Ubuntu Security :: Sudo Password Necessary For Regular Desktop Users?
Mar 10, 2011
I've set up a user account for friends & colleagues that does NOT require a login password. Unfortunately, in this OS some things don't work unless you login -- sudo Must regular users have AND use Root's password?
View 9 Replies
ADVERTISEMENT
Dec 3, 2010
The title says it; I want to prevent users from viewing the wireless network password.
View 9 Replies
View Related
Nov 1, 2010
We are trying to set up a classroom training environment where our SIG can hold classes for prospective converts from Microsoft/Mac. The ten machines will have /home/student01..10 and /home/linsig01..10 as users. We want /home/student01 to be able to explore and sudo so they can learn to administer their personal machines at home. We don't want them to be able to modify (sudo) /home/linsig01. I've seen the tutorial on Access Control Lists but I'd like other input so we get it right the first time.
View 3 Replies
View Related
Dec 19, 2010
I made a Desktop User account. When I went on that account, it allowed me to execute sudo as if I was an administrator. I don't know what might be causing this. I do have ufw set up and blocking incoming connections. Do you guys know what might be at the root of this?Also, when I used sudo from the user account (which I shouldn't have been able to do), I provided the password for my admin account.
View 9 Replies
View Related
Mar 30, 2010
is it considered standard practice to change the user password on a regular basis and if so how often?
View 4 Replies
View Related
Mar 9, 2011
I decided to consult you before making any changes, because the clients' PCs are spread all over the country and I do not have the physical access to their boxes.The idea is to take away the ability of using sudo for common users.I know that the syntax of this file may vary a bit in different distributions.Our OS is Ubuntu 10.10.I created the account 'support' for me and other technician stuff of our department. So, 'support' user must have all the power. And common users mustn't have access to 'sudo'. This is the requirement.As far as I remember, in Slackware the user must be a member of 'wheel' group to be able to use 'sudo' (but I may be wrong).
View 3 Replies
View Related
Mar 22, 2011
why when I type sudo su in a terminal there's no need to enter my password, I just go straight into root
View 5 Replies
View Related
May 9, 2011
I have a RHEL 5.5 system set up with two users in the sudoers file to run certain commands without a password prompt.I do not have "Defaults requiretty" in the sudoers file.However, for both users, when I issue: sudo -l, it prompts for a password and logs in /var/log/secure:sudo: userx: no tty present and no askpass program specified
View 2 Replies
View Related
Jan 26, 2011
We have a couple of clusters that are running Oracle. If you're familiar with Oracle you know that it basically has to be installed as root. Something I detest. anyway, when we are building out the box, we change the root pw and give it to the DBA team to do their installs and configs. When they are done, we change the root pw (and do not give it to them), and configure sudo to allow them the rights needed to manage Oracle and their databases.
Now however, we have a different situation. The DBAs need access to uninstall and reinstall components and make modifications on an ongoing basis. Since we only support OS and hardware, not app, they are requesting permanent root access. I promptly told them no, and the politics ensued. Their manager went to their director, who went to my director, and suddenly an exception is given for his good golfing buddy. So here I am, forced to turn lose DBAs on my clusters with full root access/pw. I need a way to allow specific users (or perhaps a specific user group) the ability to become root WITHOUT sharing the root pw with them.
View 3 Replies
View Related
Feb 19, 2010
Stumped on this one. I'm trying to set up limited sudo authority on a desktop with some sensitive user data, and as an extra precaution I wanted to configure sudo to use a password other than the user's or the root's. I'm not sure how to do this. From the manual, we have a few options, such as "runaspw" or "targetpw", but none seem quite what I'm looking for.For instance, "runaspw" could be used if I created a user for nothing other than sudo(ing) purposes, but it requires you set "runas_default", which means that said user would have to have authority to execute said commands in the first place. This is workable, but seems like a lot of extra configuration for each specific command that I want to run, as well as creating some issues with simply commands such as "shutdown" or "reboot". Also, "targetpw" can be used in conjunction with a sudo(ing)-only user if I set an alias, but, again, this isn't quite what I am looking for.
