CentOS 5 Server :: Avoid Adding Users To Group Like Wheel?

Jan 7, 2011

i just want to prevent from now on from all users maybe even root from adding other users to groups like wheel for example. I also want to know how can I prevent from all users to create new groups or add users to new one.real

View 2 Replies


ADVERTISEMENT

Security :: Add A Group Of Users To The Wheel Group?

May 19, 2010

I have a number of users, categorised into various groups. I would like one of those groups ("developers") to be in the wheel group as well. I don't want to just copy the people from the developers group into wheel, because then when that group changes I'll have to change it in two places. Is there a way to specify that anyone in developers is in wheel, and have that be dynamic?

View 7 Replies View Related

General :: Adding Users To Existing Group

Aug 26, 2010

I've been asked by my professor to add the list of users to a linux server (not sure of the OS type I think he said debian) but anyway. He gave me this script to add users.

Code: #!/bin/bash
# Script to add a user to Linux system
if [ $(id -u) -eq 0 ]; then
read -p "Enter username : " username
read -s -p "Enter password : " password
egrep "^$username" /etc/passwd >/dev/null
if [ $? -eq 0 ]; then
echo "$username exists!"
exit 1
else
pass=$(perl -e 'print crypt($ARGV[0], "password")' $password)
useradd -m -p $pass $username
[ $? -eq 0 ] && echo "User has been added to system!" || echo "Failed to add a user!"
fi
else
echo "Only root may add a user to the system"
exit 2
fi

I need to see if I can get this script to read a file that list the usernames and their passwords using the pipe command (or some similar command) so I can just do it in one batch. I've done some searching but there are so many vairiations of the code that I've confused myself. Also, I'm not too familiar with linux, it's been a few years since I've used it but in the prior script, I need to add the users to an existing group named "forensics". Which line would I change/add in order to do this?

View 3 Replies View Related

Ubuntu Servers :: Adding AD Domain Users Group?

May 4, 2010

I have server 9.04 and joined thru winbind to Windows Domain and subversion installed.Windows AD users can use their own credentials to join and everything is working fine.However the group svn which is used to access the repos in /etc/groups has some users.However I would like to add the domain users group to the svn group but the domain users contains Space. And /etc/groups does not happend to read the space any ideas on how to add "domain users" to the svn group in /etc/groups

View 1 Replies View Related

Server :: Script To Add A Secondary Group To All Users Except System Default Users?

Jun 28, 2009

script which can add a secondary group to all existing users except system users in linux.

View 5 Replies View Related

CentOS 5 :: Adding Users With Disabled Logins?

Mar 16, 2011

I have recently installed CentOS on my server and I am trying to install a Teamspeak server as well as a web server using ISPConfig. But, for installing a Teamspeak server I wanted to create the user account "teamspeak" to run it so my files under root are not accessible for security reasons. I was wondering if there was a way of creating the user teamspeak with a disabled login, I know in Ubuntu to do this you do: adduser --disabled-login teamspeak

View 6 Replies View Related

Server :: Implement Quota Per Group Users?

Nov 12, 2010

I want to implement quota per group users like this: Assume i have a Student group in my system, that student1 and student2 and student3 are three users in this group. i want to set quota 100GB per each user in this group, 100GB for student1, 100GB for student2 and .... The problem is when i set quota per group i cant say each user in that group have 100GB quota limit, also when i set quota per user, i should set one by one for each user.I want to know, is there anyway for set quota for all users in specific group?

View 3 Replies View Related

General :: Secondary Group Users Need To Change File Permissions Of Primary Group Files?

Oct 19, 2009

i want secondary users can able to change the files permissions of primary group?user MAC is having www as a primary and httpd as secondary group. But he want to change the file permissions (chmod) httpd group files. Is it possible or not? I think its not possible. If it`s possible then let me know how?

View 3 Replies View Related

Server :: Multiple Users Per Ldsp Posix Group?

Mar 15, 2010

I want to add some users to multiple groups. syntax of the file to pass to ldapadd? or would I use lapmodify? Does one add/modify a user record to specify the groups that user is a member of? Or does one add/modify each group record to specify which users are members?

View 1 Replies View Related

Server :: Removed Users From Group, But The Folder Is Accessible?

Mar 9, 2010

i added users to the group om PDC after it i shared folder on linux server and given permission for users from this group, the folder is showed correct. After it i removed users from group, but the folder is accessible. Where is mistake?

[global]
workgroup = STSCOMPANY
password server = *

[code]....

