Ubuntu Security :: Restricting User Privileges
Apr 11, 2010
I have searched somewhat this forum but haven't yet found a similar post using the keywords I entered but perhaps there is already a similar post then please refer me to it.I am trying to add a user account "Guest" to allow people on my laptop without giving them access to vital parts of the computer. Basically, I want them to only be able to view their own home directory and access internet. Nothing more.I have set the group to "guest" and changed the other home directories of other users to owner access only.
Guest still has access to root and is still allowed to perform actions in various critical areas (deleting files from for example my Windows 7 partition). This I also want to prevent. I was thinking to set each directory's permissions to Owner and Group only and remove Others access.My questions:
1. Will this have any undesirable impact (programs of main user accounts not able to access certain directories)? For guest user I don't care as long as internet works.
2. When I start User Manager and disable for Guest all options except "access internet" (so I also disable access to CDROM), the guest can still access the CDROM. Does this mean the User Settings menu has no effect or is overruled by something?
View 9 Replies
ADVERTISEMENT
Nov 6, 2010
Is there any way to user can increase or lower his privileges? I tried by "semanage login" but it works only for admin i think. I would like for example change range form s0:c0 to s0:c0.c10 and vice versa.
View 6 Replies
View Related
Sep 13, 2010
I'm running 10.04 running daily updates. A couple days back, I saw an update related to mounting volumes. Not sure if this is what broke my system, but might be. When attempting to mount a partition from nautilus, I get a message saying I do not have authorization. It does not even ask for my password, just fails. I tried running updates and this asks for my password and accepts it fine. I opened disk utility from the menus and tried to mount the volume from there but also got the same permission denied, not authorized without even being asked for my password.
I then ran gksu palimpsest. I was asked for my password and was able to mount and unmount partitions from there. However, when mounted, my applications and nautilus cannot access the data in the partitions mounted using gksu palimpsest. In nautilus, I can navigate to /media/Data (the partition in question) but I get "THE FOLDER CONTENTS CANNOT BE DISPLAYED You do not have the permissions necessary to view the contents of "Data"." When I open nautilus via gksu in the terminal, I do have full access to the partitions.
How do I get my privileges back for my user account. I am the only user on the computer, and I have never set up a root account since my upgrade to 10.04 months ago. I tried of course the Administration->Users and Groups menu, but I am not permitted to change the account type or open advanced settings. I click the button, but nothing happens, not even a password request. Running gksu admin-settings on the terminal allows me access. My current settings are attached.
View 8 Replies
View Related
Feb 21, 2011
i am relatively new to ubuntu. Just recenty i have not been able to access certain files(for example the history and bookmarks in the firefox folder), download files individually from the internet(music,fonts,etc), recieving an error message
Quote: Originally Posted by firefox error console
Error: [Exception... "Component returned failure code: 0x80520015 (NS_ERROR_FILE_ACCESS_DENIED) [nsIFileOutputStream.init]" nsresult: "0x80520015 (NS_ERROR_FILE_ACCESS_DENIED)" location: "JS frame :: file:///usr/lib/firefox-3.6.13/components/nsSessionStore.js :: sss_writeFile :: line 2944" data: no][code]...
i have sudo priveleges and can install via update manager. i read somewhere that compizfusion might affect access permissions and i do use compiz and emerald at the same time.
View 9 Replies
View Related
May 24, 2011
In our group we use NIS and have a group set up called netadmin which is given root privileges on each machine. Each machine also has a localuser called localuser created and used during installation. When logged in as a member of netadmin, attempting any action that requires root privileges (e.g. installing software in Ubuntu Software Center) results in a prompt asking for localuser's password, not the current user's password.
Does anyone know the cause? Configuration issue or Ubuntu issue? We can get around it.
View 2 Replies
View Related
Sep 26, 2010
I often get responses from people who first say: "Are you sure? You want your network to be exposed to the outside world?" I am not experimenting on a Production Server of NASA or any Security Concern Department. Friends, there is no harm in experimenting on your personal computer or on a test computer which is isolated from the production environment. Look at hackers! What do they do? If they don't know how security is breached then how would they come up with security measures?
If my question reads... "How to let any user perform Administrative Tasks on a Linux System irrespective of his/her privileges on that particular system?" then I would not get the right answers in the first place. They will say... "You are letting everyone destroy your system... are you sure you want to do that?" My question is: Why should we restrict ourselves from experimenting even if it sounds weird to other people?
I give you an example where it is desirable to let an unprivileged user perform certain tasks. You want to know if there are any employees in your office who are storing videos in their home directory and filling up the disk space to a great amount. You have a department called "Command Center or Data Center Operations or Help Desk" call it whatever you would, whose work is to monitor such activities, and you create an account "monitor" for them to monitor such activities but they are not able to do them:
[Code]..
View 8 Replies
View Related
Oct 15, 2010
One user in my company wants to run some flush cache queries on a MySql database, it needs "reload" privileges of Administration, how secure is to give this rights to a normal user ?
View 2 Replies
View Related
Nov 7, 2010
We set up a server with my friend (still newbies ) a couple of months ago using Ubuntu 10.04 LTS server edition and agreed to let some folks at school to use it to install drupal on it for teaching and learning purposes. So the idea is that there are multiple users that all install drupal in their home folders separately using SSH and continue from there on etc.
Everything is set up for that to work (domain, settings etc), but there's one thing nagging me, and that's how everyone can look at everything on the server. They dont have rights to modify anything but can look at file listings and view inside files etc.
So how do I restrict the viewing rights of users to inside their home folder, BUT so that they can use the cd command to go to folders inside their home folder, but not outside of it. As far as I know rbash purely keeps you inside home and allows nothing else, so that doesn't work, because you need the cd command.
View 6 Replies
View Related
Jul 16, 2009
I hope I am in the right forum. I have a question about restricting users from being able to change their own passwords in Fedora 10. In Fedora 6, I was able to do this by using passwd with -n and -x flags. If I would set the -n value greater than the -x value, then the user would not be able to change his/her own password. If I do this in Fedora 10, this no longer works
View 4 Replies
View Related
Apr 3, 2011
I want to limit the amount of connections a user can make outside of the box per user group, should I be doing this via iptables or what? aka:
group1 can only have 2 simultaneous outbound connections
group2 can only have 8
View 1 Replies
View Related
Dec 15, 2010
I'm trying to restrict a particular ssh user to his home directory, I'm just giving him access so that he can ssh to another server that is only accessible from the former but restrict his movement so that he can't poke around the former.I already made some changes to sshd_config file and added the following line at the end:
Did some test, user joe can ssh to the server but unable to do anything aside from logging in, even a simple ls command will immediately close the putty session. I know I'm still missing something but don't really know what it is.I also tried this how to that uses rssh --> http://www.adamhawkins.net/2009/05/r...ured/#more-431 however when I login the session immediately closes.
View 5 Replies
View Related
Jan 21, 2011
i want to Restrict a particular user from creating a file beyond a prticular size.ie he should not be able to create a prticular size [say 10mb] but he can use upto 10 gb.[ not the quota space i mean]
View 6 Replies
View Related
Apr 13, 2010
Is there a way to restrict users that are logged into the shell via SSH/Telnet/SFTP from using the 'cd' command to move into certain directories, yet not use the chmod command to do it? For instance, restrict users logged in from accessing the /var/www/ folder but have it still accessible using a web browser. Also, would this defeat the purpose since they could just wget from it if its still web accessible through a browser?
View 8 Replies
View Related
Jul 12, 2009
I've got a question about chattr command. is it possible to restrict a root access for this command. what i want is something similar to freebsd behaviour aka the kernel secure level. setting a particular security level results in limiting some operations (i.e changing immutable flags on files) by root. well, if someone gained an access to a machine in some way, nothing would stop him changing the file's flags. so the question is if it can be achieved with selinux?
View 2 Replies
View Related
Mar 25, 2010
Having read on the forums about some of the dangers of running Wireshark as root, I would like to know if anyone can suggest some alternative packet sniffers/network analyzers which will offer similar results but without the security issues. I am using Karmic Koala on a Fujitsu Siemens laptop with wireless router (firewall enabled)
View 7 Replies
View Related
Mar 17, 2011
I run a system that users may log into either remotely or physically. Multiple users may be logged in simultaneously because of the remote access, but only one user can be physically logged in at a time.With the current setup, however, if the physical user inserts a flash drive (which the OS mounts automatically) then the remote users gain access to the removable media.
View 6 Replies
View Related
Aug 11, 2010
This applies to users of 10.04 (64 bit), but I would like to hear from those running 10.04 (32 bit) and 9.10 (64 or 32 bit).Would you be good enough to answer this question: Do you have an �enable scanner option� (or a variation of that phrase) in (GOTO) System-Administration-Users & Groups- [Your Admin Account]- Advanced Settings- User Privileges?It would be immensely helpful of you if you could do this and post me your answer.
