One user in my company wants to run some flush cache queries on a MySql database, it needs "reload" privileges of Administration, how secure is to give this rights to a normal user ?
View 2 RepliesIs there a way to grant 'root' privileges to my user account? My account name ... I'll call it 'masterskop' as it is my forum name here, but not on my computer.Would it look like this in the sudoers' file?My purpose is to get access to all the folders and files in the 'File System'. The root and lost+found folders have 'Xs' on them...No access! And for example, under properties of the 'var' folder it states that 'you are not the owner, so you cannot change these permissions.' How can I get access to all of it everytime I login as the main user of my computer? I do not have anyone else using this computer.I did edit this file and used my real user name ... logged out and logged back in and still I do not have access/edit these folders and files.
View 4 Replies View RelatedI have a normal user (sites:users) and the usual http user (wwwrun:www).I'm hosting several sites and I want to be able to upload stuff via ftp, so I'm using the "sites" home (/home/sites) to keep the sites I'm hosting. Giving read permissions to all inside /home/sites makes it accessible and readable to the wwwrun user. Problems come when I need to upload something. The easy way is to give 777 permissions to the folder that's going to receive the file, but I don't feel comfortable at all with that.
What do you recommend? Is there any group configuration that could help me (like adding "sites" to the "www" group)? Or any other configuration at all that might be according the the best practices?
I'm able to mount ntfs file system as root user but I want the same thing to be allowed to normal user .
I'm not much familier with linux environment so please explain me how to do that for normal user.
Might this is silly question but I am not much familiar to database.I am doing master slave Mysql replication for load balancing. On master server different database has different user privileges. I create backup using mysqldump command and restore on slave server instead of using load data from master; command.When i replicate database from master to slave will i require to set user privileges same as master ?One more question: How to lock all database in mysql?
View 2 Replies View RelatedI Installed the maintained package, Day one everything worked fine, I set a dummy database and work on it from VM windows. Day two weird errors, I searched around couldn't find the problem, the error was related to The root user losing privileges. I don't remember the exact error. So I decided to Completely remove the DB with apt-get remove mysql-Server-5.1. It gets stuck during the uninstall, I left the machine for a day and a half to uninstall mysql. I realized it was no use, I tried to Restart and try again, but I am getting the same thing.
Code:
finito@finito-desktop:~$ sudo apt-get remove mysql-server-5.1
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following packages were automatically installed and are no longer required:
dbconfig-common libhtml-template-perl mysql-server-core-5.1 libaprutil1-ldap
apache2-mpm-prefork apache2-utils libmcrypt4 apache2.2-common libt1-5
libaprutil1-dbd-sqlite3 apache2.2-bin wwwconfig-common php5-common
javascript-common libjs-mootools
Use 'apt-get autoremove' to remove them.
The following packages will be removed:
mysql-server-5.1
0 upgraded, 0 newly installed, 1 to remove and 0 not upgraded.
1 not fully installed or removed.
After this operation, 15.7MB disk space will be freed.
Do you want to continue [Y/n]? y
(Reading database ... 231901 files and directories currently installed.)
Removing mysql-server-5.1 ...
it stays stuck at Removing mysql-server-5.1 ...
I can't progress I am at the brink now, my only option right now is format, but I don't wanna do that. This setup is almost 5 years old and I have gone with many ups and downs with it. From Windows to 8.04 to 8.10 to 9.04 to 9.10 to now 10.04 each year loving the resilience of Ubuntu and the Linux architecture. I don't want to believe that this has killed my spree.
i want /mydata to be read/write by the web server. What group and user showld i use?
View 2 Replies View RelatedI run ProFTPd with TLS authentication on my Debian Lenny server. My problem is that despite of the fact that my users connect chrooted, one of my friends had root privileges after logging in form a Macintosh and could browse the root directory, too.
View 1 Replies View RelatedI'm connected to the internet using a wireless router. Each time I boot, I have to grant root privileges and type in a shell: iwconfig wlan0 essid linksys key dhclient wlan0 Isn't there a file(or location) that I can modify to automatically grant root privileges and execute these commands when debian starts? Something like autoexec.bat in windows.
Something else I'd like to mention is when I execute iwconfig.... for the first time, I get this incomplete result:
IEEE 802.11bg ESSID:"linksys"
Mode:Managed Access Point: Not-Associated Tx-Power=27 dBm
Retry long limit:7 RTS thr:off Fragment thr:off
Encryption key***********
Power Management:off
[Code]...
I have searched somewhat this forum but haven't yet found a similar post using the keywords I entered but perhaps there is already a similar post then please refer me to it.I am trying to add a user account "Guest" to allow people on my laptop without giving them access to vital parts of the computer. Basically, I want them to only be able to view their own home directory and access internet. Nothing more.I have set the group to "guest" and changed the other home directories of other users to owner access only.
