commands:
Code: su [insert username of old account without brackets] sudo usermod -G admin [username of new admin account without brackets] exit
Then simply logout, and then log back in (not always necessary, but the easiest way to flush the permissions.)
Code: su [insert username of old account without brackets] Means were going to Switch User to the old admin account Code: sudo usermod -G admin [username of new admin account without brackets] This simply adds the admin group to the secondary group list for the new user Code: exit Pretty self explanatory
I am using mint 8 for a 2 weeks, I am noob to linux but I like Mint than any other linux distro which is great alternative to windows. I have a problem regarding password reseting.
1. My laptop automatically get logged in without asking user name and password.
2. I tried to change password for newly created user and root user using graphical way but it does not work.
2. I can perform administrator task using only OEM user which is default inbuilt user of mint.
How can make my laptop to ask password when mint get booted? How to change password for other users?
I installed fedora 12 Constantine and the install gets to the point of rebooting once it's done with the reboot it goes right in to the login without creating a root account or a user account.How can I solve this issue, there has to be like 3 or 4 solutions to this problem I'm just new to linux.
I'm installing a new laptop for a friend of mine and he wants 3 user accounts, similair to how he runs his windows setup.
1, an admin account, we have called this account peacemaker. 2. his account 3. an account for his girlfriend.
The problem we have is that if we want to do anything from the terminal that requires elevated priviledges, sudo does not accept his password or that of peacemakers. we have done sudo -i -u peacemaker but it still doesn't accept either password, stating his account is not in the sudoers list.
I'm not a massive expert here, but research brought me to this page:[URL]... But that then just means his account has admin rights, which is what we were trying to avoid. We wanted a setup similair to windows where if you want to run someting with elevated privledges if pops up asking for the admin password. This works in the gui, but not in the terminal.
So in short, my question is, is there anyway of having the terminal accept peacemakers user rights from the his normal user account? If I add the account to the sudoers list like it suggests, does this again just give his account the prilvedges rather than saying supply me with the password for peacemaker.
this is probably not really needed and he can just have his account as the main user, but coming from a windows background, he would prefer the 3 user accounts model (2 normal users, 1 admin)
We have a web server and are trying to meet a clients requirementes around accountability.Basically, everything in the system should be accomplished using user accounts that are individually identifiable. So basically, no root user, since that's anonymous.So how should we set up these user accounts?Being administrators, we want them to have easy access to files not owned by them, such as ones uploaded using FTP accounts or via apache.We want to be as secure as possible though.
My current thought is to add them to the root group so they have full read access throughout the system, and add them to sudo, but I worry that gives them too much control.
I'm using ubuntu and i need to know if it is possible to make a "prototype" account that sets the defaults for new users when a new account is made. How would i go about doing this. I would like to have the same start up programs, panel, themes, background, etc...
Is it possible to install Ubuntu Server and have user accounts and log into the server via a Windows XP machine? Sorry if its a stupid question! Many thanks
i'm configuring sendmail for a little office but i was requested for two domains e.g. [URL] and [URL] i've created this two domains but at the moment i create a user account how could i make the difference between wich domain the user belongs?
I am trying to make subversion to use the user account from bugzilla. I surf the net and found many threads related but most of them are out-of-dated. I have install the following software on ubuntu10.10
I've just rebuilt a server that had SLES10 to Slackware64 13.0. I wanted to keep all users and their passwords, so I copied all user entries in the old SLES /etc/passwd and /etc/shadow files to the corresponding new Slackware files. It turns out that the passwords are not interpreted correctly. I presume that SLES uses a different hashing function than slackware. Is there an easy way to convert these hashes, or will I have to reset all passwords and force users to change at login?
I have upgraded to Lucid, but was having the same issues on Karmic. I made a 2nd user acct we'll call X and we'll call the original acct Y. All of these issues only happened after creating X.
On X I have: sound Things wrong with X: I don't have the ability to modify any folders (even ones that are made from X's acct), I can't change the password or even access the Users and Groups, I can't modify any browser settings in Firefox but can on Chromium, the option for wireless is completely gone
On Y I have: the ability to access users and groups, the ability to modify all folders on either acct, the ability to change any settings on anything Things wrong with Y: no sound (doesn't even show the driver, but the driver is there on X's acct), wireless is completely gone (just like X's acct), even though I can access Users and Groups I cannot modify anything about X's acct
My first thought was to completely delete X since that's when all the problems began, but I'm afraid that since X seems to have "stolen" my sound card, that will be lost forever. I am also afraid that since neither account has wireless deleting X might hinder ever getting it back.
I'm configuring a fresh install of Debian 8 and I'm having a problem creating new user accounts, using XFCE.I'm using the console for setting new user accounts, without any problems yet when I log in the user accounts to check if everything is ready to use I get a persistent message from the system warning the session is in kiosk mode.I've went through several step by step guides I've found over the net, went to the XFCE wiki trying to find an answer for this, with no success. I've even tried deleting user accounts and recreating it but the problem persists.
