Security :: Allow Users To Run Specified Commands Only?
May 24, 2011I want to restrict some of my Operating System users running unwanted commands. I just want them to run specified commands only. How can i achieve this?
View 9 Replies
ADVERTISEMENT
Security :: Sudo For Users But Only +r On Other /home/users Ubuntu 10.04 ?
Nov 1, 2010We are trying to set up a classroom training environment where our SIG can hold classes for prospective converts from Microsoft/Mac. The ten machines will have /home/student01..10 and /home/linsig01..10 as users. We want /home/student01 to be able to explore and sudo so they can learn to administer their personal machines at home. We don't want them to be able to modify (sudo) /home/linsig01. I've seen the tutorial on Access Control Lists but I'd like other input so we get it right the first time.
View 3 Replies View RelatedGeneral :: History Of Commands Executed By Users
Apr 16, 2010i am working with linux security auditing project on my Servers.I want to find out all the commands executed by individual users.i think using last command,find out the login details.But how can find out the commands executed by each users on all logins except "history".?
View 2 Replies View RelatedGeneral :: Possible To Change Users's Permission To Commands?
Mar 27, 2011I got myself curious on the possibility to change user's permission to any command, or at least giving other users some command line "power".
It all started a few days ago, when another user here, had a problem so that the computer wasn't answering.
So, after waiting a while, chose to hit the Reset button and start the computer again.
Considering this situation, I thought myself that it would have been better to restart the computer, through command line, on any terminal (F1-F6). Anyway, this user is no administrator, thus wouldn't have permission to use the code...
So, is it possible to let other users to use such commands, in order to safe rebooting the system, without logging as root?
Programming :: How To Allow Users Access To Certin Commands In Visudo
Jan 16, 2011I am new to linux and would like to allow a user to use SUDO to change password and also delete/add members to a group without signing in as root or using SUDO. I think you do this in visudo but I dont know the commands to do this.
View 4 Replies View RelatedUbuntu Security :: Selecting The 'Available To All Users' Option In Network Mgr Mess With Security?
Oct 15, 2010To avoid having to input a password for the keyring each time I connect to the net via wireless, I enabled the 'Available to all users' option in Network Manager. Now, my question is this. Are the 'users' it refers to just those created on this machine? Would a drive-by be able to use my network without entering the password?
View 3 Replies View RelatedGeneral :: Which Commands To Use To Output The Current Users Logged Into The System
Apr 27, 2010Which commands do you use to output the current users logged into the system and accessing a specific file?
View 5 Replies View RelatedSecurity :: Users Subverting Security On Purpose / Kerberos Only Answer?
May 12, 2010I have an environment with multiple projects that have a variety of government and commercial sponsors. We have been satisfied to this point with a netapp serving nfs/cifs and keeping a tight reign on nfs exports.Some of these projects have started asking us to provide access restricted sub-folders of the project space based on different groups that contain a user subset of the primary group.
We have a linux machine that serves as a version control front end to the netapp, mounting the project spaces via nfs. People are now mounting their project space via sshfs to this "front end" and sharing the root password of this sshfs client with everyone in their project, in turn creating a security hole to access the so called restricted sub-folders. I know all the obligatory responses referring to irresponsible user behavior but would like to see how others have addressed something like this where user behavior seems out of control.
Security :: Run Commands As Root ?
Mar 4, 2010I need to launch a bash file in Linux from an unprivileged user session, file that will run bash commands as root. But I do not want to create an user with root privileges to do that also the process must be silent (no password asked).
How can I do this without adding a user in sudoers and without giving rights to all users to execute the commands from that bash file?
I have tried SUID option witch would had been good as functionality but I understand that SUID doesn't work for script bash files.
Ubuntu Security :: Way To Monitor Use Of Rm Commands?
Mar 9, 2011is there a way to monitor use of rm, cp and mv commands? (other than in history)... i would prefer if it were logged in /var/log directory with time and command (with its arguments).
View 5 Replies View RelatedSecurity :: Log All The Commands Executed By Root ?
Aug 11, 2010I want to get a of log all the commands executed by the root user with the following details :
incoming ip
username (thru which su was executed)
time and date
all the commands executed as mentioned above.
Also if user has managed to login as root, he should not be able to disable / delete the above info. Can this info be collected at some other physical server ?
