Security :: How To Disable Rm Command For An User
Apr 7, 2010I just want to disable rm command for an user..Root only need to use that
View 14 RepliesI just want to disable rm command for an user..Root only need to use that
View 14 RepliesI want to disable the remote login for particular user id in linux server.
View 11 Replies View RelatedIt seem like unix abit annoying every time you log in you need to password can I disable it
View 10 Replies View RelatedI am using Red Hat LDAP (version 3) and I have passwordLockout set as "on" at global level. Is there a way to disable account lockout for a specific user?
View 1 Replies View Relatedif I create a User in linux with useradd command useradd -s /bin/bash -d /home/testuser testuser
How can I make it such that he cannot run "ls" command when he FTPs into the server using the username/passwd I setup.I would not mind disabling "ls" for SSh or FTP as long as user is unable to list all files in the home directory and is only able to use FTP commands like GET, PUT, RENAME etc...
Dont want them to have DELETE permission also...in this folder. This user will only be used for FTP...how can I enforce the above controls.
Once again, nobody seems to understand security properly when they decide to add nifty new features. After upgrading to 10.04 from 9.10, I now have a listing of all the user accounts under "Switch from" when I go the the logout menu at the upper right side of the task bar. This is a terrible security hole that should never have been allowed in the first place, and is just as annoying as the default behavior of listing all the user accounts on the login screen.
View 5 Replies View RelatedI'm running Fedora 12, and I need to disable the firewall from within a shell script, which rules out system-config-firewall. I tried the following:
Code:
service iptables stop
service ip6tables stop
chkconfig iptables off
chkconfig ip6tables off
but that didn't do it.
I am using Fedora 14. By default Security Enhanced Linux is enabled in Fedora 14. Now is there any way to disable it by command line and then again enable it through command line.
View 3 Replies View RelatedIs there a non-root shell command that can tell me if a user's account is disabled or not? note that there is a fine distinction between LOCKING and DISABLED:
LOCKING is where you prepend ! or * or !! to the password field of the /etc/passwd file. On Linux systems that shadow the passwords, this marker flag may be placed in /etc/shadow instead of /etc/passwd. Password locking can be done (at a shell prompt) via password -l username (as root) to lock the account of username, and the use of the option -u will unlock it.
DISABLING an account is done by setting the expiration time of the user account to some point in the past. This can be done with chage -E 0 username, which sets the expiration date to 0 days after the Unix epoch. Setting it to -1 will disable the use of the expiration date.
The effect of locking to to prevent the login process from using a supplied password to hash correctly against the saved hash (by virtue of the fact that the pre-pended marker character(s) are not valid output character(s) for the hash, thus no possible input can ever be used to generate a hash that would match it). The effect of disabling is to prevent any process from using an account because the expiration date of the account has already passed.For my situation, the use of locking is not sufficient because a user might still be able to login, e.g. using ssh authentication tokens, and processes under that user can still spawn other processes. Thus, we have accounts that are enabled or disabled, not just locked. We already know how to disable and enable the account - it requires root access and the use of chage, as shown above.To repeat my question: is there a shell command which can be run without root privileges which can output the status of this account expiration info for a given user? this is intended for use on a Red Hat Enterprise 5.4 system.The output is being returned to a java process which can then parse the output as needed, or make use of the return code.
I'm trying to set up an unprivileged user on some field systems running 11.04 with the standard Gnome shell (rather than Unity), and ideally that user would not have access to the command line. The user can log in through GDM (but not the text consoles) with no password, so I need to provide the absolute minimum of privileges; basically the user should only be able to run one program.
I've already set the /desktop/gnome/lockdown/disable_command_line key with gconf-editor for that user, which successfully disabled the "Run Command" dialog. Unfortunately, even though the description of the key in gconf-editor says "prevents the user from accessing the terminal...", the terminal emulator is still accessible from the Applications menu, and I haven't been able to find a good way of disabling the terminal or removing it from the menu. The only thing that occurs to me is an ugly hack: replace the gnome-terminal binary with another that checks to make sure the user is not the unprivileged one and then starts gnome-terminal.
How do I disable and change the user password using SSH on a Linux
View 3 Replies View RelatedI am learning SELinux from LinuxCBT and I'm stuck at one place. Now video is on RHEL 4 (so tell me if things has changed since, cause I can't find anything related) shows how to disable SELinux security on httpd.first I don't know diff between initrc_t and uncofined_t; and second I don't know if something is wrong is everything is all right.
View 1 Replies View Relatedi want to disable the su command on a server so that users cant run the su command i removed the comment from the 3 and 5 line in /etc/pam.d/su file but it doesnt seem to work the file is shown below
#%PAM-1.0
auth sufficient pam_rootok.so
# Uncomment the following line to implicitly trust users in the "wheel" group.
[code]....
created a user but i forgot to change the home directory permission.so after user created when i go to the user and group mangement i cant see that permission filed related to the home permission directory.my purpose is to stop accessing other user to my home directory,how it can be possible??
View 4 Replies View RelatedI've been looking for this feature for months and couldn't find a solution for this. Does anyone know how to create users and limit the user to a specified directory?
View 6 Replies View RelatedI'm trying to write a small script that will run as root, but launch a command with sudo as another user. I want that user to be whichever user is active user. That is, the user that is using GDM right now, or the one that is logged into the current console. (by current console, I don't mean the user running the script, but rather the user logged into the console currently displayed on the screen.)How can this be done?
Code:
ACTIVE_USER=`somecommand`
test `id -u pulse` -ge 1000 && sudo -u $ACTIVE_USER $*
What can I use for "somecommand"?
What security mechanisms are used by recent versions of the Linux operating system during user authentication?
View 3 Replies View RelatedIs there a way to modify the ssh_config and sshd_config files so that a user can scp but will not be allowed to ssh. I have done a search and found a tool name scponly but I really do not want to install anything. Most of the books I have only discuss how to use ssh.
View 3 Replies View Relatedi want in the website they ask to enter some input.Code:echo -e "<p>Please Enter Year : c</p> "read Yearif i use this command it will ask the user to enter year in command. but what i want is they ask the user to enter year in web browser.
View 14 Replies View RelatedI want to refuse access for some users to usb pen and audio. In previous releases (debian, ubuntu , debian-based ..) , it is enough to remove the user from the group.
that is in /etc/group
audio:x:29:bela
plugdev:x:46:bela,geol
with theses lines : bela can heard sound, but not geol, for bela and geol the usb pen is automatically mounted. But not for nobody else. It is NOT the case in the new release, I mean, even if I remove a user from the plugdev group, the usb pen is automatically mounted for that user.
just started using Debian today and I would like to know how can I disable the user acount password, I am the only user on this computer so I would like it to boot strait into my account.
View 3 Replies View RelatedI'd like to set up a restricted guest account which is not allowed to access any network interfaces. In particular, I don't want that user to access the internet either directly or through some network proxy, but I'd like my own account to still have normal internet access. How do I disable all network services for a particular account without affecting other accounts?
View 3 Replies View RelatedI don't want people to use my machine without my presence since I have a lot of cookies and files stored on this machine. So I hope each time the system starts it shows login window and asks for account/pwd. How can I do it?
View 8 Replies View RelatedI have searched for hours and have found nothing that works. Its just amazing that I have not destroyed my laptop yet. What I want to do is keep my child off the net under his user account. I have Karmic installed currently. I have tried adding an iptables rule: sudo iptables -A OUTPUT -p tcp -o eth0 -m owner --uid-owner test -j REJECT
That does not work. So then I tried to disable the network card for just one account... no go.I can only stop access totally for both users which doesn't work for me very well. No method gives me what I need. I want a way so I can login and use the computer normally AND an account he can login to and use but with no web.
How to disable 'sudo' for all or a particular user and allow only 'su'?
View 6 Replies View RelatedWhen I boot from a live USB, it automatically logs in as the live user. I don't want that. I want to log in as a real user, without having to log out of the live user session first.I looked at all the options under system > administration > users&groups. Nothing seems applicable.PS, I did already create the real user and it's working fine. I just have to log out before I can log in as the right user.
View 5 Replies View RelatedI am looking for a way to deny telnet and ssh to one specific user. So far I've only tested with telnet and my attempts have been limited to various hosts.deny entries:
in.telnetd : user@server
in.telnetd : user@server.domain.com
in.telnetd : user@IP_address
in.telnetd : user@.domain.com
None of these work. The only thing I've found that does work is:in.telnetd : IP_addressBut this is only a semi-viable solution because we will soon have multiple logins for the one username from different servers and sub-nets. Ideally, I'd like to be able to deny telnet and ssh access to this username regardless of where the login originates. I suppose it would be possible to specify each server IP, but that'll be a bear to maintain
I have written a device driver and I would like to disable an interrupt. In kernel space there is a function called "disable_irq(int irq)", but, is it possible to do it from user space?
View 7 Replies View RelatedI need disable usb port access in ubuntu9.10. how to disable usb port in ubuntu9.10
View 9 Replies View RelatedI currently have a user on my Ubuntu server that I want to block completely from login. I know right now they login with SSH keys so they don't need to enter their SSH password. Can anyone tell me how to remove the SSH key login for their username and root user which I believe they use too and block SSH access alltogether.I will then just change the root SSH password.I'm terrified they will do some harm so I need them blocked out ASAP.
View 7 Replies View Related