Disable local root su - user

Similar Messages

• I can't disable the root user

  The OS X says:
  "You should disable the root user if you have no further need of it. A root user can modify and delete any file in the system including system files not available to other users. Having an enabled root user on your system eliminates an important layer of security for your system."
  In order to disable the root user (System Administrator), the OS X says:
  Open Directory Utility, located in the Utilities folder in the Applications folder.
  Open Directory Utility
  Click the lock to make changes, and then enter an administrator name and password.
  Choose Edit > Disable Root User.
  The problem is that the option Disable Root User is not displayed. There is only: Enable Root User
  Is there any other way for removing the System Administrator from the users log in options, when the computer starts?

  Hello Kappy.
  There is something weird about this issue.
  When I bought the machine, the vendor opened it and initiated the system for the first time at the store.
  He typed some random stuff and told me I could change it at home.
  Later, when I tried to open Safary, a keychain asking for a password always appeared, but It wouldn't block the access. It was just annoying. I didn't know any password, so I followed the manual to change the original password.
  I don't remember exactly what happened, but after initiating the system with the start up disk 1, and setting a password for the "My Account" user, that password still didn't work for unlocking the keychain.
  Then I started again with disk 1 and selected the other option: System Administrator (root), setting a password for it.
  After that I could operate the access to keychain.
  In System Preferences > Accounts display, the only available user is the original one that the vendor typed at the store, and under its name, referring to it, there is: "Admin"
  So it seems that there is two Administrators, but the root one is the most powerful, and it always appears in the login options under the name "Other..."
  I'm puzzled

• Disable SSH root login in RAC system

  Hi Alll,
  We have a oracle 11.2.7 RAC in Linux. As statement, SA will disable ssh root log and Nagios will monitor each nodes in RAC system.
  As I know, Nagios only apply DH key for SSH. But Oracle RAC apply two type of SSH key for ssh_equivelancy in Oracle CRS.
  Dees any experts have experience for oracle RAC and database when disable root SSH log in Linux system?
  Thanks very much!
  JIn

  Security is not based on the number of keys one needs - but on the quality of the locks.Partially agree. But just like in real world one lock is not enough even superb. Why cars have imobilisers, defendlocks etc.? Why there is fence in front of some shop's door? It's very common to have two locks on front door. It's much harder (at least it takes much time) to break two locks than break just one. And the time matters. Back to IT security. Disabled root account is one of best practices and is reasonable because you can't 100% assure that your administrator is using strong password everytime. He might just forgot to change password after installation. He might set weak password just for "temporary" reason. You can of course force the password complexity but of course one you have the system installed.
  So can passwords. Deep packet inspection can occur unknowingly. Perhaps we still talking about SSH, don't we?
  The user may be targeted using social engineering, instead of targeting the actual computer system.It's much harder to get two passwords than just one even by using social engineering.
  The question is whether such a server is exposed to an unsecured or public network. And one would manage the risks differently on such a server than one for example in a private network, protected by a reverse proxy in the DMZ, that in turn provides access from a public network.OK, so we've got another locks here ;-)
  So if that user is compromised, so can root as that user can gain root access. I do not see this as better security. It is merely obfuscating security.Which user acccount? Do you know name of that account? Because I know the name of your's. ;-) So you need to find correct account name, get password for that account and also get the password for root account whilst I need to get password for root account only.
  Yes, partially agree with "obfuscation security" term. But in fact this is not for first time when obfuscation is used in security and neither for last time.
  But you can't consider "PermitRootLogin no" and "wheel" group as an obfuscation.
  Using encryption keys (public & private) is one answer to having to share and keep secrets. No, this is also not 100% safe, but I prefer it over having to know, remember and on occasion, share secrets (passwords).How well is your local machine secured? Are you using strong password? Do have all accounts strong password on your local machine? Is your local machine up to date for known sec. bugs (I don't mean zero days)? Is your local machine in separated VLAN or anybody from LAN can access your machine? Because if there are at least two "No" answers then how much time it will take for some skilled part-time worker (in your company) to break into your computer, steal the keys or even worse use your local machine to access the server?
  Don't get me wrong. I am not against encryption keys. Of course I am using it but in combination with other security restrictions which come from "best practices". And to disable direct root access is one of those practices. Even NSA (and other security institutions) suggest to do that (see page #37): www.nsa.gov/ia/_files/os/redhat/rhel5-guide-i731.pdf Also security auditors check for disabled direct access to privileged accounts.
  I understand this as good enough proof that disabling of direct access to privileged accounts rises security.
  Another good reason is right here:
  Install
  In other words, if any user has possibility to login as root, he uses "root" as default account which is another well known bad practice.

• How to permanently disable local TimeMachine backups?

  Hi,
  I have disabled the local TimeMachine using:
    sudo tmutil disablelocal
  That all works fine but after a reboot, the local backups are back again. For some reason this setting doesn't survives a reboot.
  Can nayone give me some advise on how to permanently disable local TimeMachine backups?
  Dennis

  Here's how I permanently disable TM local snapshots:
  1. create  ~/Library/LaunchAgents/com.wfiveash.disable_tmlsnaps.plist containing:
  <?xml version="1.0" encoding="UTF-8"?>
  <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
  <plist version="1.0">
  <dict>
      <key>Label</key>
      <string>com.wfiveash.disable_tmlsnaps</string>
      <key>ProgramArguments</key>
      <array>
          <string>/Users/willf/bin/disable_tmlsnaps.ksh</string>
      </array>
      <key>WatchPaths</key>
      <array>
          <string>/Library/Preferences/com.apple.TimeMachine.plist</string>
      </array>
  </dict>
  </plist>
  2. create a shell script ~/bin/disable_tmlsnaps.ksh:
  #!/bin/ksh -p
  # This script is supposed to be run via launchd (see
  # ~/Library/LaunchAgents/com.wfiveash.disable_tmlsnaps.plist) when launchd
  # detects a change to the TimeMachine.plist file.  This script will determine
  # if TM local snapshots has been enabled via the MobileBackups property and if
  # it has it will run the setuid disable_tmlsnaps binary.
  # prevent launchd throttling respawn warning, must wait 10s before this script exits
  sleep 10
  integer lsnaps=-1
  lsnaps=$(defaults read /Library/Preferences/com.apple.TimeMachine.plist MobileBackups)
  if [[ $lsnaps -eq 1 ]]
  then
      exec "${HOME}/bin/i386/disable_tmlsnaps"
  elif [[ $lsnaps -eq -1 ]]
  then
      # there was an error running defaults
      exit 1
  else
      exit 0
  fi
  3. Lastly compiled this C program and named it ~/bin/i386/disable_tmlsnaps.  I set the permissions so it was owned by root and setuid:
  * To build: gcc -o disable_tmlsnaps disable_tmlsnaps.c
  * sudo chown root:wheel disable_tmlsnaps
  * sudo chmod u+s disable_tmlsnaps
  #include <stdio.h>
  #include <stdlib.h>
  #include <sys/types.h>
  #include <unistd.h>
  int
  main (int argc, char *argv[])
      int rc;
      rc = setuid(0);
      if (rc == 0)
          rc = system("/usr/bin/tmutil disablelocal");
      return rc;
  =================================================================
  Now when /Library/Preferences/com.apple.TimeMachine.plist is modified (which happens when TM is enabled or disabled) launched will run my disable_tmlsnaps.ksh script which will check to see if it needs to disable TM local snapshots.

• Error message: local root folder does not exist

  Greetings,
  I'm working on a MacPro 2x2.66Ghz, running DW from CS2 and
  through a strange combination of keyboard keystrokes while cleaning
  my keyboard yesterday I inadvertantly renamed my hard drive "-OX"
  from it's default. I can't seem to remember what the default name
  of my hard drive was, but i think it was simply "Macintosh". I've
  renamed it that, but on launching DW for the first time today I got
  an error message saying that "The local root folder, web_content,
  does not exist" and it gave me the option to manage sites and set
  my local root folder again. Is there a way to re-establish my local
  root folder for every site that I currently manage in one swipe, or
  do I have to go in and manually do this for each and every Site
  within my Files panel?
  Thanks for your ideas,
  Pedro

  Actually, it solved one issue but seems to have created
  another! So, at least now my Sites are all working okay with
  respect to a local root folder. But let's say I open an .html file
  by double-clicking it in the Files panel. With that file active if
  I choose Preview in Browser I get a "File Not Found" error message
  from Firefox.... even though it looks like the path to that file is
  correct.
  One thing I notice about the path in the address bar of
  Firefox is that there are 3 forward-slashes after the file: bit at
  the beginning of the line.
  For example, the page generating the error has this address:
  file:///Macintosh%20HD/Users/peter/Sites/MySite/web_content/index_vertical.html
  If you notice carefully there are 3 slashes at the beginning
  of the line. If I go to "Manage Sites" I have the settings set to
  "links relative to document" and my root folder and images folder
  show the proper locations. What have I done?
  The error message also says the following in the details
  section: Firefox can't find the file at /Macintosh
  HD/Users/peter/Sites/MySite/web_content/index_vertical.html.
  so there's a forward-slash before the hard drive.... is that
  okay?
  Thanks for your ideas!
  Pedro

• Disable sound for specific users

  How do I disable sound for specific users?

  Theoretically if the user's not in the audio group, he shouldn't have access to sound devices.
  $ ll /dev/snd/
  total 0
  drwxr-xr-x 2 root root 80 Oct 2 19:30 by-path
  crw-rw----+ 1 root audio 116, 2 Oct 2 19:30 controlC0
  crw-rw----+ 1 root audio 116, 8 Oct 2 19:30 controlC1
  crw-rw----+ 1 root audio 116, 7 Oct 2 19:30 hwC0D0
  crw-rw----+ 1 root audio 116, 13 Oct 2 19:30 hwC1D0
  crw-rw----+ 1 root audio 116, 14 Oct 2 19:30 hwC1D1
  crw-rw----+ 1 root audio 116, 15 Oct 2 19:30 hwC1D2
  crw-rw----+ 1 root audio 116, 16 Oct 2 19:30 hwC1D3
  crw-rw----+ 1 root audio 116, 4 Oct 4 09:12 pcmC0D0c
  crw-rw----+ 1 root audio 116, 3 Oct 4 10:13 pcmC0D0p
  crw-rw----+ 1 root audio 116, 5 Oct 2 19:30 pcmC0D1p
  crw-rw----+ 1 root audio 116, 6 Oct 2 19:30 pcmC0D2c
  crw-rw----+ 1 root audio 116, 9 Oct 2 19:30 pcmC1D3p
  crw-rw----+ 1 root audio 116, 10 Oct 2 19:30 pcmC1D7p
  crw-rw----+ 1 root audio 116, 11 Oct 2 19:30 pcmC1D8p
  crw-rw----+ 1 root audio 116, 12 Oct 2 19:30 pcmC1D9p
  crw-rw----+ 1 root audio 116, 1 Oct 2 19:30 seq
  crw-rw----+ 1 root audio 116, 33 Oct 2 19:30 timer

• Default acl permissions for root and user?

  after running permissions i keep getting acl permissions changed and will repair. Apparently it doesn't. Is their a manual way of resetting to defaults for both root and user.

  Turns out they didn't change themselves, but authentication got out of whack. This post fixed it for me, but I just jogged access on ical and blogs. Not sure which or both is needed, but after I toggled them over and back I was up and running again.
  <SNIP>
  Solution found athttp://michaeljin.wordpress.com/2010/01/05/locked-out-of-mac-os-x-server/
  It’s blog update time! Updates have been a little scarce lately, been super busy with getting trophies on PS3
  Anyway, recently encountered the following with a Mac mini server running Snow Leopard Server:
  Despite being able to ARD / Screenshare the Mac mini, I was unable to get any further than the login window. Authentication credentials are obviously valid. No weird access permissions have been set. However, the weird thing was, I can connect to the server via Server Admin tools (from another Mac) and all other services were running without a hitch.
  After much head scratching it turns out to be a sACL (Service Access Control List) issue.
  This thread solved the mystery!
  http://discussions.apple.com/thread.jspa?threadID=1654864
  To save you the trouble, I’ll lay it out here. I cannot take credit for this, but Randall can!
  Open Server Admin on a computer (any), and connect with the local admin to the machine.
  Select the server and authenticate.
  Select Settings, then go to Access. You’ll want to make sure that Login Window and SSH have the local admin account listed if you select the option to “Allow only these users”. For now, I would suggest making sure all services have “Allow all users and groups” selected.
  If (as in my case) it was set to Allow All in the first place, simply toggle the settings – back and forth.
  Save.
  Try logging in again… should be a good one!
  </SNIP>

• Error:  The local root folder, ZZZZZZ, does not exist.  Please...

  Dreamweaver newest - Cloud
  Windows 7 Prof 64b SP1
  Everyday now upon firing up Dreamweaver I am getting the same error. As long as I worked on this certain site last the day before, dreamweaver of course tries to load that site upon the next startup.
  The error:  The local root folder, ZZZZZZ, does not exist.  Please choose a new local root folder
  I have typed the path myself and browsed to it many times.  When I go into the Site manager/edit site to correct this, it already has the correct path listed there.  If I just leave what is there and hit save, it doesn't work.  Once re entering is done it allows me to work on the site again. Connecting to remote/upload files and everything works fine.  I can close DW and reopen and all will be fine, for a while.    If I close it and maybe two hours later come back to work on it, DW will report that same error again on startup.
  Other editors of the site with same cloud version of DW and same site settings are not having this error. We've combed for differences.
  I've deleted the site definition altogether and recreated it.  It does not stop the error.
  I found some old references to this issue in the old macromedia forums dealing with Mac and spaces or odd characters being an issue in the local folder path. I'm on windows, but the complaints sounded so similar I decided to try a test suggested there.  Their suggestion was to create a new blank html file, without saving, add some text, select the text, use the link icon in the properties manager to drag a link out to any file in the files panel.  Upon doing so, DW creates a full local path that you can see in your html since you haven't saved the file yet.  The suggestors of this test said you should see if your "mac" and DW was having trouble with spaces or odd characters in the path.   Well the following path shows a PIPE character being created in the path by DW on my test page. 
  file:///W|/private/09 Websites/zzzzzz/index.html
  Could this be showing there is some kind of issue that I need to correct?  Or is this typical?  See the pipe character being listed after the network drive letter of W
  Our local root folder path:
  W:\private\09 Websites\zzzzzz\
  Server Settings:
       Root Directory:
  public_html/zzzzzz.com/
       Web URL:
  HypertextTransferProtocolCOLON//worldwideweb.zzzzzz.commercial/
  Any help or suggestions would be appreciated.

  Sudarshan Thiagarajan wrote:
  remote
  /home/zzzzz/public_html/zzzzz.com
  Is this how your remote setting is defined? If it is, do you have a folder called zzzzz.com on your remote server trailing public_html? Ideally public_html is your website root - index.html resides within that, unless your configuration states otherwise.
  To come to your actual question of the local root folder, yes, your file manager wont show files if the connection fails. However, accessing it depends on the permissions you have on your network drive. Have you checked that?
  I'm not sure why our guy has another folder underneath public_html. My guess is he has some company related hosted test folders for various things under there.  I can see a couple other folders under public_html while checking with filezilla. I suppose he just directed our domain to our web folder under public_html. 
  Again, two others here are using these exact same settings with no root folder errors from DW. We've checked many times and all is the same for them.
    Here are some screen grabs of the settings if this makes it more clear.
  This last one showing the remote connection address under the files/assets panel is the one that looks strange to me.  It shows a home folder / then a folder with our site name / then public_html / then our sitename.com .    Seems convoluted to me.  But it works for everyone else so I'm not sure if this error I'm getting has anything to do with these settings or if there is just some old DW settings file hung up in my system that I need to find and delete or what.
  Thanks for any ideas.

• Moving a folder from one local root folder to another

  I've used Dreamweaver CS4 to build my website, and I've become basically familiar with the way it works. Now I'm just starting to build a second site - and I've run into a baffling problem.
  I've defined the new site in the normal way, and created the local root folder.
  I've got a folder full of image files that is currently sitting in the local root folder of my old site - I'd like to put this into the local root folder of my new site.
  This may seem silly, but I can't find a way to move that images folder from one local root folder to the other. I thought it would be a simple drag & drop move, but there doesn't seem to be a way to do this. I've moved the images folder to the desktop, from where it should be easy to drag it over the new local root folder icon in Dreamweaver and drop it in - but it doesn't work.
  Am I missing something obvious here...?

  You should be able to access your entire computer directory structure through the Files Panel in Dreamweaver.
  Click the drop down arrow next to the named site (the open site) at the top of the Files Panel and navigate up into the rest of your computer. You can then Ctrl-C (copy) the folder, re-select the name of your site (the green folders at the bottom of the directories, not in the computer structure), and Ctrl-V (paste) the folder where you want it. Contents will of course come with it.
  You could (alternately) just copy and paste it working within the computer's directory structure. Paste it into the new root folder and, in Dreamweaver, refresh the view in the Files Panel. The folder should show up fine.
  Notice that I have not been drag and dropping, though that should work with the last-mentioned technique.
  Beth

• How to disable the previously entered user ID's that automatically appear. For example ; when logging into email , first letter of user ID promts the previously used email user IDs... Want to disable this feature---How can ot be done ?

  Question
  How to disable the previously entered user ID's that automatically appear. For example ; when logging into email , first letter of user ID prompts the previously used email user IDs... Want to disable this feature---How can it be done ?

  *Click the (empty) input field on the web page to open the drop down list
  *Highlight an entry in the drop down list
  *Press the Delete key (on Mac: Shift+Delete) to remove it.
  *http://kb.mozillazine.org/Deleting_autocomplete_entries
  * Tools > Options > Security: Passwords: "Saved Passwords" > "Show Passwords"
  * Tools > Options > Privacy > History: "Remember search and form history"
  * https://support.mozilla.com/kb/Remembering+passwords
  * https://support.mozilla.com/kb/Form+autocomplete

• SNR License Issue. How Can I Disable SNR for all Users?

  Hi,
  I Have an issue with SNR on CUCM 10.5 and with assignement of license type
  I have a cluster with 400 users.
  200 users use ip phone 3905 and should be use an Essential License.
  When system check for assignement of license type , itassign a Basic License instead of an Essential License, because it see that users have SNR Enabled.
  All users in my system have SNR enabled, and I can not disable it. All my user have Enable Mobility unchecked, and all my phone have Device Mobility Off, but system however see SNR enable.
  How can i disable SNR for all users? This is a feature that client don't need.
  I dont' have a sufficent number of licenses for support all 3905 in Basic License.
  thanks for help.
  Andrea

  Well actually, Mobile Identity wouldn't apply to a 3905 unless those phones had another line on a Dual-Mode device like an iPhone or Android phone.  So unless you have either of those in your system you can scratch that idea.  Someone else may chime in here and try to help a bit more as RD/RDP are the main SNR culprits.

• [CS4]  save on a local file without  user intervention

  hey,...sorry for my english...
  i work with a other application who need to have the
  information written in the local file without an user intervention
  so...
  i would like to know if it s possible to write or rewrite on
  a local file without intervention of the user...
  whitout the ""save dialogue box" or with a managed save
  dialogue box...
  how to write in a local file without user intervention...
  i need really an answer to make real my project...
  thans for your conprehension

  hey
  thx a lot for your help ...
  if i understand well ...
  it is possible to write or rewrite in a specific folder
  who is determinated by the application folder of
  an specific AIR apllication
  who during his install give the ""authorization to
  write/rewrite /save in his specific installation foder"
  so it s possible with combination of an AIR application.....
  can you give me some information about this AIR application
  that i must build...
  some direction to ask help
  because i dont have the knowledges to do that
  what style/type of AIR application
  what charachteristics of this AIR application....
  so some information that can i use to ask help in the good
  place...
  one more time thx a lot for your help...;)

• Safari 5.0 - Disable local file restrictions Option not found under Develop Menu

  Hi All,
  My system specs are as follows :
  Platform : Linux
  OS : lubuntu
  OS Version : 13.10 Saucy Salamander
  Browser : Safari 5.0
  I need to open a html file in Safari before which I need to enable this option - "Disable local file restrictions" under Develop menu as available in Safari 7.0 for OS X Marvericks.
  Problem here is I am not able to find this option in Safari 5.0, also I am not able to find any way to upgrade Safari in Linux.
  Please suggest how can I activate this.

  Safari->Preferences->Advance->on the bottom. To get the Debug menu which includes a listing of Keyboard & Mouse Shortcuts, among other useful things, run this in the Terminal app and quit & relaunch Safari:
  *defaults write com.apple.Safari IncludeInternalDebugMenu 1*

• Saving images in local root folder before inserting into website.

  I have a completed website and the client has sent me some images and asked me to insert them into the website, but before I do that I know that they have to be saved in the local root folder - what is the easiest way to do this?

  I have a completed website and the client has sent me some images and asked me to insert them into the website, but before I do that I know that they have to be saved in the local root folder - what is the easiest way to do this?
  If you insert an image on a page in a local site, and if that image is not currently within your local root folder, DW will prompt you to determine if you want to copy that image into your default images folder.  In this case you do.
  Alternatively, you could just copy the images into any folder within your local root using Explorer/Finder.  When you next connect to that site in DW, it will find the images there and you can use them right away.
  Murray

• Password protect/disable printers for certain users under ML 10.8

  I am looking for a solution to prevent my youger pupils to print everything without asking me. Is there a solution to protect/disable printers for certain users under ML 10.8 ?

  Ok. The sharing interface is not robust enough (by itself) to password challenge print jobs. You may need to look at another printing technology known as CUPS. Apple created this for advanced print configuration, and it does offer Kerberos security with printing password challenges. I do not know if OS X server offers more granularity in configuration.
  I won't be able to help you with the following as I do not use the CUPS printing solution here.
  In Safari, type in the following and press return.
  localhost:631
  You will see a tabbed browser interface. And a bit of light reading ...