Networking :: Run The Job Under A Root Account And Deny Read/write Access To A Normal User?
Jan 18, 2010
I'm setting up Ubuntu Karmic on my sister's old computer for my nephew, he's quite young so my sister asked to install some content filtering. I'll first setup an OpenDNS account and I've installed and managed to get dansguardian and squid working on a virtual machine to try it out. so far it's working pretty well, but I need to secure it form the inside out.
I was thinking of blocking specific outbound ports so he could not bypass the proxy. because by default the firefox configuration can be easily changed. so I have a couple of questions.
1. is it possible to block outgoing ports on Ubuntu?
2. is that the best method?
3. is there anything else I should be aware of to prevent subversion?
lastly, this question is probably unrelated to this board but I've set up a cron job to update a dynamic ip with OpenDNS, the problem is that the password is in clear text in the user's crontab, can I play with permissions? is it possible to run the job under a root account and deny read/write access to a normal user?
I made a Desktop User account. When I went on that account, it allowed me to execute sudo as if I was an administrator. I don't know what might be causing this. I do have ufw set up and blocking incoming connections. Do you guys know what might be at the root of this?Also, when I used sudo from the user account (which I shouldn't have been able to do), I provided the password for my admin account.
On a Fedora Core box, I have a normal non-privileged user and I also have sole access to the root account. Because I am the only administrator of this box, I frequently su over to root for administrative tasks. The problem is that many of the user configuration I've become accustomed to are only configured on my day-to-day account (.vimrc, .bashrc, .screenrc, etc). Other than giving my day-to-day user account privileges to perform administration tasks, how would I go about sharing configuration between these two accounts?
I want to simply mount an ext4 file-system onto a normal mount point in Ubuntu (/media/whereever), as read-writable for the current logged-in user, i.e. me.
I don't want to add anything into /etc/fstab, I just want to do it now, manually. I need super-user privileges to mount a device, but then only root can read-write that mount. I've tried various of the mount options, added it into fstab, but with no luck.
I am a user of a cluster. I don't want root to see/copy files from my user account(obviously). Is that possible to limit the access of root to users account?
I would like to know if it is possible to deny the access to a file for root? Would ACL's be a possibility? I have "googled" around but haven't found anything interesting (except SELinux). I should secure a password file to an important database.
I have shared two external harddrives via samba on ubuntu, but only I can access it. The reason being is because I have logged into linux, and become the owner of the external hdd's. On the permission properties, I can see that the group I have created every other user under has "No Folder Access", and if I change this it reverts back instantly. So frustrating, I've tried to chmod it which hasn't done a thing. The owner of the external hdd's seems to be the only person who can access it over samba.Is there anyway I can get normal users to just read and write to external hdd's?
Ive managed to install samba, I've shared a folder. I can access from a Windows 7 machine via \ubuntupublic. I can put files in the folder form the ubuntu machine and edit them on the windows box. I can put files in the folder/share from the Windows box but then I cannot edit them on the Ubuntu machine (they are read only and have a "Lock" over them). I can fix this by going to the properties of the file/folder in Windows and manually assigning "Everybody" full control (then the lock disappears and all is well.) I want read/write access to all the folders contents from both machines all the time (security is NOT a concern I WANT the permissions wide open) what am I doing wrong?
In the past, I've installed Internet services as daemons and as xinetd.d with no problems. Those approaches do not meet my needs. And, perhaps, nothing will.
- the service was converted from VB-6 to wxPython. It has a GUI which is accessed with either "remote desktop" or VNC. - the wxPython service works on Windows and can be accessed from other hosts on my LAN - the wxPython service works on CentOS and Fedora, but can only be accessed from within the server host. Even from other user-ids. But, I cannot get to it from other hosts. - ipchains AKA firewall ports are marked for INPUT. - The server host uses autologin to fire up a useid in group "user". I do not want it running as "root". the .bash_profile fires the service up. - the service is heavily mult-threaded, and supports devices connected to serial ports asynchronously with the ephemeral port threads (all this works).
There are some programming solutions that I would rather not develop. - a proxy service that runs under xinetd.d. - separate the GUI code from the Internet and serial port code. Allocate a "control" port for remote GUI control. a'la SAMBA & SWAT
Is there any hope, that I can run it as is, by doing some network configuration stuff.
I cannot log into the normal user account after shutting down the OPENSUSE 11.1 system by cutting off electricity. The system always returns to the login page which requires to choose account id and enter passwd even when I type in correct normal user id and passwd. The root account can be used.
My linux distro is CentOS 5.3. Today I edited /etc/sysconfig/readonly-root and set "READONLY" to yes, now my /etc/sysconfig/readonly-root file is like this:
# Set to 'yes' to mount the system filesystems read-only. READONLY=yes # Set to 'yes' to mount various temporary state as either tmpfs
i am having problems with privileges i have created a new user with my name, but i cant get root privileges on it. i need the same privileges as the root profile.
I managed to setup an encrypted partition that's mounted on boot using dm-crypt/LUKS.
The relevant entry from my /etc/fstab:
/dev/mapper/st_crypt /media/st ext4 defaults 0 2
The partition is mounted at boot, and I can write to it as root just fine, but I have no idea how to make it writable by a normal user (i.e the users group).
I would like to allow normal users to run some root scripts (e.g the sound subsytem [alsa]) in cases sound is stuck. What is the best way to allow this to happen in opensuse? There are many ways to do that (and I do not know how to use any of them ) and I am not sure which one is more suse all right.
What are the possible problem when Windows access the file from Ubuntu got Read Only even though have a full permission to read, write and execute the file? Ubuntu to Ubuntu accessing the file there is no problem only Windows got a problem.
I need to create an SSH user that can only access the directory I would specify for them. For example, I've been able to execute the following: useradd -d /home/me/directory_for_this_user someuser
So when someuser logs in they get into this directory. Problem is that once they log in they can simply execute: cd / and navigate through all other directories which is a security risk.
How I could limit someuser's access to only /home/me/directory_for_this_user and its subdirectories and nowhere else in the system?
Because I have a flaky wireless device, I occasionally get a hung connection and this script gets things running again in just a few seconds except obviously the boldfaced item, as it still tries to run in the root directory and gives errors:
Configuration file "/root/.kde/share/config/knetworkmanagerrc" not writable. Please contact your system administrator.
So I am not sure how to get knetworkmanager to run as me, the user ubuntu in the /home/ubuntu directory
#!/bin/bash service network-manager stop sleep 1 killall -9 knetworkmanager
I am using fedora 12.I have two internal drives. Both are ntfs. Whenever i click on them it prompts to enter root password. But i want to mount them as normal user without entering any root password. How can i disable it so that i am not asked to enter root password everytime i mount the drives.
I'm trying to get my backup script to run every week, but as a normal user, and not as root as it is done when the script is placed in /etc/cron.weekly. Anacron fits my needs in the sense that it doesn't require my computer to always be on, as opposed to cron, and will just run my script when it can, but at the most each week. Cron fits my needs in the sense that I can run the script as the user I am logged in as. The particular script backs up my home directory with rdiff-backup, and it is very convenient that I am the owner of that backup, since when root performs the backup, I am unable to browse my own backup files and must use "sudo" to do this.
Is there a way to let me use the feature of anacron that allows my computer to not always be on, but still get a weekly execution, and also run the script as a normal (non-root) user?
I'm using fedora 12 and modified the user login options(normal and super user login). I've been using the accounts for a while but i've bumped into a problem - audio not working as a normal user but works when logged in as root. Also, i'm not able to use VLC as a root user.
Here's the issue: from time to time I have to take away my son's access to the internet, so I exclude his laptop from my wireless Linksys router. Works like a charm, or it did until he discovered that my neighbor also has a wireless router, and hasn't secured it.
So my son sits in the corner of the house closest to my neighbor and uses their internet.
Is there any way I can tell his laptop to NOT access a particular router? Or even better, to only access my router?
I need to change a filename but when I boot up I get the message root device is read-only. Is there a way of changing this so that I can change the filename. I have a Mac Pro running Leopard OSX. The graphics card an NVIDIA 7500GT or driver has failed. It was suggested elsewhere that I change the relevant kext files to filename.kext.old, which I did, now when I try to boot start in OSX I get a message in various languages telling me to restart. I have tried booting in safe mode and from original Installation CD. In Safe Mode I get the same multi language splash screen, from CD I still have the graphic card problem, screen freezes and artifacts appear. So I boot up straight into CLI by holding down CMD-S hoping to be able to change filenames back but it says device read-only.
