General :: Security - Run Apps With Other Users?
Feb 6, 2011
OS: Fedora 14 i386It's used as a ""normal desktop laptop""."USER A" - it's the mainly used user, i log in with GDM with it, etc.Goal: I need a little more security - separate a few apps!How: run 3 applications ( Transmission, Google Chrome, Wine ) with other users ( so not with "USER A" ). But when i'm logged in ( in GUI ) with "USER A", i need icons on he's the Desktop. E.g.: just one click ( without asking for password!! ) and Google Chrome starts with another user.How exactly can i do this? - How can i "grant" "USER A" with permissions ( securely ) so that it doesn't needs a password, when running applications with "USER B", "USER C", etc.?
View 1 Replies
ADVERTISEMENT
Nov 1, 2010
We are trying to set up a classroom training environment where our SIG can hold classes for prospective converts from Microsoft/Mac. The ten machines will have /home/student01..10 and /home/linsig01..10 as users. We want /home/student01 to be able to explore and sudo so they can learn to administer their personal machines at home. We don't want them to be able to modify (sudo) /home/linsig01. I've seen the tutorial on Access Control Lists but I'd like other input so we get it right the first time.
View 3 Replies
View Related
Apr 7, 2011
I'm going to set up an Ubuntu computer for my family. They asked for it, I didn't push them. But I know that they don't like passwords.
So my plan is to make an admin account which is in the sudoers group and then make induvidual accounts for the users. But I also want them to be able to install apps.
So I wonder if it is possible to set the computer so that they can use the software center. What is the best method to do this? The apps mustn't be installed system-wide.
View 4 Replies
View Related
Oct 15, 2010
To avoid having to input a password for the keyring each time I connect to the net via wireless, I enabled the 'Available to all users' option in Network Manager. Now, my question is this. Are the 'users' it refers to just those created on this machine? Would a drive-by be able to use my network without entering the password?
View 3 Replies
View Related
May 12, 2010
I have an environment with multiple projects that have a variety of government and commercial sponsors. We have been satisfied to this point with a netapp serving nfs/cifs and keeping a tight reign on nfs exports.Some of these projects have started asking us to provide access restricted sub-folders of the project space based on different groups that contain a user subset of the primary group.
We have a linux machine that serves as a version control front end to the netapp, mounting the project spaces via nfs. People are now mounting their project space via sshfs to this "front end" and sharing the root password of this sshfs client with everyone in their project, in turn creating a security hole to access the so called restricted sub-folders. I know all the obligatory responses referring to irresponsible user behavior but would like to see how others have addressed something like this where user behavior seems out of control.
View 12 Replies
View Related
Mar 31, 2011
I just preparing some presentations and was wondering what the most interresting Tools on the FSL would be. There are many, many everybody would use, but what would be the lets say "most wanted" Tools on the fedora Security Suite aka FSL?! Without what Tool you could not work?
View 2 Replies
View Related
Mar 11, 2011
I would like to see when installing ubuntu a choice for users to choose what they want installed on their system or not. I know for a fact that there are some like myself that does not want mono runtime files or mono apps on their linux box and when we try to uninstall all the files or apps that link with mono ends up breaking the linux box.
My question is why can't ubuntu make a distro of ubuntu that offers to users the files and apps for use with mono and a choice for those users to install ubuntu with out the mono files or apps. There are somne of us that think mono is as bad as .net and some of us want a linux box that runs linux and not window files or apps unless they can be written as pure linux code and not C# crap. I feel that C or C++ is the real way to write linux code and anything written in C# is windows and always will be windows. If they want to put more windows stuff on ubuntu, then they shouldn't be calling it linux..
View 1 Replies
View Related
Dec 8, 2010
I've got an Ubuntu 10.04 box (up to date) with a MySQL database that I log into remotely via an SSH tunnel. In order to make this secure, I've remapped the SSH port to something obscure, and locked down the firewall to allow only this port.
I've disabled password login, and get in via a 1024-bit RSA key, which has an attached passphrase.Right now, it works like a charm. However, I've become interested in trying out NoMachine NX as a way of working on the Ubuntu machine (VNC works, but is not an option). NoMachine NX requires a DSA key without a passphrase, and is not interested (as far as I know) in playing nicely with my existing RSA keys.
My question, for you security experts, is this. Do I have to scrap my existing SSH config and start fresh with NX in mind? Or is there a way around this? Moreover, if I do that, and get NX working, will I still be able to use Putty to tunnel in as I do now, for using the database?