Guest still has access to root and is still allowed to perform actions in various critical areas (deleting files from for example my Windows 7 partition). This I also want to prevent. I was thinking to set each directory's permissions to Owner and Group only and remove Others access.My questions:
1. Will this have any undesirable impact (programs of main user accounts not able to access certain directories)? For guest user I don't care as long as internet works.
2. When I start User Manager and disable for Guest all options except "access internet" (so I also disable access to CDROM), the guest can still access the CDROM. Does this mean the User Settings menu has no effect or is overruled by something?
Is there any way to user can increase or lower his privileges? I tried by "semanage login" but it works only for admin i think. I would like for example change range form s0:c0 to s0:c0.c10 and vice versa.
View 6 Replies View Relatedperform below activities please guide how to do perform below activities.Make sure the Guest account is disabled or deleted.-Disabled or deleted anonymous accessSet stronger UserID policiesSet Key Sensitive UserID Default enable in linuxCombination of numbers, letters and special characters (*,!,#,$,etc.)
Status of UserID
Type
User Name
[code]....
I'm running 10.04 running daily updates. A couple days back, I saw an update related to mounting volumes. Not sure if this is what broke my system, but might be. When attempting to mount a partition from nautilus, I get a message saying I do not have authorization. It does not even ask for my password, just fails. I tried running updates and this asks for my password and accepts it fine. I opened disk utility from the menus and tried to mount the volume from there but also got the same permission denied, not authorized without even being asked for my password.
I then ran gksu palimpsest. I was asked for my password and was able to mount and unmount partitions from there. However, when mounted, my applications and nautilus cannot access the data in the partitions mounted using gksu palimpsest. In nautilus, I can navigate to /media/Data (the partition in question) but I get "THE FOLDER CONTENTS CANNOT BE DISPLAYED You do not have the permissions necessary to view the contents of "Data"." When I open nautilus via gksu in the terminal, I do have full access to the partitions.
How do I get my privileges back for my user account. I am the only user on the computer, and I have never set up a root account since my upgrade to 10.04 months ago. I tried of course the Administration->Users and Groups menu, but I am not permitted to change the account type or open advanced settings. I click the button, but nothing happens, not even a password request. Running gksu admin-settings on the terminal allows me access. My current settings are attached.
we are trying to make a policy decision whether to go with SSH user/passwd or PPK secure key ? our servers are hosted remotely by a hosting service. we were wondering which of these two models are more secure.e.g. i would tend to think that user/passwd with account lockouts upon failed attempts would be more secure because the other option exposes your server in case someone sneaks the PPK file or steals your whole computer.however, what makes me doubt myself is that Amazon Web Services EC2 cloud hosting uses PPK by default (although an instance's SSH config can be change to accommodate logging in but they don't endorse it).
View 3 Replies View Relatedi am relatively new to ubuntu. Just recenty i have not been able to access certain files(for example the history and bookmarks in the firefox folder), download files individually from the internet(music,fonts,etc), recieving an error message
Quote: Originally Posted by firefox error console
Error: [Exception... "Component returned failure code: 0x80520015 (NS_ERROR_FILE_ACCESS_DENIED) [nsIFileOutputStream.init]" nsresult: "0x80520015 (NS_ERROR_FILE_ACCESS_DENIED)" location: "JS frame :: file:///usr/lib/firefox-3.6.13/components/nsSessionStore.js :: sss_writeFile :: line 2944" data: no][code]...
i have sudo priveleges and can install via update manager. i read somewhere that compizfusion might affect access permissions and i do use compiz and emerald at the same time.
In our group we use NIS and have a group set up called netadmin which is given root privileges on each machine. Each machine also has a localuser called localuser created and used during installation. When logged in as a member of netadmin, attempting any action that requires root privileges (e.g. installing software in Ubuntu Software Center) results in a prompt asking for localuser's password, not the current user's password.
Does anyone know the cause? Configuration issue or Ubuntu issue? We can get around it.
I want to restrict a user accessing my ftp site.
1) i can block the user in ftp configuration file
2) i can block the user in PAM or /etc/host.deny
i heard that if pam is denying the user and ftp is allowing the user the user can get the access it means that ftp conf file is stronger than host.deny
Its been two days over, after my search started . But I didn't find answer any where ?. I need to call chroot as part of normal user, but to my surprise it can only be called by SUper user with CAP_SYS_CHROOT capabilities. I am not sure how to add this capability to my user .
View 10 Replies View RelatedI am using Red Hat and was wondering how to disable username and password only login and require that a PPK secure key file be used for authentication ? I can log in using the secure private key and the public key that is in ~/.ssh/authorized_keys but i can still log in using the plain username and password login.
View 2 Replies View RelatedI often get responses from people who first say: "Are you sure? You want your network to be exposed to the outside world?" I am not experimenting on a Production Server of NASA or any Security Concern Department. Friends, there is no harm in experimenting on your personal computer or on a test computer which is isolated from the production environment. Look at hackers! What do they do? If they don't know how security is breached then how would they come up with security measures?
