LinuxQuestions.org
Latest LQ Deal: Complete CCNA, CCNP & Red Hat Certification Training Bundle
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 05-31-2011, 03:06 AM   #1
Hevithan
Member
 
Registered: Apr 2011
Location: Washington State
Distribution: Zorin5-(Ubuntu 11.04) // Backtrack 5-(Ubuntu 10.04) // Dreamlinux 3.5-(Debian)
Posts: 275
Blog Entries: 5

Rep: Reputation: 40
Proper set-up of SUDO access/options


I want to know how to setup SUDO, here is exactly what I mean.

I have Zorin which is a ubuntu build, I have it upgraded to the newest 11.04 - My main user is Hevithan and I have a seperate user account called GUEST for anyone who wants to use my laptop. Hevithan I guess was setup to have max root powers cause when I type sudo in terminal with no option specified it returns:

Code:
Hevithan has access to
all (ALL)
all (ALL)
all (ALL)
I want to setup my GUEST account to have virtually no powers (no installing files or programs, no using Ubuntu software,no altercation of anything on the Hevithan account,etc), But I want anyone using it to be able to fix things using the terminal if need be (such as my cousins or girlfriend).

To what things should they be allowed to do to able to fix but not alter?

And if I want them to not be able to install programs or download porn (video at least) and $#!+, but still get things like MP3s and wallpaper images is that possible?

Last edited by Hevithan; 05-31-2011 at 03:08 AM.
 
Old 05-31-2011, 04:22 AM   #2
Person_1873
Member
 
Registered: Sep 2007
Location: Australia
Distribution: Arch Linux
Posts: 496

Rep: Reputation: 40
when you create the guest account using the gui then you should be able to specify the account type as limited which will stop them from accessing your user files or installing programs, they will have access to the terminal but not to administrative files, they will however be able to access anything they like on the internet unless you set up a proxy server that filters URL's (you could specify a rule like block *.avi *.mp4 *.wmv and so on) there are pornography filters around that could be used too, but that solution would require a second box to run as a server and heavy modification to your network
 
1 members found this post helpful.
Old 05-31-2011, 04:24 AM   #3
Mr. Bill
Member
 
Registered: Mar 2011
Location: Maryland, USA
Distribution: Xubuntu 14.04 - 64
Posts: 185

Rep: Reputation: 14
Quote:
Originally Posted by Hevithan View Post
To what things should they be allowed to do to able to fix but not alter?

And if I want them to not be able to install programs or download porn (video at least) and $#!+, but still get things like MP3s and wallpaper images is that possible?
AFAIK, fixing is a form of altering, and either you have sudoers permissions or you don't. Installing programs already requires sudoers permissions, BTW.

To block porn, etc you can edit the browser's content filter. They can already download mp3s, wallpaper images, etc, etc.
 
1 members found this post helpful.
Old 05-31-2011, 04:43 AM   #4
Hevithan
Member
 
Registered: Apr 2011
Location: Washington State
Distribution: Zorin5-(Ubuntu 11.04) // Backtrack 5-(Ubuntu 10.04) // Dreamlinux 3.5-(Debian)
Posts: 275
Blog Entries: 5

Original Poster
Rep: Reputation: 40
Being able to block the *.TYPE sounds like what I want. I still want them to be able to D/L images for wallpapers so it can look like they want (I am, after all not a complete nazi about it ), But I would prefer if they didn't get .FLV or .WMA, Because of the size and content that may be connected to video. When I set up the guest account I do not recall it asking what powers I wanted (Of course, recollection is weak. I will re-set it up and see) them to use. I do know there is an option that allows me to do it using the GUI (I think it is in users & groups) and it allows me to restrict (in it's words) ADMINISTRATIVE ACTIONS, But I do not understand what that limits them to exactly. I don't want monitor size or colors (16-bit,32-bit,true,etc) or any of my preferred setting to be altered.
I will use *.TYPE to keep movies from being downloaded, But I have a few more questions:

If they do not have access to Administrative Actions can they view hidden files with ls -a?
If they are visible are they allowed to add or take from those files?
If they do not have ability to use some options that I change in user groups is the list of commands and/or options on the commands changed? (Basically is it possible for them to by-pass my security safeguards by using the terminal)
-and- Lastly, I know I can stop them from using su by keeping my password safe, but is keeping them from using sudo, as easy as not including them in the sudo list (or, checking the right boxes with the GUI).?

