I use the following method for preventing the users from changing their passwords , is there any other method other than this ?ls -l /usr/bin/passwd-rwsr-xr-x 1 root root 37140 2010-01-26 12:09 /usr/bin/passwdso we need to remove the suid for that command as follows :- chmod u-s /usr/bin/passwdnow normal users won't be able to change their own passwords - and only the root user will be able to do it for them.
View 9 Replies
I use the following method for preventing the users from changing their passwords , is there any other method other than this ?
ls -l /usr/bin/passwd
-rwsr-xr-x 1 root root 37140 2010-01-26 12:09 /usr/bin/passwd
so we need to remove the suid for that command as follows :- chmod u-s /usr/bin/passwd now normal users won't be able to change their own passwords - and only the root user will be able to do it for them.
How can I prevent users from changing their own password? I was surprisingly unsuccessfull in finding a solution for this on google. Lots of stuff about hardening ssh access or dealing with password aging using "chage" but nowhere could I find an answer for my question.
View 5 Replies View RelatedI am administrating a system with about 40 or 50 users, and we recently jumped ship from windows to ubuntu. Most of my users are getting along fine, but it seems every few days, i have to help someone who accidentally changed something, and now their account (or more rarely, the machine) is unusable, and has to be reset.
I know configuring /etc/sudoers is a huge step toward fixing my problem, but that still will not completely solve it. What I would like to do is prevent users from making ANY changes to the system (aside from their work files and the like), including themes, icons, desktop, background, etc.
'readonly HISTFILE'
but the user could tamper with the histfile itself. Like:
rm -f $HISTFILE;
rm -f $HISTFILE; mkdir $HISTFILE;
rm -f $HISTFILE; ln -s /dev/null $HISTFILE;
I'm experimenting with PROMPT_COMMAND to execute a command each time the user executes a command and so log it somewhere else.This post was pruned from the 2009 Is there a way to prevent users from changing or unset their HISTFILE variable? thread. Please do not resurrect old threads but instead create your own (and maybe provide a link to the old one).
The title says it; I want to prevent users from viewing the wireless network password.
View 9 Replies View RelatedI want the users to access servers via ssh public key only. By default they don't know their initial password and do need to change that when performing administrative tasks.For changing their passwords without knowing the old they need to switch to root for this special case.The only case it seems I don't have control is that users can not only change their password but also the password of other peoples. Does someone sees a solution (without apparmor/selinux and special /usr/bin/passwd.sh) to restrict users to only change their password?I miss the feature of using environment variables in sudoers file.
View 9 Replies View RelatedI want to prevent users changing the wallpaper, as i couldn't found any direct method I thought of preventing the /usr/bin/gnome-appearance-properties being running,
I know that the user also can set the wallpaper without running that . But didn't found any other way .
I tried to use SELinux to it and I'm stuck at writing a own policy.
According to SELinux, it prevents everything ., but as i have mapped the user to a SElinux user ,even though he can use administrative tasks , he can run the appearance window. that means he has got the permission from a different policy , Currently I'm stuck at this place.
Suitable way to prevent the wallpaper being changed by the normal users.
I've a Linux box with few users (with shell). I would like to prevent normal users see all the processes running on the box. How can I implement this?
View 1 Replies View RelatedI am on ubuntu server and its joined to an W3k Domain thru winbind/samba. However everything works fine and Windows and Local users can login to the machine without any problem. However when I wanted to create a local user X and change his password I couldn'tIt created the local user X but I could not change the password. Here are the outputs:
Pam configs:
Common-account:
account sufficient pam_winbind.so
[code]...
I am using Mandriva 2010.2 KDE. When I try to change my password, using the Welcome>About Me>Change Password, I am asked to type in my current password, after I press OK, the dialogue box just seems to hang, nothing happens, the computer does not freeze, just the password dialogue box kind of stops responding.
View 3 Replies View RelatedI am on ubuntu server and its joined to an W3k Domain thru winbind/samba. However everything works fine and Windows and Local users can login to the machine without any problem. However when I wanted to create a local user X and change his password I couldn't. It created the local user X but I could not change the password.
View 1 Replies View RelatedI already posted a topic similar to this concerning the Desktop OS version, but this deals with the Netbook because unlike the Desktop, the Netbook is less cooperative. Allow me to elaborate: Today (or rather yesterday since it's not after midnight where I am), I changed my password because I was hopelessly confounded about how to get my Wireless Network card up and running after it had been installed and I was allowing my dad to use it. This issue has since been resolved, however...
When I chose my password during the original installation, there was no mention of it being "too simple." This is where the Desktop OS and the Netbook OS differ. The desktop will let me change it in the terminal without any errors. The Netbook will not. When I've attempted to revert it back to the original, it will not let me do so in the User Profile or in the Terminal. The Passwords and Encryption Keys application also does not appear to help.
So now even after I've changed it to a different "complicated" password I am still prompted to insert two different passwords since I changed my user password but I am unable to change the password I input during the installation. A bit screwy methinks. This is extremely important. I'd like to know how to change the original installation password.
If I can't change the main password on my laptop then this is a serious potential security breach just waiting to happen (especially since it's on a laptop and I will be hauling it around with me) and I will most likely install a different OS if this isn't resolved --- It would be very unfortunate since I spent the whole day fixing it and I really enjoy the interface. Luckily I can live with this on my Desktop since I'm not going to be hauling it around with me everywhere when the school year starts.
Is it possible to change the log in password? Someone set this up for me and the password is too simple.
View 5 Replies View RelatedWhen I installed Fedora selected the option to encrypt the hard drive. I want to change the passphrase, is there a way to change the passphrase, or do I have to re-install Fedora?
View 3 Replies View RelatedI need to be able to capture a users password when they login. I am well aware of the security issues with this and I'm ok with this.
We run a call center and I am working on migrating from windows to Kubuntu for the callers. It's policy that all callers must report their password to me, so I already know of everyone's password. There has to be some variable/script that I can "hack" to get the password they typed in to the login screen.
What I'm trying to do is that when a user logs in in for the first time, their profile is automatically created and set up. Setting up network drives, email, pidgin (which the password is stored in plain text anyway, so forget about security on that one), web apps, etc.
Trying to find information on How to capture a users password and all have been responded with the usual lecture on why you shouldn't do this. So I've heard it all before and I know of the risks. Like I said, I already have the callers password on file. If I could capture it, I wouldn't have to manually setup each profile every time we get a new caller, which is often since turnover is quite high in call centers.
How to allow users to change their password in chrooted ssh as long as the modifications in the shadow file in the chrooted environment will not be applied on the system itself ?
View 2 Replies View RelatedWhen I first installed 9.04 (from scratch), I chose the option to have my entire account encrypted... I used the same password as my login password, and wrote down the key hash that it displayed for me just like instructed... everything was working terrific...Well, yesterday, I wanted to change my account password. I changed my account password, and it took effect immediately (I tested it by using "sudo -s" to see if I could elevate to root from the terminal... worked just fine). Being satisfied with my new password, I shut my computer down...
The next time I started it up and tried to log in to my account, it I put in my username and password and pressed enter, and it accepted it just fine, and started to boot to my desktop... it then immediately prompted me with something about "your session lasted less than 10 seconds, try starting in failsafe mode" or something along those lines, and immediately booted me out and back to the gdm login screen... I thought it was just a glitch so I tried again... same thing... gave me the "less than 10 seconds" prompt and booted me back to the gdm...
I thought maybe my filesystem became corrupted, but I didn't give up... I attempted to login to my fiancee's account, and it worked just fine! Using her account, I was able to quickly and safely boot into her desktop environment with no errors...I opened a terminal and used the "su" command to access my account... When I did this, it gave me some kind of error and told me to run ecryptfs (can't remember exactly which command... now). I ran ecryptfs and put in my NEW password... it told me that the passphrase was incorrect. So just out of curiosity, I ran it again, and this time put in my OLD passphrase, and it worked immediately! At this point, I realized that my gdm login password got changed, but my ecryptfs passphrase did not, and the two were not matching up (I assume that on login, gdm passes this password on to ecryptfs, and that when the two did not match up, it was booting me out with the whole "session lasted less than 10 seconds" prompt...)...
So what I did at this point was, while logged into my girlfriend's account, I "su"'d into my account, and used the passwd command to change my password back to my OLD password... once the password was changed back successfully, I restarted my computer and tried to log into my account from the gdm... worked perfectly this time with the old (original) password...When you change your session password, shouldn't it automatically change the encyrption password to match? Or at the very least, warn you that if your account is encrypted, you must take further steps to make these two passphrases match? Also, what command would I use to change my "ecryptfs" password to manually match my session password?
I've set up a user account for friends & colleagues that does NOT require a login password. Unfortunately, in this OS some things don't work unless you login -- sudo Must regular users have AND use Root's password?
View 9 Replies View RelatedI recently was able to network 2 computers at home and I wanted to make my password more secure. When I try to edit my password via System>Administration>Users and Groups, it doesn't workI am able to edit my user settings. When I change my password I enter my old one and it accepts my new one. Problem is when I try to install programs, login and do other things it only accepts my old password. How can I change my password?
View 3 Replies View RelatedI don't know if this is Just my Machine, or not. But here is it:
Ubuntu 10.01
Acer Aspire 7740
When the computer is locked. I can smiply go to switch users. when the list of users logins are shown all i have to do is click on my user name and it allows me into my account without typing in a password. I can lock the computer manually or wait for it to time out it doesn't matter. the switch users method allows me to bypass the password protection.
I am facing a really weird kind of issues where my boss has asked me block everybody from changing their wallpapers and put a default one there.
View 11 Replies View RelatedSometimes when starting applications, especially with Wine, the screen resizes to a much lower resolution. Sometimes when I close the application & usually when it crashes/I have to kill it, the screen stays at that much lower resolution. To get my normal 1900*1200 resolution back I have to delete all the applets I've put in the top menu bar to for there to be enough space for the menu to appear for me to select System>Prefs>Monitors.How can I prevent an application from altering my resolution & just force it to run windowed, or at a higher resolution?
View 1 Replies View RelatedRunning Centos 5.5 64bit. Sometimes I boot this instalation in real machine, sometimas using vmware workstation. The problem is that these environments have different network interface cards - as soon as kudzu detects that network device changed it renames ifcfg-eth0 to ifcfg-eth0.bak and places new default ifcfg-eth0.
Is it possible to command kudzu to leave ifcfg-eth0 as it is ?
i would like to prevent all users other than the user "parker" on my system from using the su or sudo commands. I have not attempted to modify the sudoers file so it just contains the standard root ALL = (ALL) ALL.
View 5 Replies View RelatedIf there is a simple way to prevent accidental shutdown when the following situation occurs:
Sometimes, I log in on my father's computer to run some administrations' tasks (updates...). For that, I use SSH since I'm frequently far from my parents and what I want is to prevent a shutdown run by my father. Of course, he should be able to turn off by himself if nobody else is connected.
Molly-Guard allows to prevent distant shutdown, my request is a kind of complementary software.
Does anyone know a project which could fit with this request? Do you have simple ideas to write a short code I know bash, perl, python...
Is there a way to avoid changing the wallpaper/Desktop background other the onces which come as default on fedora?
View 1 Replies View RelatedI have a box with multiple users on it and I want everyone to be able to have full access to their home folders, but not be able to see the contents of /home/ or another user's home folder (I.E. bob has full access to /home/bob but cannot access or even see the contents of /home/john)Right now users can see other user's home folders but can't modify what's inside. How do I prevent them from seeing the contents at all?
View 1 Replies View RelatedI have a box with about 30-40 users on it, and I need to prevent a certain group of users from using sudo at all. Is this even possible.
View 4 Replies View RelatedWhat is the best way to prevent some user run some command? For example every body can run at and batch command and 3 or 4 special users prevent run these command?
View 7 Replies View Related