View 4 Replies
View Related
Mar 12, 2009
I'm logged in as root and want to run Add/Remove Software (Package Installer) but get the message telling me
Code:
Running graphical applications as a privileged user should be avoided for security reasons. Package management applications are security sensitive and therefore this application will now close.
How must I install applications? Surely the world is getting paranoid with all this hackers and viruses, because with every new version O/S, the security features gets more and more; up to the point that you can't fricken do and play around with your pc as you would.
View 2 Replies
View Related
May 1, 2010
I have trouble with opensuse susefirewall 2 and my own rules. since i have installed a suspicious download manager, i detect outgoing traffic in the monitor and i want to block ougoing traffic except some apps like firefox, jinchess ...
1) I had to modify FW_CUSTOMRULES="" with FW_CUSTOMRULES="/etc/sysconfig/scripts/SuSEfirewall2-custom" in /etc/sysconfig/SuSefirewall2
2) I had to add my own rules in /etc/sysconfig/scripts/SuSEfirewall2-custom in the appropriate hook
3) I don't know if rules are good.. they seem to work because for example jinchess can't access his server with the DROP rule until i add the ACCEPT rule BUT in fact the download manager still access internet and amarok too when it searches for songs lyrics ! i have discovered it's because the others apps use port 80
I give here the file /etc/sysconfig/scripts/SuSEfirewall2-custom
How to to make firefox use another specified port ? i wanted to use privoxy with tor but it doesn't work .. is there input/output controler on linux (something like zonealarm on XP) ? the trouble is that all outgoing traffic is permitted by default!
View 4 Replies
View Related
Nov 20, 2009
I just upgraded from 11 to 12 and then installed the Nvidia proprietary drivers from RPMFusion. Initially glxinfo wouldn't work because SELinux was stopping it from using an executable stack. Since the Nvidia drivers are proprietary and a fix may not be provided, I allowed this access to glxinfo with chcon -t execmem_exec_t '/usr/bin/glxinfo'
However it looks like every program using glx-utils also needs these permissions - so far I allowed Xorg, compiz and the Firefox video plugin to execstack. Can anyone suggest a fix for this - preferably one that avoids execstack for all those apps since its a security risk. If not how do I create an SELinux policy to automatically grant apps execstack while they use glxinfo or other nVidia libraries but not at other times.
View 2 Replies
View Related
Dec 19, 2010
How to created users in pureftpd and the users are stored in mysql database. I tried when i try to connect i got like this error authentication failed error
View 1 Replies
View Related
Jul 14, 2009
I have a new server with Fedora 10. The root user can log in by SSH using an RSA key but for any other user the RSA key is ignored and a password required.Ultimately I wish to access an SVN server over SSH and would like to to have to keep entering a password. I have Googled this issue and found nothing.If I log on as root the /var/log/secure file shows that the key is accepted, for any other user no message is added and the password is requested.I have checked all the config files and as far as I can see they are all correct so I am at a complete loss as to why SSH will not use the users RSA key.
View 13 Replies
View Related
May 24, 2011
I want to restrict some of my Operating System users running unwanted commands. I just want them to run specified commands only. How can i achieve this?
View 9 Replies
View Related
Sep 19, 2010
I'm on Debian 5 - when I run the w command, it reports 2 users, but I'm the only person logged in. Is this cause for concern?
Code:
curos@histeria:~$ w
16:17:25 up 4 days, 11:56, 2 users, load average: 0.00, 0.00, 0.00
[code]....
View 2 Replies
View Related
Apr 14, 2010
I've installed Ubuntu Desktop Ed 9 and I want to add a user account that would be very restricted. I would only want them to access the internet and run several programs. I do not want them to have access to the destkop, anything under preferences, administration etc... Is this possible?
View 1 Replies
View Related
May 13, 2010
I'm currently running tests on my SAM file on my XP partition. Partly because I want a password that is hard to crack, and also out of curiosity. While running John the Ripper (no options used) I'm noticing that there are 8 pasword hashes, yet only 4 users associated with WinXP. I know that JTR only does 7(?) characters when it check for a solution. Is the 8 hashes because it separates passwords longer than 7 into 2 hashes, and then cracks them individually as 2 parts? I did try googling this,
View 2 Replies
View Related
Jun 9, 2010
I created a new user desktop user for my girlfriend to use my netbook, but when she logs in, it doesn't show the wireless network icon. Under users and groups, I gave her access to wired and wireless networks, and under the network settings,I changed our wireless to "available to all users". I'm not sure what the problem is here.I'm using ubuntu netbook remix 10.04.