Ultimately, what I am really concerned about in this situation are keystroke loggers, so I would prefer to avoid repeated entering the user or root password when performing administrative tasks. Also, I would prefer not having to create a sudo(ing)-only user as mentioned above to prevent a comprimised password resulting in an attacker being able to log into my system.
View 3 Replies
View Related
Feb 17, 2011
I have been reading guides for a while now and so far have not found an exact solution to my problem.
I want a linux user (dave) to be able to switch to another account (patrol) without a password prompt, but dave must still be denied access to root. Patrol must also be denied root access.
In the sudoers file
Code:
User_Alias Patrol=dave,john
root ALL=(ALL) ALL
Patrol ALL=(patrol) NOPSSWD: ALL
[Code].....
View 6 Replies
View Related
Aug 30, 2010
I need to be able to capture a users password when they login. I am well aware of the security issues with this and I'm ok with this.
We run a call center and I am working on migrating from windows to Kubuntu for the callers. It's policy that all callers must report their password to me, so I already know of everyone's password. There has to be some variable/script that I can "hack" to get the password they typed in to the login screen.
What I'm trying to do is that when a user logs in in for the first time, their profile is automatically created and set up. Setting up network drives, email, pidgin (which the password is stored in plain text anyway, so forget about security on that one), web apps, etc.
Trying to find information on How to capture a users password and all have been responded with the usual lecture on why you shouldn't do this. So I've heard it all before and I know of the risks. Like I said, I already have the callers password on file. If I could capture it, I wouldn't have to manually setup each profile every time we get a new caller, which is often since turnover is quite high in call centers.
View 5 Replies
View Related
Mar 11, 2011
I have installed ubuntu-desktop and can log in fine. Whenever I start Synaptic, etc and am prompted for my password I am told it is incorrect. I reinstalled ubuntu server and tried the same thing with xubuntu-desktop and I experience the same thing.
View 1 Replies
View Related
Dec 23, 2010
How to allow users to change their password in chrooted ssh as long as the modifications in the shadow file in the chrooted environment will not be applied on the system itself ?
View 2 Replies
View Related
Jul 17, 2010
I use the following method for preventing the users from changing their passwords , is there any other method other than this ?ls -l /usr/bin/passwd-rwsr-xr-x 1 root root 37140 2010-01-26 12:09 /usr/bin/passwdso we need to remove the suid for that command as follows :- chmod u-s /usr/bin/passwdnow normal users won't be able to change their own passwords - and only the root user will be able to do it for them.
View 9 Replies
View Related
May 11, 2010
I want the users to access servers via ssh public key only. By default they don't know their initial password and do need to change that when performing administrative tasks.For changing their passwords without knowing the old they need to switch to root for this special case.The only case it seems I don't have control is that users can not only change their password but also the password of other peoples. Does someone sees a solution (without apparmor/selinux and special /usr/bin/passwd.sh) to restrict users to only change their password?I miss the feature of using environment variables in sudoers file.
View 9 Replies
View Related
Jan 2, 2010
I recently was able to network 2 computers at home and I wanted to make my password more secure. When I try to edit my password via System>Administration>Users and Groups, it doesn't workI am able to edit my user settings. When I change my password I enter my old one and it accepts my new one. Problem is when I try to install programs, login and do other things it only accepts my old password. How can I change my password?
View 3 Replies
View Related
Jan 7, 2011
I don't know if this is Just my Machine, or not. But here is it:
Ubuntu 10.01
Acer Aspire 7740
When the computer is locked. I can smiply go to switch users. when the list of users logins are shown all i have to do is click on my user name and it allows me into my account without typing in a password. I can lock the computer manually or wait for it to time out it doesn't matter. the switch users method allows me to bypass the password protection.
View 3 Replies
View Related
Jan 18, 2011
How can i see history of all sudo users and all root users in fedora 13 ? history command only shows one users history ?
View 5 Replies
View Related
Oct 6, 2010
Lucid Lynx clean install.I do not seem to get the login screen from powerdown now. I do after logging off and logging back in again.From switched off, I get taken to my desktop and it is only a little while later, usually when starting Thunderbird or FireFox that I get asked for my password with this massagePlease Unlock The Login KeyringThe Login Keyring Did Not Get Unlocked When You Logged On
View 2 Replies
View Related
Dec 30, 2010
host always ask password on 1st remote desktop (VNC) access Desktop version... how can I disable this?
View 2 Replies
View Related
Feb 7, 2011
Some how I seem to be locked out of my desktop computer. My password isn't working. For some reason all of a sudden it seems to have stopped working. I tried to reboot and now I'm locked out, I can't login. And I'm the only sudo user. How can I fix it or even reset my password
View 2 Replies
View Related
Mar 9, 2011
After installing ubuntu 10.10 on pc i had it running fine for roughly 2 weeks. i have selected automatic login so i do not need to mess about logging in etc, but recently my pc asks for my password to unlock keyring once it shows my desktop.
View 2 Replies
View Related
Dec 22, 2010
I am moving a webserver from a Gutsy to Lucid server. The webserver works fine, but I am having a problem with the users. I moved the home directories, along with passwd, group, shadow, and gshadow. The users can login fine, and their home directories are fine. The problem is when they try to logout, they get
$logout
-sh: logout: not found
View 4 Replies
View Related
Sep 16, 2010
A day ago I finally got around to upgrading the PackageKit installation that had been sitting for a week and a half, so I found a new upgrade for sudo available - the one that gives the sudoreplay command, I forget which version number it is exactly. When I try to use the sudo command I get this notice in my terminal:Code:Can't open /var/db/sudo/me/1: Permission deniedI didn't get it before. What do I have to do to make it open? I'm using SELinux in enforcing mode if that helps.
View 1 Replies
View Related
Mar 10, 2010
My home computer is (of course) a multi-user system with my wife and I each having separate non-root accounts. Usually at the end of the day I exit X, drop down to the terminal, su to root and type
Code:
shutdown -h now
to turn the computer off for the night.
However, my wife doesn't know (or care to know) the root password, but she would like to be able to shutdown the computer.I tried making a /etc/shutdown.allow file, and typing
Code:
/sbin/shutdown -a -h now from her account, but it didn't work. I got an error that one has to be root to do that.
So, how do I allow regular users to shutdown?
View 14 Replies
View Related
Jan 17, 2011
If I pass to my shell environment as a regular user will it apply to builds ran under sudo?I posted a thread similar to this regarding a build with TOR; however, this is applicable to all programs.
View 6 Replies
View Related
Apr 27, 2010
I needed to use Synaptic Package Manager to install an app, but the dialog box ("enter the Administrative Password") that pops up before you can use Synaptic doesn't recognize my password ("incorrect password). I tried typing it into a text editor and it's spelled right, caps lock not turned on or anything.
In Terminal, sudo recognizes it, and it is recognized when I log into Ubuntu. I'm the sole user, I have admin privileges, I've been doing admin things.
I just now did System > Administration > Users and Groups and got a dialog box saying
"Failed to contact configuration server; some possible causes are that you need to enable TCP/IP networking for ORBit, or you have stale NFS locks due to a system crash. See [URL] for information. (Details - 1: Server ping error: IDLmg.org/CORBA/COMM_FAILURE:1.0)"
Moving past that, I changed my user password, and Ubuntu authenticated it.
How do you launch Synaptic Package Manager from the command line?
View 4 Replies
View Related
Jun 17, 2009
I had this all hashed out in previous versions of Fedora, but since I have moved the Mrs over to F10 this problem has come to the surface yet again.The Mrs is a strait user. She does not do command line and there is not a chance in a hot place that I could convince her to do it. Now we have her on the F10 system and we, once again, can't get her to have the right Kung Fu to be able to moun/unmount the floppy drive using the computer icon on the Gnome desktop.
What has changed and how do I get this function back for her? She uses this for business files, so this is somewhat on the urgent side.
View 14 Replies
View Related
Jun 25, 2010
Is it possible to have your login password t be different then your SUDO password. I did a search on sudo password- Almost every post has the term in it.
View 2 Replies
View Related