Server :: Reduce Privileges Sudo Users

Jul 31, 2010

i want to create a sudo user, sudo user should not start or stop the service. as like a normal user i created a user called root2 and i edited the user with visudo command and added the below line to the user root2 and got the full privilages.

root2 ALL=(ALL) ALL

i commented the below line ##Cmnd_Alias SERVICES = /sbin/service, /sbin/chkconfig eventhough the sudo user root2 can start and stop the service which i dont want to give that privilage.

View 3 Replies


ADVERTISEMENT

Ubuntu :: No Users With Sudo Privileges?

Apr 15, 2010

I was adding me and my bud to a new group I created, but I used -G instead of -g as the tutorial suggested, I think this removed me from all other groups and put me in the new one. The same with my bud. Now I dont have sudo privileges, nor does my bud, and we have not set a password for the root account.

Code:
sudo ls -l
USER@SERVER:/var$ sudo password for USER:
USER is not in the sudoers file. this incident will be reported.
USER@SERVER:/var$

View 2 Replies View Related

Networking :: Assign Access Privileges To Users In LDAP Server ?

Jan 6, 2010

In researching current ldap issue (not being able to do anything but log in) it seems that there are no concepts of privileges, roles, etc. that could be assigned to a user in LDAP.

I've only seen fields that deal with name, organization, etc., not with application-specific access control.

I have to assign certain access privileges to users authenticated via LDAP server based on the privilege level mentoned in the LDAP server. How to attain this.

View 5 Replies View Related

Server :: Reduce RAID5 Partition Sizes / Reduce The Size Of Md1 And Grow Md0?

Feb 14, 2010

I have a rack of four 1TB drives all partitioned identically with three primary partitions. On each drive

- the first partition is only 64MB;
- the second is a large 900GB partition and
- the last holds all the remaining space

mdadm has been used to set up
/dev/md0 - RAID1, comprised of /dev/sda1 and /dev/sdb1
/dev/md1 - RAID5, comprised of /dev/sda2, /dev/sdb2, /dev/sdc2, /dev/sdd2
/dev/md2 - RAID5, comprised of /dev/sda3, /dev/sdb3, /dev/sdc3, /dev/sdd3

OK, so it was a silly mistake to make - but I am now need to increase the size of /dev/md0. My thinking is to reduce the size of md1 so that I can grow md0.

On md1 I have two logical volumes. I've successfully reduced the size of the volume so that I can reduce the size of md1. Now I'm at the nervous stage; I can find little written on the topic of shrinking RAID5 arrays - and even if I do this I'm unsure if I can move partitions around to regain the space I so desire.

View 1 Replies View Related

Debian :: Can't Get Sudo / Admin Privileges

Jan 11, 2016

receive bash notice: "jim is not in the sudoers file."Just finished my first Debian install several hours ago, my first go around w/Debian. Installed 8.2 DVD ISO on USB. Had this issue from my first use in BASH, not a forgotten password problem. So 2 questions:

1) I'll be installing Debian again, and want to avoid this in future. There were 2 inputs on setup for name (my full name) and user (installer offered my first name which I accepted). 2 inputs for Password as well: I used the same password both times (have done this w/Mint & Ubuntu w/out issue).

2) How to fix this? Tried this: URL...however, neither keystroke got me to "rescue" prompt as article suggests. Several other articles presume an admin with privileges has sudo access to modify sudoers file.

I have multi-boot setup in BING environment (MBR, not EFI). I am booting from a GRUB2 ISO using grub commands as I still need GRUB installed in my boot partition until I can get cmd line access. I'm able to get a session on boot with the same password I used in setup.

View 14 Replies View Related

Ubuntu Security :: Sudo Versus SU And Superuser Privileges

Jul 19, 2011

So, I'm not quite sure what the difference is? Is it that sudo allows you to "borrow" superuser privileges, whilst su allows you to actually log in as superuser? Also, when I sudo [command] and get prompted for a password, after I input it, things work just fine, but if I su, and then get prompted for a password, I can't log in as superuser... Why is this?

View 9 Replies View Related

Red Hat / Fedora :: History Of All Sudo Users And All Root Users In F13?

Jan 18, 2011

How can i see history of all sudo users and all root users in fedora 13 ? history command only shows one users history ?

View 5 Replies View Related

Security :: Sudo For Users But Only +r On Other /home/users Ubuntu 10.04 ?

Nov 1, 2010

We are trying to set up a classroom training environment where our SIG can hold classes for prospective converts from Microsoft/Mac. The ten machines will have /home/student01..10 and /home/linsig01..10 as users. We want /home/student01 to be able to explore and sudo so they can learn to administer their personal machines at home. We don't want them to be able to modify (sudo) /home/linsig01. I've seen the tutorial on Access Control Lists but I'd like other input so we get it right the first time.

View 3 Replies View Related

Security :: Ubuntu 10.10 Is Not Allowing Amin Privileges To Admin User, Even Tho Sudo Works?

Feb 21, 2011

i am relatively new to ubuntu. Just recenty i have not been able to access certain files(for example the history and bookmarks in the firefox folder), download files individually from the internet(music,fonts,etc), recieving an error message

Quote: Originally Posted by firefox error console

Error: [Exception... "Component returned failure code: 0x80520015 (NS_ERROR_FILE_ACCESS_DENIED) [nsIFileOutputStream.init]" nsresult: "0x80520015 (NS_ERROR_FILE_ACCESS_DENIED)" location: "JS frame :: file:///usr/lib/firefox-3.6.13/components/nsSessionStore.js :: sss_writeFile :: line 2944" data: no][code]...

i have sudo priveleges and can install via update manager. i read somewhere that compizfusion might affect access permissions and i do use compiz and emerald at the same time.

View 9 Replies View Related

Fedora :: LibUSB 1.0 - Read / Write Privileges For Users

Dec 13, 2010

I am developing a program that uses libusb-1.0 on a FC14 x64 system. I solved the compile and link issues, but I now have a problem with user privileges when I try to get device handles. The problem appears to be in the mounting of the usbfs. Is the an accepted fix to giving users read/write privileges for all usb devices?

View 4 Replies View Related

Ubuntu :: Users Spontaneously Losing Administrator Privileges

May 31, 2010

I just got a fresh Ubuntu 10.04 install on a system, added Lubuntu (the poor thing's 10 years old), and added a second user and gave him sudo/admin rights via the Users and Groups app. All was working fine, but now the initial user can't make any system changes. The initial user can still execute sudo and gksudo, but not much else.

In the Network Connections applet, the initial user can't edit the "Auto eth0" connection, the "Edit" and "Delete" buttons are just greyed out.

In User and Groups, I can click "Advanced Settings" or "Change" on another user, but nothing will happen. If I click "Add User" as the initial user, it will give the "Not authorized" popup.

I had a second user that I'd given adminstrator/sudo access to. So to change the network settings I logged in as this user for the first time, and was able to change some things. However, after a reboot I had the same problems with this new account.

I haven't done anything with this install besides install openssh-server, add some firewall rules with ufw, and add the Lubuntu desktop. Most of my google results turned up basic stuff like corrupted sudoers file (mine is still in pristine, default condition), and not being part of the admin group (which both users still are). The behavior also persists regardless of whether I use gnome or Lubuntu for my session.

View 2 Replies View Related

Fedora Security :: Limiting Sudo - Giving Full Privileges To The Wheel Group In The Sudoers File

Feb 15, 2011

I have previously set up sudo via adding my name to the wheel group and then giving full privileges to the wheel group in the sudoers file. Now I choose to learn to limit that. Had noticed the most frequent use I have of sudo is to run yum update. This got me thinking, could I remove the wheel group privileges and add the following line in sudoers to limit the privilege to simply running yum, and furthermore, make it so I could run yum without a password:

## Allow root to run any commands anywhere
rootALL=(ALL) ALL
Troy ALL= NOPASSWD: /usr/bin/yum

I think that would in fact work (if I understood one of the pages here, it will work). However, upon further thinking I realized that in such a case then anyone sitting at my computer could then use yum, without a password, to install or remove any file on my system � probably not a good idea. As a result I have to ask, can I tighten the privilege even further such that the only privilege so given was to run �yum update� and nothing else? (for example if they ran �yum install� it would fail). If you can do it, how?

Last, I was going to limit the privilege, time wise and try wise, by adding the following to the sudoers file:

# Defaults specification
Defaults:Troy timestamp_timeout=0, passwd_tries=3

Will that really work to limit the elevated privilege so I don't have elevated privileges lingering about, or is there a better way to do so?

View 3 Replies View Related

Ubuntu :: Users Can't Log In And SU And SUDO Are Broke

Oct 5, 2010

I have a 10.04 machine that su and sudo will not work on. I am also unable to login as a user other than root.

I am haven't been to figure out what might the problem.

Obviously there is some kind of problem validating users, but I can't find it.

View 7 Replies View Related

Ubuntu :: Can't Get Sudo Users-admin To Run

Aug 2, 2011

I can't get sudo users-admin to run. This is the error I get:

Gtk-ERROR **: GTK+ 2.x symbols detected. Using GTK+ 2.x and GTK+ 3 in the same process is not supported aborting...

View 2 Replies View Related

Software :: Allow Remote X Users To Sudo

Aug 14, 2010

Is there a way to allow users from a remote account (say, those connecting to the X server from a remote location) to sudo? What kind of account do you need to add to /etc/sudoers to be able to allow this to happen?

View 1 Replies View Related

Debian Configuration :: Prevent Users From Using Su / Sudo

Jul 24, 2010

i would like to prevent all users other than the user "parker" on my system from using the su or sudo commands. I have not attempted to modify the sudoers file so it just contains the standard root ALL = (ALL) ALL.

View 5 Replies View Related

Ubuntu :: Way To Run CRON Job For Something That 'normal' Users Need To Run As SUDO?

Jun 5, 2010

As per subject, what's the best way to run a CRON job for something that "normal" users need to run as SUDO? There is a problem with the internal clock on my PC so at a regular time (every hour or day for example) I want to sync with my Network Time server. I use "sudo ntpdate time.bgr.local" as it is now and have to enter my user's password for it to work.I know root is disabled by default and would like to keep it that way if possible but if I have to enable it and then add it to root's cron list the so be it but would prefer not to.

View 5 Replies View Related

Security :: Take Away Ability Of Using Sudo For Common Users

Mar 9, 2011

I decided to consult you before making any changes, because the clients' PCs are spread all over the country and I do not have the physical access to their boxes.The idea is to take away the ability of using sudo for common users.I know that the syntax of this file may vary a bit in different distributions.Our OS is Ubuntu 10.10.I created the account 'support' for me and other technician stuff of our department. So, 'support' user must have all the power. And common users mustn't have access to 'sudo'. This is the requirement.As far as I remember, in Slackware the user must be a member of 'wheel' group to be able to use 'sudo' (but I may be wrong).

View 3 Replies View Related

Ubuntu :: Using Sudo To Restrict Users For Accessing Directories?

Jun 20, 2011

Is it possible to restrict users with 'sudo' from accessing certain directories? Rather than just exclude cd and ls from the sudo privileges, that is.

View 5 Replies View Related

Ubuntu Servers :: Prevent Certain Group Of Users From Using Sudo At All

Jul 1, 2011

I have a box with about 30-40 users on it, and I need to prevent a certain group of users from using sudo at all. Is this even possible.

View 4 Replies View Related

Programming :: Listing Sudo Users - Getting Empty Space In Between

May 20, 2010

I was trying to list sudo users in a Linux Machine,

[root@redhat ~]# grep -v -E '^#' /etc/sudoers
root ALL=(ALL) ALL
%work ALL=(ALL) ALL
%dilipvp ALL=(ALL) ALL

where work is a group and dilipvp is user. Can you help me in creating a better script which can list the members of the group work as well. and why I am getting empty space in between.

