Debian :: Disable For A User The Access To Usb Pen?
May 15, 2010
I want to refuse access for some users to usb pen and audio. In previous releases (debian, ubuntu , debian-based ..) , it is enough to remove the user from the group.
that is in /etc/group
with theses lines : bela can heard sound, but not geol, for bela and geol the usb pen is automatically mounted. But not for nobody else. It is NOT the case in the new release, I mean, even if I remove a user from the plugdev group, the usb pen is automatically mounted for that user.
is there any possible way to hide currently running processes from an user? This means I do not want him to know about what programs/processes does any other user but him run. In short words if that user runs 'ps -aux' he should get only his processes.
I have a Lucid Ubuntu installed on my home PC with two user accounts, AmHero and simple. I would like to have all internet access disabled when my kids login with the 'simple' userid. And yes, internet should work when I login using AmHero. I tried this:
..but this does not work and gives some errors on the terminal.
I can paste the errors, though I am not sure this will even work as I found this in an old post.
It looks like my web/ftp server has been hacked but I'm not sure how. I logged in tonight and found I had new mail. I read it and found some e-mails that had failed to send because I don't have mail setup (luckily). The e-mails were trying to send my user name and password to the e-mail address firstname.lastname@example.orgI've no idea where to start, I use SSH, FTP now and then and it hosts a Wordpress site. The FTP users do not have access via SSH, only my user ID. However, the e-mails also contained another user ID that only has FTP access to the server.I've looked through the logs for rkhunter but it doesn't look like it found anything.
This is a perennial problem with Linux. I am just not comfortable moving a lot of casual files around as root. How can I have user access to a USB stick? I've done my Google searches and tried several methods, some of which work temporarily but not permanently. At the moment, I have this line in my /etc/fstab: /dev/sdd /media/usb_flash ntfs noauto,users,rw,umask=0 0 0 As with other methods, this worked last week but not now.
All I want to do is insert a USB stick, transfer some files and remove the stick. I want to do this as a user. This should be simple. What is the trick?
I have a system running with few users and servers (apache/mysql/postfix). After extracting one tar archive in '/home' none of my users are being able to access their home directory. Even other system users (like www-data/mysql) are also not being able to access any directory. Only root can access the system. I have checked file permissions, many files/directories are set to 777 rest are 755.
After a week of working with Debian, I decided to install the KDE3 version straight from an NetInstall CD. This fixed some issues for me as well as made networking and folder sharring a snap! But now its time to add all the extra packages I need.
Here's the problem: Using any kind of Package Manager yields the same results: E: Could not get lock /var/lib/dpkg/lock - open (11 Resource temporarily unavailable) E: Unable to lock the administration directory (var/lib/dpkg/), in another process using it? RESULT=100
I've tried apt-get from root command line and the KPackage Manager that comes with KDE3 with same results. I have only one user that was created during Debian install. I'm having some other problems, from what I've seen on the net, they all seem to point to not having proper Super User access (I'm guessing here). What could cause this error? AND/OR How do I make sure I have top level access to the configure the system? (I tried logging in as "root", but the login errored out saying that this was not allowed).
2 of us have been googling all morning trying to find out how we can restrict ftp logins to their own home directories only but nothing we've found so far has worked. We've tweaked sshd_config so that they default to their home directory but they are able to navigate up/across/down to everything. This is a "straight-out-of-the-box" debian 5.0.5 Netinst. Just a basic system with Apache/MySql/PHP/SSH and no desktop.
I upgraded a Guruplug Display machine running Lenny to Squeeze. It's running Linux on a MicroSD device, running an ARM-cpu.
# uname -a Linux gplugD 2.6.29 #1 Wed Feb 16 17:59:04 IST 2011 armv5tejl GNU/Linux yeri@gplugD ~ $ cat /etc/debian_version 6.0.1
However, after rebooting, every non root user was unable to access anything related to the net.This means, DHCP failed to auto start, ntp is giving errors, etc
# ntpq -p localhost: timed out, nothing received ***Request timed out
Mar 27 06:07:44 localhost ntpd: ./../lib/isc/unix/ifiter_ioctl.c:348: unexpected error: Mar 27 06:07:44 localhost ntpd: making interface scan socket: Permission denied Mar 27 06:07:44 localhost ntpd: Too many errors. Shutting up.
gplugD ~ # ping 184.108.40.206 -c 1 PING 220.127.116.11 (18.104.22.168) 56(84) bytes of data. 64 bytes from 22.214.171.124: icmp_req=1 ttl=58 time=42.1 ms
I am not sure if this is the correct forum to post this as I have usually been able to find the answers from other peoples threads.The error I receive is below.(changed "at" as can't post links)"#1045 - Access denied for user 'root' at 'localhost' (using password: NO)" Not entirely sure what has happened here. I have had this server running for a long time and today it seems to have spat it's dummy out!I have checked the config.inc.php and the controluser and controlpass are entered correctly so the error saying a password is not being usPHP Code:Thisis needed for cookie based authentication to encrypt password incookie
When I start an upgrade or dist-upgrade from single-user mode, and walk away for a long time, I will have found that some packages insist on prompting for answers to questions midway through. That requires me to physically check the console periodically, and that becomes less practical for long upgrades.Is there a way for me to somehow remote into that console and answer any prompts that would popup? By "way" I mean not involving KVM switches or other hardware other than the LAN setup I have now (i.e., I am able to ssh into the machine being updated from another machine, but not when the machine is in single-user mode).
