When I execute a sudo or gksu evolution (e.g. synaptic package manager) I find that the escalated privileges remain in effect for a period of time. Sometimes, not often, the notifier applet shows an icon indicating that escalated privileges are in effect.
What I would like to know:
What is the default amount of time which escalated privileges remain in effect on my system?
Is it possible, if so how, to change this amount of time?
I've been using Ubuntu for like a year now. Whenever I want root privileges I just type sudo and enter my User password. I wanna know if there's a way to change this, in a way that My User password is: "ABC" and the password needed to have root privileges is: "ABC123". I have no problem using the terminal, I actually prefer it to any GUI, it just seems easier to me.
Having read on the forums about some of the dangers of running Wireshark as root, I would like to know if anyone can suggest some alternative packet sniffers/network analyzers which will offer similar results but without the security issues. I am using Karmic Koala on a Fujitsu Siemens laptop with wireless router (firewall enabled)
I have searched somewhat this forum but haven't yet found a similar post using the keywords I entered but perhaps there is already a similar post then please refer me to it.I am trying to add a user account "Guest" to allow people on my laptop without giving them access to vital parts of the computer. Basically, I want them to only be able to view their own home directory and access internet. Nothing more.I have set the group to "guest" and changed the other home directories of other users to owner access only.
Guest still has access to root and is still allowed to perform actions in various critical areas (deleting files from for example my Windows 7 partition). This I also want to prevent. I was thinking to set each directory's permissions to Owner and Group only and remove Others access.My questions:
1. Will this have any undesirable impact (programs of main user accounts not able to access certain directories)? For guest user I don't care as long as internet works. 2. When I start User Manager and disable for Guest all options except "access internet" (so I also disable access to CDROM), the guest can still access the CDROM. Does this mean the User Settings menu has no effect or is overruled by something?
Is there any way to user can increase or lower his privileges? I tried by "semanage login" but it works only for admin i think. I would like for example change range form s0:c0 to s0:c0.c10 and vice versa.
So, I'm not quite sure what the difference is? Is it that sudo allows you to "borrow" superuser privileges, whilst su allows you to actually log in as superuser? Also, when I sudo [command] and get prompted for a password, after I input it, things work just fine, but if I su, and then get prompted for a password, I can't log in as superuser... Why is this?
I'm running ubuntu 64-bit server edition so ill have to use the command line for this. i want to create or change a file in my own home folder, i have to do it as sudo, otherwise i get an error message saying "permission denied".
im on ubuntu, and i was trying to change the settings under System->preference->network proxy
When i click apply system wide, it asks me for my root password wich i provide and then it asks me for this other password, with this message: Privileges are required to change gconf system values. What is this? is there a way around it?
I'm running 10.04 running daily updates. A couple days back, I saw an update related to mounting volumes. Not sure if this is what broke my system, but might be. When attempting to mount a partition from nautilus, I get a message saying I do not have authorization. It does not even ask for my password, just fails. I tried running updates and this asks for my password and accepts it fine. I opened disk utility from the menus and tried to mount the volume from there but also got the same permission denied, not authorized without even being asked for my password.
I then ran gksu palimpsest. I was asked for my password and was able to mount and unmount partitions from there. However, when mounted, my applications and nautilus cannot access the data in the partitions mounted using gksu palimpsest. In nautilus, I can navigate to /media/Data (the partition in question) but I get "THE FOLDER CONTENTS CANNOT BE DISPLAYED You do not have the permissions necessary to view the contents of "Data"." When I open nautilus via gksu in the terminal, I do have full access to the partitions.
How do I get my privileges back for my user account. I am the only user on the computer, and I have never set up a root account since my upgrade to 10.04 months ago. I tried of course the Administration->Users and Groups menu, but I am not permitted to change the account type or open advanced settings. I click the button, but nothing happens, not even a password request. Running gksu admin-settings on the terminal allows me access. My current settings are attached.
I have installed Ionix vCM onto a Red Hat Linux box. It correctly communicates with the collection server if I use the Ionix certificate. However, if I use a self-generate certificate, communication fails.
(1) How do I determine which PKI certificates are resident on the Red Hat box?
i am relatively new to ubuntu. Just recenty i have not been able to access certain files(for example the history and bookmarks in the firefox folder), download files individually from the internet(music,fonts,etc), recieving an error message
In our group we use NIS and have a group set up called netadmin which is given root privileges on each machine. Each machine also has a localuser called localuser created and used during installation. When logged in as a member of netadmin, attempting any action that requires root privileges (e.g. installing software in Ubuntu Software Center) results in a prompt asking for localuser's password, not the current user's password.
Does anyone know the cause? Configuration issue or Ubuntu issue? We can get around it.
I have previously set up sudo via adding my name to the wheel group and then giving full privileges to the wheel group in the sudoers file. Now I choose to learn to limit that. Had noticed the most frequent use I have of sudo is to run yum update. This got me thinking, could I remove the wheel group privileges and add the following line in sudoers to limit the privilege to simply running yum, and furthermore, make it so I could run yum without a password:
## Allow root to run any commands anywhere rootALL=(ALL) ALL Troy ALL= NOPASSWD: /usr/bin/yum
I think that would in fact work (if I understood one of the pages here, it will work). However, upon further thinking I realized that in such a case then anyone sitting at my computer could then use yum, without a password, to install or remove any file on my system � probably not a good idea. As a result I have to ask, can I tighten the privilege even further such that the only privilege so given was to run �yum update� and nothing else? (for example if they ran �yum install� it would fail). If you can do it, how?
Last, I was going to limit the privilege, time wise and try wise, by adding the following to the sudoers file:
I often get responses from people who first say: "Are you sure? You want your network to be exposed to the outside world?" I am not experimenting on a Production Server of NASA or any Security Concern Department. Friends, there is no harm in experimenting on your personal computer or on a test computer which is isolated from the production environment. Look at hackers! What do they do? If they don't know how security is breached then how would they come up with security measures?
If my question reads... "How to let any user perform Administrative Tasks on a Linux System irrespective of his/her privileges on that particular system?" then I would not get the right answers in the first place. They will say... "You are letting everyone destroy your system... are you sure you want to do that?" My question is: Why should we restrict ourselves from experimenting even if it sounds weird to other people?
I give you an example where it is desirable to let an unprivileged user perform certain tasks. You want to know if there are any employees in your office who are storing videos in their home directory and filling up the disk space to a great amount. You have a department called "Command Center or Data Center Operations or Help Desk" call it whatever you would, whose work is to monitor such activities, and you create an account "monitor" for them to monitor such activities but they are not able to do them:
I run ProFTPd with TLS authentication on my Debian Lenny server. My problem is that despite of the fact that my users connect chrooted, one of my friends had root privileges after logging in form a Macintosh and could browse the root directory, too.
I've got a samba share on a linux server, connecting to it with a windows 2k3 server via tools > map network drive. The goal is to be able to use windows to change the security of the samba share. The good news is it works! The bad news is it's not QUITE perfect:
The share is called /company. I started with the following to give everyone access to everything, set the owner of the share to administrator (my domain admin on the Windows domain), and set the group owner to domain users (group that everyone on the domain is part of):
I then mapped the drive as a regular user, and of course, can access/modify/delete/rename/create anything I want. Then I picked a folder to lock down. Let's call it /company/myFolder. I did this on the Windows server by mapping the drive as administrator (the owner), right click > properties > security tab > advanced > highlight "domain users" and "everyone" and click edit > clear all (i.e. remove all access). Go back to Linux and
The only issue that remains is that I am able to rename/delete "myFolder" as a regular user. I thought this was coming from the "acl map full control = true" parameter in smb.conf, but I changed it to false and verified the change and it still happens. If I remove group and world write access to /company, I am no longer allowed to rename/delete myFolder, but then I can't create a new folder. If I add group write access back in I can create files but can also rename/delete folders within /company that have --- specified for group access. Any ideas what I need to tweak to make this right?
I recently did a fresh install of 10.04 and am experiencing a really weird issue. I right click on an audio file (in my case an MP3) and pull up the properties. I select the Audio tab and look at the duration for the file. All of my file (which play just fine) are showing a zero duration. Is this a known bug and is there a fix for this somewhere?
I should note that these are all valid MP3 files, with duration time previously showing under a 9.10 install.
I have read that to improve security in Ubuntu a good fix is to make the /home folder tree non-executable by default. This would mean that malware could not run in the /home tree without changing the setup.Is this a viable change, or is it just icing on the cake, any one any thoughts on this.
We have the below script, to check the process MEDT, if it doesn't run , then it will send a message immediately. the same script, if I want to check if it is continously running for more than 1 hour, then it should do the action mentioned below.
I am planning to take up RHCE exam, but i have a doubt about the exam duration does it consist of 2 section where section 1 is for 2.5 hrs and section 2 is for 3 hours (total 5 1/2 hours) or does it consist of single section of 3.5 hours.