Ubuntu :: Protecting Files From Other Physical Computer Users
Mar 14, 2010
I occasionally have friends using my home computer. They just use my account.There are some files that I want to hide/protect from people using my computer. It's not that I need highly secure encryption, it's more like I want to make sure people don't accidentally see my porn collection if they borrow my computer to check their email.Is there a way to set up a folder such that it's required to enter a password (e.g. the admin password) to see it's content? Probably I could change the owner of the folder, so that I can't access it without password?How do you protect/hide your secret or intimate files?
It seems that AppArmor can't be effectively used to protect read access to files from users (including roots). It is possible to create a profile for, eg, 'cat', but then the users can use 'less'.Is this true? Should use SELinux instead for this?
I am currently using linux on my old system (store bought Gateway). I am building a new computer for Christmas. This is how I want things to go down: Set up new computer > install new hard-drive (as primary) > install (this) hard-drive (as secondary) > copy full contents from current drive to new drive > boot from new drive > Use (this) hard-drive from there on out as a backup/storage.
Will this work? Will a new mobo/processor combo mess any with my current system as a whole? I know that when I use to use gentoo everything was compiled "system specific", however, I do not believe ubuntu operates this way (well they are both goign to be a 64bit capable processor, which I think is about as specific as ubuntu gets)
Furthermore, I will be transfering my current videocard (GeForce 9800 GTX+) into the new system, so I will not need to configure any new video drivers. But what about audio? I currently use onboard audio, and will be using the new mobos audio as well.
When I have different people log into our ftp and browse to the same folder, some people see the files inside, some don't. all the user accounts are in the same group, which has permission to this folder. but the one user who can see the files is the owner. how can i fix it so everyone in that group who's the owner of the folder can see the files?
Since upgrading from 9.10 to 10.04, the "Switch User" functionality no longer works. I had hoped that upgrading to 10.10 might resolve the issue, but no joy. I am using 32bit Ubuntu 10.10 on a Levono R51 laptop, with three users. 9.10 was installed from a LiveCD, and I have partitioned the hard drive so that OS is in the first partition, and the three home directories are in the second partition (just in case I need to do a complete re-installation from LiveCD). Most of time only one person uses the laptop, but if a second person tries to switch from the current session and log in, they are greeted with the following;
-- a black horizontal line (approx top quarter of the screen) -- a purple background with the Ubuntu title and 5 red dots (lower 3/4 of screen) -- but no login screen -- moving the mouse renders a white box (approx 1x1 inches) with some black marks
The original user can recover their session with Ctrl-Alt-F7, but this essentially makes the laptop only usable for one person (one active login) unless the original user logs off.
I am having issues with sharing an external hard drive with other users on a computer. For example if I reboot and login with user A and then logout and login with user B, I am not able to mount the external hard drive. If I reboot and login with user B first, I can then access the external hard drive with user B but not user A. Is there a way that both users can use the drive without having to reboot every time?
I am assuming this is some sort of security issue. If I login with the second user and go to /mnt/external harddrive I get a permission error."You do not have the permissions necessary to view the contents of "External Drive"." If I login with the first user and try to set the permission it doesn't give me the ability?
copy the users to one computer to another?I've tried to copy the /etc/passwd , /etc/shadow and /etc/groups but when arrives in the login screen it's like it can't open the screen and try again and again...
I've just added my wife as a seperate user on my desktop and have a question about shared network folders. So /etc/fstab mounts network folders from a second computer and until today I've mounted them to /home/David/NetworkData
This of course means that when my wife logs in she won't see them since they're not mounted to her home folder. So what folder should I use and what tricks so that we both have it visible and accessible in Places from the top menu?
I have a LAMP box which runs on Ubuntu 8.10 on it. I am looking to password protect the web directory, so when a visitor accesses any site within they are prompted for a username/password. Is there a package available?
In the organization where I work, we are working on a project written using PHP. It is a small project. Is there any software which will allow us to protect the code somehow? I am not a developer here so I have got not much idea about it and most of the developers are .Net developers and it allows protecting code and developers need something like that.
I need to make it so that someone who is using my computer, logged in with my user name, is prompted by a window in the GUI if they try to access a certain folder. Logging in with a different user name is not an option, so "chmod"ing, "chown"ing or encryption is out. I picture something similar to what happens when you try to access GParted, Synaptic Package Manager, etc. When you try to access those, a window pops up prompting you for the root password. The reason being is that my wife uses my computer, logged in as me. She doesn't ever log out and log in with the user name I set up for her because it's "inconvenient." She's also not computer savvy whatsoever. Also, my kids run around like maniacs and my 3 (almost 4) year old knows how to click on things and type without knowing what she's doing. This has resulted in some deleted/changed files such as spreadsheets with important financial data and or Cisco configs in them. I would like to leave my computer on without having to watch over it all the time. Ok, I know there are threads in various forums all over the place with people who have asked this question, but nobody ever seems to actually provide an adequate answer or solution to the original poster as far as I can tell. (I have been searching for two hours on Google with no results). I am running Debian Squeeze. I am not necessarily a "beginner" anymore, being that I can move around and do pretty much anything I used to be able to do when I used to run Windows (yuck), but this is definitely something that is a bit over my head.
There are a few requirements, however. -No creating new users or having to log in as another user -I do not want to simply "chmod -r", "chmod ###", or "chown" the directory -I also understand you can encrypt directories, but that's not what I need.
I want to make an upload directory, where people in the network can upload some files but i want to make sure that they cant delete the whole directory. Is this possible?
How can I configure a single computer to work for multiple simultaneous users? I would like to have multiple keyboards and monitors on a single PC ... Is it possible? This set up I'm planning for CyberCafe, For cyberCafe business ROI is very slow... so was planning to have something like this....
-single CPU (Which would act as a server) -Multiple monitors, keyboards, Headphones etc....
If this works out then I would save a lot on my investments (OS cost, Hardware devices, electricity etc)
Intrepid Ibex (U8.10) is what I am using presently and I would like to know if there are measures that I can take to prevent my ISP from keeping data that flows between my PC and it.
I am living in Australia, I am wanting to keep the bastards (read: Australian Government) ignorant about what I use my PC for.
Its them storing any of my personal information that I am worried about, but if I can keep my history from them completely, even better...
Every developer in our organization has access to a single development server and all development ( other than basic experimentation ) is done on this server. This is primarily because there are several interdependent systems and having copies of these systems on each developers machine slows that machine down to the extent of making it completely unusable. All developers access this development server using ssh. Of course this implies that scp will also work as the sshd daemon is running making data vulnerable.
We are currently attempting to secure the code and data on this server from unauthorized copying and transfer.
Currently I am attempting to set up virtual machines on each developer machine that can then be used to connect to the development server. I have created a shell that does nothing but allow for the typing of one command that simply transfers ( ssh login ) the user onto the development server.
I am using virtualBox and ubuntu mini to achieve this.
Problems: The first question is if this is a reasonable way to achieve what I am attempting to. Is there a better way?
The others is more in terms of the set-up: I am attempting to resize the virtualBox console. I tried this by editing grub. Although I am able to resize the screen at start-up the entire screen goes back to ( what I believe is 800x600 ) after the Ubuntu splash screen.
The virualBox seems to have completely messed up the keyboard detection how can I rectify this?
The other is regarding the restricting of shell access I have currently done this by removing access to /bin/ for normal users. Is this secure enough or is there a better way?
I'm using Debian Stretch with Gnome and Cinnamon. My desktop computer sports an nvidia geforce 970 gpu (this may be relevant, and it is the reason I had to go with stretch.) I'm not a very experienced linux user but I get along fine.
I'm sharing my computer with my mom and whenever we have to switch users, the computer seems to shut down for 35 seconds: the screen doesn't receive signal anymore. After a new user is chosen, it takes another 35 seconds to get to her session. This is embarassing because my os runs on an ssd and everything else is nice and fast. At first I thought it may be a matter of us two not using the same window manager or not using the "default" window manager, but changing window managers didn't work.
Today I learned about the existence of /var/log/syslog and I decided to check what happened to it when I switched users. I can't post the whole log of what happens because it is too big, but I put it on pastebin : [URL] ....
I understand almost nothing of what is written here, but I saw some interesting things:
- after 35 seconds intervals where nothing is logged, there is a stall on cpu detected (lines 68, 500) - my gpu seems to have something to do in all this
Let's say I have a directory called dir1. In it, I have these files: A1, A2, A3 belong to user "userA", files B1 and B2 belong to "userB". Both users are in group "groupNO", but the files are in group "groupYES".What I want is this: if someone tries to mount the folder by NFS (or could it be done withSamba?), as userA, they can only see (or read) files A1, A2, A3,as userB, they can only see (or read) files B1 and B2,as a user in groupYES, they can see and open all the files.This is just the principle. If I need to sort them into directories or use another program on the server-side, that's fine with me. I just want the user to just have to mount the folder over the LAN with a user name and password. I'm fairly sure I can do it by SFTP, but, again, I want the client to be able to MOUNT the folder on their local machine over the LAN no to user a special client.Is that possible? Do I need LDAP? (From what I understand, LDAP is separate from the OS-level mounting process, which is not what I want.)
The line in bold is the security issue. There is only 1 user account on the system. There should only be 1 user logged in, not 2 users logged in. The remainder of the log file lists 1 user logged in, for similar log output. 2 users logged in does not appear again in the log file.
Does the second line of bold indicate that an attempt was made to log in to the system using SSH?
There was an internet connection interruption (no service) around the time of the log file event. The service did return, later.
Does that line indicate that an unauthorized user logged in to the system?
I want to have a shared area for movies, music, etc. where files are available for all users. What is the best way to do this? I've tried a few different things, (ie. creating a folder and sharing it among a group, but for some reason it doesn't seem to work the way I want it to. I'm now thinking maybe have a partition like /share and set the permissions to all in fstab, but I'm not sure.
There's something I would like to do. It's simple, it MUST be possible. I can't find any way to do it by Googling it. I'm must be looking for it in a wrong way.Let's say I have a directory called dir1. In it, I have these files: A1, A2, A3 belong to user "userA", files B1 and B2 belong to "userB". Both users are in group "groupNO", but the files are in group "groupYES".
What I want is this: if someone tries to mount the folder by NFS (or could it be done with Samba?), as userA, they can only see (or read) files A1, A2, A3,as userB, they can only see (or read) files B1 and B2,as a user in groupYES, they can see and open all the files.This is just the principle. If I need to sort them into directories or use another program on the server-side, that's fine with me. I just want the user to just have to mount the folder over the LAN with a user name and password. I'm fairly sure I can do it by SFTP, but, again, I want the client to be able to MOUNT the folder on their local machine over the LAN no to user a special client.Is that possible? Do I need LDAP? (From what I understand, LDAP is separate from the OS-level mounting process, which is not what I want.)
I have a server setup with all my web development stuff in /var/www and in several sub-folders within that. (each project having it's own folder)It works great with one FTP account. But recently I've been getting help on a projects from a buddy of mine that freelances, and have made him an FTP user account as well. All is fine, except for when he tries to edit a file and gets a permissions error.
Here's the issue, I don't want us to have the same FTP login, but all the files are currently owned by my user name. So, when he logs in to edit a file, he can't because I'm the owner, and the files are set to 744. Will I cause any harm by adding both users to the same group (www-data) and chmod'ing the files to 775 so that we can both access and modify the files?
I just realized that I can access other users files and they can access my files simply by using the console to navigate the file system, Its not that big a deal, I am the only one using the computer but this seems like something is not configured correctly. Should each user be able to look at and modify each others files by default? (On Xubuntu 10)
I've got a NAS running and I'd like to somehow make some of the folders and files invisible to certain users only. For example, if I 'ls' a directory, I want to see files 'a', 'b', and 'c'. But if another user does 'ls' in the same directory, I only want them to be able to see 'a' listed.I know I can use 'chmod +700' to make certain files not able to be read/written, but the filename would still appear in a 'ls'.I know I can put certain files inside of a '.hidden' file in the folder, but then it would be hiEdit : I'd also like to mention that the users that connect to the NAS could be coming from Windows or Mac operating systems. So hopefully the solution would work for users from those systems also..
I am running Ubuntu 10.4 I am coming from a windows background and I want to know what is the proper way to share files among multiple users on the same Linux box. In this particular case, I will be sharing jpg images.
I do not have any shares defined and I am not (to my knowledge) running Samba.
I have two files with user DN's that exported from two different LDAP directories. I wanted to write a script that reads(checks) users (cn=user1) in file Ack to see if users(cn=user1) exists in file B and give me nice output with what users are missing in file B.I have around 30k users in file A with following format..Quote:
