i want to know the risk with auto mounting flash drive as a root user,if for example there is a Usb Flash drive inserted into the system and we login into root unknowingly, and this flash drive contains an autorun script which calls a new script that can place viruses in your system, since you are in the root it will not even prompt for password and if the script is fast enough you will not even see it executing.
View 7 RepliesI'm trying to familiarize myself with LXDE to help a friend of mine and one thing I just cannot solve, despite many googles, is how to allow a non-root user to auto-mount drives in the left-hand pane of PCMANFM.Everything works just fine as long as I have the root passwd. Not a huge problem but very irritating none-the-less.
View 9 Replies View RelatedWhen posting results from ifconfig, it shows the hardware address of etho, etc. Would you consider that to be a security risk ?
View 9 Replies View RelatedDuring a recent install I made the leap to encryption,but /boot must remain unencrypted.Is there really any legitimate security risk to having an unencrypted /boot partition? I mean basically someone can just see what kernel you're running which they could see during boot anyways right? Oh I and keep all my financial documents in /boot/finances/ (haha ok not really, but I am serious about the first part).
View 5 Replies View RelatedI am running Ubuntu 10.04 on my laptop. I have an Apache web server running that I can access at 192.168.1.102 ("It works! This is the default web page for this server. ...").
Are there any security risks in leaving this running? Is the web server available to anyone outside my network?
I have received an email with a .csv attachment from a bank, and need to know how to view the attachment without risk. Using View>Message Source I see a large solid block of random upper and lower case characters, whereas I would expect to see some readable text mixed in. The email subject and the attachment name both contain data specific to me, but the text of the email consists largely of disclaimers with no mention of my name or any clue as to the nature of the attachment. I am using Thunderbird as my email client.
View 8 Replies View RelatedI have some questions about security
1> are the flash exploits are of any use to a Linux operating system like Ubuntu etc. ?
2>are the Microsoft office exploits any risk to libreoffice or open-office software suites?
3>are there exploits for Linux , open-office and libreoffice ?
I need to build a new computer, and I'm considering buying an "AMD-oriented" motherboard, that comes with an integrated ATI Radeon GPU.But, being a big Free Software enthusiast, that likes to have completely free drivers for everything, and knowing that the "open source" Radeon driver, for ATI/AMD GPUs, uses a non-free firmware, I'm reluctant about this... Above all, because I don't know what kind of security risk I'm taking, when using a proprietary firmware.
And, having read what was recently reported about the security of proprietary firmwares, in general,URL... if the firmware component of graphics cards drivers poses any security threat?(I mean, can the firmware part of a graphics cards driver be used to do anything more than executing instructions to display graphics?)
Having trouble adding a regular user with ssh access on Hardy 8.04. I can ssh into root, but not into the newly created regular user with the same ~/.ssh/authorized_keys
Code:
sshd_config has:
AllowGroups sshlogin
AllowUsers user root
[code]....
what could be preventing ssh login to ~user? And yes I would like to disable root ssh access, but it would be nice to be able to ssh into user first
How do I add root permissions to my user account?
I want full permissions for all computers in my house, without having to get up and go to the other room and change permissions for the file, folder, drive, directory, computer, etc., then go back to the other room again.
I just created a partition, as THIS user, THIS machine, rebooted, and cannot create a folder on the partition I just created. UGH. No more of this stuff... I guess at the very least, I'll still have to log onto each machine for this?
I am trying to run su as a non privileged user to log in as root. However, this only works when I make /etc/shadow world readable. I have /lib/security/unix_chkpwd as a setuid root executable
I use the following pam-file for su:
Code:
# Begin /etc/pam.d/su
auth sufficient pam_rootok.so
auth required pam_unix.so
account required pam_unix.so
session optional pam_mail.so
[Code]...
Any Linux machine (except PCLOS) that I log into as root user seems to not start networking. I haven't tried sudo /etc/init.d/networking restart , to see if it does start, because anytime I DO this, it's for 'local' work. How about default root user configuration settings???
View 2 Replies View RelatedI have a problem, I have installed Fedora 11. And i need to login as root user.
How to do so?
Can the audit daemon (auditd) be run by a non-root user? I'd like to create a special user who only run the audit daemon. Is that possible?
View 1 Replies View RelatedSenario is we have a system where root has authorised keys set up so that it can do a passwordless ssh to $WORKSTATION. I then need to run a script on $WORKSTATION as user "bob" and NOT as user "root". I do not want to set up user "bob" to be allowed passwordless ssh so any ideas how I can do this?I have tried variations of (as user "root"):ssh $WORKSTATION "su - bob; ./my_script"
View 5 Replies View RelatedStumped on this one. I'm trying to set up limited sudo authority on a desktop with some sensitive user data, and as an extra precaution I wanted to configure sudo to use a password other than the user's or the root's. I'm not sure how to do this. From the manual, we have a few options, such as "runaspw" or "targetpw", but none seem quite what I'm looking for.For instance, "runaspw" could be used if I created a user for nothing other than sudo(ing) purposes, but it requires you set "runas_default", which means that said user would have to have authority to execute said commands in the first place. This is workable, but seems like a lot of extra configuration for each specific command that I want to run, as well as creating some issues with simply commands such as "shutdown" or "reboot". Also, "targetpw" can be used in conjunction with a sudo(ing)-only user if I set an alias, but, again, this isn't quite what I am looking for.
Ultimately, what I am really concerned about in this situation are keystroke loggers, so I would prefer to avoid repeated entering the user or root password when performing administrative tasks. Also, I would prefer not having to create a sudo(ing)-only user as mentioned above to prevent a comprimised password resulting in an attacker being able to log into my system.
It seem like unix abit annoying every time you log in you need to password can I disable it
View 10 Replies View RelatedI get the problem to acess root password when i am in user login, means wahen i am in user login and want to install software from terminal then he asked root password, when i supplied root password but he give me login incorrect.
View 2 Replies View RelatedMy understanding is SELinux adds type enforcement to standard Linux. This means that both the standard Linux and enhanced SELinux access controls must be satisfied to access an object. Which means that thing that is prevented to do in the normal standard Linux will be also prevented in the SELinux System? Does SELinux make it possible to run a non-root software to bind to a port < 1024? something that standard Linux won't allow? If not, what other suggestions do you have for allowing a program to run as non-root but able to bind to privileged ports? I know all about using the port re-direction such as ipchains, iptables.
View 4 Replies View RelatedIn our group we use NIS and have a group set up called netadmin which is given root privileges on each machine. Each machine also has a localuser called localuser created and used during installation. When logged in as a member of netadmin, attempting any action that requires root privileges (e.g. installing software in Ubuntu Software Center) results in a prompt asking for localuser's password, not the current user's password.
Does anyone know the cause? Configuration issue or Ubuntu issue? We can get around it.
I'm using Gnome and I'd like to still have the ability to reboot/shutdown from one particular account as well as root. How would I modify the chmod command to add this ability?Also, I have a few users who just will hold the power button in to shutdown the machine. How can I keep them from doing this?// Pruned from the vintage 2007 Prevent a non-root user from shutting down, rebooting or suspend the system thread. Please create new threads instead of resurrecting ancient ones.
View 2 Replies View RelatedI have a problem with sshd daemon on a target linux system:The system has only one user (root) without password.The sshd_config looks like:
Code:
Port 22
Protocol 2
[code]...
I have tried to not allow root access and have created a wheel user.
Now I can not logged in as root.
Its okay but when am logging as wheel user and trying to access root then it says:
Code:
When I go to single user mode for resetting root password, It ask root pawssword for login.The message displayed on prompt is "Give root password for login.On the boot prompt, I select kernel and press 'e' and after one space type 1 for single User mode and then press 'b' for booting.It shows message entering in single user mode but ask root password. Even I tried into rescue mode, but I couldn't ser root password.In rescue mode on prompt, It shows rescue login: I typed root, But when typed 'passwd' foe resetting root pawssword,It shows message unknown user and not authetication.
View 1 Replies View Relatedhow to automount USB devices read-only for security in RHEL5? I'm looking for the generic solution for any USB device, so I'm not looking to hardcode something into /etc/fstab.I've hunted around and I can't find a clear answer and my various attempts have failed. I've looked at /etc/auto.misc, UDEV, and HAL. Here's where I'm at which isn't working.I have RHEL5 and from what I can tell HALD manages the automounting. HAL seems to have 2 primary directories:
/etc/hal/fdi
-and-
/usr/share/hal/fdi
The difference between the two is unclear to me.Based on some examples, I created the following file:
--------------------
Code:
<?xml version="1.0" encoding="UTF-8"?> <!-- -*- SGML -*- -->
<deviceinfo version="0.2">[code]....
No matter what I call this file or where I put it, any USB device still mounts RW. How do I fix this? Am I correct that HAL is the right place? Looking through dmesg, it sure looks like HAL controls this, but maybe I'm wrong? I've also made various attempts to solve this with UDEV and /etc/auto.misc, so if it is one of those, I clearly don't know the correct thing to do there.
Is It possible to change a process running in root-user to non-root-user by setting suid / uid / euid / gid etc... I so please instruct how, when and wat to set in order to change a process running in root-user to non-root user
View 4 Replies View RelatedMy USB devices are being automounted as root in Ubuntu 10.10. How can I automount them as the current user? Here is the output of:
sudo fdisk -l
ls -l /dev/disk/by-uuid
df
For this example, /dev/sdc1 is connected.
Code:
matt@matt-G73Jw:/media$ sudo fdisk -l
[sudo] password for matt:
Disk /dev/sda: 500.1 GB, 500107862016 bytes
255 heads, 63 sectors/track, 60801 cylinders
[code].....
Since I created second user USB devices as PTP camera, flash mass storage automounts always for the new user.
Even the second user is not logged in automount does not work for main user. When I log in as second user (with device plugged in) it is mounted automatically after log in.
What can I do with this problem?
I would like to access devices from each user (not necessarily at the same time).
How can I configure it?
How can I "remount" device to my current user without switching into the second one (it's someones else account)?
I have the following line in my fstab:
Code:
# external hard drive
UUID=4DDD273633F3859D /home/ross/external ntfs-3g auto,exec,user,uid=1000,gid=100,dmask=027,fmask=137,utf8 0 0
When I plug in the drive with this UUID, I get the following error:
Code:
Error mounting: mount exited with exit code 1: helper failed with: Unprivileged user can not mount NTFS block devices using the external FUSE library. Either mount the volume as root, or rebuild NTFS-3G with integrated FUSE support and make it setuid root. Please see more information at [URL] Is there any way that I can mount this drive (which must be ntfs-formatted) without root permissions? I have googled this error and it seems that many other people are having this same problem, but I can't find a real solution. Most people suggest just reformatting the drive.
I'm Ubuntu ex-fan (because of gnome-shell).
On Ubuntu, there was this very sane feature (for laptop/desktop user): when you insert a thumbdrive or external usb media, the system mounts the media and sets all the correct permissions for the current non-root logged in user.
What do I have to change/edit/configure to make Fedora 15 behave like this?