Security :: Monitoring Executed Commands?
Dec 15, 2010I've firewall machine customers connect on it then connect to one of another 3 machines as root through ssh key , is there any way to know which user connect to which machine and what command that he has executed without using script command ?
View 1 Replies View RelatedSecurity :: Disable 'sync' And 'who' Commands?
Feb 5, 2010I read somewhere that 'sync' and 'who' commands in linux should be disabled. While i can understand that for the 'who' command, why so for 'sync'?
I can find sync and who as one of shell commands, whereas also in /bin/sync and /usr/bin/who. Are the shell commands and those in bin directory meant to serve the same purpose?
Finally, how can i disable these commands?
Security :: Sudo To Disallow Certain Commands?
Jan 10, 2011trying to devise a new sudoers configuration while building a new SOE and would like to force everyone (including system administrators) to use rootsh in favour of doing things like sudo -s, sudo bash, sudo tcsh and so forth. Effectively, use sudo to use any shell other than rootsh. Is there a way to allow users to run anything they want except shells. I realise this is a default permit which inherently is defective, but I'm not convinced that going through the 1559 executable commands of my (as yet incomplete) built system to decided on the likely 1000+ commands I would want to be genuinely allowed. As I said this is for system administrators first, and I'd like to forcibly instil the habit of sudo <command> or using rootsh to get an audited shell. But I know people are already not doing enough sudo <command> as it stands, rather they switch to bash.
View 7 Replies View RelatedFedora Security :: Bash Commands As Root
Mar 3, 2010I need to launch a bash file in Linux from an unprivileged user session, file that will run bash commands as root. But I do not want to create an user with root privileges to do that.
View 10 Replies View RelatedUbuntu Security :: How To Implement Forced Commands In SSH
Jan 5, 2011I am trying to set up an automatic backup using rsync and a publickey SSH, which requires using an empty password on the private key. I would like to lock down the key on the server so that it can only run rsync, but my attempts to use a forced command (or any other option such as no-port-forwarding) do not appear to have any effect when I run ssh -v.
I am currently debugging using the following line in ~/.ssh/authorized_keys
Code:
But when I connect, it opens up an interactive command prompt and does not display the "goodbye world" that I expect.
I am running an OpenSSH server on Ubuntu 10.04
Ubuntu Security :: Certain Commands Not Working In Apparmor?
Jun 7, 2011I followed this thread:[URL]...When I get to this part:sudo genprof firefox it does not work in the terminal. Is this still supported for Ubuntu 11?
Also, I installed the profiles. Is something supposed to happen now or do I need to configure them?
sudo apt-get install apparmor-profiles
Security :: How To Prevent The Execution Of Malicious Commands
Oct 16, 2010how to prevent the execution of the following commands or how to set a policy or rule that prevents the execution of the following malicious commands
dd if=/dev/zero of=/dev/sda
rm -rf /
Security :: Ssh As Root To A Workstation And Then Run Commands As Another User?
Jun 10, 2009Senario is we have a system where root has authorised keys set up so that it can do a passwordless ssh to $WORKSTATION. I then need to run a script on $WORKSTATION as user "bob" and NOT as user "root". I do not want to set up user "bob" to be allowed passwordless ssh so any ideas how I can do this?I have tried variations of (as user "root"):ssh $WORKSTATION "su - bob; ./my_script"
View 5 Replies View RelatedFedora Security :: Commands To Copy And Paste A Folder?
Jul 5, 2011I am using Fedora 14, I need to change the directory of a folder(myweb) from "homeuserdesktop" to "varwwwhtml" . Please give the Fedora commands to do this.
View 2 Replies View RelatedUbuntu Security :: Running Shell Commands From Apache
Jun 3, 2011Ok, so I have a few web apps that need to run shell commands. Heres a great example of one:
Code:
This is a PHP script getting my system volume. Herein lies the problem... www-data doesn't have permission to do this!
I changed my apache config to use MY account as the web user, and it does in fact work the way I want it to.
Obviously, I dont want to leave apache running as me, and want it to keep using www-data.... heres my question... how can I give permission for www-data to execute certain programs?
Ubuntu Security :: Terminal Commands For Snort / Network Snoop?
