Security :: Ubuntu 10.10 Is Not Allowing Amin Privileges To Admin User, Even Tho Sudo Works?
Feb 21, 2011
i am relatively new to ubuntu. Just recenty i have not been able to access certain files(for example the history and bookmarks in the firefox folder), download files individually from the internet(music,fonts,etc), recieving an error message
Quote: Originally Posted by firefox error console
Error: [Exception... "Component returned failure code: 0x80520015 (NS_ERROR_FILE_ACCESS_DENIED) [nsIFileOutputStream.init]" nsresult: "0x80520015 (NS_ERROR_FILE_ACCESS_DENIED)" location: "JS frame :: file:///usr/lib/firefox-3.6.13/components/nsSessionStore.js :: sss_writeFile :: line 2944" data: no][code]...
i have sudo priveleges and can install via update manager. i read somewhere that compizfusion might affect access permissions and i do use compiz and emerald at the same time.
View 9 Replies
ADVERTISEMENT
Jan 11, 2016
receive bash notice: "jim is not in the sudoers file."Just finished my first Debian install several hours ago, my first go around w/Debian. Installed 8.2 DVD ISO on USB. Had this issue from my first use in BASH, not a forgotten password problem. So 2 questions:
1) I'll be installing Debian again, and want to avoid this in future. There were 2 inputs on setup for name (my full name) and user (installer offered my first name which I accepted). 2 inputs for Password as well: I used the same password both times (have done this w/Mint & Ubuntu w/out issue).
2) How to fix this? Tried this: URL...however, neither keystroke got me to "rescue" prompt as article suggests. Several other articles presume an admin with privileges has sudo access to modify sudoers file.
I have multi-boot setup in BING environment (MBR, not EFI). I am booting from a GRUB2 ISO using grub commands as I still need GRUB installed in my boot partition until I can get cmd line access. I'm able to get a session on boot with the same password I used in setup.
View 14 Replies
View Related
May 6, 2011
i have centos5.3 i want to create user with non admin privileges he is unable to see contents of server only he will able to login nothing else
View 12 Replies
View Related
Jan 6, 2010
Original HOWTO can be found at: [URL]... So the other day I was in IRC and someone had brought up a problem where they created a new Administrative user, but didnt have rights to use sudo. Looked into the problem a little bit to figure out what was wrong, and it turns out that when you create a new user through the user manager (in kubuntu, anyways. Havent tested in Gnome.) the user gets added to the adm group, however, a quick look at the sudoers file shows that its looking for users in the admin group to allow the use of sudo. So, to solve the problem we do the following: If youre on the new admin user (which Im assuming you are) use the following commands:
Code:
su [insert username of old account without brackets]
sudo usermod -G admin [username of new admin account without brackets]
exit
Then simply logout, and then log back in (not always necessary, but the easiest way to flush the permissions.)
Code:
su [insert username of old account without brackets]
Means were going to Switch User to the old admin account
Code:
sudo usermod -G admin [username of new admin account without brackets]
This simply adds the admin group to the secondary group list for the new user
Code:
exit
Pretty self explanatory
View 4 Replies
View Related
Jul 19, 2011
So, I'm not quite sure what the difference is? Is it that sudo allows you to "borrow" superuser privileges, whilst su allows you to actually log in as superuser? Also, when I sudo [command] and get prompted for a password, after I input it, things work just fine, but if I su, and then get prompted for a password, I can't log in as superuser... Why is this?
View 9 Replies
View Related
Sep 14, 2010
A regular (non admin) user can create a Truecrypt 7.0a file, but it can't be mounted. The admin password is refused. If you try the regular user password, the error is that you are not on the sudo list.
View 1 Replies
View Related
Feb 15, 2011
I have previously set up sudo via adding my name to the wheel group and then giving full privileges to the wheel group in the sudoers file. Now I choose to learn to limit that. Had noticed the most frequent use I have of sudo is to run yum update. This got me thinking, could I remove the wheel group privileges and add the following line in sudoers to limit the privilege to simply running yum, and furthermore, make it so I could run yum without a password:
## Allow root to run any commands anywhere
rootALL=(ALL) ALL
Troy ALL= NOPASSWD: /usr/bin/yum
I think that would in fact work (if I understood one of the pages here, it will work). However, upon further thinking I realized that in such a case then anyone sitting at my computer could then use yum, without a password, to install or remove any file on my system � probably not a good idea. As a result I have to ask, can I tighten the privilege even further such that the only privilege so given was to run �yum update� and nothing else? (for example if they ran �yum install� it would fail). If you can do it, how?