View 2 Replies
View Related
Jun 12, 2010
I have a small problem on ubuntu 10.04, of which i know it can be solved. However, i'm not sure how to. The problem is; I need one user to be able to install updates, but not give it any other privileges. I have been messing around with the "sudoers" file in /etc a bit, and thought i needed to use the "NOPASSWD" But i'm not sure what to do after that.
View 4 Replies
View Related
May 16, 2010
I accidentally promoted my initial account to admin and now I want to revert it but I don't remember the specific initial user privileges.So there are 2 questions:
1) First, is it safe to "downgrade" the account, logging in with another one? In general what's the best way to do it?
2) Could someone enter Administration->Users and Groups->[select initial account]->
Advanced Settings->User Privileges and list the privileges that are on by default?
I repeat I want the privileges of the initial account, which I suspect are above those of basic users (that are added later) and below admin...
View 6 Replies
View Related
Jan 21, 2010
I am on the admin account of my computer and am trying to remove all privileges from CWD i have tried
chmod go-rwx ~
sudo chmod go-rwx ~
but when i pull up
ls -l ~
It is still showing permission in the g and o column.
View 9 Replies
View Related
Jan 2, 2010
Is there a way to grant 'root' privileges to my user account? My account name ... I'll call it 'masterskop' as it is my forum name here, but not on my computer.Would it look like this in the sudoers' file?My purpose is to get access to all the folders and files in the 'File System'. The root and lost+found folders have 'Xs' on them...No access! And for example, under properties of the 'var' folder it states that 'you are not the owner, so you cannot change these permissions.' How can I get access to all of it everytime I login as the main user of my computer? I do not have anyone else using this computer.I did edit this file and used my real user name ... logged out and logged back in and still I do not have access/edit these folders and files.
View 4 Replies
View Related
Mar 20, 2011
i know the subject is hard to understand but i did my best with it. the problem: i have 2 HDs on my Ubuntu OS, the first is 1TB and the other is 500GB, i want to do a backup with rsync from my 1TB HDs (in with the Ubuntu is on it) to the 500GB.
on the 500GB i have a partition called Backup. what i did: i have created a user crontab that dose two things: 1. mount the Backup partition from the 500GB to a folder called /~/Backup on my home directory which is on the 1TB HD.
2. i wrote the proper rsync command for the backup to go.
[Code]...
View 9 Replies
View Related
Feb 26, 2011
i am trying to recover some files on a partition through the ubuntu live cd (they are hidden files and i can't find anything else that would work) and it said i needed root privaleges in order to copy them. is this possible and how do i do it
View 8 Replies
View Related
Aug 5, 2011
I need to create a user in Fedora Linux(15) which only has privileges to print documents.Our college issues a printer to each lab and I need to create a new user on my Fedora which only has privileges to print.Network sharing is not an option, so is there any way by which I can a restrict a user from executing any commands except the necessary printing commands?
View 2 Replies
View Related
Oct 16, 2010
I'm using ubuntu 10.04. Apache server is associated with www-data.I frequently run into problems editing or deleting files created by a cgi script, as they have ownership of www-data:www-data.How can I safely modify my system so that the output files are editable or deletable by user tim?
View 2 Replies
View Related
Jul 4, 2010
I want to create a user who has all the privileges that root user has.I know how to create a user but i don't know how to grant root privileges to him.
View 10 Replies
View Related
Nov 2, 2010
How to add user with root privileges and SSH access.
View 6 Replies
View Related
Apr 9, 2011
I create a user in CentOS 5.5 for using with my email account.
useradd ralf
passwd ralf
use "ralf user" only for my email account. How can I remove others privileges/permissions? Also, I want to use "ralf user" without root privileges/permissions.
View 4 Replies
View Related
May 6, 2011
i have centos5.3 i want to create user with non admin privileges he is unable to see contents of server only he will able to login nothing else
View 12 Replies
View Related
Sep 27, 2010
Might this is silly question but I am not much familiar to database.I am doing master slave Mysql replication for load balancing. On master server different database has different user privileges. I create backup using mysqldump command and restore on slave server instead of using load data from master; command.When i replicate database from master to slave will i require to set user privileges same as master ?One more question: How to lock all database in mysql?
View 2 Replies
View Related