View 3 Replies View Related

Server :: Adding LDAP People Entries That Are Not Users

Jan 22, 2010

I currently have an LDAP database on my Suse 10.2 server for managing authentication and controlling emails for my Cyrus email server. I use this setup to provide email functionality to my web and email hosting clients, as well as DNS functionality, and it uses the default LDAP database that was setup when OpenLDAP was initially configured. Email support is working wonderfully, I might add. I also tested and verified the use of an email lookup directory in two different email clients (Outlook and Evolution) so that I can tell one of my clients how to lookup the email address of users who are setup in the LDAP server, and it works beautifully.

However, I'd also like to be able to allow my clients to build a shared contact database that can also be used in their email clients so that they can share them among all of their users. Ideally, I would need to be able to allow each client to have their own database of shared contacts, and I assume this would be done by creating a new LDAP database for each client company (i.e. group of users) that can contain the list of shared contacts for any of that client's users. When they configure their email client directory settings, they would enter the base path to their database in order to retrieve their shared contact database entries.

In my web searches, I've found plenty of CRM solutions on the web that claim to provide this type of functionality, but I believe that OpenLDAP contains everything I need to make this work without adding another layer of software to the server solution. (I subscribe to the "Keep it Simple, Stupid!" approach whenever possible.) Essentially, I need to have People entries in a client's LDAP database that are NOT email users on the system. The fields in the standard people schema are all the fields they would need - as long as I can figure out how best to add these non-user entries in the LDAP database. Are there any potential difficulties in creating additional LDAP databases expressly for this purpose?

Are there any tricks to adding contact entries into a client's LDAP database without them also being current email users on the server, so that those entries can be retrieved through an Email Client directory lookup? I will also want to provide an easy method for my client users to add new entries to their LDAP contact database, most likely through a web interface for them that could then issue LDAP commands on the server based on the input fields for the new contact. (I don't believe this is possible from within the email client itself.) Is there any reason this could not be done with the proper configuration? What should I be aware of as I setup this contact management web interface? Is there a better way for non-technical client users to manage this list of shared contacts?

View 3 Replies View Related

Server :: Adding More Users In LDAP Servers And Clients?

Mar 18, 2011

I installed and configured LDAP server and client on RHEL5 successfully. Problem is that when I add more than one user on server and clients, It shows error 'invalid user'.When I run the command:-#chown -R user:users /home/user, It shows error 'invalid user'. by step for adding and modifying more users in ldap servers.

View 1 Replies View Related

Fedora Security :: Limiting Sudo - Giving Full Privileges To The Wheel Group In The Sudoers File

Feb 15, 2011

I have previously set up sudo via adding my name to the wheel group and then giving full privileges to the wheel group in the sudoers file. Now I choose to learn to limit that. Had noticed the most frequent use I have of sudo is to run yum update. This got me thinking, could I remove the wheel group privileges and add the following line in sudoers to limit the privilege to simply running yum, and furthermore, make it so I could run yum without a password:

## Allow root to run any commands anywhere
rootALL=(ALL) ALL
Troy ALL= NOPASSWD: /usr/bin/yum

I think that would in fact work (if I understood one of the pages here, it will work). However, upon further thinking I realized that in such a case then anyone sitting at my computer could then use yum, without a password, to install or remove any file on my system � probably not a good idea. As a result I have to ask, can I tighten the privilege even further such that the only privilege so given was to run �yum update� and nothing else? (for example if they ran �yum install� it would fail). If you can do it, how?

Last, I was going to limit the privilege, time wise and try wise, by adding the following to the sudoers file:

# Defaults specification
Defaults:Troy timestamp_timeout=0, passwd_tries=3

Will that really work to limit the elevated privilege so I don't have elevated privileges lingering about, or is there a better way to do so?

View 3 Replies View Related

CentOS 5 Server :: Pacemaker - Ping The Gateway To Avoid Split-brain?

May 26, 2010

I've set a two-node cluster using Pacemaker/OpenAIS. I have only one network and if I break this one, the communication between node is interrupted ... With a ClusterIP resource, when network is breaked, then each node start the ClusterIP => 2 same IP .. Is there a way to define the prefered location of a resource when connection between these nodes is broken ?

A <==> B

If one of the node lose the network, then follow a previously written rule : start resource on A (for example). B will know than it's not the prefered node and so, will stop to serve. Possible ? This is because if both node are connected, but a problem between these node occur and client can join both node ... then the split brain is problematic ... A better solution is to add a rule when the split-brain occurs : all node wich can't reach the gateway have to stop all resources ... And so, if it's A wich lose the network, service will start on B and only B without any problem ...

View 1 Replies View Related

Ubuntu :: How To Map Domain Users To Local Users Group

May 27, 2011

how to map all domain users form group Domain Users to local group users (and maybe some more)? Im using Ubuntu 10.04 x32. Its connected to my domain using Samba and Winbind, I can login using my domain credentials, automatically map user folder form DFS server, but I think that domain users have too much priviledges in the system and want to restrict them as much as possible

View 2 Replies View Related

General :: Vsftp - Some Users See Files - Some Don't - But All Users Are In Same Group

Jan 18, 2010

When I have different people log into our ftp and browse to the same folder, some people see the files inside, some don't. all the user accounts are in the same group, which has permission to this folder. but the one user who can see the files is the owner. how can i fix it so everyone in that group who's the owner of the folder can see the files?

View 10 Replies View Related

OpenSUSE :: 'users' Is The Default Group For New Users?

Sep 4, 2011

In other Linux distros I've used, new users are assigned to their own group (i.e. user 'joe', group 'joe') by default. To my surprise, when I create new users with my openSUSE 11.4, they are all assigned to the 'users' shared group by default.To test this, I created a new user called 'friends'. From my terminal, I can see how the new user files look like:

joe@linux:~> ls -l /home/friends/
total 40
drwxr-xr-x 2 friends users 4096 Sep 3 11:37 bin

[code]...

View 9 Replies View Related

Ubuntu :: Avoid Users Writing On The Same File?

Feb 27, 2011

Is it possible to forbid that more then one user open the same file in rw mode? In windows when you open a file that another user is using, there's ad advise and you have to open it in read only mode

I installed ubuntu 10.04 desktop edition on 3 pc (there is not a server-client architecture). I installed samba.(and smbfs)

put the strings:
[name]
comment = ...
path = /...
guest ok = yes
read only = no
create mask = 0777
directory mask =0777

Computers that access to that directory do (on boot, with root privileges)
mount -t smbfs -o username="user",password="pass" //192.168.0.12/name /mnt/cartelladimontaggio

But if two users access to the same file, both are authorized writing on it! So changes made by one are lost when the other save.

View 4 Replies View Related

General :: Avoid Users To Change Password

Oct 21, 2009

I'm using opensuse and i'm trying that users cannot change his own password (mantaining /bin/bash users active). Do you know how can I do it?

View 10 Replies View Related

Server :: Apache Authentication: Allow LDAP Group OR User Named Guest But Not All LDAP Users?

May 25, 2011

I am using RackMonkey to map out my lab. Unfortunately, due to RM limitations, every user who accesses the site has write access UNLESS they are logged in as a user named "guest". I currently have Apache allowing only the users (sysadmins) in an LDAP group access to RM, but I would like to allow read-only access for other users as well.I found mod_authn_anon, but I am having trouble combining the two authentication methods. I am using Apache 2.2.18 (compiled myself) on SLES 11.1.

This is the common part:

Code:

AuthType Basic
AuthBasicProvider ldap anon
Order allow,deny
Allow from all

This part by itself works for the LDAP authentication:

Code:

AuthName "System Admins"
AuthLDAPURL "ldaps://example.com/ou=ldap,o=example.com?mail" SSL
Require ldap-group cn=SysAdmins,ou=memberlist,ou=groups,o=example.com

This part works by itself for guest access:

Code:

Anonymous guest
Anonymous_VerifyEmail Off
Anonymous_MustGiveEmail Off
Anonymous_LogEmail on
Require valid-user

But if I have both of the previous blocks enabled at once, then guest access does not work. If I throw in a "Satisfy any", then I am not prompted for a username at all. How can I allow access to this LDAP group and to a user named "guest", but not allow all valid LDAP users to log in?

View 1 Replies View Related

CentOS 5 :: LDAP - Directory Server Group Rights?

Mar 24, 2010

I've installed Directory Server (LDAP). The setup has been done according to the tutorials online. Able to access the interface as well. So far so good. The issue I have is with permissions. I can assign file permissions to a user created in the Directory Server ( user not created on the local server). But the same can't be done for a group - alteast the way I currently see it. How could i assign file system rights to a group created in the directory server.

View 5 Replies View Related

CentOS 5 Server :: Allow Only Specific LDAP Group Access?

