Ubuntu Security :: Restrict A User From Seeing Hidden Files And Folders?
May 23, 2010restrict a user from seeing hidden files and folders?
View 8 Repliesrestrict a user from seeing hidden files and folders?
View 8 RepliesI had a minor disaster and lost a lot of data. I used PhotoRec to see what it could recover, it saved them to my home directory. 488 folders I cant do anything with as I don't have permission?? I set up root and gave myself admin power but still cant delete them. If I log in as root, where can I find my home folder so I can delete the majority of these folders. Most unfortunately have nothing of value in them.
View 8 Replies View RelatedWhat, if any, significance is there to the following message shown in the rkhunter.log?
Code:
[21:11:58] Checking for hidden files and directories [ Warning ]
[21:11:58] Warning: Hidden directory found: /etc/.java
[21:11:58] Warning: Hidden directory found: /dev/.udev
[21:11:58] Warning: Hidden directory found: /dev/.initramfs
What need would there be for hidden directories to exist in /?
how could i find a hidden folder so that i can update a file.
View 3 Replies View Relatedis there any way to make files and folders hidden?
View 3 Replies View Relatedis it possible some badware file were hidden and couldn't be observed in folders or removeable devices..?and how could we hidden file (like windows)..?
View 4 Replies View RelatedI would like to allow a user to login through SSH but with differentpermission coming from different ipaddress.For example, a user "tester" login to SSH through 192.168.1.1 andanother user login with the same login id "tester" but from differentip 192.168.1.2.How do I restrict 192.168.1.2 to only allow for viewing the content inthe home directory while giving 192.168.1.1 full access?I got a suggestion from some oneApproach 1) Based on the ip you change the shell. If it's just for read only ajail would be fine.but how do I change shell based on IP?Approach 2) to have two ssh instances. Let's say port 22 and port 24. Port 22 isfor read only, while port 24 is for full accessso how can it be possible to give port 22 only read only access to SSH
View 1 Replies View RelatedI m new with Fedora 14, and i have a basic business case :
I want to setup a user which should
- only connect to the server with SSH (ex.: no X11 connection).
- cannot change its shell
- cannot do any SU / SUDO command
This user is very similar to a SERVICE user, as I expect him only to run a single program (its shell).
I would like to allow a user to login through SSH but with different permission coming from different ipaddress.
For example, a user "tester" login to SSH through 192.168.1.1 and another user login with the same login id "tester" but from different ip 192.168.1.2.
How do I restrict 192.168.1.2 to only allow for viewing the content in the home directory while giving 192.168.1.1 full access?
Here's the beginning of the issue: I'm running Fedora 12 with httpd and sshd. I want to create a user with a scponly shell for sftp access, but this user should ONLY be able to view /the/http/base/dir and its subdirectories. The user should not be able to see or get into directories above the httpd base. Someone mentioned creating a chroot jail for sshd and binding the httpd base to that dir, but this seems like more work than is necessary for the application I wish. Also mentioned was creating a user, say user1 with a selinux user setting of staff_r. I have read the articles and creating a user of staff_r isn't overly difficult, but how would I make it where staff_r would be restricted to where I want them to be? If I'm not mistaken, that would require changing the context of /the/httpd/base/dir?
View 4 Replies View RelatedI want to restrict user for SSH Logon, but able to use SFTP.
Also, i like to know how to restrict a user on SSH from everywhere except one host.
just a general weirdness, but some folders that are in my /home folder don't show up. if i check "show hidden folders", they still don't show up. for all terms and purposes, they are simply not there. however, if i search for them through the search tool, or beagle, they show up as being in my /home folder. so, anyone have any idea how this happened, or how i can remedy this?
View 9 Replies View RelatedI heard we can set security in /etc/hosts.allow and /etc/hosts.deny on user base also like something user@domain or something if so how can I restrict a user to access particular service by his/her user name in a particular host via /etc/hosts.allow or /etc/hosts.deny
View 3 Replies View RelatedI am using evolution for my email client, and it shows me hidden files and folders in the folder tree. Basically, my email folder is in a unix folder on a system, and that system logs me into my folder when I try using evolution. The downside is that files like .bashrc, .bash_profile and other weird stuff end up in the foldertree view
See how the tree would show bashrc and .lynxrc?The folder "documents" shouldn't be showing either.Yeah, that's really annoying. It showing the contents of the $HOME folder that I login to.In thunderbird those things wouldn't show.It must be evolution specific.Anyone have an idea how to fix this issue?
I want to restrict a user accessing my ftp site.
1) i can block the user in ftp configuration file
2) i can block the user in PAM or /etc/host.deny
i heard that if pam is denying the user and ftp is allowing the user the user can get the access it means that ftp conf file is stronger than host.deny
In a recent discussion I had, I was led to believe I could use sudoers to restrict using vi (for example) for the editing of say specific config files. I know how to allow root use of vi and how to lock it down from getting to a bash prompt with NOEXEC tag,but I can't figure out how to restrict the use of vi to only edit certain files. Tutorials and howtos I have checked don't address this
View 7 Replies View RelatedI have lately been converting all my Ubuntu installs to Debian. Kind of like a revival meeting. Basically I am wiping the ~/.whatever files from the /home partition and saving any that might be handy later. Save any files from the / partition that I might want something from (/var/cache/apt/archives for packages installed, /usr/share/backgrounds and so forth). The last one I am working on is a little different. It is the first install (successful) install I ever did, Ubuntu 8.04, and it is ext3 on one partition. I did the above things as on the others but it was all on one partition. Fired up my netinstall disk for squeeze and installed on 2 partitions. One new one for / ext4 and the old partition not formatted, mounted as /home on ext3.
Did a base install with only the system utilities added by the taskel business at the end of install (like always). Rebooted to that install. Every thing seems to work at the basic level. My passwords worked, both for the text user login and then the root password when I ran su so that I could purge nfs-common (it has given me problems on every install for some reason). Came back here to my usual Debian testing install, fired up boinc and then the chroot environment for the new convert. Installed gnome-desktop-environment and some other things, all from a list that I have used before in just this manner.
Go back to boot to the new one, every thing rolls fine, get the GDM3 login, enter password. "Can't access ICEauthorization". Have to Ctrl+Alt+b out. Back here I check the /home/tom directory for that install and hit Ctrl+H and there are no hidden files. Run "dpkg-reconfigure -a" to no effect. Try adding my user again and that, of coarse dose not work because the user already exists. One other thing is that if I boot to recovery it does show the message to login or hit Ctrl+D but does not stop with a prompt. Shows a couple other things and stops. Ctrl+Alt+B to get out once and had to unplug once.
Prelude: OpenSUSE 11.2 (2.6.31.8-0.1-desktop), installed Novell client 2.0 SP2 (novell-client-2.0-sp2-sle11-i586.iso).
I found that if any usual user is logged into a NDS-tree, then _local_ root has full access to user's network shares, including the user's home directory located on remote Netware-server. Is it by design or
have I missed something? Nevertheless in windows local admin has no access to network resources mounted of any other user. If you runas shell (as admin) then admin in principle can't "see" network shares which were mounted (connected) by other users - they are accessible ("visible") per session.
I'm sure most of you know that making a file or folder hidden is simple in the Linux world: Add a period (.) before the name. However, if you were to save such a file or directory to a flash drive, it would only be hidden on Linux systems. If you plug the flash drive into a Windows machine, Windows will happily show the file.Is there a way to make cross-platform hidden files?
View 4 Replies View RelatedI need to restrict users if their download file size exceeds xxx amount, set later download speed to "256kbps".
OS: Centos 5.5
Squid 3.1.8
I've recently upgraded to 10.04 and have noticed that all the files or folders I've been creating recently are read only. I can manipulate the folders on my ubuntu system itself and create new entries, folderes, subfolders, and save files. IE a payment receipt in pdf format. However if I then try to move or copy any of these to my DROBO (data storage device) the file gets the LOCK Icon on it and becomes read only. If it is a subfolder I can no longer copy to it and if it's a regular file, say a pdf or flv I can't modify it. Attempting to change the file permissions on either my ubuntu desktop or any other folder works but once it goes to the drobo I lose the ability to change it off of ---. Again, this was all working fine before doing the upgrade to 10.04. Yes I did do a clean install to 10.04.
View 6 Replies View Related I have a shared partition on Ubuntu, 'dm-6', if I create a new folder in it, it has 'teocomi' as owner.If I create the folder from another (windows) PC the owner is 'nobody' and from Ubuntu I have to chmod/chown it in oredr to edit its content...Is there a way to set automatically permission and owner for newly created folders and directories?
I tryed with:
Code:
sudo chmod u+s -R /media/dm-6
I want to add my daughter as a user and give her full permissions to all the same folders and files that I use. I have given her permission to folders and their sub folders however she doesn't have rwx on the individual files within the folders. What is the command line to set this up?
Also with the command;
Code:
chown -R root:root files
what is the -R for and when do I need or not need it?
I have been running rkhunter but how do i view the /var/log/rkhunter.log? I have tried using: sudo /var/log/rkhunter.log but all i got was "Command not found?
View 6 Replies View RelatedI want to know how much damage a user can do on my system if he decides to delete everything (or write to in case of corruption).What command or script might i use to check this?
View 3 Replies View RelatedStill working on the mask of files for shared folder. I now have a shared folder with the exact behavior I expect :
Code:
sudo addgroup share_group
sudo mkdir /media/volume/shared_dir
sudo chgrp share_group /media/volume/shared_dir
sudo chmod g+s /media/volume/shared_dir
sudo chmod 770 /media/volume/shared_dir
sudo setfacl -d -m group::rwx /media/volume/shared_dir
sudo setfacl -d -m other::--- /media/volume/shared_dir
emma@box:/media/volume/shared_dir$ ls -al
total 8
drwxrws---+ 2 root share_group 4096 2010-02-09 12:53 .
drwxr-xr-x 8 root root 4096 2010-02-09 11:58 ..
-rw-rw----+ 1 emma share_group 0 2010-02-09 12:53 test
By default, user from the group can modify this file. That's perfect.
I have define the share in Samba this way :
Code:
[share]
comment = Shared Folder
path = /media/volume/shared_dir
browseable = yes
guest ok = no
read only = no
hide dot file = yes
# force group = share_group
# create mask = 0660
# directory mask = 0770
# force create mask = 0660
# force directory mask = 0770
When drag & dropping a file in this share, here is the default mask:
Code:
emma@box:/media/volume/shared_dir$ ls -al
total 192
drwxrws---+ 2 root share_group 4096 2010-02-09 12:54 .
drwxr-xr-x 8 root root 4096 2010-02-09 11:58 ..
-rw-rwx---+ 1 emma share_group 6148 2010-02-09 12:54 .DS_Store
-rw-rwxr--+ 1 emma share_group 176684 2009-12-21 23:33 IMG_7487.jpg
So the dropped file have execution rights for the group, and read access for other. I expected it to have the same rights than the file created directly using the touch command. I tried to play with the mask options, without success. The file has been dropped from my mac, which is a Unix like OS. I guess that some authorization access are inherited from the original file, for the user and other parts. But where does the group authorization come from ? Moreover, is is possible to define in samba a default mask, whatever the authorization of the original file?
After trying Truecrypt, LUKS, and Ecryptfs I decided to try NTFS encryption. Now, on a dual boot computer from Ubuntu I can browse the encrypted folders but can not open the encrypted files. All attempts produce access denials yet the Unix file permissions appear to be "0777" (owner, group, and world readable-writable).
Is there someway to get Ubuntu's NTFS software to recognize and decrypt the encrypted files? Would a different NTFS package work such as NTFS-3g?
I m going to create a backup script for my files/folders...
This script creates tar.gz of the folders/files you want.
This i want is to encrypt these .tar.gz files and when i need them to decrypt them. Does anyone have an idea on how to encrypt these files ?
my script looks like this :
Code:
BACKUPDATE=$(date +%d%m%Y)
cd /home/n3t
echo "taking Backup of your home/n3t/Downloads dir"
tar -czvf /media/disk/BACKUP/home/Downloads/$BACKUPDATE.tar.gz ./Downloads
I need 2 Linux users to share a folder. Within this folder, users should always be able to create files and sub-folders and write into any sub-folder (whether they own it or not). However, they should only be able to edit the files they actually own.
View 1 Replies View RelatedRecently I've been finding two strange-looking files on my Windows shared folders! Their names are 'khy' and 'qffhtx.exe', they appear as hidden, and they're hard to delete!! especially the first one because it has no extension. I use Ubuntu 10.10, but I am worried because I also dual-boot Windows XP. Today I tried to open the .exe file in nautilus to see what is inside and I received the message "Unable to open archive", 'khy' is apparently an empty text file. Then I unmounted my /home partition so my files are out of the way, and I ran the .exe file using WINE,
Now I have a strange-looking applet on my top panel!! and it says "Script paused", also it says "Exit', and also Wine command prompt says something strange about "LockWindowUpdate", don't imagine it I'll post the screenshots so you can see it for yourselves. Also --and this is weird-- the virus apparently is trying to call a Windows process named csrcs.exe!! Again, I'll post the screenshots.
If this is a virus, then it's like a fish out of the water on my Ubuntu, it's probably trying to do something but it can't find its way around, it's kinda funny, but Im worried because I also dual-boot Windows XP, I'm having a hard time trying to remember the name KHY, it's a very weird acronym, it's the acronym of a disease, according to what I googled, i'm sure it's a virus!!! Anyway it's HARD to remember!!!
what can I do about this? How can I see the "script"? can Ubuntu kick its ***?how can I clean my Windows?