Security :: Using Sudoers To Restrict Editing Of Certain Files?

Aug 2, 2010

In a recent discussion I had, I was led to believe I could use sudoers to restrict using vi (for example) for the editing of say specific config files. I know how to allow root use of vi and how to lock it down from getting to a bash prompt with NOEXEC tag,but I can't figure out how to restrict the use of vi to only edit certain files. Tutorials and howtos I have checked don't address this

View 7 Replies


ADVERTISEMENT

Ubuntu Security :: Restrict A User From Seeing Hidden Files And Folders?

May 23, 2010

restrict a user from seeing hidden files and folders?

View 8 Replies View Related

Ubuntu :: Editing /etc/sudoers Don't Want To Mess Up Again

Feb 16, 2011

I edited my /etc/sudoers file the other day to add timestamp_timeout=0 to cause sudo to ask for a password every time. I used visudo in sudo mode and when it came to saving it appeared to want to save the file as sudoers.tmp so I edited this to sudoers. Anyway some how may edit failed. I booted up into terminal and reedited and somehow lost all access to the sudo mode. I think the file ended up with the wrong permissions.

After a fresh install I don't want to mess this up again. So please, please tell me how to save it. Should I save as sudoers.tmp or sudoers? I presume a could have made a typo, but am assuming not. I don't want to reinstall ubuntu and all the packages again.

View 4 Replies View Related

Ubuntu Security :: Locked Out From Sudoers

Jun 5, 2010

A few minutes ago I accepted a suggestion from update-manager for restarting my system, such that some security updates could be effective. After restarting and login in as usual, I discovered that I could not use my adminstrative rights as a sudoer. To recover them I booted again, as root, and added my username in the "admin" group. Rebooting, all seemed well again. As an extra check I installed and ran 'chkrootkit' and nothing suspect was found.What could have hapenned? Just a glitch in the system? Can a user disappear from a group for nothing?What further checks can I make to be sure that my system is safe?I'm using Ubuntu Jaunty Jakalope amd64, with kernell 2.6.28-15-generic.

View 5 Replies View Related

Security :: /etc/sudoers Syntax With %groupname?

Feb 1, 2010

My goal: I want to give users in the group "rtkprd" the ability to elevate their privileges and run a restricted shell script by using sudo. The full path to the shell script is /usr/local/bin/only_rtkprd.sh
The syntax of /etc/sudoers is giving me fits, to I've reduced my sudoers to a single log directive and a single line to enable the rtkprd group.

Code:
Defaults logfile=/var/log/sudo
%rtkprd ALL = (rtkprd) /usr/local/bin/only_rtkprd.sh

[code]....

View 3 Replies View Related

Ubuntu Security :: User Is Not In The Sudoers File

Mar 15, 2011

Suddenly I am not in the sudoers file. I am not sure how to recover from this. I have no grub screen at bootup, so I can't boot into single user. I think I am going to have to boot a live version of ubuntu to start with. Is that right? What's next after that? Also, how could this happen, I haven't touched the sudoers file or added users or anything like that (well not that I am aware of) I am a little concerned that this may be the result of someone breaking in? Would this be a likely symptom?

View 3 Replies View Related

Fedora Security :: Wrong SELinux Context On /etc/sudoers?

Nov 21, 2010

I'm suspicious that the context of /etc/sudoers is wrong. During the last upgrade to Fedora 14, RPM dropped /etc/sudoers.rpmnew, which had a different context than the real sudoers file. But, when I try to get SELinux to relabel the file (using restorecon or fixfiles), it refuses to make a change.

> ls -lZ /etc/sudoers
-r--r-----. root root unconfined_u:object_r:etc_t:s0 /etc/sudoers
> matchpathcon /etc/sudoers

[code]....

View 5 Replies View Related

Server :: Sudoers Will Not Work - Error Says Sudu: Can't Open /etc/sudoers: Permission Denied

May 31, 2011

I have tried several things to attempt to fix my sudoers file however it is still coming up with errors. The error says

[code]...

the sudoers configuration file is set to the default as I have ran a dpkg on it, have also uninstalled and reinstalled it, and went over the configuration file ensuring it looked like the defaults I had seen online.

View 8 Replies View Related

Ubuntu Security :: Patch For Sudo That Allows Sudoers Information To Be Pulled From MySQL?

Apr 12, 2011

This may be a stupid (?) question, but does any one know of a patch for sudo that allows the sudoers information to be pulled from mySQL?
I run multiple servers with multiple people working on them and would like a one-stop update of permissions.
Yes, I could use rsync or the like, but I'm just wondering if this has been done, or could be done.

(Sorry if this is the wrong forum, I'm kinda new around here, posting wise and this seemed to fit. Feel free to move it if it's not)

View 3 Replies View Related

Fedora Security :: Restrict User To Ssh?

Apr 7, 2011

I m new with Fedora 14, and i have a basic business case :

I want to setup a user which should

- only connect to the server with SSH (ex.: no X11 connection).
- cannot change its shell
- cannot do any SU / SUDO command

This user is very similar to a SERVICE user, as I expect him only to run a single program (its shell).

View 7 Replies View Related

Ubuntu Security :: Restrict Users In 9 ?

Apr 14, 2010

I've installed Ubuntu Desktop Ed 9 and I want to add a user account that would be very restricted. I would only want them to access the internet and run several programs. I do not want them to have access to the destkop, anything under preferences, administration etc... Is this possible?

View 1 Replies View Related

Security :: Restrict Cvs Login From Specific IPs

Sep 24, 2009

Need to restrict cvs login from specific IPs

in file /etc/security/access.conf
+ : builduser : 10.200.2.1

Do not work

when changed to ALL as below it works
+ : builduser : ALL

View 2 Replies View Related

Security :: How To Restrict Permission To Ssh User

Jan 26, 2011

I would like to allow a user to login through SSH but with different permission coming from different ipaddress.

For example, a user "tester" login to SSH through 192.168.1.1 and another user login with the same login id "tester" but from different ip 192.168.1.2.

How do I restrict 192.168.1.2 to only allow for viewing the content in the home directory while giving 192.168.1.1 full access?

View 7 Replies View Related

Security :: Restrict User To One Directory Only?

Jan 6, 2010

Here's the beginning of the issue: I'm running Fedora 12 with httpd and sshd. I want to create a user with a scponly shell for sftp access, but this user should ONLY be able to view /the/http/base/dir and its subdirectories. The user should not be able to see or get into directories above the httpd base. Someone mentioned creating a chroot jail for sshd and binding the httpd base to that dir, but this seems like more work than is necessary for the application I wish. Also mentioned was creating a user, say user1 with a selinux user setting of staff_r. I have read the articles and creating a user of staff_r isn't overly difficult, but how would I make it where staff_r would be restricted to where I want them to be? If I'm not mistaken, that would require changing the context of /the/httpd/base/dir?

View 4 Replies View Related

Security :: Restrict A User On SSH From Everywhere Except One Host?

May 3, 2011

I want to restrict user for SSH Logon, but able to use SFTP.

Also, i like to know how to restrict a user on SSH from everywhere except one host.

View 5 Replies View Related

Ubuntu Security :: Restrict SSH To Specific Source Ips?

Apr 7, 2010

I want to restrict SSH so that its only accessible via the machines I own on this network. Obviously need to secure user authentication/host authentication, that aside though is the following sufficient at a network level given technical users also use this network? IP addresses are static, though I know they could be spoofed.

Code:
Chain INPUT (policy DROP)
target prot opt source destination
existing-connections all -- anywhere anywhere
allowed all -- anywhere anywhere

[Code]....

View 4 Replies View Related

Ubuntu Security :: Restrict Thunder To A Certain Directory?

Aug 28, 2010

I have created my own custom ubuntu distro using the alternate installation cd and doing a command line install. I'm using ubuntu 10.04 as my base and am also using thunar as my file browser and am trying to create a secure desktop environment and to do that I'd like to restrict thunar to a certain partition. Is it possible to do that?

View 9 Replies View Related

Ubuntu Security :: How To Restrict Permission To Ssh User

Feb 26, 2011

I would like to allow a user to login through SSH but with differentpermission coming from different ipaddress.For example, a user "tester" login to SSH through 192.168.1.1 andanother user login with the same login id "tester" but from differentip 192.168.1.2.How do I restrict 192.168.1.2 to only allow for viewing the content inthe home directory while giving 192.168.1.1 full access?I got a suggestion from some oneApproach 1) Based on the ip you change the shell. If it's just for read only ajail would be fine.but how do I change shell based on IP?Approach 2) to have two ssh instances. Let's say port 22 and port 24. Port 22 isfor read only, while port 24 is for full accessso how can it be possible to give port 22 only read only access to SSH

View 1 Replies View Related

Security :: Restrict Number Of Sftp Connections?

Nov 9, 2010

if i want user should`t have more than 20 sftp connections to a server,is there any way we can limit no.of connections to a particular user on the server using ssh configuration

View 7 Replies View Related

Security :: Restrict Access On Windows Network?

Feb 18, 2011

my team is working on network thier termial is windows and my server is linux centos we work on simple network with out domainmy user works on files on the server, can I deman ser name and passwork when they try to change to the shared files on the servernd can i monitor which user chaned a fileI have css developer and he is only allowed to create and modify css files can i do this ?

View 3 Replies View Related

Security :: Restrict A User To Access Particular Service?

Sep 24, 2010

I heard we can set security in /etc/hosts.allow and /etc/hosts.deny on user base also like something user@domain or something if so how can I restrict a user to access particular service by his/her user name in a particular host via /etc/hosts.allow or /etc/hosts.deny

View 3 Replies View Related

Security :: Restrict Telnet Session To Users ?

Oct 22, 2009

I want restrict telnet session to users.

That means the client login one user at a time. not multiple login.

For example:

I want restrict this. How to restrict one user to use multiple login.

View 4 Replies View Related

Ubuntu :: Use Sudoers To Allow Any User To Chown A Certain Set Of Files?

Feb 16, 2011

I have a fairly complicated request The short version is, I want to set up a system so that any user can change the ownership of a certain set of files at any time without root access. I think it's possible to set up sudoers to do that, but so far I have failed miserably.I have tried setting up a wrapper script around chown, then putting that script into sudoers, but it didn't work. Here's the script and sudoers (paths changed to genericize them):

Code:
#!/bin/bash
#this script moves a copy of the code

[code]....

View 4 Replies View Related

General :: Correct Entries In Sudoers Files

Sep 24, 2010

After adding what I thought were the correct entries in /etc/sudoers so I'd be able to run commands without needing to sudo them, I keep having to. My sudoers file entries look like this:

Code:
## Allow root to run any commands anywhere
root ALL=(ALL) ALL
user_me ALL=(ALL) ALL

## Allows people in group wheel to run all commands
%wheel ALL=(ALL) ALL
user_me ALL=(ALL) ALL

## Same thing without a password
%wheel ALL=(ALL) NOPASSWD: ALL
user_me ALL=(ALL) NOPASSWD: ALL

I have also confirmed that I'm a member of the wheel group in /etc/group:
Code:
wheel:x:10:root,user_me
And yet, I still have to sudo to do pretty much anything.

View 7 Replies View Related

Fedora Security :: Restrict POP3 Or IMAP For Particular Users?

Oct 30, 2009

Is it possible in Linux to restrict POP3 or IMAP for particular users.I need a confirmation on this, that it is possible or not in Linux.

View 3 Replies View Related

Fedora Security :: X Server Restrict Via Xselinux Module

Apr 24, 2011

Module xselinux appeared in new versions of XServer theoretically allows to use SELinux in order to improve security. First of all I'm interested in examples of the use of this module (configuration files and what functions it perform). Also interesting to know whether some user's actions with XServer can be restricted via xselinux module (e.g. screenshot prohibition).

View 11 Replies View Related

Ubuntu Security :: Using Apparmor To Restrict File Browser?

Sep 21, 2010

I am trying to use apparmor to restrict my file browser, which is Thunar to only let me view the files that are in the home directory and also removable media.I tried following the apparmor sticky with no success.I created the profile and tried editing it and it either started and let me do pretty much everything or did not start at all. Would it be possible for someone to help me step by step to set up a profile for thunar that would only show the home directory and removable media.

View 2 Replies View Related

Ubuntu Security :: Restrict Internet Access For Kids?

Jul 28, 2011

I'm running Natty and have made two logins on the system. One for myself and family and one for the kids (teens 14-15yr) to play in without Internet access via Admin "Users and Groups". I have hidden the Internet software icons on their screen amongst others i don't want them to see on the menus. On our screen I use a Firefox addon called "Web Of Trust" that can be configured easily for the kids and another addon called 'Blocksite' that I can selectively use for them and myself etc.

I have found out that they have still been able to get on to the net somehow under their login. Will have to observe again!! In the users settings for the kids the tick box for 'Internet'and 'use modem' access is un-ticked so I presumed that would be enough! Not so!!

View 8 Replies View Related

Security :: Restrict Access To Network To Only Dhcp Assigned Ip's?

Feb 28, 2011

I'm trying to tighten up my network a bit. I've given my dhcp server a list of static mac addresses and ip's for computers i know, and a very short range of dhcp addresses that are redirected to kittenwar.My dilemma is that if someone has my wireless network password, or an ethernet cable, they could set the ip address manually and gain access.how can i deny them this pleasure?im running dhcpd3, and iptables on a debian/lenny intel 2.4 box. dd-wrt is running in a linksys wrt54g and is handling the wireless security

View 7 Replies View Related

Security :: How To Restrict Option Appearing In GUI Flash Screen

Aug 21, 2010

We can restrict CTRL+ALT+DEL from command prompt by changing inittab file but how that can be achieve in gui on reboot?

View 4 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved