I just created new user account, but the new user is able to access all the directories structure (including other's home directories).I'd like to limit the user to access ONLY his home directory (and nothing "above"). How do I do this?
View 1 Replies
Do you think there is a way of accessing different user data from another account which I have set up.
Ie. user 1 = account has messed up
user 2 = account works fine
access user account 1 home directory from user 2 work space?
Or would this sacrifice security in some way? I've been using root only, and am ready to have a seperate account now. It's the dotfiles for GUI apps that I'm concerned about:
Code:
-rw------- 1 root root 98 Feb 13 16:23 .Xauthority
-rw------- 1 root root 6392 Feb 12 18:13 .bash_history
drwx------ 5 root root 4096 Jan 13 17:47 .config
drwxr-xr-x 4 root root 4096 Dec 29 21:36 .fvwm
drwx------ 4 root root 4096 Nov 7 19:55 .mozilla
-rw------- 1 root root 218 Jan 26 10:04 .recently-used.xbel
-rw------- 1 root root 98 Feb 13 16:23 .serverauth.17096
drwxr-xr-x 2 root root 4096 Dec 25 12:42 .tuxcmd
drwxr-xr-x 2 root root 4096 Feb 12 17:25 .xine
I am a user of a cluster. I don't want root to see/copy files from my user account(obviously). Is that possible to limit the access of root to users account?
View 14 Replies View RelatedI'm developing an application in which one user must run java software that I'm compiling as another user. I wanted to give user A permission to see the bin direcory of my workspace, which is in the home directory of user B. I was wondering how can this be done? I gave the bin direcotry full read/execute premissions, but since it's in my home directory user A can't navigate to it.
I know there are a few ways I could get around the problem but they arn't very elegant. I was wondering if there is a simple method for giving a user access to a specific directory without giving access to all the parent directories. I tried symbolic link but user A still can't access it, and a hard link to a directory isn't allowed in Linux. I don't feel like making a hard link to every single file in the bin directory, and I'm not sure that would work anyways, since every recompile overwrites them.
I'm on a network where I have the rights, but how do I do it? I've been asked to look up another user's aliases for reference.
View 2 Replies View RelatedI've done something a bit stupid. I've already encrypted my home folder and just set it to log in without requesting my password. When i do log in now, no startup sound plays, several error messages appear but no desktop. I think it's because I now don't have an opportunity to enter my home folder password, and it doesn't work at all. Is there any way to edit account settings from 'root' or anything because this really has crippled my computer.
View 2 Replies View RelatedI am using NIS and I want to replace this with 389 ds. I have installed 389 ds and configured it. I could create user account from 389-console. But it does not create user home directory. Do I have to create user account and user home directory in linux first?
View 1 Replies View RelatedI want to automaticly set the group ownership of user home directories to a group that the user is not part of. This is so that Apache can be part of this group and can access user public HTML directory, but other users are not able to access in any way the files in the users home directory. What I have seen that works manually is adding the user and then changing the group for the home directory. But I want to automatically set this when the user account is created. WHat I see happening is that when /etc/skel is copied, it automatically sets the group and ownership of everything to the users default group and ownership. I've seen some suggestions on setting permissions, but these don't seem to work because it seems that users are able to cd into a directory and not list it, but if they know the file name they can access the file.
View 1 Replies View RelatedIn the past, I've installed Internet services as daemons and as xinetd.d with no problems. Those approaches do not meet my needs. And, perhaps, nothing will.
- the service was converted from VB-6 to wxPython. It has a GUI which is accessed with either "remote desktop" or VNC.
- the wxPython service works on Windows and can be accessed from other hosts on my LAN
- the wxPython service works on CentOS and Fedora, but can only be accessed from within the server host. Even from other user-ids. But, I cannot get to it from other hosts.
- ipchains AKA firewall ports are marked for INPUT.
- The server host uses autologin to fire up a useid in group "user". I do not want it running as "root". the .bash_profile fires the service up.
- the service is heavily mult-threaded, and supports devices connected to serial ports asynchronously with the ephemeral port threads (all this works).
There are some programming solutions that I would rather not develop.
- a proxy service that runs under xinetd.d.
- separate the GUI code from the Internet and serial port code. Allocate a "control" port for remote GUI control. a'la SAMBA & SWAT
Is there any hope, that I can run it as is, by doing some network configuration stuff.
I made a Desktop User account. When I went on that account, it allowed me to execute sudo as if I was an administrator. I don't know what might be causing this. I do have ufw set up and blocking incoming connections. Do you guys know what might be at the root of this?Also, when I used sudo from the user account (which I shouldn't have been able to do), I provided the password for my admin account.
View 9 Replies View RelatedI'm setting up Ubuntu Karmic on my sister's old computer for my nephew, he's quite young so my sister asked to install some content filtering. I'll first setup an OpenDNS account and I've installed and managed to get dansguardian and squid working on a virtual machine to try it out. so far it's working pretty well, but I need to secure it form the inside out.
I was thinking of blocking specific outbound ports so he could not bypass the proxy. because by default the firefox configuration can be easily changed. so I have a couple of questions.
1. is it possible to block outgoing ports on Ubuntu?
2. is that the best method?
3. is there anything else I should be aware of to prevent subversion?
lastly, this question is probably unrelated to this board but I've set up a cron job to update a dynamic ip with OpenDNS, the problem is that the password is in clear text in the user's crontab, can I play with permissions? is it possible to run the job under a root account and deny read/write access to a normal user?
So: On the VPS / Dedicated Server Linux wich 3 users created. How can I limit bandwidth each in a separate? For example first user speed 1 MB. 5 MB second and third 10 MB. Expect some clear answers. Regards, Silviu!
View 5 Replies View RelatedI run Debian 64-bit. I host GameServers on my machine. Yesterday, some corrupt files or error in configurations of one of the game-servers caused my whole system to destabilize. On checking, I saw one of the Gameserver's console giving Net_sendpacket spam errors. I disabled that server and things were fine then. It used up more than 100GB of my bandwidth in just 12 hours.
I deleted the server and copied all the files over again to fix that error. Now I want a prevention to this, if just in case it happens again. I want to limit a sub-user's bandwidth in Linux. Like if I want a user only to use 10GB bandwidth per month + not more than 5MB/second. Is there any way to do it?
In my recent installations of Debian stable release (Jessie) with Gnome and Cinnamon respectively, I added my wife as a normal user. A home directory was created automatically for her.
In these installations, I am able to access her home directory, while, in the past, I was not allowed to access her home directory on previous Debian releases.
2 of us have been googling all morning trying to find out how we can restrict ftp logins to their own home directories only but nothing we've found so far has worked. We've tweaked sshd_config so that they default to their home directory but they are able to navigate up/across/down to everything. This is a "straight-out-of-the-box" debian 5.0.5 Netinst. Just a basic system with Apache/MySql/PHP/SSH and no desktop.
View 6 Replies View RelatedOn our web server I want to have a WebDAV folder and I would like customers to be able to log in with MySQL authentication from our customers database (this I have set up with no problems and it works fine). HOWEVER, I want each customer to have their own subfolder and, having logged in with access to the main WebDAV folder, I want each customer ONLY to be able to access their own subfolder(s). I don't mind them seeing other subfolders exist but obviously I don't want them to have access to other customers subfolders.
OK, of course I could achieve this by adding new WebDAV locations to the httpd.conf for every customer but with a large number of customers httpd.conf will become very large and messy. I have tried applying further restrictions by putting an .httaccess file in each subfolder but that doesn't work - indeed the presence of a .htaccess file oddly prevents users from seeing any other files in the subfolder but has no effect on the access.
I have a secondary disk which holds a /home directory structure from a previous install of Linux. I installed a new version on a new primary drive and mounted this secondary drive as the new /home. Problem is, even though the users are the same names and I can access the home directories for the users, I cannot login directly to their home directories, as I get the following error: -
Code:
login as: [me]
[me]@[machine]'s password:
Last login: Wed Jan 6 18:34:33 2010 from [machine]
Could not chdir to home directory /home/[me]: Permission denied
[[me]@[machine] /]$
Now, since the usernames are correct and the users are in the passwd file with the correct home directory paths, could it be user ID's that are different or something else? It's not as though I cannot access the home directories for the users, simply that I cannot log directly into them from a login prompt.
I have added a new user by following command :
root# useradd -u 100 -g 120 -d /product -s /bin/bash sandesh
I am not able to access it in /export/home directory..?
proposed mountpoint for NIS client home dir for 'user': /shared/home/user
auto mounting to /home/user works fine BUT if i want to automount to different location; it still looks for /home/user directory to mount to. So I get an error and i get directed to the '/' dir.
Is there someway for me to edit the passwd file that is being exported by the NIS server? because if I change the local passwd of the user in the NIS server then he wont be able to see his home dir when logging in locally. (although this does seem to be a good idea; since he wont need to login directly into the NIS server....)
My server listens to POP3/IMAP requests. Some users have configured their mailers with high checking frequencies, say once every minute, such that the system logs are full of entries with no significance at all.I'd like to ask if there is a way to limit the per IP frequency of POP3/IMAP access ?I'm using "xinetd" to wrap the "ipop3d" and "imapd" which come with the Alpine package.
View 4 Replies View RelatedThis is the set up I have: PC downstairs by a tv, with 3TB of storage containing my media, connected to the tv too. HTPC upstairs by another tv and connected to it. A few laptops and other desktops around the house which are windows based
I want the downstairs pc to act as a file server and to run my torrent client, it is running Ubuntu desktop version and has xbmc installed too for use with the tv. The upstairs htpc has xbmc live on and will access the media from the file server. What I am looking to do is to be able to log into my ubuntu machine remotely from a laptop running windows so I can manage the files and add torrents for download etc, but for this to be a complete remote session, rather than taking control over what is already being shown on the downstairs pc, like VNC does in windows.
I have two user accounts set up on the main ubuntu machine, the admin account and a media user account which is set to go straight to xbmc after log in. Also how can I make sure that the media drives are automatically mounted to allow access if the admin user is not logged in?
I have a server with a /data/ directory, everything in the /data/ folder has "-rwxrw-rw- 1 root root" permissions.all works fine, multiple users are mounting this over a lan and everyone is able to modify files. However I would like to be able to access the /data/music/ directory from the internet.
Is it possible to configure sshfs to only accept logins from a user restricted to reading the /data/music directory, or would it be possible to tunnel nfs over ssh in such a way that everyone on the lan 192.168.0.xxx has unrestricted access to the data directory, but something coming from outside only has read access to the music directory. Although is one were tunneling nfs over ssh, the nfs mount request would appear to come from the server itself. The router is at 192.168.0.1 and the server is at 192.168.0.3.This Seems very much like what I want to do, however I'm having a bit of trouble getting this to work well with other users mounting with full rights over the lan too.
I was looking for a way to protect my samba server for limiting access to certain domains.Can I use the parameterhosts allow = example.comor something like that or is there another way to do the job for domains
View 4 Replies View Relatedi'm new to linux and just installed Ubuntu and decided to play around with it. i just executed
Code: useradd test which supposedly creates a folder in the home directory '/home/test' but when i look in there i can't see it i also did a
Code: grep test /etc/passwd which returns: 'test:x:1001:1001::/home/test:/bin/sh' which i believe means it is meant to exist.
Addendum: I have also now noticed that when i log in and log back in i have the option to login as 'test' but it prompts me for a password which i did not set :s
I have a problem with the Google search box top right corner in Konqueror, when entering search I recieve an error page "Unsupported Protocol" Google asks for ioslave or kioslave. Also when highlighting text on a page and right clicking with the mouse no search option is given. I created a new user and all works as it should for the new user. What is wrong with my user account? I have reset default values in Konqueror setup.
View 3 Replies View RelatedI have two Fedora 10 boxes. Both have a user account, Andrew. I use this account all the time.
Now when I put my USB drive (ext3-filesystem) in box I, create a file in it. It works. But when I attach it to box II and try to access the files, it gives me error - Permission denied. I have to use
Quote:
sudo chown -R Andrew
Only then I am able to access the files in it.
When I attach my drive to box I again, it also gives me error - Permission denied. So in both boxes, I have to use
Quote:
sudo chown -R Andrew
first. Otherwise I get Permission denied message.
This means Andrew on both systems is different. How can I make Andrew account on both systems same? So that I can access files on my usb drive without running chown all the time.
two days before I have formatted my / partition and everything seems to working fine. Next day I came to office and try to login as root through ssh. I am getting the error: [sunheer@svn ~]$ ssh root@192.10.10.23
root@192.10.10.23's password:
Permission denied, please try again.
root@192.10.10.23's password:
I thought the password were wrong and I rebooted the server in to run level 1 and reset the password and it started to work. Again on next day the account got same problem.his started to happen after formatting the / partition
We are using ubuntu 10.04 desktop version.ls > /dev/lp0 permission denied in user account we need user can access lp0 /usblp0. Our printing module is lp0 writing technology example dir >prn.
View 3 Replies View RelatedI want to know how to change a password to an user account. Can someone give me the syntax on how to do this? I was using usermod but it's not working (usermod -p 123456 user1). Is there other way beside usermod? I am using RHEL5.
View 3 Replies View Related
