General :: Limit Root Access To User Account?
Jun 24, 2010I am a user of a cluster. I don't want root to see/copy files from my user account(obviously). Is that possible to limit the access of root to users account?
View 14 RepliesI am a user of a cluster. I don't want root to see/copy files from my user account(obviously). Is that possible to limit the access of root to users account?
View 14 RepliesI'm setting up Ubuntu Karmic on my sister's old computer for my nephew, he's quite young so my sister asked to install some content filtering. I'll first setup an OpenDNS account and I've installed and managed to get dansguardian and squid working on a virtual machine to try it out. so far it's working pretty well, but I need to secure it form the inside out.
I was thinking of blocking specific outbound ports so he could not bypass the proxy. because by default the firefox configuration can be easily changed. so I have a couple of questions.
1. is it possible to block outgoing ports on Ubuntu?
2. is that the best method?
3. is there anything else I should be aware of to prevent subversion?
lastly, this question is probably unrelated to this board but I've set up a cron job to update a dynamic ip with OpenDNS, the problem is that the password is in clear text in the user's crontab, can I play with permissions? is it possible to run the job under a root account and deny read/write access to a normal user?
I've noticed that "su" can be run from any user account so long as the user knows the root password.What if I want to limit the ability to "su" to only 1 user account? For example: Pretend my desktop has 4 different user accounts. Currently each user account could run "su" for root access if the person sitting in front of the screen knows the password.
1) Could I somehow make only 1 of the 4 user accounts able to "su" into root mode?
2) If yes, then would doing so have any side-effects?
I have a Web server issue for which I have hired a reputable local consultant (recommended by several people in our local Linux User Group).
For some of his tasks, he will need root access.
How do I build him an account, specifically for him that I can delete later, that will allow him both unprivileged and root access?
recently i rent a xen vps intended to setup a PPTPD vpn server for me and my friends. so we can by-pass the great firewall in china and get back on ....., facebook and stuff. i have already setup the server and i can connect to it without any problem. but i still want to do some further configuration the server:
1. i want to limit the bandwidth to 400k/s per connection.
2. i also want to limit the max connection per user a/c
i have some thoughts on the 2nd requirement. in the user configuration file of /etc/ppp/chap-secret, you can specify the range of ip the user can get, does it limit the max connection per user a/c? or they can connect anyway, just every now and then a box pop up says conflict in IP address?
What is the user account number when you create a root user account for the system during the installation of any linux distribution? I'm not sure if its 0, 1, 10, or 100..
View 2 Replies View RelatedOn a Fedora Core box, I have a normal non-privileged user and I also have sole access to the root account. Because I am the only administrator of this box, I frequently su over to root for administrative tasks. The problem is that many of the user configuration I've become accustomed to are only configured on my day-to-day account (.vimrc, .bashrc, .screenrc, etc). Other than giving my day-to-day user account privileges to perform administration tasks, how would I go about sharing configuration between these two accounts?
View 1 Replies View RelatedOr would this sacrifice security in some way? I've been using root only, and am ready to have a seperate account now. It's the dotfiles for GUI apps that I'm concerned about:
Code:
-rw------- 1 root root 98 Feb 13 16:23 .Xauthority
-rw------- 1 root root 6392 Feb 12 18:13 .bash_history
drwx------ 5 root root 4096 Jan 13 17:47 .config
drwxr-xr-x 4 root root 4096 Dec 29 21:36 .fvwm
drwx------ 4 root root 4096 Nov 7 19:55 .mozilla
-rw------- 1 root root 218 Jan 26 10:04 .recently-used.xbel
-rw------- 1 root root 98 Feb 13 16:23 .serverauth.17096
drwxr-xr-x 2 root root 4096 Dec 25 12:42 .tuxcmd
drwxr-xr-x 2 root root 4096 Feb 12 17:25 .xine
I just created new user account, but the new user is able to access all the directories structure (including other's home directories).I'd like to limit the user to access ONLY his home directory (and nothing "above"). How do I do this?
View 1 Replies View RelatedIs there a non-root shell command that can tell me if a user's account is disabled or not? note that there is a fine distinction between LOCKING and DISABLED:
LOCKING is where you prepend ! or * or !! to the password field of the /etc/passwd file. On Linux systems that shadow the passwords, this marker flag may be placed in /etc/shadow instead of /etc/passwd. Password locking can be done (at a shell prompt) via password -l username (as root) to lock the account of username, and the use of the option -u will unlock it.
DISABLING an account is done by setting the expiration time of the user account to some point in the past. This can be done with chage -E 0 username, which sets the expiration date to 0 days after the Unix epoch. Setting it to -1 will disable the use of the expiration date.
The effect of locking to to prevent the login process from using a supplied password to hash correctly against the saved hash (by virtue of the fact that the pre-pended marker character(s) are not valid output character(s) for the hash, thus no possible input can ever be used to generate a hash that would match it). The effect of disabling is to prevent any process from using an account because the expiration date of the account has already passed.For my situation, the use of locking is not sufficient because a user might still be able to login, e.g. using ssh authentication tokens, and processes under that user can still spawn other processes. Thus, we have accounts that are enabled or disabled, not just locked. We already know how to disable and enable the account - it requires root access and the use of chage, as shown above.To repeat my question: is there a shell command which can be run without root privileges which can output the status of this account expiration info for a given user? this is intended for use on a Red Hat Enterprise 5.4 system.The output is being returned to a java process which can then parse the output as needed, or make use of the return code.
i am having problems with privileges i have created a new user with my name, but i cant get root privileges on it. i need the same privileges as the root profile.
View 9 Replies View RelatedDo you think there is a way of accessing different user data from another account which I have set up.
Ie. user 1 = account has messed up
user 2 = account works fine
access user account 1 home directory from user 2 work space?
for create an user I put:
useradd username
passwd username
I was changing my GUI settings in XFCE in my root user account on Xubuntu when suddenly I was logged out and the computer shut down.
(I have done this before with no such trouble...)
Now I can't log into my root account all I get is a blank screen for a few seconds then I'm back at the log-in screen, the other account works fine.
(This is on my Xubuntu 10.10 laptop BTW...)
I'm trying to determine how to limit a specific user so that they are confined within their home. I'm also trying to figure out how to prevent a specific user from walking up to the computer and allowing them to log in, but still allow SSH. Basically I'm trying to provide an account with very limited access to the machine.
View 3 Replies View Relatedi want to install a software in my linux machine staying in another user that i have created .It is asking for root access for some command to be execute during installation process.when I am trying to execute "sudo -s" its showing " is not in the sudoers file. This incident will be reported.".what next will i do.I am in my ubuntu machine.
View 3 Replies View RelatedHow give all access (same as root) to other user because i need to run some application s/w from other user login.
View 2 Replies View RelatedHow to add user with root privileges and SSH access.
View 6 Replies View RelatedI unlock the root usr accout, but how can i log it on?
View 3 Replies View RelatedA while back I don't know what I did but I messed up my root user account and now the password that I think is supposed to be for the account doesn't work anymore.In an attempt to fix it I rebooted and went into recovery mode and then edited the sudoers file. This appears to have been good enough to be me by but now I'm running into problems installing or changing configurations in gnome. For example, I just installed Asterisk via the terminal the other day and had no problems because I could use sudo. But just now I tried installing Gastman via the Ubuntu Software Center and of course it asked for the root password.I entered my usual root password when I use sudo and it doesn't work.
I then went to the terminal and entered sudo apt-get install gastman and it worked fine becuase I used my sudo password for my account. So it seems I can do things just fine via the terminal but when in gnome it doesn't work. I went into the Users and Groups section in Gnome to attempt to set or change the root password but of course I have to unlock the application which requires the root password.
I try to create a user who has the 100% permissions and roles as the root with following command:
Code:
useradd -c "ANOTHER ROOT" -d /home/root2 -g root -m -s /bin/bash root2
But it seems the user just in the group of root but doesn't have all the rights as the root.
How to allow access to some commands having root privleges to be run by non root user. I am new to unix/linux and I have a major assignment. I have to find ways to run particular commands which can be run only by root from a non root user. I know sudo is one of the way but i need some different approach.
View 8 Replies View RelatedI have Centos installed as part of Strongbolt on a Cobalt RAQ550 Machine. The Admin password and the root password is supposed to be identical. However, I can only login as admin. If I try to access using root, the SSH session shuts down. If I enter another passowrd it gives the correct response and says incorrect password. If I login as admin and then try SU Root - It displays a list of commmand options for SSH and does not allow me to login.
View 1 Replies View RelatedIs there a way to grant 'root' privileges to my user account? My account name ... I'll call it 'masterskop' as it is my forum name here, but not on my computer.Would it look like this in the sudoers' file?My purpose is to get access to all the folders and files in the 'File System'. The root and lost+found folders have 'Xs' on them...No access! And for example, under properties of the 'var' folder it states that 'you are not the owner, so you cannot change these permissions.' How can I get access to all of it everytime I login as the main user of my computer? I do not have anyone else using this computer.I did edit this file and used my real user name ... logged out and logged back in and still I do not have access/edit these folders and files.
View 4 Replies View RelatedI recently made a computer for someone who decided to get a new one instead.. so i thought i'd make a server out of it lk i had it before. so i deleted their account (while on their account) and made me an account.. but now when i try to login to my account it's.. not there? such as when i type my username and pass it says i entered an invalid user/pass. any idea how i can get my user accounts back or atleast logon to this system? i know the root password if there's any way i can login under the root account.
View 8 Replies View RelatedIf there is a general NFS share in the LAN and for example this share has three files - a, b, c is there any way to restrict file access to the root user of one particular host(falcon) in the same LAN environment while the normal users from the same host(falcon) should be able to access the NFS share & files a, b, c.
View 1 Replies View RelatedHow can you give total access to the system to a user other than root?
* Make the user a member of the root group.
* Change the UID of the user to 0.
* Add the user to the /etc/sudoers file.
I think none of these are correct answers.
First, I am new to linux I just finished installing Fedora 14 on a different PC which I will be using solely to explore Linux. However the first annoying problem I encountered was that I can't do a lot of things without Linux asking me for the root password. This has become really annoying, I want to stop fedora from asking for root authentication every time I want to explore something here and there.
Among the work-arounds that I've tried and didn't quite work for me are:
1. login as root on the kdm - I can login as root but because I am also encouraging my sister to explore fedora 14 she needs the same access as root too. We have our own preferences so we both need individual accounts that have same access level as root.
2. change userid to 0 (same as root) and modify groups to be exactly the same as root's groups - very bad solution, what it did was make my user a sort of "alias" for the root. It basically uses the same /root/ folder, same settings and all that stuff. Again, my sister and I need separate accounts for a more personal feel.
3. use terminal and go sudo, sudoers, etc - very bad idea, I want to explore using the kde gui. And again I want to eliminate the inconvenience of having to type things over and over again. I'd rather type the password over and over again than having to use terminal and sudo everything.
4. beesu, gksu - anyone knows how to make linux automatically wrap everything with beesu/gksu?
since we are just exploring, we are willing to trade the systems, integrity and security for the convenience of having freedom to explore everything in it. I don't care, it could blow up the pc for all I care (it's old and for experiment anyway).
This exploring linux of ours is a make or break for us to using linux. If there is no solution to this problem, we'll probably scrap the whole "migrate to linux" idea.
I thinking of making Linux recognize our user id the same way it recognizes uid 0 but I have no idea how to do this.
I have lost my password for my root and for my user account.
Code: Select alluser@debian:~$ su
Password:
su: Authentication failure
user@debian:~$ su
Password:
su: Authentication failure
user@debian:~$ su
I have just installed a gust debian 8 on debian 8 host in virtualbox, and when i wonted too login as su/root on the host there where no login possible, is there a way to regain the root password for the host?
My install of 11.4 has been running perfectly for for several weeks now. But- (always a but) today it started acting up. I cannot log in to any user account including Root after logging out. After a cold boot I can log in again anywhere but after logging out I have to reboot again then I can get back in to any account once. After logging out any attempted log in causes the splash screen to blank for a few seconds and then it comes back with the previous successful user name log in but typing in the password blanks the screen a few seconds again. Clicking on a user account also blanks the screen a few seconds and then it again comes back with the previous log in users name.
View 1 Replies View Related