How to restrict a normal user

Similar Messages

• How can I allow normal user change their LDAP password?

  I use Solaris10 + Sun Directory server 5.2SP6 + Samba, how can allow normal user change the password themselves?
  Thanks.

  Depends on application you are using. I use ColdFusion and here is how I allow users to change their passwords
                      <cfldap action="Modify"
                           dn="uid=#form.UserLogin#,ou=your_ou,dc=example,dc=com"
                           attributes="userpassword=#FORM.newPassword#"
                           server="#servername#"
                           Port="#portnumber"
                           username="uid=#form.UserLogin#,ou=your_ou,dc=example,dc=com"
                           password="#form.userpassword#">

• How to restrict the FBL5N (user wise restriction)

  Hi experts
  I want to restrict the FBL5N TCODE user wise.
  In FBL5N one parameter is there Serch Help ID In serch help id when we select Customers per sales group
  we see Sales office and Sales group .If we select sales grop and execute it report gives op under sales group.
  My requirment is restrict the sales group or sales office for user wise.(if 5 sales office and 3 user id is there then,i want to give one user id for 2 sales office  and if enter another sales office then he cant show the data)
  THANKS
  AJAY.

  Hi Ajay,
  I am not quite sure if it is recommended to tweak standard elementary search help. However, I would suggest you to create your own search help and attach it to the standard collective search help as an append search help.
  You can write what so ever logic the business demands in that custom search help exit there by restricting the entries that gets displayed as a result of value help.
  Hope this gives you a brief idea on how to proceed.
  Regards,
  Hemanth

• How to Restrict same portal user from other node

  Hi
  In my application, we charge customers for each portal user logins. But, i found that, they can share same user logins amongs number of people.
  I don't want to allow the same portal user login into the application if that user is already logged in and it's session is still active.
  Here is the Scenario :
  User A is logged in to the portal from terminal AA. Now, User A agin tries to logg in to the portal from terminal BB. I don't wnat to allow user A to log in from terminal BB bcuz user A has active session from terminal AA.
  Can anyone know how to implement this??
  thanks in advance.
  Srini

  Hi Srini!
  We have solved this problem with our own login portlet. Before the final login we've got to check (from the certain table) how many logins there are currently with that username.
  But there is a problem. If the user closes the browser without logoff, the session remains active. There is a cleanup job, which removes those session in some hours. Still it is not very elegant.
  Regards,
  Jari

• How to restrict "sftp only" user into your home dir and subdir

  Hi OTN forums members
  Question : I want restrict a sftp only user to browse ONLY in your home directory and subdirectory . I don't want sftp user access into other directory.
  Details : I want use a "ssh bundle package" on s10(only package on SUNWCXall installation cluster). I don't want to use the "extrernal package", as "ProFTP", "Chroot", sunfreeware OpenSSH package,ecc. It's possible?
  Technical Details of my system(test) : the hostname and username it's fantasy name, not real ;-)
  root@sunlab1:/[1]$ cat /etc/release
                         Solaris 10 5/09 s10s_u7wos_08 SPARC
             Copyright 2009 Sun Microsystems, Inc.  All Rights Reserved.
                          Use is subject to license terms.
                               Assembled 30 March 2009
  root@sunlab1:/[2]$ uname -a
  SunOS sunlab1 5.10 Generic_142909-17 sun4u sparc SUNW,Sun-Blade-100
  root@sunlab1:/[3]$ grep explorer /etc/group
  explorer::111:
  root@sunlab1:/[4]$ grep explorer /etc/passwd
  explorer:x:111:111:Sun Explorer Data Collector sftp only user:/export/home/explorer:/usr/lib/ssh/sftp-server
  root@sunlab1:/[5]$ zfs list
  NAME                       USED  AVAIL  REFER  MOUNTPOINT
  rpool                     27.3G  9.33G    96K  /rpool
  rpool/ROOT                11.6G  9.33G    18K  legacy
  rpool/ROOT/s10s_u7wos_08  11.6G  9.33G  11.6G  /
  rpool/cfengine            73.7M   950M  73.7M  /var/cfengine
  rpool/dump                1.00G  9.33G  1.00G  -
  rpool/export              5.01G  9.33G  11.8M  /export
  rpool/export/home         1.40G  3.60G  1.40G  /export/home
  rpool/mp3                 2.65G  2.35G  2.65G  /mp3
  rpool/patches              206M  2.80G   206M  /var/patches
  rpool/swap                 768M  9.58G   514M  -
  root@sunlab1:/[6]$
  root@sunlab1:/[7]$ cd /export/home
  root@sunlab1:/export/home[9]$ ls -la
  total 47
  drwxr-xr-x   5 root     root           9 Oct  7 09:51 .
  drwxr-xr-x   4 root     sys            6 Jun  7 09:44 ..
  drwxr-x---  11 explorer explorer      11 Oct  7 11:30 explorer
  root@sunlab1:/[8]$ sftp explorer@sunlab1
  Connecting to sunlab1...
  Password:
  sftp> dir
  [...more output...]
  sftp> pwd
  Remote working directory: /export/home/explorer
  sftp> cd /var/adm
  sftp> dir
  [...more output...]
  sftp> get messages
  Fetching /var/adm/messages to messages
  sftp> pwd
  Remote working directory: /var/adm
  sftp> bye
  root@sunlab1:/[9]$
  root@sunlab1:/[10]$ pkginfo -l SUNWsshr
     PKGINST:  SUNWsshr
        NAME:  SSH Client and utilities, (Root)
    CATEGORY:  system
        ARCH:  sparc
     VERSION:  11.10.0,REV=2005.01.21.15.53
     BASEDIR:  /
      VENDOR:  Sun Microsystems, Inc.
        DESC:  Secure Shell protocol Client and associated Utilities
  [...snip...]
  root@sunlab1:/[11]$ pca -l installed --pattern=[Ss]sh
  [...snip...]
  Using /var/patches/pca/patchdiag.xref from Oct/14/10
  Host: sunlab1 (SunOS 5.10/Generic_142909-17/sparc/sun4u)
  List: installed (3/584)
  Patch  IR   CR RSB Age Synopsis
  141742 04 = 04 -S- 427 Obsoleted by: 141444-09 SunOS 5.10: sshd patch
  143140 04 = 04 RS- 119 Obsoleted by: 143559-03 SunOS 5.10: ssh patch
  143559 03 = 03 RS-  38 SunOS 5.10: ssh scp patch
  root@sunlab1:/[12]$ pca -l 141444 143559
  Using /var/patches/pca/patchdiag.xref from Oct/14/10
  Host: sunlab1 (SunOS 5.10/Generic_142909-17/sparc/sun4u)
  List: 141444 143559 (2/405)
  Patch  IR   CR RSB Age Synopsis
  141444 09 = 09 RS- 367 SunOS 5.10: kernel patch
  143559 03 = 03 RS-  38 SunOS 5.10: ssh scp patch
  root@sunlab1:/[13]$Legenda:
  PCA = [url http://www.par.univie.ac.at/solaris/pca/] Patch Check Advanced  , PCA is 3PP free and fast tool for Analyze, download and install patches for Solaris
  IR =Installed Rev. CR = Current Rev. (published on patchdiag.xref from Oct/14/10)
  RSB =[R]eccommended,[S]ecurity, [\B]ab patches
  Not helpful reading "<tt>man sshd_config</tt>" and "<tt>man sftp-server</tt>", and Google searching. Nothing by MOS Community search.
  Any idea?
  Best Regards
  Michele V.
  P.S.: Excuse me for my bad English.

  Hi OTN forums members,
       I find the solution. Thanks Andrea Manganaro (aka Amanga) for the help.
  1) Download and install OpenSSH for Solaris 10/SPARC and all dependencies(Please read the http://www.sunfreeware.com/openssh.html note):
       - [url ftp://ftp.sunfreeware.com/pub/freeware/sparc/10/openssh-5.6p1-sol10-sparc-local.gz]openssh-5.6p1-sol10-sparc-local.gz
       - [url ftp://ftp.sunfreeware.com/pub/freeware/sparc/10/openssl-1.0.0a-sol10-sparc-local.gz]openssl-1.0.0a-sol10-sparc-local.gz
       - [url ftp://ftp.sunfreeware.com/pub/freeware/sparc/10/zlib-1.2.5-sol10-sparc-local.gz]zlib-1.2.5-sol10-sparc-local.gz
       - [url ftp://ftp.sunfreeware.com/pub/freeware/sparc/10/libgcc-3.4.6-sol10-sparc-local.gz]ibgcc-3.4.6-sol10-sparc-local.gz
  2) Configure <tt>/usr/local/etc/sshd_config</tt> file with the "+<tt>ChrootDirectory</tt>+" directive. For me:
  # override default of no subsystems
  #Subsystem      sftp    /usr/local/libexec/sftp-server
  Subsystem       sftp    internal-sftp[...]
  # Example of overriding settings on a per-user basis
  Match Group sftponly
          ChrootDirectory %h
          ForceCommand internal-sftp
          AllowTcpForwarding no3) Create group and user for sftp-only account. For me:
  root@taurus # groupadd sftponly
  root@taurus # grep sftponly /etc/group
  sftponly::202:
  root@taurus # useradd -g sftponly -c "Sftp only user" -d /export/home/explorer -s /bin/false -m explorer
  explorer:x:1002:202:Sftp only user:/export/home/explorer:/bin/false
  root@taurus # passwd explorer
  New Password:
  Re-enter new Password:
  passwd: password successfully changed for explorer
  root@taurus # 4) Change home directory permission and create a r/w direcorty (uploads) for sftponly user account.
  root@taurus # cd /export/home
  root@taurus # ls -la
  total 14
  drwxr-xr-x   4 root     root           4 Oct 29 15:28 .
  drwxr-xr-x   3 root     sys            3 Jan 22  2009 ..
  drwxr-xr-x   3 explorer sftponly       3 Oct 29 15:41 explorer
  root@taurus # chown root:sftponly explorer; chmod 750 explorer
  root@taurus # ls -la
  total 14
  drwxr-xr-x   4 root     root           4 Oct 29 15:28 .
  drwxr-xr-x   3 root     sys            3 Jan 22  2009 ..
  drwxr-x---   3 root     sftponly       3 Oct 29 15:41 explorer
  root@taurus # This will make a read-only, chrooted directory perfect for people to come in and get stuff, but never write.
  For example, you could make a directory explorer/uploads that allow people to write in.Then you can moderate what gets copied into the read-only /explorer area. Remember that if a user can write in a directory then they can also delete anything in that directory.
  root@taurus # cd explorer
  root@taurus # mkdir uploads && chown -R explorer:sftponly uploads && chmod 0755 uploads
  root@taurus # ls -al
  total 9
  drwxr-x---   3 root     sftponly       3 Oct 29 15:41 .
  drwxr-xr-x   4 root     root           4 Oct 29 15:28 ..
  drwxr-xr-x   2 explorer sftponly       2 Oct 29 15:56 uploads
  root@taurus # 5) Disable SunSSH "service" and enable OpenSSH "service" (with SMF):
  root@taurus # svcadm disable sshSee [url http://www.sunfreeware.com/sshsol10.html]here for Running openssh vis SMF on Solaris 10 Systems
  root@taurus # svcadm disable ossh
  root@taurus # svcs -a | grep ssh
  disabled       12:37:51 svc:/network/ssh:default
  online         15:29:41 svc:/network/ossh:default
  root@taurus # 6) Test your job :-)
  Helpful links:
  ==============
  http://www.sunfreeware.com
  http://www.openssh.org
  http://calomel.org/sftp_chroot.html
  HTH
  Michele Vecchiato

• How to restrict a VPN user with a specific anyconnect profile?

  I need to assign to anyconnect users different profiles. This is done easily with IPSec, with the group policy configured in the client. With anyconnect I have two options:
  - Allow the user to select the connect profile: The problem here is the user can select any profile and connect with the rules and permissions configured in this profile. I do not how to force one specific profile for each user.
  - Use  the DefaultWebVPNGroup as connection profile for everybody combined with DAP. This what I am doing now. Everybody connect with the default anyconnect profile and I use DAP to assign each user the network ACL's, Bookmarks, etc. The problem here is that I can not use other options that are included in the profiles or in the policies, like split tunneling or user authentication method.
  I have seen some answers about this point but none of them is clear enough. I am using ASA 5540 with 8.4(6) and Windows IAS radius.
  Thanks.

  Thanks Elias. This works. Easy to configure. When I connect using the client it takes de group policy from the radius attribute 25 and apply it.
  Just one little problem. This doesn't work with bookmarks when the user connect with WebVPN. In the logs I can see the connection taking the correct group policy but the bookmarks from that policy are not applied. Any idea?

• How to restrict the internal users(Business Users)

  Hi,
  If i  have a 3 catalogs like
        1.US catalog
        2.UK catalog
        3.Italian Catalog
  How can associate  this three catalog to specific internal user.

  Hi,
  For assigning a catalog to specific user, you can go to People and Organization-->Users in ACC
  Then click on a user and there you can see a property catalog,just click on that and search/select your catalog,save it and catalog is assigned to user.
  For more details please follow below link-
  Oracle ATG Web Commerce - Assigning a Catalog to a User
  Hope it help!
  Regards,
  PrateekG

• How to restrict non root users from changing proxy settings Ubuntu 12.04?

  I have two Ubuntu 12.04 Desktops with Ncomputing vSpace software configured for remote terminal users of Ncomputing L300 thin clients. Both these desktops have Squid configured and connected to internet. So in a way users logging in to these machines can directly access internet without squid. Now users can remove the proxy and have unrestricted access anytime. Which is the reason I want to enforce proxy on users settings which they cannot change. I am fine if the settings makes it mandatory for root or sudo user of Ubuntu. Is this possible ?

  Use a mozilla.cfg file in the Firefox program folder to lock prefs or specify new (default) values.
  Place a local-settings.js file in the defaults\pref folder where also the channel-prefs.js file is located to specify using mozilla.cfg.
  pref("general.config.filename", "mozilla.cfg");
  These functions can be used in the mozilla.cfg file:
  defaultPref(); // set new default value
  pref(); // set pref, but allow changes in current session
  lockPref(); // lock pref, disallow changes
  See:
  *http://kb.mozillazine.org/Locking_preferences
  *http://mike.kaply.com/2012/03/16/customizing-firefox-autoconfig-files/
  *http://mike.kaply.com/2014/01/08/can-firefox-do-this/

• How to restrict Basis from User admin in Portal

  Hi,
  Iam looking to delete action Manage ALL action from Administrator role and add ReadALL so that basis is not given access to User admin in Portal. we already have Manage_All in a role that is assigned to security. However iam not sure of the problems. please advise if there would be any problem in tweaking the Administrator role as these are standard UME roles.
  Thanks in advance.

  Hi,
  Please try to modify User adminitrator role in the portal.
  Content Administrator>>Portal Content>>Content Provided by SAP>>Admin Content>>User Administrators>>Right click on "User Admin" role >>Permission>> IN "Everyone" Group, Uncheck the 'End User' column. then SAVE your permision.
  Hope this will helps you to resolve your issue.
  Thanks
  Arun Jaiswal

• How to restrict views in MS INFOPATH 2010 based on a user Login id

  Hi,
  I am the Admin of the Time Reporting SharePoint tool for my project. When a user enters/edit a time report ,it is done via an Infopath 2010 form. This form has 2 views:
  1. For the normal users to see (default view)
  2. For the Admins only.
  What i want is that when a normal user(not an admin) logs in to the site to change his/her time report and opens this form,that person will only be able to see the default view . If an admin logs in then he/she can swicth between both the views .
  Currently i am unable to provide any such functionality. Even a normal user is able to see both the views which i want to restrict.
  Pelase let me know how do i restrict the normal users to the default view only based on their login ID.They shouldnt be able to switch views at all.
  But if an admin logs on then both the views should be accessible.
  I am new to InfoPath , so please let me know from scratch. I need only out of box solution for this as i cannot perform any kind of coding due to site restriction.
  Regards,
  Guru

  Hi ,
  My problem is still not resolved. I tried applying the people picker property and set a specific field(an email id field) to be available to only admins. Now the field is not visible to the normal users but only admins which is good but that email field
  should be able to take normal users as wel as admin's email ID. currently due to the people picker property it only takes admin's ID and not normal user's ID - which is not as per expectation.
  What this email ID field does is - when a normal user is logged in he/she wont see this field in that view. But when an admin logs in he/she can switch to admin view and see this field . The admin can put any user's ID in this field and pull out the required
  resource's Time Report for modification.
  Please let me know how do i overcome my problem. Detailed step description will be very helpfull .
  As per Cameron's suggestion (add a rule on the "additional admin section") , i am not sure how exactly that is done. Would help a lot if i got to know how this works.
  Regards,
  Guru

• How to restrict number of concurrent connections etc.

  Hi,
  I'm able to use wi-fi thru WRT54GC.
  I want to know:
  1. How to restrict number of users connecting to the wireless network that is setup thru my router?
  2. I also want to know about any monitoring software which can tell me about connected PCs, user names, bandwidth available, bandwidth utilized etc.
  Thanks in advance
  Rajeev

  1. logon to router's setup page, open I.E. and in the address bar type 192.168.1.1, it would ask for username and password, put "admin" default password without any username... click on the wireless tab >> wireless security >> try setting up wireless security as per the requirements, also you can setup wireless MAC filter and you can setup MAC address of wireless computers which you want to allow to coonect to the network...
  2. not quiet sure about monitoring software which would show you detail log about bandwidth, bandwidth utilized by each computer...however you should view router's logs from linksys "logviewer" utility...go to ftp.linksys.com/pub/network and download the "logviewer" utility.
  let me know if you have any issues.

• Creation of a normal user without admin rights

  Hi,
  I am new to oracle apex. Can you please let me know how to create a normal user without admin rights in oracle apex application.
  Thanks & Regards,
  venkat
  Edited by: 866673 on Jun 17, 2011 9:53 AM

  Welcome to the forum: please read the FAQ and forum sticky threads (if you haven't done so already), and ensure you have updated with your profile with a real handle instead of "866673".
  You'll get a faster, more effective response to your questions by including as much relevant information as possible upfront. This should usually include:
  <li>Full APEX version
  <li>Full DB version and edition
  <li>Web server architecture (EPG, OHS or APEX listener)
  <li>Browser(s)/version(s) used
  <li>Theme
  <li>Templates
  <li>Region type
  (although for your question only the APEX version is necessary).
  Assuming you mean a user who can authenticate to an application that uses Application Express Account Credentials?
  In APEX 4.0:
  1. Go to Home > Application Builder > [Your Application ] > Administration > Create Users and Groups > Create User
  2. Enter the User Identification information.
  3. In the Account Privileges, specify:
  User is a workspace administrator: No
  User is a developer: No
  4. Complete the rest of the form as necessary.

• Table access restriction to certain users

  Hi,
  How to restrict the particular user in accessing the database tables ?
  For example: A user should not be given the the rights to access the table AUFK.
  Thanks in advance.
  Regards,
  Harsha

  Hi,
  If you are talking about access of table through SM30, it can be done by authorization object concept. You can assign the appropriate authrization object while creating the table maintenance. Basis will assign the roles to the user. If it is SE16/SE16N then you need to create parameter transactions for each table user is allowed to view.
  Other generic option is, You can develop a report program and display the tables allowed for the user. On clicking the table name, you can take to SE16 screen. (You may need to create a transaction variant for se16/se16n for disabling the table name input field to control the user not to access other tables). Tables allowed for the user can be maintained in a Ztable.
  Thanks,
  Vinod.

• Normal users accessing mounted NTFS disks? (Music related)

  I havent yet fully converted to linux, so all my music and other stuff is on NTFS partitions.
  My NTFS partitions are listed in fstab with the "defaults" options, only root have access to them now, however I want to play my music as a normal user.
  How do I enable normal users, or preferably only one user, to access these partitions?
  semi-newbie  :?

  _Gandalf_ wrote:
  I usualy mount with both suggestion above, actually i need full read acess to all users logged in the machine so i do
  umask=022,uid=1000,gid=102
  BTW u don't need to read /etc/passwd to know ur uid/gid, instead use the command
  id
  the id command was handy, thanks

• How to restrict users to not default layout while creating a user specific?

  Hi all,
             I have a problem with frequent changes in report layout setting. When users trying to create a user specific layout in the window "Default" is set, out of "User specific" & "default" checkbox defaultly, so users saving the layouts. so it's overwritting on existing layout. we are ossing the old data. how to restrict end users to create new one with out changing the existing one.How to change that default check in "Default" check box to user specific defaultly. where i have to do settings for this. Thanks in advance.
  Pradeesh

  Hi ,
  My problem is still not resolved. I tried applying the people picker property and set a specific field(an email id field) to be available to only admins. Now the field is not visible to the normal users but only admins which is good but that email field
  should be able to take normal users as wel as admin's email ID. currently due to the people picker property it only takes admin's ID and not normal user's ID - which is not as per expectation.
  What this email ID field does is - when a normal user is logged in he/she wont see this field in that view. But when an admin logs in he/she can switch to admin view and see this field . The admin can put any user's ID in this field and pull out the required
  resource's Time Report for modification.
  Please let me know how do i overcome my problem. Detailed step description will be very helpfull .
  As per Cameron's suggestion (add a rule on the "additional admin section") , i am not sure how exactly that is done. Would help a lot if i got to know how this works.
  Regards,
  Guru