Sshd_config with UseLogin denying all users shell access

Similar Messages

• How can i save music and pictures so all users can access them?

  how can i save music and pictures so all users can access them?

  Hi, this should be your answer as for sharing music. For photos though, I would assume you can do the same thing. Hope it helps!
  http://support.apple.com/kb/ht1203

• How to view all transactions that all users have access with in a year.

  Hello
  Does anyone know if they is a report that shows all users and the transactions they have used within a year? I have tried STAT3 and STAD and also SM20 however this does not give me all the users and their transactions used.
  I would be greatful if anyone can please help.
  Thank you
  Regards
  Bindi

  In SUIM you will not find this data. Explore ST03N.
  Edited : I doubt whether it will give you a year dat or not. Default logging is last 3 months including current month. The best way to do this is to create Z table to log all data during a year.
  Regards,
  Arpan Paik
  Edited by: P Arpan on Jan 19, 2011 5:59 PM

• Server based Office 2013 - where do I save word templates on the server for all users to access from "New"?

  Wonder if anyone can point me in the right direction. I'm used to working with stand alone desktop MS Office products.
  We have a server connected to six desktop work stations. All stations have access to Microsoft Office 2013 on the server, and the printer is linked through
  the server.
  Users are currently accessing Word doc Documents on the shared (p) drive as templates, and then saving them with relevant file names to their area on the
  (p).
  Surely there is a way to save Word templates to the server, so that when someone clicks on "New" in Word our own templates are also offered automatically?
  Thanks
  Mark

  If
  anyone knows the address
  for where Microsoft stores the main default templates  - then that would
  be really useful? It would also allow us to get rid of the numerous templates that we would never use.
  Thanks :)

• [Solved] Ensure all users have access to directory and files

  I'm writing a PKGBUILD thats installing to /usr/share/.../... and building the package is giving me permissions for files and parent folder as root:root and directory/file permissions as 755 and 644 respectively.  Because it looks like the files need to be alterable (at least temporarily), I'd like all users to be able to have the correct permissions for them.  This may cause problems for multiple users on the system because settings may get saved here but I'd still like to be able to do this because people with single-user systems can benefit from this (i.e. I'd be todd:users while someone named joe would be joe:users) to be able to have access.  I've heard of the nobody group before, can I do something like this?:
  chown -R nobody:users ${pkgdir}/usr/share/.../...
  Any recommendations?
  Last edited by Gen2ly (2012-06-19 05:36:33)

  You can give the files that need to be altered the permission 0666. If you want also to give users permissions to create new files and directories give the directories permissions 0777. Leave the owner as root:root ("nobody" is just another normal user, it is used to run system daemon that for some reason we do not want to run as root). That's said what you are trying is considered bad practise (be also aware that two different users could modify the same file at the same time with unpredicatble results). If it is not fixable in a proper way, you could install the whole package your home directory (without making an arch package), just alter the PATH and possible LD_LIBRARY_PATH). In any case if you decide to make an arch package like this, such a package will not be suitable for distribution.
  Last edited by olive (2012-06-17 21:25:38)

• After mapping groups, should I deny all users on ACS ?

  I've created and mapped security groups in active directory DomainWirelessOK and DomainVPNOK. I mapped those to ACS_Wireless and ACS_VPN.
  In my production environment, currently all users on ACS authenticate using "Default Group".
  What's the best way to let only users of ACS_VPN and ACS_Wireless have acccess to resources ? Should I "deny" access to Default group ? Is there any specific order you would setup this ?
  Also, if you have suggestions on how I can test this avoiding system disruption please let me know. I thought that I could perhaps include the IP address of few selected Access Points to confirm that mappings work accordingly ?

  Hi
  If you add a 3rd mapping to map everything else to "No access" that would lockout members of other AD groups.
  Additionally, create two NDGs - one for VPN and one for WLAN. In each ACS group you can setup Network Access Restrictions (NARs) such that the VPN group only has access to the VPN NDG and the same for WLAN.
  If a WLAN user authenticated via a device in the VPN NDG they would be rejected & vice versa. This assumes the groups are mutually exclusive which they probably arent. So you might needs to make each of the 2 ACS groups have access to both NDGs.
  Darran

• Auditing all users file access - too much information

  Hi, I have enabled a GPO With the following: Computer Configuration\Policies\Windows Settings\Security Settings\Advanced Audit Policy Configuration\Audit Policies\Object Access -> Audit File System -
  Success on a file server.
  After that, I have enabled successful Create files/Create Folders on a folder for the built-in group Everyone.
  That part works fine, I can see when users are creating files on the folders. But I also get a lot of Extreme amounts of other events logged in the Security log, and everything is coming from the backup agent running on the server (NetBackup in this case).
  How come that a backup agent is creating the events like this? It makes filtering much harder afterwards. The business requirements is to audit Everyone who is adding files to a specific folder, not all the rest of the server. The server
  is Win2008 R2.
  Example:
  An attempt was made to access an object.
  Subject:
  Security ID: SYSTEM
  Account Name: FILESERVER01$
  Account Domain: MYDOMAIN
  Logon ID: 0x3e7
  Object:
  Object Server: Security
  Object Type: File
  Object Name: \Device\HarddiskVolumeShadowCopy58\Windows\winsxs\amd64_microsoft-windows-audio-audiocore_31bf3856ad364e35_6.1.7601.18619_none_d4cab625fb3adf96\audiosrv.dll
  Handle ID: 0x3c4
  Process Information:
  Process ID: 0x1048
  Process Name: C:\Program Files\VERITAS\NetBackup\bin\bpbkar32.exe
  Access Request Information:
  Accesses: WriteAttributes

  Hi Steve,
  I feel your pain, I turned on logging on a file server and found the security log filling 4GB in a couple of hours. I think the key is being very selective about what you audit. I found this article useful and it had some powershell and ideas for helping
  make sense of the information overload - http://blogs.technet.com/b/mspfe/archive/2013/08/27/auditing-file-access-on-file-servers.aspx
  In my opinion though you really need a third party solution to make this viable, two I've looked at are
  Netwrix File Server Auditor and
  FileAudit which seem very similar in functionality and ease of use. These basically read in the event log to provide long term archive and reporting on it.
  Good luck,
  Tim

• How do I download iPages so all users have access?

  I am able to purchase and download iPages onto my Macbook.  I am able to use iPages when I log in as administrator.  However, when my son logs in to his account on same computer, I do not see iPages anywhere. Please help school is in session and this child needs to get access on his own log in account. Thanks , Annie

  Ann,
  Full access is the default, in my experience. I've seen others here post that they had an Install Option for one account or all accounts. Are you sure that your son doesn't have access? Remember that you are looking for "Pages.app", not "iPages.app".
  You should find it in Macintosh HD, Applications, iWork '09. You should see it there from either account.
  Jerry

• How do I share pictures with all users on iPhoto

  We have 4 users in our Mac. I have all the family photos on iPhoto when I log in. The other 3 users can access iPhoto but not the pictures (content), how do I give them access so all users can access the pictures on iPhoto? Thanks

  For iPhoto 09 (version 8.0.2) and later:
  What you mean by 'share'.
  If you want the other user to be able to see the pics, but not add to, change or alter your library, then enable Sharing in your iPhoto (Preferences -> Sharing), leave iPhoto running and use Fast User Switching to open the other account. In that account, enable 'Look For Shared Libraries'. Your Library will appear in the other source pane.
  Any user can drag a pic from the Shared Library to their own in the iPhoto Window.
  Remember iPhoto must be running in both accounts for this to work.
  If you want the other user to have the same access to the library as you: to be able to add, edit, organise, keyword etc.
  Quit iPhoto in both accounts. Move the Library to the Users / Shared Folder
  (You can also use an external HD set to ignore permissions, a Disk Image or even partition your Hard Disk.)
  In each account in turn: Double click on the Library to open it. (You may be asked to repair the Library Permissions.) From that point on, this will be the default library location. Both accounts will have full access to the library, in fact, both accounts will 'own' it.
  However, there is a catch with this system and it is a significant one. iPhoto is not a multi-user app., it does not have the code to negotiate two users simultaneously writing to the database, and trying will cause db corruption. So only one user at a time, and back up, back up back up.
  Regards
  TD

• All users desktop

  Hi there
  I seem to have a lot of questions this week. Sorry!
  I want to put a shortcut on the OSX desktop for all users no matter who logs in. How can I achieve that please?
  I also wanted to associate a file so it opens a specific program - for all users again (rather than have to set it each time). Is there any easy way of doing this please?
  I have googled it but can't find an answer.
  Thanks

  Surely one can set a common file association for all users
  You can add a usro resource to your file and it should open in the application that you chose for all users. Right click on the file and choose other in the drop down menu. Navigate to your application of choice and select it. Check the box "Always Open With" and click OK.
  Isn't there a way of being able to automate this?
  You need to make a script. Either AppleScript or a shell script. Your file needs to be in a location that all users have access to like /Users/Shared. Your choice of "shortcut" is either a Finder alias or a symbolic link. Since your plan is deploy this "shortcut" to hundreds of users, I suggest that you use a symbolic link. A symbolic link is significantly smaller than a Finder alias.

• How can I allow users to access SQLPLUS?

  Hi everyone,
  I have been charged with the task of creating an Oracle server on a CentOS VM. Installation and configuration is complete and SQL is working fine for the database admin user "oracle." I copied the environment variables to the .bashrc file for "oracle" and SQLPLUS starts without a hitch.
  Here is where I need a little guidance...
  I need to create basic Linux user accounts that will have access to the database, so they can then in turn log into their SQLPLUS accounts. The problem is, all of the database files and software are in located in the user "oracle's" directory. This means that no one but "oracle" and root have access to these files because they are the only ones with proper permissions.
  Before I put a ton of time into this, I thought I would pose these questions to the Oracle Linux community:
  1) Could I enable a specific Linux group (ex. "Oracle Users") to have access to the main database folder or possibly all folders along the path? I am hoping this would allow any users I put in the group access to the folders, and essentially the SQLPLUS application. (here is ORACLE_HOME=/home/oracle/app/oracle/product/11.2.0/dbhome_1)
  2) If that is not an option, will I need to make a completely new database and locate it in a location that all users can access?
  I understand that my first idea may not be the SAFEST method, but this is only for a small class of students learning how to use SQL and writing queries. There will be no sensitive information at risk. This would be a quick fix until I learned more about Oracle and how to use it.
  Thank you everyone.

  It certainly is rather a question for the General Database forum, though I doubt you will get a lot of happy replies for such a basic question.
  You can use / as sysdba OS authentication through SSH or using the server console, provided the user's account belongs to the "dba" user group. For remote connection through sqlnet you need create a $ORACLE_HOME/dbs/orapw$SID password file.
  If you would like to know more about this:
  Connecting / as sysdba is used for OS authentication. It ignores password credentials stored in the database and allows any user belonging to the OSDBA system group to connect to the database. Connections as sysdba will always connect to the SYS schema of the database, regardless of any username or password specified. Using OS authentication relies on the BEQ protocol, which connects to the database directly, without using the Oracle Listener process.
  The "oinstall" group will give access to the database software repository. There could be different oracle home installations, each with a different oracle user/owner like "oracle_prod1" and "oracle_prod2", but both users must be able to read/write the shared oraInventory, in which case both users must have read and write access to the oraInventory directory, hence the oinstall group.

• All users share the same iCal

  I want all the users on my iMac to share the same Calendar. How do I do it?

  Here's how to share iCal calendars among multiple users on a single Mac.
  What you need to do is to move the iCal folder to a shared folder that is accessible to all users and then replace the iCal folder in each user's library folder with a "symbolic link' to the shared iCal folder. The symbolic link looks like an "alias", but if you try this using "aliases" to the shared iCal folder it will not work (trust me). You can create symbolic links using the Terminal, but I have no idea how, and the idea of using the Terminal scares me. The easiest way that I know of to create a symbolic link is with a shareware application called Cocktail. It allows you to do a number of different things including System Maintenance, Network Optimization, etc. It took me a while to remember how to do this; I originally found the information in the Discussions when iCal was first released, but apparently none of those original postings are listed in the forums anymore.
  Here's how to do it (you must have Administrator privileges):
  First locate your iCal folder (your user name > Library > Application Support > iCal) and make a copy of it (Finder > File > Duplicate). Drag the copy to your Desktop until you're sure iCal is being shared between users.
  Next move the original iCal folder into a Shared folder in the Users folder (Hard Disk > Users > Shared > iCal). To make sure all users can access the information, select the Shared folder, choose File > Get Info, click the little Lock icon, then under "Ownership & Permissions -> Details" make sure that the "Owner" is "System", "Group" is "Wheel" and "Access" for Owner, Group and Others is "Read & Write". Do the same with the iCal folder within the Shared folder, but this time, under "Ownership & Permissions -> Details" make sure that the "Owner" is "your user name", "Group" is "Staff" and "Access" for Owner, Group and Others is "Read & Write" and click the "Apply to Enclosed Items" button. I basing this information on what the Ownership & Permissions are for each of the folders in my system.
  Open Cocktail (I'm using version 3.6.5). Once the app is open (you must enter an administrator's user name and password) click on the "Files" button, then click on the "Links" button. Where it says "Create Symbolic Link" click on the "Choose" button. Navigate to the iCal folder (Hard Disk > Users > Shared > iCal) and click "Choose" again. In the "Save As" box that appears enter "iCal", then navigate to the Application Support folder in your Home folder (your user name > Library > Application Support) and click "Save". Quit Cocktail and open iCal. You should see all of your calendars as you did before.
  Log in under each additional User, move that User's iCal folder (user name > Library > Application Support > iCal) onto the Desktop, then create another Symbolic Link to replace it, using Cocktail as described above. In each case you should see the same calendar information as when you were logged in under your user name. As a test, add a New Event or To Do in iCal under one user, log out and back in under another user and you should see the changes when you open iCal.
  Once everything appears to be working, you can delete the iCal folders from each User's Desktop.
  As an additional maintenance measure, use Disk Utility to repair Disk Permissions.
  Unfortunately, if each User has his/her own calendars in iCal they will not be in the shared calendars. Only the calendars in the first iCal folder used to set up the shared folder will be available and I don't know of any way to merge or combine the other user's calendars into one.
  Hope this helps and good luck!

• How to grant database user to access directory under web server

  Hi
  I'm running forms6i application on Oracle9iAS.
  This application access to several directories using WEB.SHOW_DOCUMENT procedure.
  I add this directories to UserDir directive in httpd.conf and I also made an Alias (virtual path).
  The problem is that all users can access to that directory.
  Can I eliminate access to the directories just for particulare users?
  Thank's,
  Tomaz

  Pl refer to the httpd.conf file
  and for the directory tag assign deny all,grant all will
  solve ur prob...
  if possible pl let me know..
  how u have configured ur forms appln on oracle 9iAS using apache
  server....
  i have tried but it gives me error about the forms engine..
  how do i make apache server know about the forms60/f60all.cab
  and other required configuration files
  pl let me know at the earliest
  thanks

• 1 VirtualBox VM for all users

  We are trying to utilize VirtualBox to run a Windows 7 Virtual Machine on OS X (10.6). We want to create 1 VM for all users to access.  I have changed the default folder to /Users/Shared/VirtualBox_VMs.  Please does anyone know how this can be done?

  The SIMPLE answer is do not have the iPod devices setup with each account. You can sync multiple devices to a single iTunes library.

• When will Apple resolve its issue with Adobe so iPad users can use flash?

  When will Apple resolve its issue with Adobe so iPad users can access flash?

  That isn't going to happen. Adobe has not only given up on iOS, they have given up on all mobile device now.
  Why do you think you need Flash?
  Allan