Ubuntu Security :: Enabling A Guest Session Under 9.04 Does Not Lock The Source User?
Jan 14, 2010
I noticed (the hard way) that enabling a guest session under 9.04 does not lock the source user. I enabled a guest session for someone and came back to find them rooting through my files. By quitting the guest session, it goes back to the source user's desktop without requiring a password. Shouldnt it go to gnome-screensaver automatically? Can this be changed? Is it a bug?
to replicate: log into source user's account use the menu to start a guest session quit the guest session root through files un-opposed.
There is a very strange problem I've been having. When I enable either Caps Lock or Num Lock the media controls on my keyboard cease to work. I have Googled this one to death but found nothing. This problem existed in Xubuntu 9.10 and now still exists in Xubuntu 10.04. The keyboard I use is a Logitech Elite Keyboard. I would love to be able to use the Caps Lock and Num Lock without the worry that I am disabling the media controls
so, sometimes happen that while I'm on my pc comes my mom and say "can I look a things 10 minutes?", this means that I have to leave my computer in her hands for ten minutes... enough to make something wrong! In ubuntu there is a usefull button "start guest session"..but here in fedora I can't find it...So, I create a new user and I called it "Guest" and I eliminated the password, so they can access also without me... but I have some problem:a) I set the home directory of this guest in /tmp/guest thinking that in this way everytime the home directory will be clean... but this doesn't work...b) is there a way to prevent in all cases this account to autenticate as root? So, if they try to install something it hasn't to show the box "autenticate as root", it has to say only "you can't"
I recently set up a family computer for a friend, and now his son is "experimenting" with the terminal (randomly entering commands). since he could accidentally do something bad, I am supposed to prevent him from using terminals, but only as hi user. I tried vlock and away, but with vlock it says 'this terminal is not a virtual console', and away can't seem to lock all consoles.
I am trying to disable accounts after 5 unsuccessful login attempts. I am following the guidelines in this article:
This is on an Oracle Enterprise 5.4 box, which is essentially RHEL 5.4 Here is what my /etc/pam.d/system-auth looks like:
-------- #%PAM-1.0 # This file is auto-generated. # User changes will be destroyed the next time authconfig is run.
Unfortunately, the account does not seem to be locked or disabled. As root, runninng 'su test2 -c <some-command>' always sucessfully runs <some-command>, and leaves the failed attempt count at 6. /etc/shadow does not have an * or ! anywhere in the encrypted password for the 'test1' user.
What am I doing wrong? I thought that with the max attempts set to 0 in faillog, that the deny= parameter would be used. I thought I should be using su <user> -c <command> from the root account to test if the disable feature is working.
I am currently in a project to set up an LTSP server with 10 thin clients. I am using Ubuntu 9.10 (Karmic).
Installing server and booting clients are working fine. Now, according to the need, I have to restrict user session numbers and allow resuming previous user session.
I have achieved to do the first one, but still could not able to setup the second one. As per requirement, if some thin can have power failure, the same session should be restored back. I am confused here, if I need to focus on saving xsessions or saving gnome sessions. I am looking for a concrete solution as I am running out of time.
Is there a way to set Linux to automatically log in to a specific user account and at the same time lock the screen? I want to save time and trigger various software that always should start up on boot, while leaving the computer unattended during startup (extra important and practical for remote control boots), by enforcing a 'screen lock' so that no-one can see what happens behind the login screen without entering the login credentials.
I am developing a some application which running on rhel4 os. And its functions will handle via the web application. So we have provided an option to login (via vnc)to the server on web application when we need. so how we can enable vnc for a session (like 30 minit)? I'm using default vnc installation while installing rhel 4 nothing more installed by downloading. When I click session button on web page, I execute this command from my code
"service vncserver start"
then I can access server via vnc but when I click on disable button on web page, I execute this command from my code
I am volunteering to set up a computer lab for a small private school on an extremely limited budget. I love Ubuntu for my home, and on my server at work, but have never used it in a school before. I would like to "lock down" all the control panels, pretty much everything except for a few applications (open office, firefox, and some educational games, of course). I don't want the students (who will be automatically logged in as guests) to be able to make changes, or unintentionally mess things up.
Alternatively, at the public school I work at, we use Windows (sigh) that has been "frozen" using a program called Deep Freeze (similar to windows "steady-state"), which causes any changes a user my make revert back to default when rebooted. Is there a Linux equivalent? That may work too!
I enter guest session and try to install an app. I am asked for a password, I try with mine (for my account) but it seems to be incorrect(logical). Well how can I find the password for the guest account???
I'm going to start with Gen'l Help then maybe slide over to security. Twice recently, when shutting down for the night, I've noticed a Guest Session has been activated on my system. Since I'm the only one using this machine, I'm naturally curious. Can anyone out there explain how Guest Session works and if it can be activated remotely... or otherwise explain how the check mark next to "Guest Session" might be activated?
So I have a laptop that I built and installed 10.10 on.
The laptop is used by a minor who needs to be off it at a certain time but can't seem to keep track of time.
I have installed that Nanny program called "Parental Control" through the software center but its not quite what I want. It says it locks out the session...but it seems pretty much useless.
So what I'm looking for is software that would not just lock the session and require them to lock the computer but to literally lock the laptop so they won't be able to use it at all until the time lapses or the admin password is entered.
enabling parallel compilation of kernel source.I've read that setting the CONCURRENCY_LEVEL environment variable should do that. The problem is that I see only one instance of a running gcc in top, notwithstanding I have set "export CONCURRENCY_LEVEL=5".
I like very much the Guest Session feature of Karmic, it comes very handy when someone needs to use your computer. However, it's only available if I'm already logged in, it won't show this option at login screen. Is there any way to make this possible? Also, I once tried the guest session and configured its appearance to my taste. The next time I entered, though, the default desktop reappeared. I know this happens because no setting is permanently stored for this session, so the only solution I can think of is to change the default configuration it is loaded from.
Adding Firefox add-ons to Guest Session?I wanted to include Add-on to Ubuntu Guest Session Firefox.Is there a proper or better way to do this? Procedure I used was as follows
1. Login to Ubuntu to a user account with sudo privileges (later sudoer account).
1. Switch to Guest Session
2. Install relevant Add-ons
3. Check what the home folder of the Guest Session is. It should be something like /tmp/guest-home.xxxxxx where xxxxxx = six random characters.
4. Switch to sudoer account
5. Open terminal and type
I tested this with Flashblock and it seemed to work. I also admit that since I did the thing for the first time it was not that straight forward for me, but above procedure should work. With quick Googling I was unable to find straight forward method. There is a way to install Add-ons to all users from command line using -install-global-extension but this was not what I wanted to do. I wanted the Add-on just for the temporary guest account.
I learned how to do this on the 'net somewhere. This HowTo will help you create an account on the login screen that will log in the same guest-session seen in the user menu. The advantage of this is that it will be an easily accessible guest account, while not preserving any files or changes on logout, and a higher security model for the account. Confirmed to work on 10.04 - 10.10, but the directions are for 10.10
1. Under an existing administrator account, go to the menu entry System --> administration --> Users and Groups.
2. Click Add. you may need to provide a password at this point. Name your new user anything you would like, except guest. The account cannot be called guest, but visitor does nicely. encryption of the account is not needed. This account will be a "booster" account to guest-session.
3. On the next screen, enter a password, and make sure that you click the check box "Don't ask for password on login", Click OK to finish.
4. As an extra precaution, click Advanced settings, when back on the Users and Groups screen, and on the User Privileges tab, uncheck Monitor System Logs.
5. Exit the Users and groups menu, and then log out and into your new account.
6. Once there, make a folder called GuestManager, and in that folder, make a plain text file called Guestmanager.sh, with this code in it :
Code: #!/bin/bash # Launches the guest session /usr/share/gdm/guest-session/guest-session-launch # Logs the user when done /usr/bin/gnome-session-save --logout
7. Save that and then right click on it, go to properties, and then go to the permissions tab. On this tab, click "allow executing file as program", and then close that window.
8. Open the menu entry System --> Preferences --> Startup Applications, and once there, turn off all the startup applications, and then click add. Fill in the name and comment as GustManager, and for the command, enter /home/visitor/GuestManager/GuestManager.sh, where visitor would be the name you picked for the account in step 2. click add, then close
9. Delete all applets and extra toolbars (might want to leave the main gnome menu), and set the background to black or something else bland, and log out. Since this account is just a "booster" none of these toolbars and such will be needed, so removing them saves memory and load time.
Ubuntu 10.10 x64.It's been a little over a week since I *rebuilt my system after a gdm or gnome issue and now I'm having an issue with the guest session not working and I'm unable to add a new user. It says "incorrect data" or something like that. This is more than annoying. Why is my system decaying so rapidly? I'm not adding anything to the system that isn't approved by Ubuntu. it's virtually a stock build, minus some changes to the look and feel category. Is this possibly a security issue? My routers up and running and I turned on UFW.
.1) Can't add new users .2) Guest session will not start. .3) Should I be concerned about my security?
i am wondering if it is possible to do this all i can find with google is idea proposals and brainstorms i know i could make a separate account and call it guest user bu that user would get to keep data/settings where as a guest session places a temporary account in the /tmp folder which combined with a ram disk for /tmp would result in some really fast performance since i use a ssd for / which would make the traditional hdd only used for /var also since /tmp would be a ram disk it would be like the guest is using a live cd with security restrictions and performance enhancements on top of this there would be no trace of the guest on my computer after shutdown
Basically, the problem is, we have a bunch of computers in a computer lab, that we want to students to access, but not modify in ANY way. That includes backgrounds or whatnot. And after restart, any changes they may have made, change back. Also, they can't have read access to the administrator account on the computer.
This needs to give a permission denied, or something: Code: cd /home/(admin account username) ls
The Guest Session is exactly what we are looking for, but try as I might, I can't get it to work. Because, we don't want to have to login as administrators, then activate guest session, just for our students to use the computers. The idea being, we can leave the computers in there, and not worry about the students breaking anything.
One thread I tried was: [URL]. However, using his method, will log the student into the account, and after about 5 seconds, log them back out. The other method listed lower in the thread, Code: /usr/bin/guest-session Seems to work, but upon logging out, fails to launch the gdm
I have 2 servers, I set the first one up so that I can remote to it and connect with VNC over ssh by following:[URL]ServerThe 2nd server I did the same, but I cannot connect! When I do, vncviewer prompts for a password and then opens a window of the correct size, but it is all white and then my ssh session is locked! I can't enter any more commands, I have to kill the session.
what program runs the Session lock and the screen saver for gnome and KDE on centos 5.5. But most importantly id like to know what the config file for the screensaver/session lock is called and where its most likely located.
I installed openSUSE 11.4 on HP elitebook 2560p few days ago (using KDE live CD). In general system is working fine, but steel I cannot resolve couple of really annoying issues: 1. I've created encrypted partitions for swap and home during OS installation. As result the system keep asking for passwords for each of encrypted partitions before show login screen. That leads to situation when I have to type 3 passwords during each boot/reboot. I was using the same configuration (swap and home were encrypted) on Ubuntu 11.04 and there both encrypted partitions were mount automatically with no password typing after login to the system. Could you please tell how I can configure the same behavior on openSUSE 11.4 ?
2. I've enabled auto screen lock after 5 mins being inactive. As result when I going back to laptop and to unlock the screen the system shows login screen (default login screen with user selection). But when user and password filled in I click login it creates entire new KDE session. Therefore all staff that was open before screen lock is gone. However old session is still in the system (it appears in output from 'w' command).
We have installed RHEL 5.4 on our servers and everything is running fine. Now I have gone through various server hardening checklist and most of them suggest to enable SELinux. We have several services running on Linux box. Now my question is, do we have to make any chagnes to the existing configurations if we enable SELinux. Or we just enable SELinux and leave it as it is. Because I have had prior experiences where SElinux will stop many services and restrict access to many libraries when enabled.
I was told to simply go into the fstab folder to allow myself permissions to execute files without becoming root, but instead of following it blindly I need a 2nd opinion. I cannot install a specific program because of configuration problems even though I downloaded all the gcc, g++ etc packages.
I just downloaded the latest version of Ubuntu and went to install it on a Pentium 4 desktop that previously had XP on it. I get the main setup screen where it allows you several options including installation. Once I select installation, it appears to be installing but then comes up with a message that includes the following: "removing gdm-guest-session" It will not do anything else and the machine appears to go into sleep mode. When I try to shut it down, it appears that the kernel had loaded. Any ideas why the normal installation isn't continuing?