I made a Desktop User account. When I went on that account, it allowed me to execute sudo as if I was an administrator. I don't know what might be causing this. I do have ufw set up and blocking incoming connections. Do you guys know what might be at the root of this?Also, when I used sudo from the user account (which I shouldn't have been able to do), I provided the password for my admin account.
View 9 Replies
I'm setting up Ubuntu Karmic on my sister's old computer for my nephew, he's quite young so my sister asked to install some content filtering. I'll first setup an OpenDNS account and I've installed and managed to get dansguardian and squid working on a virtual machine to try it out. so far it's working pretty well, but I need to secure it form the inside out.
I was thinking of blocking specific outbound ports so he could not bypass the proxy. because by default the firefox configuration can be easily changed. so I have a couple of questions.
1. is it possible to block outgoing ports on Ubuntu?
2. is that the best method?
3. is there anything else I should be aware of to prevent subversion?
lastly, this question is probably unrelated to this board but I've set up a cron job to update a dynamic ip with OpenDNS, the problem is that the password is in clear text in the user's crontab, can I play with permissions? is it possible to run the job under a root account and deny read/write access to a normal user?
Is windows 7 UAC basically a user/system control system like sudo?
View 7 Replies View RelatedI am trying to get a non-root account on one of our servers to run a script with sudo capability. To that end, I went into the /etc/sudoers file, and added the following syntax:
Code:
## Enable the nagios user to run the check_iptables.sh script as root
nagios ALL=NOPASSWD: /usr/local/nrpe/libexec/check_iptables.sh, /sbin/iptables
I restarted the nagios service, and tested the results. The results were the user account still could not run the script due to the user, nagios, not having permission to run the iptables binary.
Is there another step(s) that I need to take in order to get the sudo access available to the user account?
I am attempting to configure my sudoers file, and have quite a few questions.If you can answer any/all of them, I would be grateful.
-Is there a way to set it up so that root gets notified if a user tries to use a command they are not allowed to?
-If something like this already exists on my system, how do I set it up/use it/ read root's messages?
-I see a lecture=always default exists, but can I customize this lecture?
-Is there an easy way to explicitly deny a user sudo permission?
-I see there is an ALL wildcard. Is there something similar to a NONE wildcard?
I've set up a user account for friends & colleagues that does NOT require a login password. Unfortunately, in this OS some things don't work unless you login -- sudo Must regular users have AND use Root's password?
View 9 Replies View RelatedI would like to know if it is possible to deny the access to a file for root? Would ACL's be a possibility? I have "googled" around but haven't found anything interesting (except SELinux). I should secure a password file to an important database.
View 6 Replies View RelatedIf I pass to my shell environment as a regular user will it apply to builds ran under sudo?I posted a thread similar to this regarding a build with TOR; however, this is applicable to all programs.
View 6 Replies View RelatedI was recently messing around learning chgrp commands, and set my (only) user account to a different group. Now whenever I try to sudo a command, I get 'john is not in the sudoers file. This incident will be reported' message.I *seem* to have a root account (one is listed in System->admin->users and groups), but I'm almost certain that the password for it would be one of 3 things, and it's none of them.
View 2 Replies View RelatedDo you think there is a way of accessing different user data from another account which I have set up.
Ie. user 1 = account has messed up
user 2 = account works fine
access user account 1 home directory from user 2 work space?
Original HOWTO can be found at: [URL]... So the other day I was in IRC and someone had brought up a problem where they created a new Administrative user, but didnt have rights to use sudo. Looked into the problem a little bit to figure out what was wrong, and it turns out that when you create a new user through the user manager (in kubuntu, anyways. Havent tested in Gnome.) the user gets added to the adm group, however, a quick look at the sudoers file shows that its looking for users in the admin group to allow the use of sudo. So, to solve the problem we do the following: If youre on the new admin user (which Im assuming you are) use the following commands:
Code:
su [insert username of old account without brackets]
sudo usermod -G admin [username of new admin account without brackets]
exit
Then simply logout, and then log back in (not always necessary, but the easiest way to flush the permissions.)
Code:
su [insert username of old account without brackets]
Means were going to Switch User to the old admin account
Code:
sudo usermod -G admin [username of new admin account without brackets]
This simply adds the admin group to the secondary group list for the new user
Code:
exit
Pretty self explanatory
is it considered standard practice to change the user password on a regular basis and if so how often?
View 4 Replies View RelatedI have a problem to mount my cdrom as a regular user. After inserting a cd, I receive this error message:"Error mounting: mount exited with exit code 1: helper failed with:mount: must be superuser to use mount" After mounting the cdrom as superuser with "sudo mount /media/cdrom".I can access the cd also as regular user. This behavior is inconvenient and I would like to be able to mount the cdrom as user.Honestly, I do not have the experience to tell if this should be fine or not. Do you have any advice for me to fix this problem? I am running Ubuntu 9.10 with a 2.6.32-02063209-generic kernel.
View 6 Replies View Relatedok so i ran into a problem, im using web min to access my server, and im setting up postfix and, dovecot first problem is i want to be able to access my email account from a web page, with log in, so my question is how can i do that?
View 1 Replies View RelatedA few weeks ago I did a WUBI 10.04 LTS install on a Windows XP desktop that went perfect. System ran great until this morning. I was prompted to install "Security Updates", which I allowed the system to do, but thereafter was unable to boot. What happens is at the point of selecting either Windows or Ubuntu for booting, and I choose Ubuntu, the computer goes right back into a re-boot process and brings me back to the Windows/Ubuntu boot selection prompt. It doesn't even bring me into the secondary boot level of asking which type of Ubuntu boot I want (generic, etc.). Is there a solution for this problem besides reinstalling Ubuntu?
View 1 Replies View RelatedDoes anyone have a permanent fix for not being able to use USB devices in VirtualBox as a regular user?
View 11 Replies View Relatedi use ubuntu 10.04, is there a way to set two passwords for 1 user account
View 2 Replies View RelatedI started up my computer and suddenly, I saw that there was a new user account. I didn't create it and no one else uses my computer (let alone has access to user account creations). It was called dtc. It didn't seem to have any privileges and the only file in its home folder was called Examples. Should I worry that I might have some kind of malware? I deleted the user and the folder (and it came back after a while). It's main group is dtcgrp. The User ID is 1004.
View 2 Replies View RelatedI have an HP laptop with a recently installed copy of Mint 8 KDE Community Edition. I created the initial admin user account ("joseph") when I installed.
I had an existing home directory under a different name from another installation, so I added a user with that name ("joe") and imported a copy of the original home directory. The user "joe" didn't have the same admin privileges as the initial "joseph" account, so I added "joe" to the sudoers file and the same groups as the initial admin user.
Everything works perfectly under this arrangement, for the most part. Now here's the problem:
I have a T-Mobile G1 phone that uses Android. I've rooted and ROM-modded the G1, and have the microSD card in the phone set up with two partitions. The vfat partition stores all the photos, music and other stuff the phone needs. The ROM mod allows me to store apps on the SD card, so that second partition uses ext3 for its file system.
When I'm logged in as the admin "joseph" account and I insert the SD card in the laptop's card slot (or plug the phone into the USB port), the SD card can be mounted, and I have full access to both card partitions. I can see all folders. I do this to backup the contents of the card to an external drive (especially the apps in the ext3 partition, since that's been trashed on me once before on the phone).
However, when I log in as "joe", I cannot view the contents of the ext3 partition at all. I can see the vfat drive fine, and the ext3 partition mounts, but with user/group "joseph/joseph." When I open Dolphin to view the mounted ext3 partition, I get the error "could not enter folder /media/disk-1" at the bottom of the view window in Dolphin.
Here are the relative entries returned when I run "mount" to view the mounted drives:
/dev/mmcblk0p1 on /media/disk type vfat (rw,nosuid,nodev,uhelper=hal,uid=1001,utf8,shortname=mixed,flush)
/dev/mmcblk0p2 on /media/disk-1 type ext3 (rw,nosuid,nodev,uhelper=hal)
Note that the uid listed on the vfat mount is 1001, which is the gid for the "joe" account.
I know there must be a configuration setting somewhere that will allow the ext3 partition to automount under the "joe" user account. I suppose that using the admin account to change the permissions would be the easy way to do this, but there must be something that would do it automagically. I've ripped through all the config files I can find, but can't seem to find anything that would help.
All I'm looking for here is enough access to be able to copy the directories on that mount to my external drive.
I've written an article on my site which lays out steps for installing Wine and running it under its own, separate user account, so that Windows applications cannot access personal files (particularly those in your home directory).[URL}..i'm hoping that there are people on this forum who know Ubuntu inside-out, as I'd like to know how effective the described method is at trapping Windows applications so that they cannot read or write personal files or directories.
The way I understand it, once the process is running under user account wine, it's stuck with the access privileges of user wine. But are there ways in which a rogue application could break out of this prison and gain access to whatever it wishes? I'm guessing that such behaviour would mean someone customising Windows software to recognise Linux, and that such a thing is very unlikely, but I'm still interested to hear what gurus of the Ubuntu internals think of this method.
It's been a few years since I last installed Ubuntu. I searched the forums and can't seem to find the answer. I want to be able to do a "su root" and have root access. I know Ubuntu wants you to do the sudo command, and I know you can really mess things up being root. I know I got this to work before. What do I need to do?
View 3 Replies View RelatedI'm the only user, can login (meaning I know my pass). But cannot Sudo. I'm on Ububtu Studio, the latest release. Doesn't make any sense.
View 2 Replies View RelatedIs there software or mechanism that can help the administrator determine if more than one person is using the same user account via a shared password?
View 8 Replies View RelatedI ran a test where I login a test user several times using the wrong password to see that he gets locked out after several attempts. Now that I got the test user locked out, how do I unlock the test user? I tried passwd -u <test user>, but it says passwd: Error (password not set?).
View 4 Replies View RelatedI remember my password very well and have no need of password recovery. Everywhere I look it's how to recover and I don't want that. The kind where you boot into root recovery console to change the password.
View 4 Replies View RelatedI just created new user account, but the new user is able to access all the directories structure (including other's home directories).I'd like to limit the user to access ONLY his home directory (and nothing "above"). How do I do this?
View 1 Replies View RelatedStumped on this one. I'm trying to set up limited sudo authority on a desktop with some sensitive user data, and as an extra precaution I wanted to configure sudo to use a password other than the user's or the root's. I'm not sure how to do this. From the manual, we have a few options, such as "runaspw" or "targetpw", but none seem quite what I'm looking for.For instance, "runaspw" could be used if I created a user for nothing other than sudo(ing) purposes, but it requires you set "runas_default", which means that said user would have to have authority to execute said commands in the first place. This is workable, but seems like a lot of extra configuration for each specific command that I want to run, as well as creating some issues with simply commands such as "shutdown" or "reboot". Also, "targetpw" can be used in conjunction with a sudo(ing)-only user if I set an alias, but, again, this isn't quite what I am looking for.
Ultimately, what I am really concerned about in this situation are keystroke loggers, so I would prefer to avoid repeated entering the user or root password when performing administrative tasks. Also, I would prefer not having to create a sudo(ing)-only user as mentioned above to prevent a comprimised password resulting in an attacker being able to log into my system.
I am a new Linux user and have a question about the administrative authentication. When I am logged in as a user and I need to do something that requires root privileges the little password window comes up and I enter the root password. My question is how long are the root privileges granted for?I noticed that a few minutes after finishing checking out the firewall configuration tool and closing the window that I was still able to re-enter the fire wall tool and other administrative tools. How do I log out of the root privileges without logging out and then back into my account?
View 2 Replies View RelatedI am using Red Hat LDAP (version 3) and I have passwordLockout set as "on" at global level. Is there a way to disable account lockout for a specific user?
View 1 Replies View RelatedI need to create such an account that the user wouldn't be able to r/w any file which doesn't belong to it, even if access mode is set to o+rw. I guess normal chmod/chown won't help here... How can i do this?
View 2 Replies View Related
