Is there a configuration option to prevent an unprivileged user from accessing the firefox profile manager and/or firefox safe mode?

Similar Messages

• Is there any way to prevent non-root users from rebooting the system?

  This question seems to be addressed many times on the web, but the problem is that none of the wannabe-howtos work on my system. In particular, this doesn't work and this doesn't work either, because (1) I need to keep policykit installed for udisks and other dependencies to function and (2) renaming (or removing) the file /usr/share/polkit-1/actions/org.freedesktop.login1.policy has (again) no effect on the users' ability to reboot and shut down the system. Even more surprisingly, adding the following to /etc/polkit-1/rules.d/20-disable-shutdown.rules has no effect at all:
  polkit.addRule(function(action, subject) {
  if (
  action.id == "org.freedesktop.login1.power-off" ||
  action.id == "org.freedesktop.login1.reboot" ||
  action.id == "org.freedesktop.login1.suspend" ||
  action.id == "org.freedesktop.upower.suspend" ||
  action.id == "org.freedesktop.login1.hibernate" ||
  action.id == "org.freedesktop.upower.hibernate"
  return polkit.Result.NO;
  As a result, ordinary users (not in the wheel group and with no special permissions) can simply reboot the machine by typing reboot. I remember that a simple polkit rule (as proposed on the Fedora forum) worked fine just a few months ago, but this doesn't work nowadays. The action IDs mentioned there are no longer listed in pkaction, so it's quite obvious that some changes (and bugs) have been introduced since then. I just need to prevent the users from rebooting the machine and to keep policykit installed. Is there any way to do this?

  karol wrote:Do said users have the ability to push the Power or Reset buttons?
  No, they don't.
  But come on, access permissions are a matter of principle rather than a matter of what you can possibly do with a hammer in your hand. That makes your question somewhat irrelevant to this issue. Imagine someone asking: "How can I protect my home directory from access by other users?" You would then probably ask: "Do said users have the ability to pull out the hard drive and mount it on their computer?"
  Even if the users had physical access to the ACPI buttons, rebooting the computer by mistake (via software) would still be much more likely than pressing (or even holding) the ACPI buttons by mistake.
  If I call rm -Rf / as a normal user, nothing should happen to the system in terms of availability to other users. Only my home directory and temporary files would vanish, but that's all. This is what permissions are there for. Similarly, when I type reboot as a normal user (no matter if I'm on SSH, on a local terminal or logged into KDE), it should be possible to simply disallow rebooting.
  The idea that users logged in locally can restart the computer may be fine for laptops under certain conditions, but it is a bad idea in almost all other cases. In a "kiosk" type environment, for example, the ability to reboot and get to the bootloader can be a huge security hole, unless all your disks are encrypted, and a huge "reliability hole" in any case. Suppose you use a desktop as a home server. You want everyone to be able to log in and to connect a USB flash drive (using polkit and udisks). But you simply don't want the machine to be rebooted. Why is such a simple thing so hard to do?
  Last edited by andrej.podzimek (2014-03-10 02:15:35)

• How to prevent a portal user from using the BEx Analyzer ?

  Hi,
  we have different type of users : most users may use the portal as well
  as the analyzer ;
  we have one special user with extended authorizations : this user
  should use the portal , where he has a limited set of queries to run
  with hardcoded filters ==> this user should not be able to use the
  analyzer however, since he then would be able to call all other queries
  by using the find function ;
  how can we make sure this user cannot use the analyzer , using SAP
  authorizations ?
  best regards,
  Erwin Van Giel.

  Hi,
  if I remove the complete S_RFC authorization for the user then the BEx Analyzer cannot connect anymore to the BW system, but neither can the user run reports from the portal : it needs the S_RFC with 'SYST'.
  If I only remove the RRMX from the S_TCODE and from the S_RFC, it does not prevent the user from starting the BEx Analyzer and connecting to the BW system. It only stops the user if he would start the RRMX transaction from within an SAPGUI session.
  Perhaps there should be a value in the S_RFC that allows connections from the portal but not from the BEx Analyzer .... ?
  so not solved yet ....
  best regards,
  Erwin.

• I need to prevent unauthorized users from accessing the application pages

  Hi^^,
  I have created an application in jsp and servlets. It has several pages like manager, supervisor accountant. I need to prevent unauthorised users from accessing these pages. In other words I need to implement a filter. Anyone who types a url other than that of the login page needs to be blocked. However I am not able to conceptualize the code that is going to be inside the doFilter() method. Please help
  Sincerely,
  Prashant

  Hi^^,
  I admit that there were some mistakes in the previous posting. I have corrected the mistakes and now there is going to be no compile time error. However when i put in the login id and the password it is redirecting me to the login page. I think that the front end jsp is directing the control to the controller servlet. But as "YOU" have pointed out in your previous post,
  "by default requestDispatcher.forward(...) does not pass through the filter change. If the user requests the login page from their browser however, then they will still get the error message, which may not be appropriate."
  I feel we need to somehow make the code pass through the requestDispatcher.forward(...) method of the servlet.
  I am again posting the corrected code.
  package com;
  import java.io.*;
  import javax.servlet.*;
  import javax.servlet.http.*;
  public class SecurityFilter implements Filter
    public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws   ServletException, IOException
    HttpServletRequest req = (HttpServletRequest)request;
    HttpServletResponse res = (HttpServletResponse)response;
    String X = req.getRequestURI();
    if(X.equals(http://localhost:8080/MyProject/LoginPage.jsp))
       //writing code for passing through the filter
       final class MyGenericFilter implements javax.servlet.Filter
        public FilterConfig filterConfig;
        public void doFilter( final ServletRequest request, final ServletResponse response, FilterChain chain) throws java.io.IOExeption, javax.servlet.ServletException
        chain.doFilter(request,response);
        public void init(final FilterConfig filterConfig)
        this.filterConfig = filterConfig;
        public void destroy()
  else
     HttpSession session = req.getSession();
     String username = (String)session.getAttribute("username");
     if(null==username)
       request.setAttribute("Error","Session has ended. Please login");
       RequestDispatcher rd = request.getRequestDispatcher("Login.jsp");
       rd.forward(request,response);
       chain.doFilter(request,response);
      else
       RequestDispatcher rd = request.getRequestDispatcher("X");
       rd.forward(request,response);
  public void init(final FilterConfig filterConfig)throws ServletException
        public void destroy()
    Edited by: pksingh79 on Aug 12, 2008 5:23 AM

• We are using version 3.6 on several machines. Is there a way to restrict users from accessing the about:config page?

  Prevent users from making modifications to the about:config page?

  You can do this with the [https://addons.mozilla.org/en-US/firefox/addon/3911/ Public Fox] add-on.
  It can be used to password protect access to about:config. To prevent the user from disabling/uninstalling the add-on, it also allows you to password protect the add-ons manager. You can also lock down other parts of Firefox such as the options dialog and clear history.

• GPO to prevent users from accessing the root folder of their profile doesn't work

  Hi,
  Here's the scenario:
  In a Windows 2012 RDS I created two groups called RemoteApp users and remote desktop users.
  These groups are defined in the collection for the corresponding RD Session hosts.
  These groups are not included in any other group, but they are located under an OU -called  Remote Users.
  In the domain controller I have created a GPO named "Restrict access to root drive"  which is linked to the Remote Users OU.
  The GPO I selected is - "Prevent users from adding files to the root of their users files folder"
  This doesn't seem to work. I have waited more than a few hours to allow the 90 minutes update, plus used the gpupdate /force
  but when a user clicks on the RemoteApp (Excel in this example) then access to the C: drive (which is the root folder of the user's profile) is enabled, and the user can create folders and save files under C:.
  I tried to run gpresult for the specific user but the GPO I created wasn't mentioned.
  I thought this would be a straight forward mechanism, but somehow it looks like something is missing.
  I have read about loopback and expanding, but not sure if this is what needs to be done, and if yes - I'd appreciate if I can get  step by step instructions. Everything I found so far was VERY vague.
  Thanks !
  One more detail that may be relevant - the DC is a Windows Server 2012, and the session host is a Windows 2012 R2.

  > These groups are not included in any other group, but they are located
  > under an OU -called  Remote Users.
  >
  > In the domain controller I have created a GPO named "Restrict access to
  > root drive"  which is linked to the Remote Users OU.
  >
  The USER accounts need to be in the OU your GPO is linked to. Despite
  their name, GPOs do NOT apply to groups, but to users (and computers).
  Groups only provide an additional layer of filtering...
  Martin
  Mal ein
  GUTES Buch über GPOs lesen?
  NO THEY ARE NOT EVIL, if you know what you are doing:
  Good or bad GPOs?
  And if IT bothers me - coke bottle design refreshment :))

• Is there a way to prevent AD users from accessing the VPN?

  I have ASA 5510's that authenticate users to the Active Directory. Is there a way to prevent users, that even though they are validated through the AD from being to establish a VPN connection?

  Haven't tested this lately, but with the ipsec client, you used to be able to go to an AD user's "dial-in" tab, and there was a check box there for "allow remote access" or something that. If this was checked, they could authenticate via IAS, if not, they couldn't. This allowed only selected users within AD to use the VPN. Not sure if this is still the case, but it's a start...

• Preventing the logged in user from accessing the site

  Hi,
  wanted to know if it is possible that a user who has already logged in can be prevented from logging in if the user opens a new browser window (IE or Netscape)...on the same machine as well as from different machine.
  If there r any programs or guidelines available on this...please let me know.
  thanks in advance
  rinkub

  If the user tries to log in the second time on the same machine (with the same type browser) they will have the same "session" as the first time they logged in.
  So, you could check something in the session and not allow the second logon.
  In the other case, you will need to keep the users logon information some place (like a database) and check to see if they are already logged on.

• Prevent a user from accessing Cube Navigator

  Is it possible to prevent a user from accessing the cube navigator in Analyzer so the user can only view reports that are setup? thanks

  In Analyzer 6.2, there are some 'behind the scenes' parameters that can be added to suppress menu items. If you are currently using Analyzer 6.2, try adding the following parameter to your applet tag:<PARAM NAME = HideNav VALUE ="True">Note: this will hide the Navigate button for all users accessing the page.

• Is it possible to prevent users from using the ''Purge'' option from the ''Recover deleted items'' in Office 365?

  Hi,
  After speaking with a Microsoft engineer over the phone, I've been told that there is no way to prevent users to go to their OWA and manually Purge specific items from the ''Recover deleted items''. The Microsoft tech told us to place the desired mailboxes
  on a litigation-hold and that all data will be recoverable... but only from the time you place the mailbox onto Litigation-Hold and previous items, which doesn't take effect for new-coming emails. 
  1- From what I understand, any new items coming in the mailbox after the Litigation-Hold is put in place will still be ''purgeable'', right?
  2- Is there a way (PowerShell, Security group, etc.) that can prevent a user from using the Purge option?
  We are very surprised that there is absolutely no thread that talks about this issue, which in our opinion, is a major legal and security flaw from Office 365. This is a main concern for us to actually go with Office365. For instance, this means that at
  any given time, if a user exchanges emails with a competitor, they can manually purge emails sent and receive as soon as it is sent/received, even after Litigation-Hold is in place.
  Thank you for your reply and let us know if you have more questions.
  Normand Bessette, IT support technician, Newad Media

  Thank you for the reply.
  Is there still a way to prevent users from using the Purge option, like with a Powershell script to disable Purge?

• Is there a way to prevent users from changing the Advanced, Connection, Settings Tab?

  I need to stop network users from changing the proxy settings to avoid the firewall. Is there any way to disable or prevent them from getting to the advanced, connections tab, and changing the settings for the proxy?

  You can lock the corresponding prefs, then users won't be able to change the settings.
  See http://kb.mozillazine.org/Locking_preferences
  See also http://kb.mozillazine.org/about%3Aconfig_entries

• Is there a way to prevent an end-user from changing their own password?

  All you guru's out there, I need your help. Is there a way to prevent an end-user from changing their own password? Is there a function or procedure I can create or what?

  In this case, you do not want someone (whoever they are DBA etc) to connect as that
  particuler user to change the password.Yes, but I wouldn't expect the users to[i] know that password. The connnect would be handled automatically, behind the scenes.
  The clear implication of the OP's question and response was that users would not be allowed to change their own passwords. I'm guessing this is in response to a policy that says users mustn't have simple passwords like 123abc or mom. In such a scenario a better approach would be to apply regexp to a user's password to ensure it contains a mix of letters, numbers, punctuation, etc to achieve the desired level of complexity.
  So questions, should not be regarded as daft Agreed, but the same is unfortunately not always true of business decisions. As the OP has told us not to ask we cannot know why they want to do this. Personally, I think a user's individual password should always be their responsibility; anything else strikes me as insecure. YMMV.
  Cheers, APC

• Why there is no option for WRT54G Version 7??? the versin...

  Why there is no option for WRT54G Version 7??? the versin no. jump from 6 to 8??Which firm ware should  I download?

  For US no vesrion 7 is released. Might be in other countries.

• Can anyone tell me how to transfer photos from iphone 5 to my computer? my computer doesn't recognise my iphone as camera or drive at all and there is no option for me to down photos from itune either

  Can anyone tell me how to transfer photos from iphone 5 to my computer? my computer doesn't recognise my iphone as camera or drive at all and there is no option for me to down photos from itune either

  Try taking a new picture with your iPhone then reconnect it to your computer.

• Is there a way to prevent a user from using the graph cursor legend to delete a cursor?

  I would like to have 2 cursors on a graph that can't be deleted by the user.

  Hi Dennis,
  I'm having this problem as well, and found your post. Are you referring to the Enabled State of the entire graph?  If so, this prevents the user from moving the cursor at all while the VI is running, which, of course, defeats the purpose of having a cursor at all.  Ideally, I would like to show the cursor palette and disable it's run-time shortcut menu.  This doesn't appear to be possible.   One workaround would be to hide the palle and instead include some indicators that show the cursors' values.  I'd prefer to show the palette to keep the program simpler.
  Any other solutions?
  Thanks,
  Alan
  Alan Blankman, Technical Product Marketing Manager and LabVIEW Developer
  LeCroy Corporation
  800-553-2769 x 4412
  http://www.lecroy.com
  [email protected]