Ubuntu Security :: Guest Account Able To Authenticate As Root
Jun 25, 2011
I am trying to use a guest account in Ubuntu 10.10 however I am unable to stop the guest account from authenticating as a superuser and gaining root permissions dispite removing all permissions from the user-group control panel. The new guest account I created is not part of the admin group. However, with my new guest account I am unable to start a guest session from the panel, AND if I use the guest session from the panel I dont have the problem with the guest session being able to authenticate. How do I prevent super user authentication from an account in this situation? It seems that any account can authenticate and my /etc/sudoers file looks like this:
# /etc/sudoers
#
# This file MUST be edited with the 'visudo' command as root.
#
# See the man page for details on how to write a sudoers file.
#
Defaults env_reset
# Host alias specification
# User alias specification
# Cmnd alias specification
# User privilege specification
root ALL=(ALL) ALL
# Allow members of group sudo to execute any command
# (Note that later entries override this, so you might need to move
# it further down)
%sudo ALL=(ALL) ALL
#
#includedir /etc/sudoers.d
# Members of the admin group may gain root privileges
%admin ALL=(ALL) ALL
View 9 Replies
ADVERTISEMENT
Jan 26, 2011
I spill my soda on my keyboard and ended up in a 4 day war with my pc.Now my tab, capslock, left shift, and down vol no longer works. I'm going to take it into the shop in the next couple of days to probably replace the keyboard. (If only lenovo kept the easy access keyboards like ibm had on the thinkpads). Something tells me that they will want to log in and test out the keyboard. So I created a guest account with a simple password. I changed my normal user home dir to 770 permissions and changed guest's shell to /bin/rbash. (both found in other posts.) Is there anything else I should do to secure the computer while it is in the shop?[I use su, sudo isn't configured to work (its a dependency so I can't uninstall)]. I have a pretty decent root password.
View 10 Replies
View Related
Nov 20, 2009
fedora 10 and im trying to set up some user accounts on a computer. My current problem is that we set up 2 root accounts and we need both to be able to authenticate. So far this works on the command line but whenever i'm on the GUI it seems that it only allows root to give its password for things. How do i enable the second account to do that as well.as a note, i am doing this for someone else so i have little to no control how this is set up, so please, i am not looking for reasons why this is not a good idea i would just like to figure this out
View 2 Replies
View Related
Mar 16, 2009
I have a local file server running Samba on Fedora 9. It's already configured and serves a few people without any problems. I am now trying to set up a new read-only share with the username 'guest' and the password 'guest'. However, with no success so far! If I log on as 'guest' with the password 'guest' like so:
Code:
su - guest
No problem. Once logged in, if I try:
Code:
smbclient //samba/share
I'm prompted for a password. If I enter 'guest' I get:
Code:
session setup failed: NT_STATUS_LOGON_FAILURE
If I enter nothing (null) I get:
Code:
Anonymous login successful
Domain=[RIVER] OS=[Unix] Server=[Samba 3.2.8-0.26.fc9]
tree connect failed: NT_STATUS_LOGON_FAILURE
View 8 Replies
View Related
Aug 25, 2010
Can i login to my server using my root account and create a public+private key for one of my users and then manually paste it into his authorized_keys file and give him the private key?
The user im giving it to has a chrooted FTP account...
Is it still ok that i used the root account to create it? He is not going to have root access or nothing is he? This is not a security breach in any way is it?
The user doesn't have shell access to create their own so this is the only way i can think of doing it...
Also what access should the user have to their .ssh folder + the authorized_keys file...?
Are they allowed to read the key? What about write?
View 9 Replies
View Related
Nov 11, 2010
If root is disabled by default, how is it possible that someone managed to SSH into my computer using root? I never enable/set password for root, it's always left as the default as per a fresh install and I always use sudo for any admin tasks.Auth.logFirst there are a whole load of failed attempts then...
Code:
Nov 8 11:07:32 Morris-Desktop sshd[3601]: Failed password for root from 94.243.50.53 port 4360 ssh2
[code]...
View 9 Replies
View Related
Mar 22, 2010
Is there any way to access the guest account without having to go through the Gnome Panel? I'm using Cairo-Dock and disabled the Gnome Panels since it just gets in the way, but the only way I know to get access to the guest account is through gnome panel.
View 6 Replies
View Related
Sep 14, 2010
I enter guest session and try to install an app. I am asked for a password, I try with mine (for my account) but it seems to be incorrect(logical). Well how can I find the password for the guest account???
View 3 Replies
View Related
Oct 7, 2010
I am using ubuntu 10.04LTS on a tosh Satellite A210-12U lappy. Hardware wise its all working well. I also have firefox 3.6.10 A)Firefox....i have recurring history issues. If i set it to privacy/custom settings it wont save cookies.If i try and clear the history it wont clear and the history remains in the history list on the menu bar..its generally inconsistent/unreliable I have done some reading and there is some mention of a corrupted file and deleting the ~mozilla folder?
View 1 Replies
View Related
Apr 13, 2010
I configuring samba under Fedora 12, i just set in samba dialog Server Settings->Security and choose guest account: apache. The account is exist io the Samba Server, now i try to login from Windows to Linux share, server asks me login and password, however when i set apache as login and not set password, server asks me login again as the password is incorrect. As i understand under guest acount can login any windows user without the password.
View 4 Replies
View Related
Jul 7, 2011
I have a Windows domain with a proxy. I have an account that can use the proxy and the URL that points to the proxy.pac file. this might seem a stupid question but can anyone tell me how do I enter the username and password for my test Windows account so that Debian can authenticate it?
View 1 Replies
View Related
Jul 9, 2011
Lots of password threads, but I didn't see this.
Installing Debian 6.0.2.1 amd64 on a Dell Optiplex 740.
The default install (simple graphical) works OK. But when I install "graphical expert", the same root password seems to be OK during the install, but doesn't work when the system comes up.
A. I have used a very short pw. It worked before.
B. The root pw is the same as the user pw. It worked before.
I am installing from CD and from DVD, both downloaded and burned as iso. In both cases, I asked for "graphical desktop" and "standard utilities", no servers, no laptop, no SQL.
View 14 Replies
View Related
Feb 5, 2011
i am having problems with privileges i have created a new user with my name, but i cant get root privileges on it. i need the same privileges as the root profile.
View 9 Replies
View Related
Jun 9, 2010
I have fedora linux as an operating system on my laptop but each time I try to install a new program it prompts for an authenticate root password of which I have no idea. I wanted to install windows xp on it but each time I do so it prompts"se-linux denial" on the base that the source is not trusted as i didnt authenticate it.
View 7 Replies
View Related
Jul 14, 2011
I've started to get emails that would typically come from [URL] as [URL]. These emails come from services that send out emails (backup programs) directly, or from cronjobs. I've logged in as the non-root account and either sudo su - or su - to root and the restart the service at one point or another. If I login directly as root and bounce the service or cron the emails come across as from root. I don't see anything in my environment variables after I su to indicate what would cause this. I'm not sure where else to look? A pam setting? This seems to have happened between Fedora 10 and 14 (did a bunch of overdue upgrades recently) I've only got Fedora so I don't have anything to compare to. In Fedora 10 I did not have this problem.
View 2 Replies
View Related
Oct 12, 2010
I have some important cgi files run on top of Apache inside cgi-bin directory.My requirement is to once user try to access the cgi file authenticate using Active Directory username/password. If user enter the correct domain credentials only user aloow access to the page in any time user trying to access otherwise not. I configured this using htaccess and htpasswd.But in this case I need to manually configure username/password for htpasswd file. Instead of this I want to authenticate with the Active Directory.
View 1 Replies
View Related
Nov 22, 2010
is there any solution for authentication of ethernet users.something similar to daloradius for wifi.I dont want to use pppoe. is there any way to connect daloradius with dhcp server, so when certain mac address asks for IP first daloradius will look if it is allowed.
View 11 Replies
View Related
Feb 10, 2010
I am trying to log into a server with a particular account. Let's say I don't know the password for that account. Can I do this using ssh? I am wondering if it is possible to do it in one command, instead of logging in as root and running su.
View 4 Replies
View Related
Sep 11, 2010
i need to find a way to securely authenticate a decryption mechanism of some sort where the authentication is provided remotely without any user-interaction. Right now i have a number of boxes that all inform a central server when they are online. When they do this an OpenVPN connection is set up between them and the server.
However, i have been given the task to ensure that the scripts involved in this process are encrypted by default. This requires some form of self-decryption, which to my mind kind of goes against the whole idea of encryption/authentication in the first place. I need some way to leave decrypted the bare essentials required to boot a box and securely connect to the central server automatically. Then the server would automatically send a key/passphrase and the rest of the files on the box would then be decrypted on the fly.
View 4 Replies
View Related
Feb 5, 2011
I was changing my GUI settings in XFCE in my root user account on Xubuntu when suddenly I was logged out and the computer shut down.
(I have done this before with no such trouble...)
Now I can't log into my root account all I get is a blank screen for a few seconds then I'm back at the log-in screen, the other account works fine.
(This is on my Xubuntu 10.10 laptop BTW...)
View 5 Replies
View Related
Mar 3, 2011
I try to use FTP to put new files and catalogs on my server and I always run into problems that I have not the right to create catalogs and files in the named catalogs and so on, it is very annoying.Is there a way around this problem or do I have to activate root account to not run into these problems all the time? I have worked with different UNIX-versions and variants for the last 15 years at least and have always had access to root account, why is it so dangerous to have access to root account in ubuntu?
View 3 Replies
View Related
Feb 23, 2010
one thing i can't seem to be able to do is give the guest account just these permissions: using firefox (or other browser) and using one file directory and using a text editor. means the guest can browse the net and sefe some infos form that - nothing more. the previous version had something like that, it was really easy for me, a noob, to do it with two or three clicks. if this possibiility exists, what to do. if it's not implemented... maybe it should be. 'cause many people let others use the computer but don't want any complications...
View 6 Replies
View Related
Mar 17, 2010
How can I enable the root account (for login) in ubuntu 9.10?
View 9 Replies
View Related
May 11, 2010
I unlock the root usr accout, but how can i log it on?
View 3 Replies
View Related
Oct 8, 2010
A while back I don't know what I did but I messed up my root user account and now the password that I think is supposed to be for the account doesn't work anymore.In an attempt to fix it I rebooted and went into recovery mode and then edited the sudoers file. This appears to have been good enough to be me by but now I'm running into problems installing or changing configurations in gnome. For example, I just installed Asterisk via the terminal the other day and had no problems because I could use sudo. But just now I tried installing Gastman via the Ubuntu Software Center and of course it asked for the root password.I entered my usual root password when I use sudo and it doesn't work.
I then went to the terminal and entered sudo apt-get install gastman and it worked fine becuase I used my sudo password for my account. So it seems I can do things just fine via the terminal but when in gnome it doesn't work. I went into the Users and Groups section in Gnome to attempt to set or change the root password but of course I have to unlock the application which requires the root password.
View 4 Replies
View Related
Nov 10, 2010
I just installed ubuntu 10.10. i downloaded java and was about to install before i realise i don't have root account.
View 2 Replies
View Related
Mar 30, 2011
I've got an old computer around that I've put Ubuntu server 8.04 on.At the moment, this is only a little hobby of mine purely for educational purposes. (Great for learning Linux!) After using this tutorial:URL...for setting up a LAMP-server, I'm trying to figure out is whether or not setting up a root-password is necessary or not. I think the tutorial is really great for a newbie, but it consistently uses su instead of sudo.I'm aware of the fact that setting a root-password isn't recommended in the documentation, but don't you need a root-account to be able to run tools such as webmin?
View 8 Replies
View Related
Aug 31, 2010
I'm trying to use my root account for the ftp. Now, he can connect but when i come in the map "home" its empty (in the ftp) but he can't get the information.
whats wrong whit my conf
vsftpd.conf:
Code:
anonymous_enable=NO
local_enable=YES
write_enable=YES
local_umask=022
[Code].....
View 10 Replies
View Related
Mar 22, 2009
I have an encrypted /home partition but would like to set up a guest account for my brother. Obviously, encryption doesn't work so well when you give out the key so what I'd like to do is specify a different, unencrypted location as a home directory for the guest account so he doesn't need access to that partition. Is there a way of doing this?
I've got fedora 10, dual boot with windows, 2 hard drives, 1st is NTFS windows. 2nd is split into a swap, ext3 for the OS, and an encrypted partition for /home.
View 2 Replies
View Related
Jul 1, 2009
so, sometimes happen that while I'm on my pc comes my mom and say "can I look a things 10 minutes?", this means that I have to leave my computer in her hands for ten minutes... enough to make something wrong! In ubuntu there is a usefull button "start guest session"..but here in fedora I can't find it...So, I create a new user and I called it "Guest" and I eliminated the password, so they can access also without me... but I have some problem:a) I set the home directory of this guest in /tmp/guest thinking that in this way everytime the home directory will be clean... but this doesn't work...b) is there a way to prevent in all cases this account to autenticate as root? So, if they try to install something it hasn't to show the box "autenticate as root", it has to say only "you can't"
View 14 Replies
View Related