If my question reads... "How to let any user perform Administrative Tasks on a Linux System irrespective of his/her privileges on that particular system?" then I would not get the right answers in the first place. They will say... "You are letting everyone destroy your system... are you sure you want to do that?" My question is: Why should we restrict ourselves from experimenting even if it sounds weird to other people?
I give you an example where it is desirable to let an unprivileged user perform certain tasks. You want to know if there are any employees in your office who are storing videos in their home directory and filling up the disk space to a great amount. You have a department called "Command Center or Data Center Operations or Help Desk" call it whatever you would, whose work is to monitor such activities, and you create an account "monitor" for them to monitor such activities but they are not able to do them:
[Code]..
I'm an Oracle DBA and started working for my current employer about 4 months ago. This past weekend an alert re: FS space brought my attention to /var/spool/clientmqueue (full of mail re: cron jobs) and the fact that sendmail is not running on our Linux servers.I'm told that the IT security team deemed sendmail too vulnerable so we don't run it.Aside from FS filling up and missing notification of issues with crontab entries, I'm concerned that we may be missing notification of potential issues. In other Unix/Linux environments I've seen emails from the print daemon when it experienced problems with specific jobs.
Are there other Linux facilities aside from cron and lpd that use email to advise the users of possible issues? Are there ways to secure sendmail or secure alternatives to sendmail? My primary need/desire is to make sure that emails regarding issues on the server get to the appropriate users. Secondary goal would be to have the ability to use mailx to send mail out. There is No need/desire to receive mail from outside.
I want my apache user (www-data) to be able to umount drives that are mounted with fuse. (i think it is the same as regular umount, but i'm not sure)
when i execute: www-data@1:$ umount /2345umount: /2345 is not in the fstab (and you are not root)
how can i get this done?
I have a JavaCL program trying to open a port on 41xxx and it is getting permission denied unless I run it as root. I would like to grant a single user this permission for opening this port. This program runs fine on a vanilla ubuntu install but not on server. Where does Ubuntu handle user permissions for opening ports?I understand this is typically a no-no on a server but this is an unusual circumstance.
View 1 Replies View RelatedWhat I'm trying to do is to grant my regular user to locally mount partitions and shutdown the machine without a password. Here is what I've done to /etc/sudoers:
Code:
Host_Alias LOCAL = localhost
Cmnd_Alias SHUTDOWN = /sbin/shutdown
Cmnd_Alias MOUNT = /bin/mount, /bin/umount
<my_username> LOCAL=(root) NOPASSWD: SHUTDOWN, MOUNT
%wheel ALL=(ALL) ALL
My user is a member of wheel group and I want to type the password for each sudo command except for shutdown and mount. However I am asked for a password whenever I execute "sudo mount [...]" or "sudo shutdown [...]".
Having read on the forums about some of the dangers of running Wireshark as root, I would like to know if anyone can suggest some alternative packet sniffers/network analyzers which will offer similar results but without the security issues. I am using Karmic Koala on a Fujitsu Siemens laptop with wireless router (firewall enabled)
View 7 Replies View RelatedThis applies to users of 10.04 (64 bit), but I would like to hear from those running 10.04 (32 bit) and 9.10 (64 or 32 bit).Would you be good enough to answer this question: Do you have an �enable scanner option� (or a variation of that phrase) in (GOTO) System-Administration-Users & Groups- [Your Admin Account]- Advanced Settings- User Privileges?It would be immensely helpful of you if you could do this and post me your answer.
View 2 Replies View RelatedI just upgraded from 11 to 12 and then installed the Nvidia proprietary drivers from RPMFusion. Initially glxinfo wouldn't work because SELinux was stopping it from using an executable stack. Since the Nvidia drivers are proprietary and a fix may not be provided, I allowed this access to glxinfo with chcon -t execmem_exec_t '/usr/bin/glxinfo'
However it looks like every program using glx-utils also needs these permissions - so far I allowed Xorg, compiz and the Firefox video plugin to execstack. Can anyone suggest a fix for this - preferably one that avoids execstack for all those apps since its a security risk. If not how do I create an SELinux policy to automatically grant apps execstack while they use glxinfo or other nVidia libraries but not at other times.
I have a question that i want to make a normal user to execute the commands which the root user is able to execute, say if i have a user named siru and when i logged in using siru i cannot run commands like tracert,nmap@loccalhost and all but i can run when i have logged into root account so my question is how to make siru to run the command tracert,nmap@localhost.I have even edited the .bash_profile of siru's home directory from
# .bash_profile
# Get the aliases and functions
if [ -f ~/.bashrc ]; then
[code]...
I want to find out if I can get someone to help me with this. Sectool-gui says that the home_directory of user "mysql" is world-readable and that it also is world accessible. How do I close that accessibility?
View 6 Replies View Relatedlove security/pentest tools. This script adds ALL the tools from the Security Spin, plus Metasploit. Feel free to modify it if need be.
View 12 Replies View Related