View 6 Replies View Related

Fedora :: Managed To Reduce The Logical Volume To Free Some Space But Cant Seem To Reduce The Physical Volume

Jan 1, 2010

so i have f12 installed on my hd with lvm using the whole extent of the HD , i want to reduce it so i can dual boot it with a windows system, i managed to reduce the logical volume to free some space, but i cant seem to reduce the physical volume, is this possible and how ?

View 2 Replies View Related

Ubuntu Security :: Sudo Password Necessary For Regular Desktop Users?

Mar 10, 2011

I've set up a user account for friends & colleagues that does NOT require a login password. Unfortunately, in this OS some things don't work unless you login -- sudo Must regular users have AND use Root's password?

View 9 Replies View Related

Software :: Adding Sth - To All Users PATH Variable - Sudo Included

Aug 3, 2010

I've installed rubygems on ubuntu, but it has a known issue that the rubygems' bin/ directory is not in the PATH. I know about exporting the PATH variable, and adding it to .bashrc, but I'd like to configure it so that every user has it on his PATH, even if he tries to run it with sudo. Where should I export the PATH variable then?

View 2 Replies View Related

General :: Setup A System To Allow Normal Users To Execute A Command Without Using Sudo?

Jan 5, 2011

I am trying to setup a system to allow normal users to execute a command without using sudo. Is this possible?

View 6 Replies View Related

Server :: Sudo - Command Can't Run By Sudo

Jun 18, 2010

I am having trouble running commands by using sudo. I configured visudo file with localuser ALL=(ALL) ALL but I can't run any command, it tells me command not found.

View 8 Replies View Related

Server :: Apache Crashing VPS - Need To Reduce Memory Usage

Feb 11, 2010

I have a VPS running a web application served using Apache, that on average deals with 20-50 requests per second. It's usually above this point (50 requests per second) that the amount of memory that Apache uses is too high for the VPS and errors start occuring - web pages crash and VPS falls over for a minute or two before going back to normal levels.

I believe that MaxClients is the best way to reduce the amount of RAM that Apache uses and I am planning to reduce MaxClients from 256 (default value) to around 100. Each Apache process uses ~15MB and the server has 1900MB of ram in total - the server does nothing else other than run Apache and a few crons.

Current setting are:

Code:
KeepAlive On
MaxKeepAliveRequests 100
KeepAliveTimeout 3
# prefork MPM
# StartServers: number of server processes to start

[Code].....

I tried reducing MaxClients before which lead to massive slowness, so I need some other options as well.

Does my suggestion of reducing MaxClients to ~100 seems sensible? What are my options if the server experiences slowness again - optimise the application? What's the best way to reduce memory usage - move images to another web server?

View 2 Replies View Related

Server :: Script To Add A Secondary Group To All Users Except System Default Users?

Jun 28, 2009

script which can add a secondary group to all existing users except system users in linux.

View 5 Replies View Related

Networking :: How To Use DNS Server To Reduce Netbios Broadcast And Speed Up Browsing?

May 11, 2011

I am on a 172.16.x.x network with about 60 Windows XP home and Vista home clients in a peer-to-peer workgroup that uses DHCP to assign addresses. About half the traffic on my LAN is netbios broadcast. I do not want to do a WINS server because I do not want to have to manually change the registry on every machine. This is only for local name resolution and I do not have any web servers or e-mail servers. I do not have access to a Windows server to use as a DNS server. I am on Debian and using BIND but am open to other suggestions.

View 1 Replies View Related

Server :: User Privileges For Apache

Oct 16, 2010

I'm using ubuntu 10.04. Apache server is associated with www-data.I frequently run into problems editing or deleting files created by a cgi script, as they have ownership of www-data:www-data.How can I safely modify my system so that the output files are editable or deletable by user tim?

View 2 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved