Scheduled Maintenance: We are aware of an issue with Google, AOL, and Yahoo services as email providers which are blocking new registrations. We are trying to fix the issue and we have several internal and external support tickets in process to resolve the issue. Please see: viewtopic.php?t=158230
restrict user privileges [SOLVED]
restrict user privileges [SOLVED]
Hi there,
I installed 6.0.something wheezy, and i want to create a guest user without the privilege to shutdown/reboot my computer.
(I left Arch, because they overcomplicated their latest install media, and now I can't even install the basic system, BUT the best thing about Arch is that it had a very detailed wiki.)
Now I've been searching everywhere, but I couldn't find any solutions, so I'd really appreciate if you helped me out.
Thanks!
Tom
I installed 6.0.something wheezy, and i want to create a guest user without the privilege to shutdown/reboot my computer.
(I left Arch, because they overcomplicated their latest install media, and now I can't even install the basic system, BUT the best thing about Arch is that it had a very detailed wiki.)
Now I've been searching everywhere, but I couldn't find any solutions, so I'd really appreciate if you helped me out.
Thanks!
Tom
Last edited by tomjtoth on 2012-10-02 17:54, edited 1 time in total.
Re: restrict user privileges
This question is not nearly as straightforward as you imagine.
One imagines that you're asking about restricting shutdown from within a GUI, but the specifics actually vary by which GUI and which login manager you're using. So, to have any hope of getting a decent answer, you'll need to provide that additional information.
One quick-and-dirty solution may be to install SLiM as a display (login) manager. It's been quite some time since I used SLiM, but my best recollection is that it only allows restart from the actual login screen, and by default requires a root password to do it.
But before you spend a lot of time chasing this question, remind yourself that anyone who has physical access to a(ny) machine can always forcibly do a shutdown or restart. Maybe it's time to re-examine your underlying goals.
One imagines that you're asking about restricting shutdown from within a GUI, but the specifics actually vary by which GUI and which login manager you're using. So, to have any hope of getting a decent answer, you'll need to provide that additional information.
One quick-and-dirty solution may be to install SLiM as a display (login) manager. It's been quite some time since I used SLiM, but my best recollection is that it only allows restart from the actual login screen, and by default requires a root password to do it.
But before you spend a lot of time chasing this question, remind yourself that anyone who has physical access to a(ny) machine can always forcibly do a shutdown or restart. Maybe it's time to re-examine your underlying goals.
- craigevil
- Posts: 5391
- Joined: 2006-09-17 03:17
- Location: heaven
- Has thanked: 28 times
- Been thanked: 39 times
Re: restrict user privileges
Just make sure the guest account is not in the powerdev or sudo groups
Gnome and KDE also have settings that will most likely need to be set.
Autologin, passwordless login and controlling who can reboot and shutdown your computer in KDE - http://www.linuxbsdos.com/2012/02/16/au ... er-in-kde/
Gnome and KDE also have settings that will most likely need to be set.
Autologin, passwordless login and controlling who can reboot and shutdown your computer in KDE - http://www.linuxbsdos.com/2012/02/16/au ... er-in-kde/
Raspberry PI 400 Distro: Raspberry Pi OS Base: Debian Sid Kernel: 5.15.69-v8+ aarch64 DE: MATE Ram 4GB
Debian - "If you can't apt install something, it isn't useful or doesn't exist"
My Giant Sources.list
Debian - "If you can't apt install something, it isn't useful or doesn't exist"
My Giant Sources.list
Re: restrict user privileges
i have slim+xfce, and im interested in a console-way solution
im aware of the reboot/poweroff "account"+root pw, but that has nothing to do with my problem.
my /etc/group file looks like this:
this makes me think that my 2 users 'test' and 'guest' are only in their own and 'netdev' group
and when i check the groups 'guest' is in i get
I haven't seen powerdev a group
im aware of the reboot/poweroff "account"+root pw, but that has nothing to do with my problem.
my /etc/group file looks like this:
Code: Select all
root:x:0:
daemon:x:1:
bin:x:2:
sys:x:3:
adm:x:4:
tty:x:5:
disk:x:6:
lp:x:7:
mail:x:8:
news:x:9:
uucp:x:10:
man:x:12:
proxy:x:13:
kmem:x:15:
dialout:x:20:
fax:x:21:
voice:x:22:
cdrom:x:24:
floppy:x:25:
tape:x:26:
sudo:x:27:
audio:x:29:
dip:x:30:
www-data:x:33:
backup:x:34:
operator:x:37:
list:x:38:
irc:x:39:
src:x:40:
gnats:x:41:
shadow:x:42:
utmp:x:43:
video:x:44:
sasl:x:45:
plugdev:x:46:
staff:x:50:
games:x:60:
users:x:100:
nogroup:x:65534:
libuuid:x:101:
crontab:x:102:
avahi-autoipd:x:103:
scanner:x:104:saned
messagebus:x:105:
colord:x:106:
lpadmin:x:107:
ssl-cert:x:108:
Debian-exim:x:109:
mlocate:x:110:
ssh:x:111:
avahi:x:112:
netdev:x:113:guest,test
bluetooth:x:114:
saned:x:115:
test:x:1000:
fuse:x:116:
guest:x:1001:
utempter:x:117:
and when i check the groups 'guest' is in i get
Code: Select all
test@1001px-d:~$ groups guest
guest : guest netdev
test@1001px-d:~$
Re: restrict user privileges
I am using xfce4 without a display/login manager, and my users can't reboot or shutdown the computer.
But they have to go through the hell of typing startx after logging in (Looks like everything comes at a price)
But they have to go through the hell of typing startx after logging in (Looks like everything comes at a price)
"I am not fine with it, so there is nothing for me to do but stand aside." M.D.
Re: restrict user privileges
not even from console?nadir wrote:I am using xfce4 without a display/login manager, and my users can't reboot or shutdown the computer.
But they have to go through the hell of typing startx after logging in (Looks like everything comes at a price)
-
- Posts: 459
- Joined: 2012-02-24 18:36
Re: restrict user privileges
Code: Select all
user@debian:~$ reboot
bash: reboot: command not found
user@debian:~$ shutdown
bash: shutdown: command not found
user@debian:~$ halt
bash: halt: command not found
Instead of the user needing to type startx you can just set it up so that X is automatically started at login. If you wanted to do that.
Re: restrict user privileges
I'll say it again. Anyone with physical access to the machine can shut it down. Trying to prevent a software-based shutdown/reboot is a classic case of solving the "wrong problem."
Re: restrict user privileges
I see, so basicly the slim/xfce-session gives the normal users the privilege to shutdown/reboot.adenukolnis wrote:A regular user can reboot from a tty with a 3 finger salute but you should be able to disable that in the /etc/inittab file.Code: Select all
user@debian:~$ reboot bash: reboot: command not found user@debian:~$ shutdown bash: shutdown: command not found user@debian:~$ halt bash: halt: command not found
Instead of the user needing to type startx you can just set it up so that X is automatically started at login. If you wanted to do that.
I won't remove slim, because a guest user (windows/mac user) wouldnt be able to fire up my computer, but i hid some entries in the xfce menu so they'll be les probable to mess it up.
Re: restrict user privileges
well I'm not trying to create a super-secure dumbass-proof computer. My only point was to prevent them from shutting it down, or rebooting it.dasein wrote:I'll say it again. Anyone with physical access to the machine can shut it down. Trying to prevent a software-based shutdown/reboot is a classic case of solving the "wrong problem."
Now i see i was wrong, and a user doesnt have the privilege to do that by default, xfce/slim gives them the right to do that, so i hid these options in the xfce menu, thus making my problem solved.
Re: restrict user privileges
Edit the topic line in your first post and add [SOLVED]tomjtoth wrote:how do i mark it solved?
Re: restrict user privileges
Like said: What he or she will have to learn in addition to type a username and a password is to write "startx" and hit enter.tomjtoth wrote: I won't remove slim, because a guest user (windows/mac user) wouldnt be able to fire up my computer
I would say it is do-able.
But sure: i see your point (it will lead to questions and confusion and so on ... Rather a workaround than a proper solution)
"I am not fine with it, so there is nothing for me to do but stand aside." M.D.