Jan 24, 2010I am running karmic koala with a recent install of snort 2.4.8.1(build 3 and i am at a loss for useful commands in solving an internal problem(within the network).All i have is `"sudo snort -v -i wlan0" on my very short list of useful commands regarding ids.It is doing little to no good in resolving my problem with a network snoop besides showing that it is running;i need some more weight (knowledge) in order to rectify the problem?
View 4 Replies View RelatedFedora Security :: Why SSH Will Not Use Users RSA Key
Jul 14, 2009I have a new server with Fedora 10. The root user can log in by SSH using an RSA key but for any other user the RSA key is ignored and a password required.Ultimately I wish to access an SVN server over SSH and would like to to have to keep entering a password. I have Googled this issue and found nothing.If I log on as root the /var/log/secure file shows that the key is accepted, for any other user no message is added and the password is requested.I have checked all the config files and as far as I can see they are all correct so I am at a complete loss as to why SSH will not use the users RSA key.
View 13 Replies View RelatedSecurity :: W Shows 2 Users When There's Only 1?
Sep 19, 2010I'm on Debian 5 - when I run the w command, it reports 2 users, but I'm the only person logged in. Is this cause for concern?
Code:
curos@histeria:~$ w
16:17:25 up 4 days, 11:56, 2 users, load average: 0.00, 0.00, 0.00
[code]....
General :: Security - Run Apps With Other Users?
Feb 6, 2011OS: Fedora 14 i386It's used as a ""normal desktop laptop""."USER A" - it's the mainly used user, i log in with GDM with it, etc.Goal: I need a little more security - separate a few apps!How: run 3 applications ( Transmission, Google Chrome, Wine ) with other users ( so not with "USER A" ). But when i'm logged in ( in GUI ) with "USER A", i need icons on he's the Desktop. E.g.: just one click ( without asking for password!! ) and Google Chrome starts with another user.How exactly can i do this? - How can i "grant" "USER A" with permissions ( securely ) so that it doesn't needs a password, when running applications with "USER B", "USER C", etc.?
View 1 Replies View RelatedUbuntu Security :: Restrict Users In 9 ?
Apr 14, 2010I've installed Ubuntu Desktop Ed 9 and I want to add a user account that would be very restricted. I would only want them to access the internet and run several programs. I do not want them to have access to the destkop, anything under preferences, administration etc... Is this possible?
View 1 Replies View RelatedUbuntu Security :: JTR - More Pw Hashes Than Users?
May 13, 2010I'm currently running tests on my SAM file on my XP partition. Partly because I want a password that is hard to crack, and also out of curiosity. While running John the Ripper (no options used) I'm noticing that there are 8 pasword hashes, yet only 4 users associated with WinXP. I know that JTR only does 7(?) characters when it check for a solution. Is the 8 hashes because it separates passwords longer than 7 into 2 hashes, and then cracks them individually as 2 parts? I did try googling this,
View 2 Replies View RelatedUbuntu Security :: New Users Can't See Wireless?
Jun 9, 2010I created a new user desktop user for my girlfriend to use my netbook, but when she logs in, it doesn't show the wireless network icon. Under users and groups, I gave her access to wired and wireless networks, and under the network settings,I changed our wireless to "available to all users". I'm not sure what the problem is here.I'm using ubuntu netbook remix 10.04.
View 3 Replies View RelatedUbuntu Security :: Getting A Users Password ?
Aug 30, 2010I need to be able to capture a users password when they login. I am well aware of the security issues with this and I'm ok with this.
We run a call center and I am working on migrating from windows to Kubuntu for the callers. It's policy that all callers must report their password to me, so I already know of everyone's password. There has to be some variable/script that I can "hack" to get the password they typed in to the login screen.
What I'm trying to do is that when a user logs in in for the first time, their profile is automatically created and set up. Setting up network drives, email, pidgin (which the password is stored in plain text anyway, so forget about security on that one), web apps, etc.
Trying to find information on How to capture a users password and all have been responded with the usual lecture on why you shouldn't do this. So I've heard it all before and I know of the risks. Like I said, I already have the callers password on file. If I could capture it, I wouldn't have to manually setup each profile every time we get a new caller, which is often since turnover is quite high in call centers.
Ubuntu Security :: AppArmor For All Users
Jun 10, 2011I set the profile for Firefox to enforce sudo aa-enforce firefox.Does this now apply to all users on my system or just the user I was logged in as?
View 2 Replies View Related