How to restrict non root users from changing proxy settings Ubuntu 12.04?

Similar Messages

• How to make none root user to connect to TCP Port  (web ports)

  how to make none root user (any user)
  to connect to TCP Port 80 or port 81 or any port less than 1024
  cause i have web server i want to run and stop service with none root userand on port 80 and port 81
  can you help me and give me steps

  I believe Solaris 9 also has RBAC control. If so then all you need to do is present the uid with the PRIV_NET_PRIVADDR privilege. See the privielegs(5) manpage for more information on the subject.
  This privilege will allow the userid to bind to ports < 1024. You can give a user this privilege either by using usermod (you will probably need the auth_attr(4) manpage as well) after which you need to login again. Or you can try using ppriv to modify the privileges on the users shell.

• Is there any way to prevent non-root users from rebooting the system?

  This question seems to be addressed many times on the web, but the problem is that none of the wannabe-howtos work on my system. In particular, this doesn't work and this doesn't work either, because (1) I need to keep policykit installed for udisks and other dependencies to function and (2) renaming (or removing) the file /usr/share/polkit-1/actions/org.freedesktop.login1.policy has (again) no effect on the users' ability to reboot and shut down the system. Even more surprisingly, adding the following to /etc/polkit-1/rules.d/20-disable-shutdown.rules has no effect at all:
  polkit.addRule(function(action, subject) {
  if (
  action.id == "org.freedesktop.login1.power-off" ||
  action.id == "org.freedesktop.login1.reboot" ||
  action.id == "org.freedesktop.login1.suspend" ||
  action.id == "org.freedesktop.upower.suspend" ||
  action.id == "org.freedesktop.login1.hibernate" ||
  action.id == "org.freedesktop.upower.hibernate"
  return polkit.Result.NO;
  As a result, ordinary users (not in the wheel group and with no special permissions) can simply reboot the machine by typing reboot. I remember that a simple polkit rule (as proposed on the Fedora forum) worked fine just a few months ago, but this doesn't work nowadays. The action IDs mentioned there are no longer listed in pkaction, so it's quite obvious that some changes (and bugs) have been introduced since then. I just need to prevent the users from rebooting the machine and to keep policykit installed. Is there any way to do this?

  karol wrote:Do said users have the ability to push the Power or Reset buttons?
  No, they don't.
  But come on, access permissions are a matter of principle rather than a matter of what you can possibly do with a hammer in your hand. That makes your question somewhat irrelevant to this issue. Imagine someone asking: "How can I protect my home directory from access by other users?" You would then probably ask: "Do said users have the ability to pull out the hard drive and mount it on their computer?"
  Even if the users had physical access to the ACPI buttons, rebooting the computer by mistake (via software) would still be much more likely than pressing (or even holding) the ACPI buttons by mistake.
  If I call rm -Rf / as a normal user, nothing should happen to the system in terms of availability to other users. Only my home directory and temporary files would vanish, but that's all. This is what permissions are there for. Similarly, when I type reboot as a normal user (no matter if I'm on SSH, on a local terminal or logged into KDE), it should be possible to simply disallow rebooting.
  The idea that users logged in locally can restart the computer may be fine for laptops under certain conditions, but it is a bad idea in almost all other cases. In a "kiosk" type environment, for example, the ability to reboot and get to the bootloader can be a huge security hole, unless all your disks are encrypted, and a huge "reliability hole" in any case. Suppose you use a desktop as a home server. You want everyone to be able to log in and to connect a USB flash drive (using polkit and udisks). But you simply don't want the machine to be rebooted. Why is such a simple thing so hard to do?
  Last edited by andrej.podzimek (2014-03-10 02:15:35)

• How to stop an unauthorized user from changing my password.

  How do I block an unauthorized user from constantly changing my password?
  I had an old iPod Gen 4 stolen and someone from China is downloading Apps (I get email alerts when they download something and the last message said the computer used is registered in China).  I have changed the account password many times.  However, days later, I will get an alert email that my password was changed (not by me), or I will try to purchase something and my password will not work.  How else can I block this person from changing my password so he/she can use my account?  Will changing my user email address work?  Should I deactiviate all authorized computers to wipe them out?  I do not have any credit cards tied to my account, so they are only downloading free apps.

  Hi Gradux,
  Welcome to the Apple Support Communities! In this situation, I suggest contacting the application developer. The information on how to do that can be found in the following article.
  iOS: An app you installed unexpectedly quits, stops responding, or won’t open
  http://support.apple.com/kb/ts1702
  Contact the developer
  If you see the issue again, contact the developer of the app for help:
  Find the app in the App Store.
  Tap the app and tap Reviews.
  Tap App Support.
  I hope this helps,  
  -Joe

• Allow restricted user to change Proxy Settings

  I have an OS X 10.4.11 MacBook Pro that has 2 accounts. One local administrator account and one restricted Network mobile account authenticating against an LDAP domain. All users are required to go through a proxy to get out to the internet. The proxy is not accessible outside our network. This means the proxy settings have to be change when the user takes his laptop out of the office. However since the user has a restricted account he does not have permission to change the proxy information.
  Is there away I can allow this user to change the proxy settings or even change a Network Location with out giving him administrator privileges.?

  Hi msaner, and a warm welcome to the forums!
  Haven't found the answer just yet, but...
  /System/Library/CoreServices/SystemUIServer.app/Contents/Resources/Autoload.plis t
  contained some interesting strings after finding changing permissions on the PrefPanes didn't work, like...
  _airportCanLoad

• How can I restrict non-adminstrator user from openning Forefox in "safe mode"?

  I want to have parental control on the computer. I have added 'ProConn Latte' to Firefox which serves that purpose but my teenager figured out that he can simply open Firefox in "safe mode" (an option under the START menu) and bypass the control. I have already added administrator password security to MSWindows so that he can not work around his limited user settings but the Firefox loophole still remains.

  Another option you may consider exploring:
  The Safe Mode feature can also be disabled by modifying firefox files, that is explained in [https://support.mozilla.com/en-US/questions/664785#answer-128337 answer to ] ''How to *permanently* disable Firefox Safe Mode option?''
  Remember to password protect all admin accounts, including the normally hidden System Administrator account (which probably has no password set by default), but make sure you have that passwords secure somewhere, &/or have a password reset floppy.
  A determined & knowledgeable teenager will get past most things you attempt to do, especially if you are not actually watching the computer use; maybe even running a different OS from a CD. Quite possibly the teenager has unrestricted access to the internet elsewhere anyway.

• Ideas on how to restrict non-prod servers from connecting to prod sql servers

  We ran into an issue this week and I’m looking for some ideas on approaches we might be able to use. While troubleshooting a P1 issue, we noticed Non-Production application servers connecting to the Production backend SQL Server using a Production account.
  The matter of how they obtained the PROD password is a security issue and we are already working that endeavor separately but my question is what (if anything) are other people using to identify and more importantly restrict connections on their Production
  SQL Servers from non-production servers?
  A colleague has already mentioned the possibility of creating a Classifier Function and using Resource Governor to identify hostname and if they begin with “DEV…” or “TEST…” they are not allowed in. Anyone have any other ideas???
  Thanks in advance
  Andre Porter

  If hostname is your criteria then I don't see any reason why a logon trigger wouldn't work...
  Beware that the hostname can be set in the connection string, so this is not safe.
  Despite what Javier said, it is possible to use the IP address, as it is available in sys.dm_exec_connections and cannot be spoofed. But there are a couple of things to keep in mind. The trigger needs extra permissions as plain users does not have access
  to sys.dm_exec_connections. You also need to consider local connections and possibly also connections over named pipes or VIA.
  The best and robust solution is to put test and production servers in different network segments, and then prevent access between the segments.
  Erland Sommarskog, SQL Server MVP, [email protected]

• How to Restrict same portal user from other node

  Hi
  In my application, we charge customers for each portal user logins. But, i found that, they can share same user logins amongs number of people.
  I don't want to allow the same portal user login into the application if that user is already logged in and it's session is still active.
  Here is the Scenario :
  User A is logged in to the portal from terminal AA. Now, User A agin tries to logg in to the portal from terminal BB. I don't wnat to allow user A to log in from terminal BB bcuz user A has active session from terminal AA.
  Can anyone know how to implement this??
  thanks in advance.
  Srini

  Hi Srini!
  We have solved this problem with our own login portlet. Before the final login we've got to check (from the certain table) how many logins there are currently with that username.
  But there is a problem. If the user closes the browser without logoff, the session remains active. There is a cleanup job, which removes those session in some hours. Still it is not very elegant.
  Regards,
  Jari

• How to prevent 3rd party applications from changing FF settings (e.g. homepage)?

  On Windows 7 (Firefox 15 Beta) i cancelled installation of an unwanted application, but it changed the firefox homepage and added a search engine. How can i prevent this from happening in the future - is there a firefox setting or are this changes entirely managed by windows?

  For your current problem, you can use [https://addons.mozilla.org/en-US/firefox/addon/searchreset/ https://addons.mozilla.org/en-US/firefox/addon/searchreset/] to revert these settings.
  Unfortunately there isn't a real way to prevent this from happen. You can, when installing programs, make sure you read through every setting, and not install toolbars, search engines, etc. However, if the program is malicious they may not give you an options and will just install it anyway.

• Mounting usb devices as non-root user ??