View 3 Replies
View Related
Aug 30, 2010
I need to be able to capture a users password when they login. I am well aware of the security issues with this and I'm ok with this.
We run a call center and I am working on migrating from windows to Kubuntu for the callers. It's policy that all callers must report their password to me, so I already know of everyone's password. There has to be some variable/script that I can "hack" to get the password they typed in to the login screen.
What I'm trying to do is that when a user logs in in for the first time, their profile is automatically created and set up. Setting up network drives, email, pidgin (which the password is stored in plain text anyway, so forget about security on that one), web apps, etc.
Trying to find information on How to capture a users password and all have been responded with the usual lecture on why you shouldn't do this. So I've heard it all before and I know of the risks. Like I said, I already have the callers password on file. If I could capture it, I wouldn't have to manually setup each profile every time we get a new caller, which is often since turnover is quite high in call centers.
View 5 Replies
View Related
Jun 10, 2011
I set the profile for Firefox to enforce sudo aa-enforce firefox.Does this now apply to all users on my system or just the user I was logged in as?
View 2 Replies
View Related
Oct 12, 2010
is that possible to have multiple users for one linux session? and how can i do that ? it's possible to creat virtual users for a session ?
View 2 Replies
View Related
Mar 26, 2011
I just realized that I can access other users files and they can access my files simply by using the console to navigate the file system, Its not that big a deal, I am the only one using the computer but this seems like something is not configured correctly. Should each user be able to look at and modify each others files by default? (On Xubuntu 10)
View 7 Replies
View Related
Jul 22, 2010
I'm using Fedora 10 as a proxy server using squid, but I recently noticed that some users use the IPS's Dns to bypass the proxy and surf the web freely. So my question is, is this a problem with Squid or perhaps I can solve the problem whit IPTables.
View 6 Replies
View Related
Aug 1, 2011
i have a NIS master server and 4 NIS clients. out of 4 nis clients two are acting as login servers ie users will login and do all their stuffs and the remaining two are application servers. But sometimes users login into applications servers and started doing all their developer's job. i want to allow only a limited number of users tointo this application users not all the users who are all part of the nis domain.all the systems are running RHEL 5.4 on hp's proliant x86_64 based servers. Please advice me how should i proceed? enabling ip tables is not possible in my environment.
View 1 Replies
View Related
Jan 18, 2010
When I have different people log into our ftp and browse to the same folder, some people see the files inside, some don't. all the user accounts are in the same group, which has permission to this folder. but the one user who can see the files is the owner. how can i fix it so everyone in that group who's the owner of the folder can see the files?
View 10 Replies
View Related
Jul 26, 2010
I need to create a number of internal Linux users for admin purposes. I do not want these users to appear on the initial console login page just after Fedora boots up, as users who can attempt to log in, and I do not want to allow these users to log in directly. I merely want these users to be accessed via su, just like the root user.
View 2 Replies
View Related
Jan 6, 2011
Thought about posting in the Networking board, but I believe this is a much more security-oriented thread. So let's say I bring my computer to a public place, say a library with one open, public, shared wireless network. I connect to that network. Let's assume that everyone else who's connected is using Windows. Can they see my computer (through Network Manager or other software) and attack it (SYN flood or something)? Or does it depend on the network settings?
View 9 Replies
View Related
Mar 17, 2011
I have 2 servers, web server & mail server. they show 2 users in the summary area when I run w or top commands. But the actual list of users logged in (using either w or who) shows only 1 user.
ps -ef |grep username only shows my current login as a running sshd process.
So I can find no trace of this other user except in the summary line for w or top. I have no shells or other logins left running elsewhere or abruptly terminated, no gui sessions (these are servers), no tty logins. Do I have another user logged in? Has someone hacked me & covered up most of their trail? Why do these commands show 2 users when everything else points to 1 user?
View 9 Replies
View Related
Apr 12, 2011
I read the log
Code:
I found this print out:
Code:
The line in bold is the security issue. There is only 1 user account on the system. There should only be 1 user logged in, not 2 users logged in. The remainder of the log file lists 1 user logged in, for similar log output. 2 users logged in does not appear again in the log file.
Does the second line of bold indicate that an attempt was made to log in to the system using SSH?
There was an internet connection interruption (no service) around the time of the log file event. The service did return, later.
Does that line indicate that an unauthorized user logged in to the system?
View 3 Replies
View Related
Jun 11, 2011
I am looking for the best method to implement SSL for my sites but without users having to accept the CERT and I'm small so I'd want to use the cheapest method like signing my own certs. Is there an automatic way of doing it or best practice?
View 8 Replies
View Related
