Ubuntu Security :: Prevent Desktop Users From Viewing The Wireless Password?
Dec 3, 2010The title says it; I want to prevent users from viewing the wireless network password.
View 9 RepliesThe title says it; I want to prevent users from viewing the wireless network password.
View 9 RepliesI use the following method for preventing the users from changing their passwords , is there any other method other than this ?ls -l /usr/bin/passwd-rwsr-xr-x 1 root root 37140 2010-01-26 12:09 /usr/bin/passwdso we need to remove the suid for that command as follows :- chmod u-s /usr/bin/passwdnow normal users won't be able to change their own passwords - and only the root user will be able to do it for them.
View 9 Replies View RelatedI have a created a wireless connection from the main admin account and checked the box saying "Available to all users", everything is working correctly. I only need to prevent the Desktop Users from switching the connection to another one.
View 4 Replies View RelatedI've set up a user account for friends & colleagues that does NOT require a login password. Unfortunately, in this OS some things don't work unless you login -- sudo Must regular users have AND use Root's password?
View 9 Replies View RelatedI use the following method for preventing the users from changing their passwords , is there any other method other than this ?
ls -l /usr/bin/passwd
-rwsr-xr-x 1 root root 37140 2010-01-26 12:09 /usr/bin/passwd
so we need to remove the suid for that command as follows :- chmod u-s /usr/bin/passwd now normal users won't be able to change their own passwords - and only the root user will be able to do it for them.
How can I prevent users from changing their own password? I was surprisingly unsuccessfull in finding a solution for this on google. Lots of stuff about hardening ssh access or dealing with password aging using "chage" but nowhere could I find an answer for my question.
View 5 Replies View RelatedI am administrating a system with about 40 or 50 users, and we recently jumped ship from windows to ubuntu. Most of my users are getting along fine, but it seems every few days, i have to help someone who accidentally changed something, and now their account (or more rarely, the machine) is unusable, and has to be reset.
I know configuring /etc/sudoers is a huge step toward fixing my problem, but that still will not completely solve it. What I would like to do is prevent users from making ANY changes to the system (aside from their work files and the like), including themes, icons, desktop, background, etc.
I've a Linux box with few users (with shell). I would like to prevent normal users see all the processes running on the box. How can I implement this?
View 1 Replies View RelatedI'm looking for a manner to prevent users from changing the desktop background/wallpaper and all other gnome configuration with booth Ubuntu and Kubuntu. This too (Abraxis, some years ago, have same my problem) [URL] do not solve the problem, for example if I change whit chown (*) own and group of this file to root /.gconf/desktop/gnome/background/%gconf.xml, at the next reboot file return in the previous state. (I don't like Pessulus).
(*)
chown root:root %gconf.xml
chmod 644 %gconf.xml
At the reboot file change automatically owner to "student", I don't know why?
'readonly HISTFILE'
but the user could tamper with the histfile itself. Like:
rm -f $HISTFILE;
rm -f $HISTFILE; mkdir $HISTFILE;
rm -f $HISTFILE; ln -s /dev/null $HISTFILE;
I'm experimenting with PROMPT_COMMAND to execute a command each time the user executes a command and so log it somewhere else.This post was pruned from the 2009 Is there a way to prevent users from changing or unset their HISTFILE variable? thread. Please do not resurrect old threads but instead create your own (and maybe provide a link to the old one).
I need to be able to capture a users password when they login. I am well aware of the security issues with this and I'm ok with this.
We run a call center and I am working on migrating from windows to Kubuntu for the callers. It's policy that all callers must report their password to me, so I already know of everyone's password. There has to be some variable/script that I can "hack" to get the password they typed in to the login screen.
What I'm trying to do is that when a user logs in in for the first time, their profile is automatically created and set up. Setting up network drives, email, pidgin (which the password is stored in plain text anyway, so forget about security on that one), web apps, etc.
Trying to find information on How to capture a users password and all have been responded with the usual lecture on why you shouldn't do this. So I've heard it all before and I know of the risks. Like I said, I already have the callers password on file. If I could capture it, I wouldn't have to manually setup each profile every time we get a new caller, which is often since turnover is quite high in call centers.
I just noticed that even if I remove read and write permission for my files, another user can access those files if they use 'sudo'. The ls -l for the folder containing my file (let's call is myfile') looks like this.
"
Code:
-rw------- 1 username groupname 43 2010-03-09 20:23 myfile
"
I logged into another account I have made for myself (which had admin privileges) and then did
Code:
sudo nano /username/home/myfile
and ... the file was opened and I was able to read it. So what's the point of having user permissions if someone can bypass them by using sudo?
How to allow users to change their password in chrooted ssh as long as the modifications in the shadow file in the chrooted environment will not be applied on the system itself ?
View 2 Replies View RelatedI want the users to access servers via ssh public key only. By default they don't know their initial password and do need to change that when performing administrative tasks.For changing their passwords without knowing the old they need to switch to root for this special case.The only case it seems I don't have control is that users can not only change their password but also the password of other peoples. Does someone sees a solution (without apparmor/selinux and special /usr/bin/passwd.sh) to restrict users to only change their password?I miss the feature of using environment variables in sudoers file.
View 9 Replies View RelatedI recently was able to network 2 computers at home and I wanted to make my password more secure. When I try to edit my password via System>Administration>Users and Groups, it doesn't workI am able to edit my user settings. When I change my password I enter my old one and it accepts my new one. Problem is when I try to install programs, login and do other things it only accepts my old password. How can I change my password?
View 3 Replies View RelatedI created a new user desktop user for my girlfriend to use my netbook, but when she logs in, it doesn't show the wireless network icon. Under users and groups, I gave her access to wired and wireless networks, and under the network settings,I changed our wireless to "available to all users". I'm not sure what the problem is here.I'm using ubuntu netbook remix 10.04.
View 3 Replies View RelatedI don't know if this is Just my Machine, or not. But here is it:
Ubuntu 10.01
Acer Aspire 7740
When the computer is locked. I can smiply go to switch users. when the list of users logins are shown all i have to do is click on my user name and it allows me into my account without typing in a password. I can lock the computer manually or wait for it to time out it doesn't matter. the switch users method allows me to bypass the password protection.
Our corporate wireless network uses continuously changing passwords with RSA tokens.So every time we need to connect to the wireless we need to enter a new password off the RSA token. For extra fun using the wrong password a couple of times in a row causes the users account to be locked.Network manager automatically stores and reuses the password, with the net result that it is constant getting my account locked.Is there some way to prevent it from storing my password for that network?
View 1 Replies View RelatedI'm configuring a CentOS 5.4 workstation. I have been able to apply most of the security that is required. I have met all but one logging requirement. How do you get the count of old passwords associated with users? I don't need to see their passwords just how many times they have changed them. I have set remember to 24 in the /etc/pam.d/system-auth file. I don't know where the file is that contains this information.
View 1 Replies View RelatedLucid Lynx clean install.I do not seem to get the login screen from powerdown now. I do after logging off and logging back in again.From switched off, I get taken to my desktop and it is only a little while later, usually when starting Thunderbird or FireFox that I get asked for my password with this massagePlease Unlock The Login KeyringThe Login Keyring Did Not Get Unlocked When You Logged On
View 2 Replies View Relatedhost always ask password on 1st remote desktop (VNC) access Desktop version... how can I disable this?
View 2 Replies View RelatedSome how I seem to be locked out of my desktop computer. My password isn't working. For some reason all of a sudden it seems to have stopped working. I tried to reboot and now I'm locked out, I can't login. And I'm the only sudo user. How can I fix it or even reset my password
View 2 Replies View RelatedAfter installing ubuntu 10.10 on pc i had it running fine for roughly 2 weeks. i have selected automatic login so i do not need to mess about logging in etc, but recently my pc asks for my password to unlock keyring once it shows my desktop.
View 2 Replies View RelatedUsing linux is there any tools by which we can recover the wireless password. in fact, we write somewhere and we lost it. if we reset we will lose all setting and take longer time to configure it.
View 1 Replies View RelatedI have cross posted as it is not really a wireless network problem (wireless networking works fine) but a wireless security problem (WEP and WPA security kill wireless networking).I am not total sure which forums it should be in.From original post in networking and wireless forum:I am having a heap of issues with wireless and hopefully the following will help someone out there in guru land help me fix this problem.It seems to be more then a simple computer to wireless security problem. This is long, get a cuppa and a cumfy seat and yes this did take me the better part of 1/2 a day to complete all this testing
I volunteer my various machines and time to try and fault find the issue on all machines to help the developers to fix this problem on mine and I can document everything. Hopefully this will help someone fix wireless security on Linux once and for all.
I created a password file for use with ncsa_auth in squid. Firstly, is there a way to view the passwords in the file or are they all encrypted? Secondly, is there a way to get squid to reauthenticate the user after 24 hours?
View 9 Replies View RelatedI have a box with about 30-40 users on it, and I need to prevent a certain group of users from using sudo at all. Is this even possible.
View 4 Replies View RelatedI posted about viewing desktops remotely (received no reply), as I have an "off task web-drifting" problem with some students in my classroom, due to the fact that I no longer have my old SynchronEyes program. I have Windows Vista Business/XP Pro machines (32 of them in all) and I cannot view desktops remotely, regardless of the fact that 1) the Remote Desktop Service is enabled, and 2) I know the IP numbers and the domain names. How can I view desktops remotely with the Remote Desktop Viewer tool in Ubuntu, with the fact that the IP addresses are correct and the Remote Desktop Service is enabled on all 32 machines?
View 4 Replies View RelatedI mean, isn't that exactly how normal home users can visit search engines such as Google or Bing and search for information?
View 7 Replies View Relatedi would like to prevent all users other than the user "parker" on my system from using the su or sudo commands. I have not attempted to modify the sudoers file so it just contains the standard root ALL = (ALL) ALL.
View 5 Replies View Related