BTW, the reason I am using single-user mode is that, in the past, I have had problems with upgrading packages like GNOME when I am logged into the GNOME Desktop.
I found that if any usual user is logged into a NDS-tree, then _local_ root has full access to user's network shares, including the user's home directory located on remote Netware-server. Is it by design or have I missed something? Nevertheless in windows local admin has no access to network resources mounted of any other user. If you runas shell (as admin) then admin in principle can't "see" network shares which were mounted (connected) by other users - they are accessible ("visible") per session.
Take a physical user FRED. FRED is a linux user ( known by linux on his laptop ) FRED is a Samba user ( Known by samba on the samba pdc server ) When he logs locally (with username/password) on its standalone laptop (with no network), he is known as FRED:user. He access his data in /home/FRED/. When he logs through samba (with username/password) on the domain MY_DOM, he is known as MY_DOMFRED:MY_DOMdomain user. He access his data in /home/MY_DOM/FRED/. ) Is it possible that the human FRED has only one repository and have full access to its repository regardless of how it was connected. If yes, how to do it
2) If not, Is it possible that the human FRED has full access to /home/FRED/.............. and /home/MY_DOM/FRED/.
Original HOWTO can be found at: [URL]... So the other day I was in IRC and someone had brought up a problem where they created a new Administrative user, but didnt have rights to use sudo. Looked into the problem a little bit to figure out what was wrong, and it turns out that when you create a new user through the user manager (in kubuntu, anyways. Havent tested in Gnome.) the user gets added to the adm group, however, a quick look at the sudoers file shows that its looking for users in the admin group to allow the use of sudo. So, to solve the problem we do the following: If youre on the new admin user (which Im assuming you are) use the following commands:
Code: su [insert username of old account without brackets] sudo usermod -G admin [username of new admin account without brackets] exit
Then simply logout, and then log back in (not always necessary, but the easiest way to flush the permissions.)
Code: su [insert username of old account without brackets] Means were going to Switch User to the old admin account Code: sudo usermod -G admin [username of new admin account without brackets] This simply adds the admin group to the secondary group list for the new user Code: exit Pretty self explanatory
I'm developing an application in which one user must run java software that I'm compiling as another user. I wanted to give user A permission to see the bin direcory of my workspace, which is in the home directory of user B. I was wondering how can this be done? I gave the bin direcotry full read/execute premissions, but since it's in my home directory user A can't navigate to it.
I know there are a few ways I could get around the problem but they arn't very elegant. I was wondering if there is a simple method for giving a user access to a specific directory without giving access to all the parent directories. I tried symbolic link but user A still can't access it, and a hard link to a directory isn't allowed in Linux. I don't feel like making a hard link to every single file in the bin directory, and I'm not sure that would work anyways, since every recompile overwrites them.
I am trying to give access to ONE single user to start and shutdown tomcat server. The problem being, when I enter syntax: username ALL= /etc/init.d/tomcat5, /usr/local/tomcat/webapps, PASSWD:ALL This gives the user access to start and stop tomcat but also gives user access to start and stop other services within /etc/init.d - such as httpd etc... What is the proper way to give user access to start and stop service, and limiting that power to only one service....
i have VPS server and i installed Xserver on it and all ok i created new user for my client but i need to limit his access to the following
he can download and upload to his home file " browser by Firefox" he can't install or use any application "just the one i installed it" he can't see the file system or browser it !! if i can give him specific space on harddisk would be better he can extract and compress files he can't edit the settings ....
i have another sensitive folder and setting i don't want him to see it so how to limit his access?
I'd like to set up a restricted guest account which is not allowed to access any network interfaces. In particular, I don't want that user to access the internet either directly or through some network proxy, but I'd like my own account to still have normal internet access. How do I disable all network services for a particular account without affecting other accounts?
I don't want people to use my machine without my presence since I have a lot of cookies and files stored on this machine. So I hope each time the system starts it shows login window and asks for account/pwd. How can I do it?
I have searched for hours and have found nothing that works. Its just amazing that I have not destroyed my laptop yet. What I want to do is keep my child off the net under his user account. I have Karmic installed currently. I have tried adding an iptables rule: sudo iptables -A OUTPUT -p tcp -o eth0 -m owner --uid-owner test -j REJECT
That does not work. So then I tried to disable the network card for just one account... no go.I can only stop access totally for both users which doesn't work for me very well. No method gives me what I need. I want a way so I can login and use the computer normally AND an account he can login to and use but with no web.
When I boot from a live USB, it automatically logs in as the live user. I don't want that. I want to log in as a real user, without having to log out of the live user session first.I looked at all the options under system > administration > users&groups. Nothing seems applicable.PS, I did already create the real user and it's working fine. I just have to log out before I can log in as the right user.