Ubuntu Security :: Restrict Users Password Changing To Themself
May 11, 2010
I want the users to access servers via ssh public key only. By default they don't know their initial password and do need to change that when performing administrative tasks.For changing their passwords without knowing the old they need to switch to root for this special case.The only case it seems I don't have control is that users can not only change their password but also the password of other peoples. Does someone sees a solution (without apparmor/selinux and special /usr/bin/passwd.sh) to restrict users to only change their password?I miss the feature of using environment variables in sudoers file.
View 9 Replies
ADVERTISEMENT
Jul 17, 2010
I use the following method for preventing the users from changing their passwords , is there any other method other than this ?ls -l /usr/bin/passwd-rwsr-xr-x 1 root root 37140 2010-01-26 12:09 /usr/bin/passwdso we need to remove the suid for that command as follows :- chmod u-s /usr/bin/passwdnow normal users won't be able to change their own passwords - and only the root user will be able to do it for them.
View 9 Replies
View Related
Apr 14, 2010
I've installed Ubuntu Desktop Ed 9 and I want to add a user account that would be very restricted. I would only want them to access the internet and run several programs. I do not want them to have access to the destkop, anything under preferences, administration etc... Is this possible?
View 1 Replies
View Related
Mar 17, 2010
I tried changing the sftpserver port but its not working, besides how can i restrict users from particular ips.Eg: users a can ssh from 192.168.*.*user b can sftp from 200.*.*
View 2 Replies
View Related
Oct 22, 2009
I want restrict telnet session to users.
That means the client login one user at a time. not multiple login.
For example:
I want restrict this. How to restrict one user to use multiple login.
View 4 Replies
View Related
Oct 30, 2009
Is it possible in Linux to restrict POP3 or IMAP for particular users.I need a confirmation on this, that it is possible or not in Linux.
View 3 Replies
View Related
Jul 17, 2010
I use the following method for preventing the users from changing their passwords , is there any other method other than this ?
ls -l /usr/bin/passwd
-rwsr-xr-x 1 root root 37140 2010-01-26 12:09 /usr/bin/passwd
so we need to remove the suid for that command as follows :- chmod u-s /usr/bin/passwd now normal users won't be able to change their own passwords - and only the root user will be able to do it for them.
View 4 Replies
View Related
May 6, 2010
I am on ubuntu server and its joined to an W3k Domain thru winbind/samba. However everything works fine and Windows and Local users can login to the machine without any problem. However when I wanted to create a local user X and change his password I couldn't. It created the local user X but I could not change the password.
View 1 Replies
View Related
Aug 3, 2010
I already posted a topic similar to this concerning the Desktop OS version, but this deals with the Netbook because unlike the Desktop, the Netbook is less cooperative. Allow me to elaborate: Today (or rather yesterday since it's not after midnight where I am), I changed my password because I was hopelessly confounded about how to get my Wireless Network card up and running after it had been installed and I was allowing my dad to use it. This issue has since been resolved, however...
When I chose my password during the original installation, there was no mention of it being "too simple." This is where the Desktop OS and the Netbook OS differ. The desktop will let me change it in the terminal without any errors. The Netbook will not. When I've attempted to revert it back to the original, it will not let me do so in the User Profile or in the Terminal. The Passwords and Encryption Keys application also does not appear to help.
So now even after I've changed it to a different "complicated" password I am still prompted to insert two different passwords since I changed my user password but I am unable to change the password I input during the installation. A bit screwy methinks. This is extremely important. I'd like to know how to change the original installation password.
If I can't change the main password on my laptop then this is a serious potential security breach just waiting to happen (especially since it's on a laptop and I will be hauling it around with me) and I will most likely install a different OS if this isn't resolved --- It would be very unfortunate since I spent the whole day fixing it and I really enjoy the interface. Luckily I can live with this on my Desktop since I'm not going to be hauling it around with me everywhere when the school year starts.
View 9 Replies
View Related
May 6, 2010
I am on ubuntu server and its joined to an W3k Domain thru winbind/samba. However everything works fine and Windows and Local users can login to the machine without any problem. However when I wanted to create a local user X and change his password I couldn'tIt created the local user X but I could not change the password. Here are the outputs:
Pam configs:
Common-account:
account sufficient pam_winbind.so
[code]...
View 2 Replies
View Related
May 6, 2011
I am using Mandriva 2010.2 KDE. When I try to change my password, using the Welcome>About Me>Change Password, I am asked to type in my current password, after I press OK, the dialogue box just seems to hang, nothing happens, the computer does not freeze, just the password dialogue box kind of stops responding.
View 3 Replies
View Related
Feb 4, 2010
How can I prevent users from changing their own password? I was surprisingly unsuccessfull in finding a solution for this on google. Lots of stuff about hardening ssh access or dealing with password aging using "chage" but nowhere could I find an answer for my question.
View 5 Replies
View Related
Jun 15, 2011
I am administrating a system with about 40 or 50 users, and we recently jumped ship from windows to ubuntu. Most of my users are getting along fine, but it seems every few days, i have to help someone who accidentally changed something, and now their account (or more rarely, the machine) is unusable, and has to be reset.
I know configuring /etc/sudoers is a huge step toward fixing my problem, but that still will not completely solve it. What I would like to do is prevent users from making ANY changes to the system (aside from their work files and the like), including themes, icons, desktop, background, etc.
View 2 Replies
View Related
Sep 30, 2010
'readonly HISTFILE'
but the user could tamper with the histfile itself. Like:
rm -f $HISTFILE;
rm -f $HISTFILE; mkdir $HISTFILE;
rm -f $HISTFILE; ln -s /dev/null $HISTFILE;
I'm experimenting with PROMPT_COMMAND to execute a command each time the user executes a command and so log it somewhere else.This post was pruned from the 2009 Is there a way to prevent users from changing or unset their HISTFILE variable? thread. Please do not resurrect old threads but instead create your own (and maybe provide a link to the old one).
View 2 Replies
View Related
May 17, 2010
Is it possible to change the log in password? Someone set this up for me and the password is too simple.
View 5 Replies
View Related
Aug 30, 2010
I need to be able to capture a users password when they login. I am well aware of the security issues with this and I'm ok with this.
We run a call center and I am working on migrating from windows to Kubuntu for the callers. It's policy that all callers must report their password to me, so I already know of everyone's password. There has to be some variable/script that I can "hack" to get the password they typed in to the login screen.
What I'm trying to do is that when a user logs in in for the first time, their profile is automatically created and set up. Setting up network drives, email, pidgin (which the password is stored in plain text anyway, so forget about security on that one), web apps, etc.
Trying to find information on How to capture a users password and all have been responded with the usual lecture on why you shouldn't do this. So I've heard it all before and I know of the risks. Like I said, I already have the callers password on file. If I could capture it, I wouldn't have to manually setup each profile every time we get a new caller, which is often since turnover is quite high in call centers.
View 5 Replies
View Related
Oct 19, 2009
When I installed Fedora selected the option to encrypt the hard drive. I want to change the passphrase, is there a way to change the passphrase, or do I have to re-install Fedora?
View 3 Replies
View Related
Mar 10, 2010
When I first installed 9.04 (from scratch), I chose the option to have my entire account encrypted... I used the same password as my login password, and wrote down the key hash that it displayed for me just like instructed... everything was working terrific...Well, yesterday, I wanted to change my account password. I changed my account password, and it took effect immediately (I tested it by using "sudo -s" to see if I could elevate to root from the terminal... worked just fine). Being satisfied with my new password, I shut my computer down...
The next time I started it up and tried to log in to my account, it I put in my username and password and pressed enter, and it accepted it just fine, and started to boot to my desktop... it then immediately prompted me with something about "your session lasted less than 10 seconds, try starting in failsafe mode" or something along those lines, and immediately booted me out and back to the gdm login screen... I thought it was just a glitch so I tried again... same thing... gave me the "less than 10 seconds" prompt and booted me back to the gdm...
I thought maybe my filesystem became corrupted, but I didn't give up... I attempted to login to my fiancee's account, and it worked just fine! Using her account, I was able to quickly and safely boot into her desktop environment with no errors...I opened a terminal and used the "su" command to access my account... When I did this, it gave me some kind of error and told me to run ecryptfs (can't remember exactly which command... now). I ran ecryptfs and put in my NEW password... it told me that the passphrase was incorrect. So just out of curiosity, I ran it again, and this time put in my OLD passphrase, and it worked immediately! At this point, I realized that my gdm login password got changed, but my ecryptfs passphrase did not, and the two were not matching up (I assume that on login, gdm passes this password on to ecryptfs, and that when the two did not match up, it was booting me out with the whole "session lasted less than 10 seconds" prompt...)...
So what I did at this point was, while logged into my girlfriend's account, I "su"'d into my account, and used the passwd command to change my password back to my OLD password... once the password was changed back successfully, I restarted my computer and tried to log into my account from the gdm... worked perfectly this time with the old (original) password...When you change your session password, shouldn't it automatically change the encyrption password to match? Or at the very least, warn you that if your account is encrypted, you must take further steps to make these two passphrases match? Also, what command would I use to change my "ecryptfs" password to manually match my session password?
View 4 Replies
View Related
Dec 23, 2010
How to allow users to change their password in chrooted ssh as long as the modifications in the shadow file in the chrooted environment will not be applied on the system itself ?
View 2 Replies
View Related
Mar 10, 2011
I've set up a user account for friends & colleagues that does NOT require a login password. Unfortunately, in this OS some things don't work unless you login -- sudo Must regular users have AND use Root's password?
View 9 Replies
View Related
Dec 3, 2010
The title says it; I want to prevent users from viewing the wireless network password.
View 9 Replies
View Related
Jan 2, 2010
I recently was able to network 2 computers at home and I wanted to make my password more secure. When I try to edit my password via System>Administration>Users and Groups, it doesn't workI am able to edit my user settings. When I change my password I enter my old one and it accepts my new one. Problem is when I try to install programs, login and do other things it only accepts my old password. How can I change my password?
View 3 Replies
View Related
Jan 7, 2011
I don't know if this is Just my Machine, or not. But here is it:
Ubuntu 10.01
Acer Aspire 7740
When the computer is locked. I can smiply go to switch users. when the list of users logins are shown all i have to do is click on my user name and it allows me into my account without typing in a password. I can lock the computer manually or wait for it to time out it doesn't matter. the switch users method allows me to bypass the password protection.
View 3 Replies
View Related
May 3, 2011
I was just wondering how do i restrict someone from entering other files. Like other peoples files & the system files. My users are in /home/. I am running ubuntu 10.10.So how do i restrict access to other folders. Because i dont want other people looking inside others files or messing up my linux files.
View 3 Replies
View Related
Dec 16, 2010
How would i go about restricting users to there home dir in sftp and in ssh so that they can not go poking about other dir and files thats above there home dir ?Operating systemCentOS Linux 5.4 Kernel and CPULinux 2.6.18-194.8.1.el5.028stab070.5PAE on i686
Also it will have to be a low resource usage as i dont have much memory on it
View 3 Replies
View Related
Jun 20, 2011
Is it possible to restrict users with 'sudo' from accessing certain directories? Rather than just exclude cd and ls from the sudo privileges, that is.
View 5 Replies
View Related
Jul 21, 2011
I have an Ubuntu 11.04 instance running on Amazon EC2. I am currently using it as an SSH tunnel/SOCKS proxy. Most of my Net activity is on a Windows 7 machine running PuTTY. This setup is working very well. So well that a few of my friends have expressed interest in accessing it. Question is, how do I share this proxy, without giving away my private key and root access? I would like to limit users to only being able to set up an SSH tunnel/SOCKS proxy, with no shell access. What other security measures would you recommend for such a setup? I googled a bit and saw references to rbash and chroot. I have already changed the SSH port, and set the EC2 firewall to allow inbound SSH only from my ISP's address range. My friends use the same ISP. They would probably be running Windows 7/Vista, and PuTTY too.
View 4 Replies
View Related
Jul 1, 2010
I'd like to restricting my ftp users to access 1 particular folder.
we have a root folder called /home everyone has aces to that so they can operate.
but then there is /home/config how can i restrict certain users from access /config folder, since this is containing sensitive files I would like for no one else but my self to be able to access it.
View 3 Replies
View Related
Mar 16, 2011
How to prevent a user sending a mail to a particular user in an intranet mail server?I tried with /etc/mail/access file but could not.
View 4 Replies
View Related
Apr 30, 2010
I have Ubuntu Server 9.10 running with vsftpd and I want to restrict users from uploading certain file types (.exe, .avi) ect.. Is this possible?
View 1 Replies
View Related
