Ubuntu Security :: Prevent Users From Changing Settings
Jun 15, 2011
I am administrating a system with about 40 or 50 users, and we recently jumped ship from windows to ubuntu. Most of my users are getting along fine, but it seems every few days, i have to help someone who accidentally changed something, and now their account (or more rarely, the machine) is unusable, and has to be reset.
I know configuring /etc/sudoers is a huge step toward fixing my problem, but that still will not completely solve it. What I would like to do is prevent users from making ANY changes to the system (aside from their work files and the like), including themes, icons, desktop, background, etc.
View 2 Replies
ADVERTISEMENT
Jul 17, 2010
I use the following method for preventing the users from changing their passwords , is there any other method other than this ?ls -l /usr/bin/passwd-rwsr-xr-x 1 root root 37140 2010-01-26 12:09 /usr/bin/passwdso we need to remove the suid for that command as follows :- chmod u-s /usr/bin/passwdnow normal users won't be able to change their own passwords - and only the root user will be able to do it for them.
View 9 Replies
View Related
Sep 30, 2010
'readonly HISTFILE'
but the user could tamper with the histfile itself. Like:
rm -f $HISTFILE;
rm -f $HISTFILE; mkdir $HISTFILE;
rm -f $HISTFILE; ln -s /dev/null $HISTFILE;
I'm experimenting with PROMPT_COMMAND to execute a command each time the user executes a command and so log it somewhere else.This post was pruned from the 2009 Is there a way to prevent users from changing or unset their HISTFILE variable? thread. Please do not resurrect old threads but instead create your own (and maybe provide a link to the old one).
View 2 Replies
View Related
Jul 17, 2010
I use the following method for preventing the users from changing their passwords , is there any other method other than this ?
ls -l /usr/bin/passwd
-rwsr-xr-x 1 root root 37140 2010-01-26 12:09 /usr/bin/passwd
so we need to remove the suid for that command as follows :- chmod u-s /usr/bin/passwd now normal users won't be able to change their own passwords - and only the root user will be able to do it for them.
View 4 Replies
View Related
Feb 4, 2010
How can I prevent users from changing their own password? I was surprisingly unsuccessfull in finding a solution for this on google. Lots of stuff about hardening ssh access or dealing with password aging using "chage" but nowhere could I find an answer for my question.
View 5 Replies
View Related
May 21, 2009
I want to prevent users changing the wallpaper, as i couldn't found any direct method I thought of preventing the /usr/bin/gnome-appearance-properties being running,
I know that the user also can set the wallpaper without running that . But didn't found any other way .
I tried to use SELinux to it and I'm stuck at writing a own policy.
According to SELinux, it prevents everything ., but as i have mapped the user to a SElinux user ,even though he can use administrative tasks , he can run the appearance window. that means he has got the permission from a different policy , Currently I'm stuck at this place.
Suitable way to prevent the wallpaper being changed by the normal users.
View 1 Replies
View Related
Dec 30, 2010
I've a Linux box with few users (with shell). I would like to prevent normal users see all the processes running on the box. How can I implement this?
View 1 Replies
View Related
Dec 3, 2010
The title says it; I want to prevent users from viewing the wireless network password.
View 9 Replies
View Related
May 11, 2010
I want the users to access servers via ssh public key only. By default they don't know their initial password and do need to change that when performing administrative tasks.For changing their passwords without knowing the old they need to switch to root for this special case.The only case it seems I don't have control is that users can not only change their password but also the password of other peoples. Does someone sees a solution (without apparmor/selinux and special /usr/bin/passwd.sh) to restrict users to only change their password?I miss the feature of using environment variables in sudoers file.
View 9 Replies
View Related
Sep 1, 2011
is everytime i reboot , my keyboard is reset to USA. im in canada & it pisses me off each time i need to change it also.all my options on EMESENE is the same issue always RESET.it's like if nothing keeps the changes once rebooted.
