Security :: Disable Account Lockout For A Specific User?
Oct 5, 2010I am using Red Hat LDAP (version 3) and I have passwordLockout set as "on" at global level. Is there a way to disable account lockout for a specific user?
View 1 Replies
ADVERTISEMENT
Ubuntu Security :: Set Automatically Log In To A Specific User Account And At The Same Time Lock The Screen?
Jul 6, 2011Is there a way to set Linux to automatically log in to a specific user account and at the same time lock the screen? I want to save time and trigger various software that always should start up on boot, while leaving the computer unattended during startup (extra important and practical for remote control boots), by enforcing a 'screen lock' so that no-one can see what happens behind the login screen without entering the login credentials.
View 3 Replies View RelatedSecurity :: [LDAP] Account To Manage/create Only Specific Users?
Oct 19, 2010Is there a possibility in openldap to allow a user to only create/manage specific LDAP users?For example user "mailadmin" may only create/manage mail accounts in LDAP that are named like "m1342895"? Or a specific list of user accounts that are in a specific group?
View 1 Replies View RelatedDebian :: Disable The User Account Password?
Mar 13, 2011just started using Debian today and I would like to know how can I disable the user acount password, I am the only user on this computer so I would like it to boot strait into my account.
View 3 Replies View RelatedGeneral :: Disable Telnet And Ssh For A Specific User?
Nov 12, 2010I am looking for a way to deny telnet and ssh to one specific user. So far I've only tested with telnet and my attempts have been limited to various hosts.deny entries:
in.telnetd : user@server
in.telnetd : user@server.domain.com
in.telnetd : user@IP_address
in.telnetd : user@.domain.com
None of these work. The only thing I've found that does work is:in.telnetd : IP_addressBut this is only a semi-viable solution because we will soon have multiple logins for the one username from different servers and sub-nets. Ideally, I'd like to be able to deny telnet and ssh access to this username regardless of where the login originates. I suppose it would be possible to specify each server IP, but that'll be a bear to maintain
General :: Disable - Non-root Shell Command To Find If A User Account Is Enabled Or Not?
Aug 10, 2011Is there a non-root shell command that can tell me if a user's account is disabled or not? note that there is a fine distinction between LOCKING and DISABLED:
LOCKING is where you prepend ! or * or !! to the password field of the /etc/passwd file. On Linux systems that shadow the passwords, this marker flag may be placed in /etc/shadow instead of /etc/passwd. Password locking can be done (at a shell prompt) via password -l username (as root) to lock the account of username, and the use of the option -u will unlock it.
DISABLING an account is done by setting the expiration time of the user account to some point in the past. This can be done with chage -E 0 username, which sets the expiration date to 0 days after the Unix epoch. Setting it to -1 will disable the use of the expiration date.
The effect of locking to to prevent the login process from using a supplied password to hash correctly against the saved hash (by virtue of the fact that the pre-pended marker character(s) are not valid output character(s) for the hash, thus no possible input can ever be used to generate a hash that would match it). The effect of disabling is to prevent any process from using an account because the expiration date of the account has already passed.For my situation, the use of locking is not sufficient because a user might still be able to login, e.g. using ssh authentication tokens, and processes under that user can still spawn other processes. Thus, we have accounts that are enabled or disabled, not just locked. We already know how to disable and enable the account - it requires root access and the use of chage, as shown above.To repeat my question: is there a shell command which can be run without root privileges which can output the status of this account expiration info for a given user? this is intended for use on a Red Hat Enterprise 5.4 system.The output is being returned to a java process which can then parse the output as needed, or make use of the return code.
Security :: Ensure Changes To System-auth Do Not Lockout Root?
Jan 8, 2010I was considering adding the below to my RHEL5 system's /etc/pam.d/system-auth file.
password required pam_cracklib.so try_first_pass retry=3 minlen=8
dcredit=-1 ucredit=-1 ocredit=-1 lcredit=0
auth required pam_unix.so nullok try_first_pass
[code]...
Ubuntu Security :: Set Two Password For 1 User Account?
Dec 27, 2010i use ubuntu 10.04, is there a way to set two passwords for 1 user account
View 2 Replies View RelatedUbuntu Security :: Unknown User Account 'dtc'?
Mar 12, 2011I started up my computer and suddenly, I saw that there was a new user account. I didn't create it and no one else uses my computer (let alone has access to user account creations). It was called dtc. It didn't seem to have any privileges and the only file in its home folder was called Examples. Should I worry that I might have some kind of malware? I deleted the user and the folder (and it came back after a while). It's main group is dtcgrp. The User ID is 1004.
View 2 Replies View RelatedSecurity :: More Than One Person Is Sharing A User Account?
Dec 6, 2010Is there software or mechanism that can help the administrator determine if more than one person is using the same user account via a shared password?
View 8 Replies View RelatedSecurity :: Unlock Test User Account?
Aug 18, 2010I ran a test where I login a test user several times using the wrong password to see that he gets locked out after several attempts. Now that I got the test user locked out, how do I unlock the test user? I tried passwd -u <test user>, but it says passwd: Error (password not set?).
View 4 Replies View RelatedFedora Security :: Administrative Login In User Account?
Sep 25, 2009I am a new Linux user and have a question about the administrative authentication. When I am logged in as a user and I need to do something that requires root privileges the little password window comes up and I enter the root password. My question is how long are the root privileges granted for?I noticed that a few minutes after finishing checking out the firewall configuration tool and closing the window that I was still able to re-enter the fire wall tool and other administrative tools. How do I log out of the root privileges without logging out and then back into my account?
View 2 Replies View RelatedUbuntu Security :: Running Wine Under A Different User Account?
Jan 2, 2010I've written an article on my site which lays out steps for installing Wine and running it under its own, separate user account, so that Windows applications cannot access personal files (particularly those in your home directory).[URL}..i'm hoping that there are people on this forum who know Ubuntu inside-out, as I'd like to know how effective the described method is at trapping Windows applications so that they cannot read or write personal files or directories.
The way I understand it, once the process is running under user account wine, it's stuck with the access privileges of user wine. But are there ways in which a rogue application could break out of this prison and gain access to whatever it wishes? I'm guessing that such behaviour would mean someone customising Windows software to recognise Linux, and that such a thing is very unlikely, but I'm still interested to hear what gurus of the Ubuntu internals think of this method.
Security :: Create Fully Isolated User Account?
May 16, 2010I need to create such an account that the user wouldn't be able to r/w any file which doesn't belong to it, even if access mode is set to o+rw. I guess normal chmod/chown won't help here... How can i do this?
View 2 Replies View RelatedUbuntu Security :: Turn Off The Password Recovery For User Account?
Nov 12, 2010I remember my password very well and have no need of password recovery. Everywhere I look it's how to recover and I don't want that. The kind where you boot into root recovery console to change the password.
View 4 Replies View RelatedUbuntu Security :: Limit Login Attempts For Specific User?
Jan 15, 2011I'd like to limit login attempts for specific user. I've found information in manpages: [URL]but I'm not sure if this '@' is purposly there, so would be that correct?
Code:
aparaho - maxlogins 4
or
Code:
@aparaho - maxlogins 4
Maybe '@' is a group syntax? I'm confused.
What happens after 4 failed loggins? Is it enough to restart system to get another login attempts?
Are there any other values that it is reasonable to limit for safety reasons?
Security :: How To Disable Rm Command For An User
Apr 7, 2010I just want to disable rm command for an user..Root only need to use that
View 14 Replies View RelatedUbuntu Security :: Unable To Deny Sudo Access To Regular User Account.
Dec 19, 2010I made a Desktop User account. When I went on that account, it allowed me to execute sudo as if I was an administrator. I don't know what might be causing this. I do have ufw set up and blocking incoming connections. Do you guys know what might be at the root of this?Also, when I used sudo from the user account (which I shouldn't have been able to do), I provided the password for my admin account.
View 9 Replies View RelatedSecurity :: Disable Remote Login For Particular User?
Feb 25, 2011I want to disable the remote login for particular user id in linux server.
View 11 Replies View RelatedUbuntu Security :: Desire - Create A Bash Script That Launches Skype Under A Separate User Account?
Mar 13, 2010I want to jail Skype into its own process and not the one I login with. That way, if a hacker breaks in, it's limited to this process and only the limited functionality that that user account has. The thing is this -- thousands of Linux guys run Skype, but Skype is hardly ever updated or have security patches, and we run it all the time. It seems like an easy avenue for an exploit. As well, my iptables firew all blocks input connections that I have not established, but Skype is an established connection. How do I create a Bash script that launches Skype under a separate user account?
View 3 Replies View RelatedFedora Security :: How To Disable Root And User Password
Jan 12, 2009It seem like unix abit annoying every time you log in you need to password can I disable it
View 10 Replies View RelatedUbuntu Security :: Disable Listing Of User Accounts In 'Switch From'
May 12, 2010Once again, nobody seems to understand security properly when they decide to add nifty new features. After upgrading to 10.04 from 9.10, I now have a listing of all the user accounts under "Switch from" when I go the the logout menu at the upper right side of the task bar. This is a terrible security hole that should never have been allowed in the first place, and is just as annoying as the default behavior of listing all the user accounts on the login screen.
View 5 Replies View RelatedUbuntu Security :: Ubuntu Sudo Versus Windows 7 User Account Control
Jan 6, 2010Is windows 7 UAC basically a user/system control system like sudo?
View 7 Replies View RelatedUbuntu Security :: Multiple Passwords \ Possible To Have Two Passwords For One User Account In 9.10?
Jan 7, 2010I wonder if it is possible to have two passwords for one user account in 9.10. I have a long login password (5 words about 45 characters with spaces caps). I would like to set a shorter password for Authentication, sudo, etc. While retaining the original for logging in.In short:Have long password to login to computer.Have short password for everything after login.
View 6 Replies View RelatedUbuntu :: Giving A Specific User Permission To Start/stop A Specific Service?
Jun 8, 2010How do I give permission to a logged in user to stop/start a specific service without entering a root/sudo password? So they can do a simple "service SomeService stop|start" It is for a headless Ubuntu server.
View 5 Replies View RelatedUbuntu :: Allow A Specific User To Mount Or Remount A Specific Partition?
Jun 9, 2010my system I want user1 and only user1 to be able to mount and unmount a specific partition, this partition contains backups and is usually mounted read only, needs to be temporarily mounted read/write by user1 while doing the backup.user1 is an unprivileged user. I've read that the user option will let any user mount the file-system (and only that user can then subsequently unmount it) and that the users option allows any user to mount or unmount the file-system.I also found this in mount's man pageQuote:The owner option is similar to the user option, with the restriction that the user must be the owner of the special file. This may be useful e.g. for /dev/fd if a login script makes the console user owner of this device. The group option is similar, with the restriction that the user must be member of the group of the special file.So it looks like I'd need a login script for that user to make the user owner of the device file (/dev/voiceserv/backup in this case)
View 7 Replies View RelatedOpenSUSE :: 11.4 Konqueror User Account Bug New Account No Bug
Jul 16, 2011I have a problem with the Google search box top right corner in Konqueror, when entering search I recieve an error page "Unsupported Protocol" Google asks for ioslave or kioslave. Also when highlighting text on a page and right clicking with the mouse no search option is given. I created a new user and all works as it should for the new user. What is wrong with my user account? I have reset default values in Konqueror setup.
View 3 Replies View RelatedUbuntu :: Access User Account 1 Home Directory From User 2 Work Space?
Jun 16, 2011Do you think there is a way of accessing different user data from another account which I have set up.
Ie. user 1 = account has messed up
user 2 = account works fine
access user account 1 home directory from user 2 work space?
Server :: Rsync Using Www As User Gives Ssh Error - User Www Not Allowed Because Account Locked
Feb 11, 2011Apache is run as www as is all the files/folders. People are uploading via FTP, scp, so the problem is if I chmod so everyone can read, then rsync as a user it works until new files are added which then my ; if rsync fails with a permission denied. Now I can add a chmod in the script so everyone can read, but since www can already read, I figured I would just change my script to use www. I added the ssh key to his authorized_keys file, but when I try to just ssh in I see this in the secure file;
server sshd[29539]: User www not allowed because account is locked
sshd[29539]: Failed none for invalid user www from ip port 54983 ssh2
Now I read a few places already saying I need to add a password to the account, etc. but before I jump and try all I read, 1st major one, will this now break apache? Will this affect any startup things, etc. and .... will that unlock that user for ssh in or is there another preferred method?
Ubuntu :: User Account Control And User Rights Assignment?
Sep 29, 2010I have a user account which is required to run as part of the operating system and as a service. I am currently attempting to install my companies software on an Ubuntu desktop via wine just for the purpose of finding out if it's do-able.
Is there a way, in Ubuntu, for a user account to be given the local rights assignment to act as part of the operating system and to function as a service in the background?