Thanks for the help, This slightly confuses me, But I just don't want the work I put into getting my system the way I wanted it, to be changed by someone using it for a minute to wipe all my work away. (I know the easiest way is to keep them off in the first place hahaha, but sometimes mine is needed.) Again thanks.
 
Old 05-31-2011, 04:53 AM   #5
Hevithan
Member
 
Registered: Apr 2011
Location: Washington State
Distribution: Zorin5-(Ubuntu 11.04) // Backtrack 5-(Ubuntu 10.04) // Dreamlinux 3.5-(Debian)
Posts: 275
Blog Entries: 5

Original Poster
Rep: Reputation: 40
Quote:
Originally Posted by Mr. Bill View Post
AFAIK, fixing is a form of altering, and either you have sudoers permissions or you don't. Installing programs already requires sudoers permissions, BTW.

To block porn, etc you can edit the browser's content filter. They can already download mp3s, wallpaper images, etc, etc.
2 things (1 is a bit weird/hypocritical)

1.) What is AFAIK?
If it is an abbreviation I tend to use whole words, and the only ones I am current on are the popular ones (lol,brb,afk), sorry.

-This is the hypocritical one-
2.) I don't want the browser to keep ME from porn (or anything else), It is my system, and I feel I can do what I want, I just don't want others to get porn without my knowledge.

If any of my post seems condescending or augmentative to what you said, it is not meant that way, I just want it to work the way I want. I appreciate your help.
 
Old 05-31-2011, 05:30 AM   #6
cascade9
Senior Member
 
Registered: Mar 2011
Location: Brisneyland
Distribution: Debian, aptosid
Posts: 3,718

Rep: Reputation: 906Reputation: 906Reputation: 906Reputation: 906Reputation: 906Reputation: 906Reputation: 906Reputation: 906
Quote:
Originally Posted by Hevithan View Post
2 things (1 is a bit weird/hypocritical)

1.) What is AFAIK?
If it is an abbreviation I tend to use whole words, and the only ones I am current on are the popular ones (lol,brb,afk), sorry.
As Far As I Know.

Quote:
Originally Posted by Hevithan View Post
-This is the hypocritical one-
2.) I don't want the browser to keep ME from porn (or anything else), It is my system, and I feel I can do what I want, I just don't want others to get porn without my knowledge.
You'll have to watch whoever you let use the system then.....you may be able to block with the content filter, but AFAIK (LOL) the porn guys dotn always play the game nicely.

There is a huge number of sites where you can d/l porn in other file formats (.avi, .mkv, etc.). There is also a ton of porn on P2P sites.

Considered getting a cheap USB flash drive and installing a linux distro onto the flash drive? Set it up so that it doesnt automount partitions, and that way if somebody wants to use your system, they cant stuff your data or OS. OK, they still can given soem technical knowledge, but it is never going to be by mistake.
 
1 members found this post helpful.
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Can't set PWD despite having sudo permission set. spoovy Linux - Newbie 7 03-04-2010 03:07 AM
getting sambe to set the proper permissions on the client, help lhorace Linux - Newbie 2 10-26-2009 12:40 PM
Proper way to set user as root access? SlowCoder Linux - Security 4 02-19-2007 09:03 PM
Sudo options S2k4ever Solaris / OpenSolaris 1 04-19-2006 03:40 PM
how to set proper pdf plugin in mozzila browser bajaj Linux - Software 0 07-04-2003 06:40 PM


All times are GMT -5. The time now is 08:12 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration