Ubuntu Security :: Drop Elevated Privileges Through Terminal
May 2, 2011How to Drop all elevated privileges through terminal?
View 7 Replies
ADVERTISEMENT
Ubuntu :: No 'Drop Elevated Privileges' Icon?
Nov 1, 2010I believe the thread title says it all: I do not (always) see an icon that allows me to drop elevated privileges before time runs out. I've been trying to find the settings for this for an hour or so, but couldn't find it. Does anyone know where to look?
View 1 Replies View RelatedUbuntu :: Change The Length - Elevated Privileges Are Up?
Mar 28, 2011I get really annoyed when I am in command line or doing a big purge of software and I have to enter my root password every minute or so.
How to change the length my elevated privileges are up?
Ubuntu :: Drop All Elevated Priviledges?
Oct 10, 2010Whenever i mount any disk to ubuntu,and after typing the password, a new icon is created on the taskbar which says "click here to drop all elevated priviledges".
The icon is of harm even i click it or not but i was just curious to know more about it.
Ubuntu :: Why Does A Key Drop All Privileges Appear
Aug 20, 2010Why does a key drop all privliges appear? I will reply Tuesday, Going UpNorth
View 1 Replies View RelatedSoftware :: NTP Error - "Failed To Drop Root Privileges"
Jun 5, 2010I encountered an issue after installing NTP on a VM running CentOS 5.5. (I installed it using the standard "yum install ntp".) When I attempted to start NTP, it would fail to sync with the NTP servers, but seemed to start ok. If I checked its status, though, I would see that there was a dead PID file in /var/run, and that it wasn't actually running. Checking the /var/log/messages file, I would see this each time I attempted to start it.
Jun 5 03:46:25 cent01 ntpdate[31933]: cap_set_proc failed.
Jun 5 03:46:25 cent01 ntpd[31936]: ntpd 4.2.2p1@1.1570-o Sat Dec 19 00:56:13 UTC 2009 (1)
Jun 5 03:46:25 cent01 ntpd[31937]: precision = 1.000 usec
[code]....
Ubuntu Security :: Wireshark Security Root Privileges?
Mar 25, 2010Having read on the forums about some of the dangers of running Wireshark as root, I would like to know if anyone can suggest some alternative packet sniffers/network analyzers which will offer similar results but without the security issues. I am using Karmic Koala on a Fujitsu Siemens laptop with wireless router (firewall enabled)
View 7 Replies View RelatedUbuntu Installation :: Get Root Privileges In The Terminal?
Jun 20, 2010changing the su password so i can install things. I was told to replace it with sudo because it is locked. I did this but i didnt work, it said my permissions are denied. How do i get root privileges in the terminal?
View 1 Replies View RelatedUbuntu Security :: Remove All Privileges From CWD?
Jan 21, 2010I am on the admin account of my computer and am trying to remove all privileges from CWD i have tried
chmod go-rwx ~
sudo chmod go-rwx ~
but when i pull up
ls -l ~
It is still showing permission in the g and o column.
Software :: How To Drop Down Into Terminal Mode
May 6, 2010I'm trying to exit X entirely and use the console to install my nVidia drivers, I have a .run file. I've tried all of the normal commands like init 3 and everything, killing the X process, Ctrl Alt F1, Ctrl Alt Backspace, but nothing wants to work. What do I need to do?
View 13 Replies View RelatedUbuntu Security :: Restricting User Privileges
Apr 11, 2010I have searched somewhat this forum but haven't yet found a similar post using the keywords I entered but perhaps there is already a similar post then please refer me to it.I am trying to add a user account "Guest" to allow people on my laptop without giving them access to vital parts of the computer. Basically, I want them to only be able to view their own home directory and access internet. Nothing more.I have set the group to "guest" and changed the other home directories of other users to owner access only.
Guest still has access to root and is still allowed to perform actions in various critical areas (deleting files from for example my Windows 7 partition). This I also want to prevent. I was thinking to set each directory's permissions to Owner and Group only and remove Others access.My questions:
1. Will this have any undesirable impact (programs of main user accounts not able to access certain directories)? For guest user I don't care as long as internet works.
2. When I start User Manager and disable for Guest all options except "access internet" (so I also disable access to CDROM), the guest can still access the CDROM. Does this mean the User Settings menu has no effect or is overruled by something?
Ubuntu Security :: Any Way To Change Password For Root Privileges?
Jul 10, 2011I've been using Ubuntu for like a year now. Whenever I want root privileges I just type sudo and enter my User password. I wanna know if there's a way to change this, in a way that My User password is: "ABC" and the password needed to have root privileges is: "ABC123". I have no problem using the terminal, I actually prefer it to any GUI, it just seems easier to me.
View 3 Replies View RelatedUbuntu Security :: Sudo Versus SU And Superuser Privileges
Jul 19, 2011So, I'm not quite sure what the difference is? Is it that sudo allows you to "borrow" superuser privileges, whilst su allows you to actually log in as superuser? Also, when I sudo [command] and get prompted for a password, after I input it, things work just fine, but if I su, and then get prompted for a password, I can't log in as superuser... Why is this?
View 9 Replies View RelatedSoftware :: Desktop / Terminal Emulator And Drop Down Console
Jun 22, 2009I want to leave KDE (too bloated, got less than 300-400 megs free mem of 4G, mostly consumed by kde&friends) and I need some lightweight replacements for:
1. Desktop: lightweight, highly configurable, with utilities out of the box for: window switching (i.e. fluxbox doesn't have it and it makes me nuts), run command (usually alt+f2, I'm very used to it), virtual desktops.
2. Terminal Emulator: konsole is a very comfortable tool, highly customizable and I like it very much, but again it's very resource expensive. What do I need: no cursor blinking (gnome developers, why do you think it's comfortable? it's killing people), multitab,
utf support, shortcuts customization.
3. And probably a drop-down console like yakuake or tilda (both are consuming too much resources). Requirements are the same as for terminal emulator.
I've spent a week trying to find something fitting this requirements and found nothing.
What I've tried:
Desktops:
fluxbox, openbox, blackbox and other *box:
Major:
1. No window switching dialog
2. Awful run dialog (had to hack it so it reports at least something)
3. No window highlights in tray
4. Lots of problems with window focus minor:
- some awkward position dialog on window movement
- hardly customizable - need to change configs. (yes, I want this to be done via mouse and configuration dialog because it is easier and faster)
icecwm:
Major:
1. looks like a time traveler from 80's
2. problems with window switching
3. no run dialog (had to make it work with grun)
Minor:
1. hardly customizable
Terminal emulators:
lxterminal - mostly ok:
1. awful blinking cursor
2. I've got ctrl-shift mapped to language switching and I'm very used to it.
Tried to hack it: cursor - np, key bindings - bunch of problems, I don't know why, but GDK_CONTROL_MASK | GDK_MOD1_MASK doesn't work = tried to find some widget for setting accelerator keys - no luck.
eterm - very nice:
1. no multitabbing that sux...
mrxvt - the best, but doesn't have a utf support
A bunch of other libvte-based terminals with the same bugs:
1. No configuration options (that stupid cursor blinking and keybindings are hardcoded)
Drop down:
1. tilda - too heavy, no key bindings customization
2. yakuake - the best, but too heavy
3. yeahconsole - didn't even start with screams: 10 XError request
Ubuntu Security :: Group Permission - Access Privileges On Several Folders
Jul 9, 2010I have a problem access privileges on several folders like this one
Code:
It clearly says that I have owner and group read write and search (it's a directory) privileges.
I login as user master part of group events
Code:
But I can't access the folder (Permission denied).
Ubuntu Security :: Keys In Notification Area Prompting Change To Privileges
Mar 28, 2010Since reinstalling Ubuntu 9.10 and learning how to get the Notification Area working properly:
I've noticed an bunch-of-keys icon appearing intermittently in my notification area.
It appeared about 20 mins ago. I hovered the mouse over it and it generated the following text:
"Click on the icon to drop all elevated privileges"
I right-clicked on the icon, thinking I might learn something more about it. But it disappeared. No other messages were given.
It appeared again about five or ten minutes ago. I did not click on it. But it disappeared of its own accord after a minute or two.
What is this? Should I have clicked on it? What have I done? How can I get this bunch of keys under my control?
Ubuntu Security :: Lost User Privileges To Mount Volumes From Naultilus?
Sep 13, 2010I'm running 10.04 running daily updates. A couple days back, I saw an update related to mounting volumes. Not sure if this is what broke my system, but might be. When attempting to mount a partition from nautilus, I get a message saying I do not have authorization. It does not even ask for my password, just fails. I tried running updates and this asks for my password and accepts it fine. I opened disk utility from the menus and tried to mount the volume from there but also got the same permission denied, not authorized without even being asked for my password.
I then ran gksu palimpsest. I was asked for my password and was able to mount and unmount partitions from there. However, when mounted, my applications and nautilus cannot access the data in the partitions mounted using gksu palimpsest. In nautilus, I can navigate to /media/Data (the partition in question) but I get "THE FOLDER CONTENTS CANNOT BE DISPLAYED You do not have the permissions necessary to view the contents of "Data"." When I open nautilus via gksu in the terminal, I do have full access to the partitions.
How do I get my privileges back for my user account. I am the only user on the computer, and I have never set up a root account since my upgrade to 10.04 months ago. I tried of course the Administration->Users and Groups menu, but I am not permitted to change the account type or open advanced settings. I click the button, but nothing happens, not even a password request. Running gksu admin-settings on the terminal allows me access. My current settings are attached.
Fedora Security :: Any Way To User Can Increase Or Lower Privileges?
Nov 6, 2010Is there any way to user can increase or lower his privileges? I tried by "semanage login" but it works only for admin i think. I would like for example change range form s0:c0 to s0:c0.c10 and vice versa.
View 6 Replies View RelatedSecurity :: Escalated Privileges - Determine/change Duration?
Jul 18, 2010Ubuntu 10.04
When I execute a sudo or gksu evolution (e.g. synaptic package manager) I find that the escalated privileges remain in effect for a period of time. Sometimes, not often, the notifier applet shows an icon indicating that escalated privileges are in effect.
What I would like to know:
What is the default amount of time which escalated privileges remain in effect on my system?
Is it possible, if so how, to change this amount of time?
Security :: Ubuntu 10.10 Is Not Allowing Amin Privileges To Admin User, Even Tho Sudo Works?
Feb 21, 2011i am relatively new to ubuntu. Just recenty i have not been able to access certain files(for example the history and bookmarks in the firefox folder), download files individually from the internet(music,fonts,etc), recieving an error message
Quote: Originally Posted by firefox error console
Error: [Exception... "Component returned failure code: 0x80520015 (NS_ERROR_FILE_ACCESS_DENIED) [nsIFileOutputStream.init]" nsresult: "0x80520015 (NS_ERROR_FILE_ACCESS_DENIED)" location: "JS frame :: file:///usr/lib/firefox-3.6.13/components/nsSessionStore.js :: sss_writeFile :: line 2944" data: no][code]...
i have sudo priveleges and can install via update manager. i read somewhere that compizfusion might affect access permissions and i do use compiz and emerald at the same time.
Ubuntu Security :: Actions Requiring Root Privileges Asks For Wrong User ?
May 24, 2011In our group we use NIS and have a group set up called netadmin which is given root privileges on each machine. Each machine also has a localuser called localuser created and used during installation. When logged in as a member of netadmin, attempting any action that requires root privileges (e.g. installing software in Ubuntu Software Center) results in a prompt asking for localuser's password, not the current user's password.
Does anyone know the cause? Configuration issue or Ubuntu issue? We can get around it.
Ubuntu Security :: Configure Ufw To Drop Icmp Echo Requests?
Jul 12, 2010I've been trying to configure ufw to drop ping requests for a couple days now, and I can't figure it out. I've tried a couple different methods in some different guides, still nothing. Anyone know how to do this?
View 4 Replies View RelatedUbuntu Security :: Reject Versus Drop For Outbound Traffic
Apr 15, 2011I understand the difference between Reject vs Drop for incoming traffic, but are there any differences between reject and drop for Outbound Traffic? Are there reasons to pick one over the other or are they functionally identical when talking about Outbound traffic?
View 6 Replies View RelatedUbuntu Security :: IPTables - Setting Default Rules To All Chains As DROP
Jun 30, 2010I've read the instruction about setting up the iptables rules to filter all port except HTTP, SSH, FTP. I require first remove all default iptables rules and set default rules to all chains as DROP:
# Set default-deny policies for all three default chains
$IPTABLES -P INPUT DROP
$IPTABLES -P FORWARD DROP
$IPTABLES -P OUTPUT DROP
Then allow only some ports:
#Accept inbound packets that are part of previously-OK'ed sessions
$IPTABLES -A INPUT -j ACCEPT -m state --state ESTABLISHED,RELATED
# Accept inbound packets which initiate SSH sessions
$IPTABLES -A INPUT -p tcp -j ACCEPT --dport 22 -m state --state NEW
# Accept inbound packets which initiate FTP sessions
$IPTABLES -A INPUT -p tcp -j ACCEPT --dport 21 -m state --state NEW
# Accept inbound packets which initiate HTTP sessions
$IPTABLES -A INPUT -p tcp -j ACCEPT --dport 80 -m state --state NEW
# Log anything not accepted above $IPTABLES -A INPUT -j LOG --log-prefix "Dropped by default:"
But I hired a VPS from other country so the only mean I can manage it is via SSH. If I setup the default rule to DROP first, I afraid that I can no longer connect via SSH to tell iptables allow SSH
So my question is:
- Does the IP tables take effect immediately after I input a rule?
- Is there any mean to run this as a batch job (create a script and run all these rules one time).
- My VPS has a web control panel which have a terminal via web. Is this a native terminal or just a connection via port 80 or 22?
Ubuntu Security :: Drop Igmp Port 0 Packets With Iptables Rule?
Jan 3, 2011how can i drop igmp port 0 packets with iptables rule? my log file is full of this router advertisement.
View 2 Replies View RelatedSecurity :: How To Write Iptables Rules To Control Drop All Connection
Feb 23, 2010I have setup my linux fedora server and i want to restrict access to my server.Basically i control using iptables.I'm not sure how to write an iptables rules to control drop all connection to port 8080 and allow only certain ip can access the instance on port 8080 example ip=10.254.14.16,192.168.1.10.
View 3 Replies View RelatedFedora Security :: Limiting Sudo - Giving Full Privileges To The Wheel Group In The Sudoers File
Feb 15, 2011I have previously set up sudo via adding my name to the wheel group and then giving full privileges to the wheel group in the sudoers file. Now I choose to learn to limit that. Had noticed the most frequent use I have of sudo is to run yum update. This got me thinking, could I remove the wheel group privileges and add the following line in sudoers to limit the privilege to simply running yum, and furthermore, make it so I could run yum without a password:
## Allow root to run any commands anywhere
rootALL=(ALL) ALL
Troy ALL= NOPASSWD: /usr/bin/yum
I think that would in fact work (if I understood one of the pages here, it will work). However, upon further thinking I realized that in such a case then anyone sitting at my computer could then use yum, without a password, to install or remove any file on my system � probably not a good idea. As a result I have to ask, can I tighten the privilege even further such that the only privilege so given was to run �yum update� and nothing else? (for example if they ran �yum install� it would fail). If you can do it, how?