View 1 Replies
View Related
Jul 7, 2010
Sometimes when starting applications, especially with Wine, the screen resizes to a much lower resolution. Sometimes when I close the application & usually when it crashes/I have to kill it, the screen stays at that much lower resolution. To get my normal 1900*1200 resolution back I have to delete all the applets I've put in the top menu bar to for there to be enough space for the menu to appear for me to select System>Prefs>Monitors.How can I prevent an application from altering my resolution & just force it to run windowed, or at a higher resolution?
View 1 Replies
View Related
Jul 14, 2009
I am facing a really weird kind of issues where my boss has asked me block everybody from changing their wallpapers and put a default one there.
View 11 Replies
View Related
Jul 1, 2011
I have a box with about 30-40 users on it, and I need to prevent a certain group of users from using sudo at all. Is this even possible.
View 4 Replies
View Related
Aug 31, 2010
Running Centos 5.5 64bit. Sometimes I boot this instalation in real machine, sometimas using vmware workstation. The problem is that these environments have different network interface cards - as soon as kudzu detects that network device changed it renames ifcfg-eth0 to ifcfg-eth0.bak and places new default ifcfg-eth0.
Is it possible to command kudzu to leave ifcfg-eth0 as it is ?
View 2 Replies
View Related
Aug 26, 2010
Ubuntu Lucid, Asus T101MT tablet netbook.
Background Info: Normally the microphone doesn't work with some applications such as Empathy or the new Google Talk plugin for Linux. The workaround I'm using (and I don't know why this works) is to unlock the left and right channels in Pavucontrol and set one channel to zero, and to boost volume I set the other to max.
Issue: The Google Talk plugin is resetting the channels to be locked together. This is pretty frustrating because now they have free calling and I have no cell reception in my dorm room.
View 2 Replies
View Related
Jul 24, 2010
i would like to prevent all users other than the user "parker" on my system from using the su or sudo commands. I have not attempted to modify the sudoers file so it just contains the standard root ALL = (ALL) ALL.
View 5 Replies
View Related
Dec 30, 2010
If there is a simple way to prevent accidental shutdown when the following situation occurs:
Sometimes, I log in on my father's computer to run some administrations' tasks (updates...). For that, I use SSH since I'm frequently far from my parents and what I want is to prevent a shutdown run by my father. Of course, he should be able to turn off by himself if nobody else is connected.
Molly-Guard allows to prevent distant shutdown, my request is a kind of complementary software.
Does anyone know a project which could fit with this request? Do you have simple ideas to write a short code I know bash, perl, python...
View 3 Replies
View Related
Apr 21, 2011
Is it possible to have a user in Ubuntu/Debian that does not have access to synaptic, apt-get, dpkg and cannot even download anything from the Web, but has root privileges otherwise?
Original post (above translated by aimar) code...
View 2 Replies
View Related
Jun 15, 2010
I'm looking for a manner to prevent users from changing the desktop background/wallpaper and all other gnome configuration with booth Ubuntu and Kubuntu. This too (Abraxis, some years ago, have same my problem) [URL] do not solve the problem, for example if I change whit chown (*) own and group of this file to root /.gconf/desktop/gnome/background/%gconf.xml, at the next reboot file return in the previous state. (I don't like Pessulus).
(*)
chown root:root %gconf.xml
chmod 644 %gconf.xml
At the reboot file change automatically owner to "student", I don't know why?
View 1 Replies
View Related
Jan 10, 2011
Is there a way to avoid changing the wallpaper/Desktop background other the onces which come as default on fedora?
View 1 Replies
View Related
Dec 17, 2010
I have a created a wireless connection from the main admin account and checked the box saying "Available to all users", everything is working correctly. I only need to prevent the Desktop Users from switching the connection to another one.
View 4 Replies
View Related
Jul 8, 2010
I have a box with multiple users on it and I want everyone to be able to have full access to their home folders, but not be able to see the contents of /home/ or another user's home folder (I.E. bob has full access to /home/bob but cannot access or even see the contents of /home/john)Right now users can see other user's home folders but can't modify what's inside. How do I prevent them from seeing the contents at all?
View 1 Replies
View Related
Aug 6, 2011
What is the best way to prevent some user run some command? For example every body can run at and batch command and 3 or 4 special users prevent run these command?
View 7 Replies
View Related
Nov 1, 2010
We are trying to set up a classroom training environment where our SIG can hold classes for prospective converts from Microsoft/Mac. The ten machines will have /home/student01..10 and /home/linsig01..10 as users. We want /home/student01 to be able to explore and sudo so they can learn to administer their personal machines at home. We don't want them to be able to modify (sudo) /home/linsig01. I've seen the tutorial on Access Control Lists but I'd like other input so we get it right the first time.
View 3 Replies
View Related
Dec 8, 2010
In Linux, how do i prevent users from executing chown, chgrp or chmod?
View 2 Replies
View Related
Aug 3, 2010
I already posted a topic similar to this concerning the Desktop OS version, but this deals with the Netbook because unlike the Desktop, the Netbook is less cooperative. Allow me to elaborate: Today (or rather yesterday since it's not after midnight where I am), I changed my password because I was hopelessly confounded about how to get my Wireless Network card up and running after it had been installed and I was allowing my dad to use it. This issue has since been resolved, however...
When I chose my password during the original installation, there was no mention of it being "too simple." This is where the Desktop OS and the Netbook OS differ. The desktop will let me change it in the terminal without any errors. The Netbook will not. When I've attempted to revert it back to the original, it will not let me do so in the User Profile or in the Terminal. The Passwords and Encryption Keys application also does not appear to help.
So now even after I've changed it to a different "complicated" password I am still prompted to insert two different passwords since I changed my user password but I am unable to change the password I input during the installation. A bit screwy methinks. This is extremely important. I'd like to know how to change the original installation password.
If I can't change the main password on my laptop then this is a serious potential security breach just waiting to happen (especially since it's on a laptop and I will be hauling it around with me) and I will most likely install a different OS if this isn't resolved --- It would be very unfortunate since I spent the whole day fixing it and I really enjoy the interface. Luckily I can live with this on my Desktop since I'm not going to be hauling it around with me everywhere when the school year starts.
View 9 Replies
View Related
Oct 15, 2010
To avoid having to input a password for the keyring each time I connect to the net via wireless, I enabled the 'Available to all users' option in Network Manager. Now, my question is this. Are the 'users' it refers to just those created on this machine? Would a drive-by be able to use my network without entering the password?
View 3 Replies
View Related
Jul 14, 2011
Windows have many firewalls to prevent the system. But Ubuntu have few. Why is it so? Is it not needed to prevent Ubuntu or if it is prevented?
View 5 Replies
View Related
Sep 18, 2010
On a Dell 14n, 10.04. Mic problem: To use the mic jack/external mic, I need to have MIC 3 selected at SYSTEM/PREFERENCES/SOUND/INPUT To use the built in mic, I need to have MIC 1 selected
How can I get these mic's to work w/o having to change the settings each time I want to switch mic's.. so that if the mic jack is plugged in, then the external mic works. and if the mic jack is unplugged, then the built in mic works.
View 9 Replies
View Related
Oct 12, 2010
I was configuring the vnc server or remote desktop using the "gconf-editor" -- "desktop - gnome - remote_access" pane, and first I clicked on "disable background" to see if it was usefull or not to disable it (in terms of speed). It worked fine but sometimes when closing the connection, the background refuses to reenable, mantaining the black background...
That's ok, I decided to disable the feature and share via vnc the background as it is a wired net and I do not really need this feature.
My surprise is that now, whith the feature DISABLE (box unchecked), I cannot set a background, it is always black and I find no way to go back in this...
is this common, or something that can be "easily" fixed?
View 1 Replies
View Related