  How can a non-root user mount a usb flash device?
  As root, the device is mounted as:
  mount -F pcfs /dev/dsk/c1tod0s2:c /mnt
  The vfstab entry for this is as follows:
  /dev/dsk/c1t0d0s2:c /dev/rdsk/c1t0d0s2 /flash pcfs 2 no -
  This is running Solaris 8 on a SunBlade150

  Hello.
  I had the same problem.
  If you do not have root rights on the computer the answer is: You cannot mount the device.
  I had root access and I wrote a C program that (un-)mounted all possible device files (the "s2" devices as well as the "s2:c" devices because some flash devices come without partition table).
  I chowned the file to root and set the "set effective user ID" bit in the file's permissions using chmod after logging in as root - so any user can start the program.
  I think this is the most flexible variant because USB devices sometimes are assigned other device names.
  Martin

• How to restrict a normal user

  Please explain how to restrict a normal user from getting connected as sys user in sqlplus.Even though I have revoked the sysdba and sysoper priveleges, I am able to get connected as sysdba in sqlplus. Is there any way to restrict the normal user.
  Regards
  Vijay Kumar

  That are the 2 ways, how to connect as sysdba:
  Password Authentication
  Unless a connection to the instance is considered 'secure' then you MUST use a
  password to connect with SYSDBA privilege.
  Users can be added to a special 'password' file using either the 'ORAPWD'
  utility, or 'GRANT SYSDBA to USER' command.
  Such a user can then connect to the instance for administrative purposes using
  the syntax:
  CONNECT username/password AS SYSDBA
  Operating System Authentication
  If the connection to the instance is local or 'secure' then it is possible to
  use the operating system to determine if a user is allowed SYSDBA access.
  In this case no password is required.
  The syntax to connect using operating system authentication is:
       CONNECT / AS SYSDBA
  Oracle determines if you can connect thus:
  On MS Windows NT/2000/2003/XP:
  On MS Windows the OSDBA groups is a hard coded group thus:
  Group Name Oracle uses this as...
  ~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~
  ORA_DBA OSDBA group for all instances
  When you issue a 'CONNECT / AS SYSDBA' , Oracle checks if your MS Windows logon is a
  member of the 'ORA_DBA' group.
  If you don't want OS authentication, remove the ORA_DBA group from the logon id. But automatic database startup at boot time won't longer work.
  Werner

• Restrict A User From Changing A Payment Term While Adding A/R Invoice

  Dear Experts,
  We want to restrict our users from changing payment terms while adding A/R Invoice.
  We use SAP B1 2007 b.
  Thanking  you
  Pradnya

  Hi,
  try below code in transaction notification procedure:
  if (@object_type = '13') and (@transaction_type IN ('A', 'U'))
  BEGIN
  IF exists (select T0.DocEntry FROM OINV T0 Inner Join OCRD T1 on T0.CardCode=T1.CardCode Where T0.GroupNum  !=T1.GroupNum and T0.DocEntry =@list_of_cols_val_tab_del)
            Begin
                 SET @error = 30
                 SET @error_message =N'You are not authorized to change payment terms'     
            end
  END
  for how the transaction notification works or how to use :
  check How to use Transaction Notification
  Thanks,
  Neetu

• How to stop  the users from changing the Decimal in SAP

  How  to stop  the users from changing User Profile

  Hai,
  It is not possible to restrict SU3 to display, because it has only S_TCODE has the authorization object.
  If you really want to restrict users from changing their profile you have to remove the SU3 access and give SU1 or SU2 which gives access only to Personnel details and Parameters.
  Hope this helps.
  Regards,
  Yoganand.V

• Restrict users from changing password on first login?

  Hi,
  I am doing mass user upload into UME using script import. How should I use the below functionality to restrict the users from changing password on first login?
  IUserAccount uacc =UMFactory.getUserAccountFactory().newUserAccount(uid,newUser.getUniqueID());
  uacc.setPassword("saras");
  uacc.setPasswordChangeRequired(false);
  How to implement above functionality with mass upload from script import?
  Thanks
  Srinivas
  Edited by: srinivas M on Jan 20, 2009 9:05 PM

  hi srinivas,
  try this api
  http://help.sap.com/javadocs/NW04S/current/se/com/sap/security/api/IUserAccount.html#isPasswordChangeRequired()
  https://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/40d562b7-1405-2a10-dfa3-b03148a9bd19
  this document able to retrive the password.. same positon u can disable the field
  https://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/10649c90-24af-2b10-1086-ea0667ec3655
  thanks

• How do I prevent other Mac users from changing my Airport Extreme Network Name and Password within the Airport Utility?

  How do I prevent other Mac users from changing my Airport Extreme Network Name and Password within the Airport Utility?  My company is using an Airport Extreme in our office now and I want to prevent other employees from messing with the network/settings.  Is there a way to place a password on the settings to allow only the admin to access the network name and password? 

  Hi - you have will have to change the device passwords on all the base stations and then don't give them to anyone except the administrators and tell them not to save them on their computers that use the older versions of the Airport Utility - for the newer versions like the mobile apps, as soon as you enter the pasword it is saved and is visible in the advanced pane along with the network password - so if anyone gets a hold of your iPad or iPhone, they can edit the whole network - I have this same issue with my networks in the office and it is inconvenient but doable - I hope this helps