Last, I was going to limit the privilege, time wise and try wise, by adding the following to the sudoers file:
# Defaults specification
Defaults:Troy timestamp_timeout=0, passwd_tries=3
Will that really work to limit the elevated privilege so I don't have elevated privileges lingering about, or is there a better way to do so?
View 3 Replies
View Related
Apr 11, 2010
I have searched somewhat this forum but haven't yet found a similar post using the keywords I entered but perhaps there is already a similar post then please refer me to it.I am trying to add a user account "Guest" to allow people on my laptop without giving them access to vital parts of the computer. Basically, I want them to only be able to view their own home directory and access internet. Nothing more.I have set the group to "guest" and changed the other home directories of other users to owner access only.
Guest still has access to root and is still allowed to perform actions in various critical areas (deleting files from for example my Windows 7 partition). This I also want to prevent. I was thinking to set each directory's permissions to Owner and Group only and remove Others access.My questions:
1. Will this have any undesirable impact (programs of main user accounts not able to access certain directories)? For guest user I don't care as long as internet works.
2. When I start User Manager and disable for Guest all options except "access internet" (so I also disable access to CDROM), the guest can still access the CDROM. Does this mean the User Settings menu has no effect or is overruled by something?
View 9 Replies
View Related
Nov 6, 2010
Is there any way to user can increase or lower his privileges? I tried by "semanage login" but it works only for admin i think. I would like for example change range form s0:c0 to s0:c0.c10 and vice versa.
View 6 Replies
View Related
Sep 13, 2010
I'm running 10.04 running daily updates. A couple days back, I saw an update related to mounting volumes. Not sure if this is what broke my system, but might be. When attempting to mount a partition from nautilus, I get a message saying I do not have authorization. It does not even ask for my password, just fails. I tried running updates and this asks for my password and accepts it fine. I opened disk utility from the menus and tried to mount the volume from there but also got the same permission denied, not authorized without even being asked for my password.
I then ran gksu palimpsest. I was asked for my password and was able to mount and unmount partitions from there. However, when mounted, my applications and nautilus cannot access the data in the partitions mounted using gksu palimpsest. In nautilus, I can navigate to /media/Data (the partition in question) but I get "THE FOLDER CONTENTS CANNOT BE DISPLAYED You do not have the permissions necessary to view the contents of "Data"." When I open nautilus via gksu in the terminal, I do have full access to the partitions.
How do I get my privileges back for my user account. I am the only user on the computer, and I have never set up a root account since my upgrade to 10.04 months ago. I tried of course the Administration->Users and Groups menu, but I am not permitted to change the account type or open advanced settings. I click the button, but nothing happens, not even a password request. Running gksu admin-settings on the terminal allows me access. My current settings are attached.
View 8 Replies
View Related
Jun 15, 2010
I'm trying to edit a "xl2tpd.conf" file but it always says I have no write permission tried to add my account to admin group but it says something about not able to lock on password try later.
View 3 Replies
View Related
May 24, 2011
In our group we use NIS and have a group set up called netadmin which is given root privileges on each machine. Each machine also has a localuser called localuser created and used during installation. When logged in as a member of netadmin, attempting any action that requires root privileges (e.g. installing software in Ubuntu Software Center) results in a prompt asking for localuser's password, not the current user's password.
Does anyone know the cause? Configuration issue or Ubuntu issue? We can get around it.
View 2 Replies
View Related
Nov 12, 2010
I recently installed Maverick Meerkat on a hand me down laptop. And noticed that when I entered the password for admin privileges to install from the update manager, a key icon appeared on the top bar. I moused over it and saw I could use THAT to end privileges before the 10 minute grace was up. I should have thought of it before, and, small as it is, I thought this was a great feature.So, when I upgraded from Karmic Koala to Lucid Lynx on my desktop, I thought that feature would be there, but it's not.So first I'm wondering if it's there, but just not default. If so, how do I get that icon to appear? If not, how do I otherwise end admin privileges early?
View 3 Replies
View Related
Mar 15, 2011
Also, how can I change between the two?
View 4 Replies
View Related
May 11, 2010
I'm having a permissions problem with Ubuntu and apache. There are two users, I'll just call them A and B. All of the files belong to A and group root. I'm logged in as B and I have admin privileges. My website is working just fine but when I create a directory in the web root, change the owner to A on the directory and all files I still get a Permission Denied error when I try to access it from the web. I've also set permissions to rxwr-xr-x on the directory and all the files. So I don't understand what's going on. Why am I still getting a permission denied error?
View 1 Replies
View Related
Nov 5, 2010
i have a program from windows that requires a .bat file for installation, i open it with Wine Windows Program Opener and opens the CMD, if i opened this in windows it would install because i am on the admin account but will not if i am not admin, opening it on here it thinks i am not admin, how can i make it think i am? here are screen grabs,
it shows this for a few seconds....
Screenshot-1.jpg
then shows this, pressing return closes the window
Screenshot-2.jpg
i am using Ubuntu 10.04 LTS - Lucid Lynx
View 3 Replies
View Related
Jan 18, 2011
I am trying to get a non-root account on one of our servers to run a script with sudo capability. To that end, I went into the /etc/sudoers file, and added the following syntax:
Code:
## Enable the nagios user to run the check_iptables.sh script as root
nagios ALL=NOPASSWD: /usr/local/nrpe/libexec/check_iptables.sh, /sbin/iptables
I restarted the nagios service, and tested the results. The results were the user account still could not run the script due to the user, nagios, not having permission to run the iptables binary.
Is there another step(s) that I need to take in order to get the sudo access available to the user account?
View 1 Replies
View Related
Feb 19, 2010
Stumped on this one. I'm trying to set up limited sudo authority on a desktop with some sensitive user data, and as an extra precaution I wanted to configure sudo to use a password other than the user's or the root's. I'm not sure how to do this. From the manual, we have a few options, such as "runaspw" or "targetpw", but none seem quite what I'm looking for.For instance, "runaspw" could be used if I created a user for nothing other than sudo(ing) purposes, but it requires you set "runas_default", which means that said user would have to have authority to execute said commands in the first place. This is workable, but seems like a lot of extra configuration for each specific command that I want to run, as well as creating some issues with simply commands such as "shutdown" or "reboot". Also, "targetpw" can be used in conjunction with a sudo(ing)-only user if I set an alias, but, again, this isn't quite what I am looking for.
Ultimately, what I am really concerned about in this situation are keystroke loggers, so I would prefer to avoid repeated entering the user or root password when performing administrative tasks. Also, I would prefer not having to create a sudo(ing)-only user as mentioned above to prevent a comprimised password resulting in an attacker being able to log into my system.
View 3 Replies
View Related
May 1, 2010
After freshly installing Lucid Lynx and tinkering for some time to get everything just how I like it, I managed to somehow remove myself and all other users from all groups. Now, obviously, I've restarted and I don't have root privileges as I am no longer a member of admin group. So I am somewhat stuck. I've looked at this page: [URL]. But annoyingly, there is no grub menu appearing on boot up (unlike previous Ubuntu versions). So I'm appealing for your help to either:
a) Show me how I can bring up the grub menu so I can access ubuntu in safe mode
b) Show me another way of accessing the system with root privileges. (Would using chroot from the Live CD work? I just thought of that now so I'll try it).
View 3 Replies
View Related
Dec 17, 2010
I have a pdc with a samba file share and have multiple xp workstations that can install programs from the server and share files, but I have 2 new windows 7 machines that I have edited the registries on and joined the domain with but cannot install programs from the pdc even though they have root accounts. I have tried to change folder privileges from the workstations but I am not allowed.
View 2 Replies
View Related
Sep 26, 2010
I often get responses from people who first say: "Are you sure? You want your network to be exposed to the outside world?" I am not experimenting on a Production Server of NASA or any Security Concern Department. Friends, there is no harm in experimenting on your personal computer or on a test computer which is isolated from the production environment. Look at hackers! What do they do? If they don't know how security is breached then how would they come up with security measures?
If my question reads... "How to let any user perform Administrative Tasks on a Linux System irrespective of his/her privileges on that particular system?" then I would not get the right answers in the first place. They will say... "You are letting everyone destroy your system... are you sure you want to do that?" My question is: Why should we restrict ourselves from experimenting even if it sounds weird to other people?
I give you an example where it is desirable to let an unprivileged user perform certain tasks. You want to know if there are any employees in your office who are storing videos in their home directory and filling up the disk space to a great amount. You have a department called "Command Center or Data Center Operations or Help Desk" call it whatever you would, whose work is to monitor such activities, and you create an account "monitor" for them to monitor such activities but they are not able to do them:
[Code]..
View 8 Replies
View Related
Oct 15, 2010
One user in my company wants to run some flush cache queries on a MySql database, it needs "reload" privileges of Administration, how secure is to give this rights to a normal user ?
View 2 Replies
View Related
Jan 10, 2011
I downloaded a driver for my printer today and I opened it in the terminal. Then a window popped up saying "This opporation requires root (administrative) privileges. Please enter the administrative password below:" I typed in the same password that I use when authorizing the installation of programs from the Ubuntu Software Center and I tried it multiple times. Each time, it rejects the password. I even tried downloading something else from the software center, just to make sure the password was correct, but the system had no problem with the password when downloading from the software center. So, is my software center password different from my administrator password?
View 9 Replies
View Related
Feb 12, 2010
Would it be safe to say that if I build a restricted user: "Desktop" or "unprivileged" user I will be ok? From what I understand - most scripts or applications cannot install without the 'sudo' prompt and user input.
View 8 Replies
View Related
Dec 19, 2010
I made a Desktop User account. When I went on that account, it allowed me to execute sudo as if I was an administrator. I don't know what might be causing this. I do have ufw set up and blocking incoming connections. Do you guys know what might be at the root of this?Also, when I used sudo from the user account (which I shouldn't have been able to do), I provided the password for my admin account.
View 9 Replies
View Related
Apr 15, 2010
I was adding me and my bud to a new group I created, but I used -G instead of -g as the tutorial suggested, I think this removed me from all other groups and put me in the new one. The same with my bud. Now I dont have sudo privileges, nor does my bud, and we have not set a password for the root account.
Code:
sudo ls -l
USER@SERVER:/var$ sudo password for USER:
USER is not in the sudoers file. this incident will be reported.
USER@SERVER:/var$
View 2 Replies
View Related
Mar 8, 2010
is there a way to allow a program mounting a drive without requiring it to ask for sudo password (apart from running it with sudo)? To be more specific, I'm annoyed by the sudo password request by TrueCrypt whenever it needs to mount a volume.
I've thought about creating another user, allowing it to mount volumes and then running TrueCrypt as this user at boot. I don't know whether GNU/Linux allows for such policies... maybe I should look into SELinux?
EDIT: For the issue at hand (encrypted USB stick both on Windows and Linux), I'm investigating FreeOTFE. I'm still curious about the privileges issue, anyway.
View 3 Replies
View Related
Aug 2, 2011
I can't get sudo users-admin to run. This is the error I get:
Gtk-ERROR **: GTK+ 2.x symbols detected. Using GTK+ 2.x and GTK+ 3 in the same process is not supported aborting...
View 2 Replies
View Related
Jul 31, 2010
i want to create a sudo user, sudo user should not start or stop the service. as like a normal user i created a user called root2 and i edited the user with visudo command and added the below line to the user root2 and got the full privilages.
root2 ALL=(ALL) ALL
i commented the below line ##Cmnd_Alias SERVICES = /sbin/service, /sbin/chkconfig eventhough the sudo user root2 can start and stop the service which i dont want to give that privilage.
View 3 Replies
View Related
Jul 8, 2010
I've got a problem in doing sudo working for mounting things (e.g. usb pen or optic discs). Details:The OS: Slackware 13.0The response to sudo -l command:
Code:
User user1 may run the following commands on this host:
root) /sbin/shutdown -h now, /sbin/shutdown -r now
[code]...
View 3 Replies
View Related
