So, I'm not quite sure what the difference is? Is it that sudo allows you to "borrow" superuser privileges, whilst su allows you to actually log in as superuser? Also, when I sudo [command] and get prompted for a password, after I input it, things work just fine, but if I su, and then get prompted for a password, I can't log in as superuser... Why is this?
View 9 Replies
i am relatively new to ubuntu. Just recenty i have not been able to access certain files(for example the history and bookmarks in the firefox folder), download files individually from the internet(music,fonts,etc), recieving an error message
Quote: Originally Posted by firefox error console
Error: [Exception... "Component returned failure code: 0x80520015 (NS_ERROR_FILE_ACCESS_DENIED) [nsIFileOutputStream.init]" nsresult: "0x80520015 (NS_ERROR_FILE_ACCESS_DENIED)" location: "JS frame :: file:///usr/lib/firefox-3.6.13/components/nsSessionStore.js :: sss_writeFile :: line 2944" data: no][code]...
i have sudo priveleges and can install via update manager. i read somewhere that compizfusion might affect access permissions and i do use compiz and emerald at the same time.
I have previously set up sudo via adding my name to the wheel group and then giving full privileges to the wheel group in the sudoers file. Now I choose to learn to limit that. Had noticed the most frequent use I have of sudo is to run yum update. This got me thinking, could I remove the wheel group privileges and add the following line in sudoers to limit the privilege to simply running yum, and furthermore, make it so I could run yum without a password:
## Allow root to run any commands anywhere
rootALL=(ALL) ALL
Troy ALL= NOPASSWD: /usr/bin/yum
I think that would in fact work (if I understood one of the pages here, it will work). However, upon further thinking I realized that in such a case then anyone sitting at my computer could then use yum, without a password, to install or remove any file on my system � probably not a good idea. As a result I have to ask, can I tighten the privilege even further such that the only privilege so given was to run �yum update� and nothing else? (for example if they ran �yum install� it would fail). If you can do it, how?
Last, I was going to limit the privilege, time wise and try wise, by adding the following to the sudoers file:
# Defaults specification
Defaults:Troy timestamp_timeout=0, passwd_tries=3
Will that really work to limit the elevated privilege so I don't have elevated privileges lingering about, or is there a better way to do so?
Is windows 7 UAC basically a user/system control system like sudo?
View 7 Replies View RelatedI was adding me and my bud to a new group I created, but I used -G instead of -g as the tutorial suggested, I think this removed me from all other groups and put me in the new one. The same with my bud. Now I dont have sudo privileges, nor does my bud, and we have not set a password for the root account.
Code:
sudo ls -l
USER@SERVER:/var$ sudo password for USER:
USER is not in the sudoers file. this incident will be reported.
USER@SERVER:/var$
receive bash notice: "jim is not in the sudoers file."Just finished my first Debian install several hours ago, my first go around w/Debian. Installed 8.2 DVD ISO on USB. Had this issue from my first use in BASH, not a forgotten password problem. So 2 questions:
1) I'll be installing Debian again, and want to avoid this in future. There were 2 inputs on setup for name (my full name) and user (installer offered my first name which I accepted). 2 inputs for Password as well: I used the same password both times (have done this w/Mint & Ubuntu w/out issue).
2) How to fix this? Tried this: URL...however, neither keystroke got me to "rescue" prompt as article suggests. Several other articles presume an admin with privileges has sudo access to modify sudoers file.
I have multi-boot setup in BING environment (MBR, not EFI). I am booting from a GRUB2 ISO using grub commands as I still need GRUB installed in my boot partition until I can get cmd line access. I'm able to get a session on boot with the same password I used in setup.
i want to create a sudo user, sudo user should not start or stop the service. as like a normal user i created a user called root2 and i edited the user with visudo command and added the below line to the user root2 and got the full privilages.
root2 ALL=(ALL) ALL
i commented the below line ##Cmnd_Alias SERVICES = /sbin/service, /sbin/chkconfig eventhough the sudo user root2 can start and stop the service which i dont want to give that privilage.
I've been using SuSE for a while and something has been bugging me. Not a show stopper, but nevertheless, an interesting one. Most tutorials, forum posts, etc. recommend using a sudo command to accomplish stuff. For example:
Code:
sudo make install
sudo vi file
However, this does not always work. For instance, I was recently working on a resolution problem with my ViewSonic VX922 - it would only display at 1024x768 rather than the native 1280x1024. Viewing some posts, I found the command "sudo sax2 -r". What I discovered is that there seems to be a big difference between sudo and su
Code:
drkhelmt@SPACEBALL1:">sudo sax2
root's password:
sudo: sax2: command not found
drkhelmt@SPACEBALL1:">su
Password:
SPACEBALL1:/home/drkhelmt: #sax2
SaX: Checking update status for intel driver
SaX: initialization already done
SaX: cal [ sax2 -r ] if your system has been changed !
SaX: startup
SaX: X server:0.0-> grant
SaX: importing current configuration
SPACEBALL1:/home/drkhelmt: #
So the question, why does the command sax2 (and others) work when after the su command rather than a sudo?
Having read on the forums about some of the dangers of running Wireshark as root, I would like to know if anyone can suggest some alternative packet sniffers/network analyzers which will offer similar results but without the security issues. I am using Karmic Koala on a Fujitsu Siemens laptop with wireless router (firewall enabled)
View 7 Replies View RelatedHaving to write my user password every time I want to do anything. I DO know I'm doing something risky for the system, that's why I have Linux. Is there a way to avoid to rewrite the password again and again, like start with superuser permissions?
View 2 Replies View RelatedA day ago I finally got around to upgrading the PackageKit installation that had been sitting for a week and a half, so I found a new upgrade for sudo available - the one that gives the sudoreplay command, I forget which version number it is exactly. When I try to use the sudo command I get this notice in my terminal:Code:Can't open /var/db/sudo/me/1: Permission deniedI didn't get it before. What do I have to do to make it open? I'm using SELinux in enforcing mode if that helps.
View 1 Replies View RelatedAs Linux gains in popularity, (as I believe it will), do you think that Linux will ever become the target of as many virus and worm threats as Windows has faced? If so, do you think that the threats will have much success?
View 2 Replies View RelatedI am on the admin account of my computer and am trying to remove all privileges from CWD i have tried
chmod go-rwx ~
sudo chmod go-rwx ~
but when i pull up
ls -l ~
It is still showing permission in the g and o column.
I have searched somewhat this forum but haven't yet found a similar post using the keywords I entered but perhaps there is already a similar post then please refer me to it.I am trying to add a user account "Guest" to allow people on my laptop without giving them access to vital parts of the computer. Basically, I want them to only be able to view their own home directory and access internet. Nothing more.I have set the group to "guest" and changed the other home directories of other users to owner access only.
Guest still has access to root and is still allowed to perform actions in various critical areas (deleting files from for example my Windows 7 partition). This I also want to prevent. I was thinking to set each directory's permissions to Owner and Group only and remove Others access.My questions:
1. Will this have any undesirable impact (programs of main user accounts not able to access certain directories)? For guest user I don't care as long as internet works.
2. When I start User Manager and disable for Guest all options except "access internet" (so I also disable access to CDROM), the guest can still access the CDROM. Does this mean the User Settings menu has no effect or is overruled by something?
How to Drop all elevated privileges through terminal?
View 7 Replies View RelatedI've been using Ubuntu for like a year now. Whenever I want root privileges I just type sudo and enter my User password. I wanna know if there's a way to change this, in a way that My User password is: "ABC" and the password needed to have root privileges is: "ABC123". I have no problem using the terminal, I actually prefer it to any GUI, it just seems easier to me.
View 3 Replies View RelatedI am integrating my Unix box to the Windows AD using PAM_LDAP and Kerberos enabled. I was wondering, since Kerberos is enabled is there any point to enable SSL on my LDAP.conf? My understanding is that since Kerberos is enabled, therefore the username/password is sent securely there isn't any benefit of enabling SSL on the LDAP.conf? It's one of or another.
View 1 Replies View RelatedI have a problem access privileges on several folders like this one
Code:
It clearly says that I have owner and group read write and search (it's a directory) privileges.
I login as user master part of group events
Code:
But I can't access the folder (Permission denied).
I understand the difference between Reject vs Drop for incoming traffic, but are there any differences between reject and drop for Outbound Traffic? Are there reasons to pick one over the other or are they functionally identical when talking about Outbound traffic?
View 6 Replies View RelatedI am going through the motions of testing the checkrootkit and rootkit hunter applications on one of our servers. I wanted to get feedback from those who know both as to which of the two is better at 'sniffing' out rootkits. Alternatively, can both be installed without their interfering with the other?
View 4 Replies View RelatedI am new to fedora (been using debian based distro's for the longest time). With the new release I decided to give FC13 (The kde 64 bit spin) a try. I told it to wipe my entire hdd and encrypt the partitions. The partition manager made a few LVM partitions which I assume are encrypted.
The problem I am having is that if I attempt to use an application that would normally need root access to run, I am not prompted to enter my root password. Instead, I am required to logout and log back in as root. Is there a way to make it so that FC13 will prompt me to enter in my root password so I do not need to log in and out? Or is there something Different I should have done during the install process? Also, what is the terminal equivalent of "sudo" in fedora, or is it still sudo/KDEsudo
I also have not used SE Linux before. Do I need to manually enforce the permissions for my applications and generate my own profiles for it, or is that done automatically?
Since reinstalling Ubuntu 9.10 and learning how to get the Notification Area working properly:
I've noticed an bunch-of-keys icon appearing intermittently in my notification area.
It appeared about 20 mins ago. I hovered the mouse over it and it generated the following text:
"Click on the icon to drop all elevated privileges"
I right-clicked on the icon, thinking I might learn something more about it. But it disappeared. No other messages were given.
It appeared again about five or ten minutes ago. I did not click on it. But it disappeared of its own accord after a minute or two.
What is this? Should I have clicked on it? What have I done? How can I get this bunch of keys under my control?
I'm running 10.04 running daily updates. A couple days back, I saw an update related to mounting volumes. Not sure if this is what broke my system, but might be. When attempting to mount a partition from nautilus, I get a message saying I do not have authorization. It does not even ask for my password, just fails. I tried running updates and this asks for my password and accepts it fine. I opened disk utility from the menus and tried to mount the volume from there but also got the same permission denied, not authorized without even being asked for my password.
I then ran gksu palimpsest. I was asked for my password and was able to mount and unmount partitions from there. However, when mounted, my applications and nautilus cannot access the data in the partitions mounted using gksu palimpsest. In nautilus, I can navigate to /media/Data (the partition in question) but I get "THE FOLDER CONTENTS CANNOT BE DISPLAYED You do not have the permissions necessary to view the contents of "Data"." When I open nautilus via gksu in the terminal, I do have full access to the partitions.
How do I get my privileges back for my user account. I am the only user on the computer, and I have never set up a root account since my upgrade to 10.04 months ago. I tried of course the Administration->Users and Groups menu, but I am not permitted to change the account type or open advanced settings. I click the button, but nothing happens, not even a password request. Running gksu admin-settings on the terminal allows me access. My current settings are attached.
Is there any way to user can increase or lower his privileges? I tried by "semanage login" but it works only for admin i think. I would like for example change range form s0:c0 to s0:c0.c10 and vice versa.
View 6 Replies View RelatedUbuntu 10.04
When I execute a sudo or gksu evolution (e.g. synaptic package manager) I find that the escalated privileges remain in effect for a period of time. Sometimes, not often, the notifier applet shows an icon indicating that escalated privileges are in effect.
What I would like to know:
What is the default amount of time which escalated privileges remain in effect on my system?
Is it possible, if so how, to change this amount of time?
In our group we use NIS and have a group set up called netadmin which is given root privileges on each machine. Each machine also has a localuser called localuser created and used during installation. When logged in as a member of netadmin, attempting any action that requires root privileges (e.g. installing software in Ubuntu Software Center) results in a prompt asking for localuser's password, not the current user's password.
Does anyone know the cause? Configuration issue or Ubuntu issue? We can get around it.
I often get responses from people who first say: "Are you sure? You want your network to be exposed to the outside world?" I am not experimenting on a Production Server of NASA or any Security Concern Department. Friends, there is no harm in experimenting on your personal computer or on a test computer which is isolated from the production environment. Look at hackers! What do they do? If they don't know how security is breached then how would they come up with security measures?
If my question reads... "How to let any user perform Administrative Tasks on a Linux System irrespective of his/her privileges on that particular system?" then I would not get the right answers in the first place. They will say... "You are letting everyone destroy your system... are you sure you want to do that?" My question is: Why should we restrict ourselves from experimenting even if it sounds weird to other people?
I give you an example where it is desirable to let an unprivileged user perform certain tasks. You want to know if there are any employees in your office who are storing videos in their home directory and filling up the disk space to a great amount. You have a department called "Command Center or Data Center Operations or Help Desk" call it whatever you would, whose work is to monitor such activities, and you create an account "monitor" for them to monitor such activities but they are not able to do them:
[Code]..
One user in my company wants to run some flush cache queries on a MySql database, it needs "reload" privileges of Administration, how secure is to give this rights to a normal user ?
View 2 Replies View RelatedI run ProFTPd with TLS authentication on my Debian Lenny server. My problem is that despite of the fact that my users connect chrooted, one of my friends had root privileges after logging in form a Macintosh and could browse the root directory, too.
View 1 Replies View RelatedI just read an article saying some unflattering things about Ubuntu's use of sudo. My question is this true?[URL]..
View 6 Replies View Related