Last, I was going to limit the privilege, time wise and try wise, by adding the following to the sudoers file:
# Defaults specification
Defaults:Troy timestamp_timeout=0, passwd_tries=3
Will that really work to limit the elevated privilege so I don't have elevated privileges lingering about, or is there a better way to do so?
Security :: Drop Inbound Traffic To Port 80 (http) From Source Ports Less Than 1024?
Feb 1, 2011I'm simply trying to make a little restriction on www packets under two rules:
1. Allow inbound/outbound www packets (works!)
2. DROP inbound traffic to port 80 from source ports less than 1024. (DOES NOT WORK!)
Now, technically, when i use hping to test my rules, hping3 192.168.100.100 -S -p80 -s 1023 I should NOT receive any packets. However, i still receive packets, which means my rule that says less than 1024 does not work. (see below)
And this is my iptables rules in shell-script so far:
#!/bin/sh
DEFAULT_NIC=eth0
SERVER_IP="192.168.100.100"
ALLOWED_WWW_PORT=80
IPT="/sbin/iptables"
[Code].....
General :: Java / Applying Elevated Permissions When Running A Particular .jar File?
Apr 11, 2011regarding user permissions:
I have user A who owns a .jar file
I have user B. who needs to run the .jar file
I have Java which is owned by root.
I would like to work out whether/how user B can run the .jar file, in Java, with the permissions of user A. As I understand it, a running process in Linux typically takes the permissions of the user who executes it. However, the way I'd like to configure user B, the permissions I want them to have wouldn't be sufficient for the process to successfully run.I know you can also set a process to take the permissions of the owner of that process, but in this case the actual... executing process would be Java, which runs the .jar file, and I def. don't need this, let alone every single instance of Java on my server, to execute with root priviledges. So like I said, basically I am trying to work out how to let user B run this specific process with the process elevated to this set of priviledges which user B otherwise does not have.
I recently started running a Minecraft server for myself and some friends and am running it via Linux. I'd like to set things up so that a friend of mine can, as needed, telnet into the server and restart Minecraft as needed, as well as a couple of other things, without giving this friend the same access rights I've given myself to the same files. The minecraft server process runs in a screen, and I've worked out where screen can be set up so multiple users can get into it. However, if I'm running minecraft under my own user name, then that seems like it will just end up letting my friend, from his account, screen into my own account. SO the brilliant idea I had was, what if I had one user account which only existed to run the server, which both me and my friend could screen into as needed, which wouldn't have any more rights to anything than my friend has with the exception of being able to execute this one .jar in Java.
General :: Security - Let Any User Perform Administrative Tasks On A System Irrespective Of His / Her Privileges On That Particular System?
Sep 26, 2010I often get responses from people who first say: "Are you sure? You want your network to be exposed to the outside world?" I am not experimenting on a Production Server of NASA or any Security Concern Department. Friends, there is no harm in experimenting on your personal computer or on a test computer which is isolated from the production environment. Look at hackers! What do they do? If they don't know how security is breached then how would they come up with security measures?
If my question reads... "How to let any user perform Administrative Tasks on a Linux System irrespective of his/her privileges on that particular system?" then I would not get the right answers in the first place. They will say... "You are letting everyone destroy your system... are you sure you want to do that?" My question is: Why should we restrict ourselves from experimenting even if it sounds weird to other people?
I give you an example where it is desirable to let an unprivileged user perform certain tasks. You want to know if there are any employees in your office who are storing videos in their home directory and filling up the disk space to a great amount. You have a department called "Command Center or Data Center Operations or Help Desk" call it whatever you would, whose work is to monitor such activities, and you create an account "monitor" for them to monitor such activities but they are not able to do them:
[Code]..