Apr 26, 2010

I've several servers (windows+linux) that authenticate to an LDAP server. There is one machine that I would like to allow only certain groups from LDAP server to have access and I am not sure where to start.

If that cannot be done, is it possible to disable LDAP root user to access these machines?

View 4 Replies View Related

General :: Adding Root To A Group

Jul 4, 2011

I'm seeing on my Fedora 15 box. I want to add the superuser to a group called, say, thisgroup.thisgroup is absent. Surprisingly, when I thought of editing /etc/group, root was present there!Anyone on why groups didn't show my new addition?

View 3 Replies View Related

CentOS 5 Server :: What Is The Maximum Number Of Logical Volumes In A Volume Group

May 15, 2009

what the maximum number of logical volumes is for a volume group in LVM ? Is there any known performance hit for creating a large number of small logical volumes vs a small number of large volumes ?

View 1 Replies View Related

General :: Adding User To A Secondary Group?

Sep 10, 2009

If user1's main group is genetics and one wants to add him/her to group biochem and to assign biochem as his/her secondary group will the following suffice ?

Code:

$ sudo usermod -G biochem user1

I would like for user1 to have genetics as the main group but also belong to biochem. When user1 creates a file, as he/she belongs to main group genetics, I assume the file will be owned by user1 and group owner will be genetics. Ideally files created by user1 should be accessible to users in group genetics(when permissions are tweaked) but not by individuals in group biochem. However, any files with group owner biochem should be accessible to user1 as he/she does belong to biochem as a secondary group. Would having user1 main group genetics, secondary group biochem fulfil this criteria ?

View 5 Replies View Related

Ubuntu Security :: Adding User To Admin Group

Jun 15, 2010

I'm trying to edit a "xl2tpd.conf" file but it always says I have no write permission tried to add my account to admin group but it says something about not able to lock on password try later.

View 3 Replies View Related

General :: Adding SDA1 Partition To Root LVM Group?

Nov 9, 2009

I have a question about LVM. My /dev/sda disk is partitioned into Windows NTFS on sda1, Linux /boot partition on sda2, and the Fedora 10 root (/) LVM partition is on sda3. I have moved my Windows XP to VMware on the Linux system and would like to add the sda1 partition to root LVM group.

View 7 Replies View Related

General :: LVM - Adding New Disk Space To Volume Group?

Feb 7, 2011

I plan to install a server using LVM. I thought a partition schema where /boot would be in an ext4 partition while / /usr /var /home and /opt would be in the LVM. My question is: if I'm putting / into the LVM, is it necessary to divide /usr /var /home and /opt into different logical volumes? If I divide them, would it become harder to maintain when new disk space has to be added to the volume group?

View 7 Replies View Related

CentOS 5 Server :: Adding PC To A Samba PDC Ldap?

Jun 17, 2011

I've been testing a PDC with samba and LDAP these days with the following unsolved issue. 1. I can add the client PC (Windows XP SP3) with the Domain Admin user (Manager) from the client PC, but when i try to add a user I get this message "The trust relationship between this workstation and primary domain failed", so as it can be added later I ignored this message and choose 'close' and reboot the PC. 2. Since the login screen is showed, the message 'Duplicate name exists on the network' appears. So I try to log on with a valid domain username and password after pressing ctrl+alt+del and get the error message: "System cannot log you on because domain rmprb is not available"

[Code]...

View 1 Replies View Related

CentOS 5 Server :: Local Users Cannot Upload Files To VSFTP SERVER

Nov 25, 2010

I've setup a Lamp Server for Testing, The Lamp Server is Up & Running on CentOs 5.5

I am now trying to setup a VSFTP server where local users can upload files to there home directory so that Apache can serve web pages straight from the directories of system user home/accounts giving users the ability to run their own web sites which are hosted off the main server [tutorial here: [url]

So far i have been able to serve/display index.html files from the users home directory [url] but so far i cant upload files to any user home directory, every time i try to upload a file with filezilla i get this error message: 553 Could not create file. Critical file transfer error

I have searched online for similar problems like mine and so far i've tried alot of the solution but none seem to work. I'm confused, dont know where i went wrong, i put the users in a group called ftpusers and here are the permissions on the users (test, ftpuser & testftp) home directory. have a look an tell me where i went wrong :(

Also the root directory where the web pages are served from is called public_html here are the permissions

Here is my vsftp.conf file can someone check it to see if i made any errors in there:

View 14 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved