General :: Easy Way To Explicitly Deny User Sudo Permission?
Jun 8, 2011
I am attempting to configure my sudoers file, and have quite a few questions.If you can answer any/all of them, I would be grateful.
-Is there a way to set it up so that root gets notified if a user tries to use a command they are not allowed to?
-If something like this already exists on my system, how do I set it up/use it/ read root's messages?
-I see a lecture=always default exists, but can I customize this lecture?
-Is there an easy way to explicitly deny a user sudo permission?
-I see there is an ALL wildcard. Is there something similar to a NONE wildcard?
View 3 Replies
ADVERTISEMENT
Dec 19, 2010
I made a Desktop User account. When I went on that account, it allowed me to execute sudo as if I was an administrator. I don't know what might be causing this. I do have ufw set up and blocking incoming connections. Do you guys know what might be at the root of this?Also, when I used sudo from the user account (which I shouldn't have been able to do), I provided the password for my admin account.
View 9 Replies
View Related
Oct 20, 2010
I have a problem about user permission, I just destroy my user...So, I create a new one. But I can't have the permission to use "sudo" or to install program... So, I cannot do a lot of thing in my computer. The logical solution is to boot in failsafe mode and access to the root terminal, but, I don't know how to change the permission to allow me to use sudo.
View 5 Replies
View Related
Oct 19, 2010
I have a Samba share that contains a symbolic link and when I try accessing it from the WinXP machine it denies permission. If I access it from the Linux account, it goes in with no problems. Is there a certain setting that needs to be set or enabled or is this just one of those things with Samba?
View 5 Replies
View Related
Mar 3, 2010
As user lukas, who is listed in 'sudoers' with the same rights as root (ie ALL=(ALL))
I can't cd 'into' dir /var/spool/cron:
As root i can cd into it no problem. As lukas, i get permission denied, and if I try 'sudo cd cron' I get an error saying command 'cd' is not recognised.
file permissions as follows -
View 7 Replies
View Related
Jul 17, 2010
If I try the sudo mv command on the file listed below I get the error listed. I am confused. It is my file & I have permissions. Somehow a slew of files on my system are now showing this way. This seems to correspond when I ran rsync from my netbook to sync it up with my desktop where I am having a problem.
Potential Source ->
sudo rsync -av --delete --rsh=ssh joe@192.168.1.4:/media/Abyss/Memories/ /home/joe/Pictures/
Type of issue ->
mv: cannot remove `100_2259.jpg': Permission denied
joe@Tux-Box:/media/Abyss/Memories/2009/3-09$ stat 100_2259.jpg
File: `100_2259.jpg'
Size: 243012 Blocks: 480 IO Block: 4096 regular file
Device: 811h/2065dInode: 1312030 Links: 1
Access: (0777/-rwxrwxrwx) Uid: (1000/joe) Gid: (1000/joe)
Access: 2010-07-17 11:41:26.708020712 -0400
Modify: 2009-12-13 21:49:59.501938000 -0500
Change: 2009-12-24 05:54:02.854309200 -0500
View 7 Replies
View Related
Aug 4, 2011
I Have been trying to change a file in filestarter using sudo /etc/rsyslog.conf. but am getting a permission denied message. How do I get into this file to change it ? Firestarter is working ok but for some reason it cannot open the system log. I Have found what amendments need to be made to get this to work but simply cannot get access to the file
View 2 Replies
View Related
Jan 18, 2010
I'm setting up Ubuntu Karmic on my sister's old computer for my nephew, he's quite young so my sister asked to install some content filtering. I'll first setup an OpenDNS account and I've installed and managed to get dansguardian and squid working on a virtual machine to try it out. so far it's working pretty well, but I need to secure it form the inside out.
I was thinking of blocking specific outbound ports so he could not bypass the proxy. because by default the firefox configuration can be easily changed. so I have a couple of questions.
1. is it possible to block outgoing ports on Ubuntu?
2. is that the best method?
3. is there anything else I should be aware of to prevent subversion?
lastly, this question is probably unrelated to this board but I've set up a cron job to update a dynamic ip with OpenDNS, the problem is that the password is in clear text in the user's crontab, can I play with permissions? is it possible to run the job under a root account and deny read/write access to a normal user?
View 1 Replies
View Related
Jun 4, 2010
How can a user be setup to sudo (or su -) without entering a password?
View 1 Replies
View Related
Feb 8, 2010
Can a sudo user do everything what a root user can do? I read sometimes expert say "You should run it as root rather than sudo user".
View 14 Replies
View Related
Apr 30, 2010
Customer asked me to create a menu for linux he also asked me to do this: Open like a command like where a user can execute commands...so for this the users have sudo enabled. The code below works OK. But it has an issue when a command is executed but the command does not need sudo
Like for instance
Code:
cd /
sudo: cd: command not found
How can I allow a user to execute all commands when a command does not need sudo
Code:
echo -e "Press Control+C to finish"
#echo -e " "
while true;
do
read whichcmd?"Insert Command: "
sudo $whichcmd
done
View 3 Replies
View Related
Feb 9, 2011
i want to automate sudo su - user command from a script...it will then ask for a password...how do i automate this?
View 3 Replies
View Related
Jan 17, 2011
I did some digging on the sudo command and I do know the config file is /etc/sudoers Read the manual for sudoers and found out that I must use visudo to edit the file I read some of the examples at the bottom of the file and tried entering my own account in following the example. one of the commands I was trying to allow my account to perform without root login is the mount command So I tried adding this in (kreid8 /bin/mount ALL) I then saved & exited the file and logged out of root and tried sudo mount -t vfat /dev/sdc1 /media. I got an error saying I had to be root in order to do that But when I use the visudo -l option it shows that I have that privellege. Did I edit the file incorrectly?
View 6 Replies
View Related
Dec 9, 2010
I need to provide sudo access to Oracle User, run only this particular "SRVCTL" command.
Do I need to edit "sudoers" file .if so where do I need to add these two lines in sudoers file.
1. apps/opt/grid/bin/srvctl
2. /apps/opt/oracle/product/11.2.0/db_1/bin/srvctl
View 2 Replies
View Related
Jan 13, 2011
i have created a file (by root user) called test.txt. Then i created a user bob. Now i want only bob to read/write/execute this file and no other user shall have any permission on it.
View 3 Replies
View Related
Apr 19, 2011
i've query regarding, user creation in Linux( RHEL 5), i.e, i've created a user ([root@localhost ~]#useradd slash ) and switched into that user, but am not able to run commands in it......It's displaying a message saying, PERMISSION DENIED. Do we need to provide any permissions while creating a user
View 7 Replies
View Related
Jan 16, 2011
i have the one help. i will creata one samba server.access this samba file windows system. also domain user access this samba folder. but problem is how can set permissions AD User( Windows 2008 Server).
View 2 Replies
View Related
Sep 7, 2010
I need sudo for www (apache) user to run a shell script('ip.sh' contains iptables rules) from cgi-bin directory via browser using a per script. I edit sudoers( www ALL=(ALL) NOPASSWD: ALL ),but when run the bellow command that's with err:
# sudo -u www sh /srv/www/cgi-bin/ip.sh
iptables v1.4.4: can't initialize iptables table `filter': Permission denied (you must be root) Perhaps iptables or your kernel needs to be upgraded. And:
# ls -al ip.sh
-rwxr-xr-x 1 root root 243 Sep 7 14:18 ip.sh
I edit sudoers so
'www ALL=(ALL) NOPASSWD: /srv/www/cgi-bin/ip.sh,/usr/sbin/iptables' too. but it doesn't work too. how can I execute this script via browser ?
View 14 Replies
View Related
Jul 26, 2011
We are using ubuntu 10.04 desktop version.ls > /dev/lp0 permission denied in user account we need user can access lp0 /usblp0. Our printing module is lp0 writing technology example dir >prn.
View 3 Replies
View Related
Jan 21, 2010
I'm trying to access a share across the net. the share is a disk "fat32" which I mounted using "vfat users,rw,exec 0 0." However, after I created the samba user "smbpasswd -a user" I'm still unable to access the share across the net. ports are open, and entry has been made in smb.conf for share. But I'm having problems giving permission to smb user. the share it is mounted on /media/share, and I've tried everything from
chmod -R ug+rwx /media/share
chmod -R ugo+rwx /media/share
chown -R user /media/share
and I always get unable to set permission for user
View 1 Replies
View Related
Jan 20, 2011
i want to set permission type "write" on a file to a particular user in a group of users ( not all users in that group). chown is changing a user to root , but i want to set say permission of "write" only to a user 1 in group staff which contains 10 users 1 , user 2 ...user 10.
View 3 Replies
View Related
Sep 29, 2009
I can't seem to give myself audio permission. What is the command that lets me add myself to a group so that I may be able to use alsa?
View 2 Replies
View Related
Jan 9, 2010
I have configured samba server.My requirement was that the path which i have to share was /srv/www/htdocs.With this the shared path for developer user was /srv/www/htdocs/projects.
So in the smb.conf file i made the entries as following:
After that root user was able login to both /srv/www/htdocs and also project folder and developer was only able to login to projects folder.That was according to my requirement but now the problem is that when developer is trying to edit any file in projects folder he is getting error that you dont have permissions to change this file.But developer should be able to edit any files. What changes i need to do now.
View 3 Replies
View Related
Jun 10, 2010
I'm using ubuntu,i have a bin file under my /usr/bin, if i run the command under root user i'm getting no problem an it works fine,if i try it in with differnent user im getting
Code:
semctl:premission denied
so how can i edit my bin file and change it to right permission
View 3 Replies
View Related
Jul 21, 2011
Since I have never had the need to create one, the first time I encounterd it I asked myself: what is it?I was looking for MySql installation guidelines on mysql.com, when, reading them, I found this command:shell> useradd -r -g mysql mysql.Now, I read the man page of useradd looking for explanation about -r option, but I didn't found it useful.It just says that -r options creates a System account, but it doesn't say anything else.So my question is: what is a system account? Few lines under the command it says:"Because the user is required only for ownership purposes, not login purposes, the useradd command uses the -r option to create a user that does not have login permissions to your server host."What would be the benefits if mysql user has not login permission?
View 6 Replies
View Related
Jan 6, 2010
Original HOWTO can be found at: [URL]... So the other day I was in IRC and someone had brought up a problem where they created a new Administrative user, but didnt have rights to use sudo. Looked into the problem a little bit to figure out what was wrong, and it turns out that when you create a new user through the user manager (in kubuntu, anyways. Havent tested in Gnome.) the user gets added to the adm group, however, a quick look at the sudoers file shows that its looking for users in the admin group to allow the use of sudo. So, to solve the problem we do the following: If youre on the new admin user (which Im assuming you are) use the following commands:
Code:
su [insert username of old account without brackets]
sudo usermod -G admin [username of new admin account without brackets]
exit
Then simply logout, and then log back in (not always necessary, but the easiest way to flush the permissions.)
Code:
su [insert username of old account without brackets]
Means were going to Switch User to the old admin account
Code:
sudo usermod -G admin [username of new admin account without brackets]
This simply adds the admin group to the secondary group list for the new user
Code:
exit
Pretty self explanatory
View 4 Replies
View Related
Oct 11, 2010
I have two machines between which I need to share a folder.On server1, I have the user 'appuser' that needs to access (read/write/delete) on this share.On server2, 'root' accesses this share and writes to it.I have the following in /etc/exports on server1:/home/app-share 999.999.99.99/28(rw,insecure,sync,no_root_squash)where the number is the IP address. How can I change this to allow 'appuser' access?
View 1 Replies
View Related
Feb 4, 2011
allow specific user permission to read/write my folder
I have a folder called /TAR/Sketch
I added a new user, named Snoopy, I want to grant this user the ability to add files & directories to this folder which is under the group Sketches and the owner is me.
How can I accomplish this ?
View 1 Replies
View Related
May 26, 2010
I'm trying to do something like thisi created a group called www and made this group the owner of the directory/var/www/htmlso i can read and write to it.of course I've add my self to this group, but it seems i can't read and write.the syntax i used was something like chown :www /var/www/html.didn't workonly when i used chown samurai:www /var/www/html i could finally could create new file.the reason i don't want to specify the user name is because I'm thinking of a scenario when i need to give permission to a large group of ppl and don't want to do it user by user.
View 5 Replies
View Related
Jul 27, 2010
I have a program(that is written by me) which need super user permission to execute it. But I need to let the normal users to execute it without using 'sudo ./executable' and just './executable'. how i can set the program to execute by the normal users without using 'sudo' or password prompting.
View 2 Replies
View Related
