LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 01-23-2003, 09:23 AM   #1
cyberswami
Member
 
Registered: Jan 2003
Location: TVM,Kerala,INDIA
Distribution: Redhat 8.0
Posts: 47

Rep: Reputation: 15
prevent users from accessing KDE or GNOME


I would like to prevent other users other than root from accessing the KDE and GNOME environment since most of them fool around and cause their session to crash,
how do i do this ?
 
Old 01-23-2003, 10:24 AM   #2
Bert
Senior Member
 
Registered: Jul 2001
Location: 406292E 290755N
Distribution: GNU/Linux Slackware 8.1, Redhat 8.0, LFS 4.0
Posts: 1,004

Rep: Reputation: 46
I used to have a sysadmin like that - instead of fixing people's email addresses when he bought a new server, he just left them disabled. His reasoning was that there were then fewer people to make things go wrong.

My boss said to him, "why not just get rid of all the users off the system then you'll have nothing to worry about at all - it'll be great!"*

Change permissions on the /etc/X11 directory and files to:

chown -R root.root /etc/X11 &&
chmod -R 700 /etc/X11

should do it.

* This would also have made his position redundant of course.
 
Old 01-24-2003, 09:09 AM   #3
cyberswami
Member
 
Registered: Jan 2003
Location: TVM,Kerala,INDIA
Distribution: Redhat 8.0
Posts: 47

Original Poster
Rep: Reputation: 15
I'm really sorry, i think i mislead you, actually what i want is to not let people login in to their accounts from the kde login screen, almost like restricting them to their telnet sessions, because there is only one linux box(the server), and the students like playing around in kde/gnome, and you don't want that to happen,
is there a way by which the login screen still appears but other users are not permitted to login, meaning eventhough they type in their login name and password they cannot use the graphical sessions,
i would also like to mention that i did not try the above procedure, and i'm awaiting your reply , i might be a knucklehead but please help
 
Old 01-24-2003, 01:07 PM   #4
Bert
Senior Member
 
Registered: Jul 2001
Location: 406292E 290755N
Distribution: GNU/Linux Slackware 8.1, Redhat 8.0, LFS 4.0
Posts: 1,004

Rep: Reputation: 46
OK. If you don't want them to run the GUI, my above should be fine (unless anyone else has anything to add).

If you want the users to be able to login, but not using X, change the default runlevel to 3, not 5.

If you don't want users at all, delete their accounts.

Does that answer it?
 
Old 01-24-2003, 01:43 PM   #5
unSpawn
Moderator
 
Registered: May 2001
Posts: 27,561
Blog Entries: 54

Rep: Reputation: 2927Reputation: 2927Reputation: 2927Reputation: 2927Reputation: 2927Reputation: 2927Reputation: 2927Reputation: 2927Reputation: 2927Reputation: 2927Reputation: 2927
I agree with Bert to change to runlevel 3, but you'll have to either (chown startx/xinit) or (add an "allow list" in /etc/pam.d/xserver) else they'll still be able to start X11.
 
Old 01-24-2003, 02:22 PM   #6
Bert
Senior Member
 
Registered: Jul 2001
Location: 406292E 290755N
Distribution: GNU/Linux Slackware 8.1, Redhat 8.0, LFS 4.0
Posts: 1,004

Rep: Reputation: 46
I was under the impression that the X binary was heavily dependent on the /etc/XF86Config, and if it couldn't get those resources it wouldn't start. But I guess it'll still start if it finds an .xinitrc or .Xresources file in the users' directory (?).

Bert
 
Old 01-24-2003, 02:46 PM   #7
unSpawn
Moderator
 
Registered: May 2001
Posts: 27,561
Blog Entries: 54

Rep: Reputation: 2927Reputation: 2927Reputation: 2927Reputation: 2927Reputation: 2927Reputation: 2927Reputation: 2927Reputation: 2927Reputation: 2927Reputation: 2927Reputation: 2927
Dunno fersure either but with startx just being a script and knowing you can supply a different XF86Config to xinit (like me running UT), what restrictions do users have against running X11?

Well, ulimit for one, it's the ultimate BOFH's choice :-]
Set their "as" to 4000 and they'll be barfed out of X with a VM error...
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
amaroK: How to prevent it from accessing the net? furryspider Linux - Software 2 09-17-2005 04:42 PM
prevent irc script accessing web site dtra Linux - Networking 3 06-09-2005 07:10 AM
Prevent program from accessing the internet penguinco Fedora 3 03-28-2005 08:21 AM
multiple users accessing artsd under kde monkeyman2000 Debian 1 08-22-2004 11:26 PM
Prevent user from accessing the Internet koy-b Linux - Security 2 07-17-2004 01:17 PM


All times are GMT -5. The time now is 07:54 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration