restrict user privileges [SOLVED]

Kernels & Hardware, configuring network, installing services

restrict user privileges [SOLVED]

Postby tomjtoth » 2012-09-30 11:23

Hi there,

I installed 6.0.something wheezy, and i want to create a guest user without the privilege to shutdown/reboot my computer.
(I left Arch, because they overcomplicated their latest install media, and now I can't even install the basic system, BUT the best thing about Arch is that it had a very detailed wiki.)
Now I've been searching everywhere, but I couldn't find any solutions, so I'd really appreciate if you helped me out.

Thanks!
Tom
Last edited by tomjtoth on 2012-10-02 17:54, edited 1 time in total.
tomjtoth
 
Posts: 6
Joined: 2012-09-30 11:17

Re: restrict user privileges

Postby dasein » 2012-09-30 16:02

This question is not nearly as straightforward as you imagine.

One imagines that you're asking about restricting shutdown from within a GUI, but the specifics actually vary by which GUI and which login manager you're using. So, to have any hope of getting a decent answer, you'll need to provide that additional information.

One quick-and-dirty solution may be to install SLiM as a display (login) manager. It's been quite some time since I used SLiM, but my best recollection is that it only allows restart from the actual login screen, and by default requires a root password to do it.

But before you spend a lot of time chasing this question, remind yourself that anyone who has physical access to a(ny) machine can always forcibly do a shutdown or restart. Maybe it's time to re-examine your underlying goals.
User avatar
dasein
 
Posts: 7775
Joined: 2011-03-04 01:06
Location: Terra Incantationum

Re: restrict user privileges

Postby craigevil » 2012-09-30 16:39

Just make sure the guest account is not in the powerdev or sudo groups

Gnome and KDE also have settings that will most likely need to be set.

Autologin, passwordless login and controlling who can reboot and shutdown your computer in KDE - http://www.linuxbsdos.com/2012/02/16/au ... er-in-kde/
Debian Sid KDE Kernel 3.17 Thinkpad R40 Intel M 1.3 CPU 2GB RAM Radeon Mobility 7500
Debian - "If you can't apt-get something, it isn't useful or doesn't exist"
Debian upgrade script smxi | sysinfo script inxi
User avatar
craigevil
 
Posts: 5192
Joined: 2006-09-17 03:17
Location: Oz

Re: restrict user privileges

Postby tomjtoth » 2012-10-01 18:33

i have slim+xfce, and im interested in a console-way solution
im aware of the reboot/poweroff "account"+root pw, but that has nothing to do with my problem.

my /etc/group file looks like this:

Code: Select all
root:x:0:
daemon:x:1:
bin:x:2:
sys:x:3:
adm:x:4:
tty:x:5:
disk:x:6:
lp:x:7:
mail:x:8:
news:x:9:
uucp:x:10:
man:x:12:
proxy:x:13:
kmem:x:15:
dialout:x:20:
fax:x:21:
voice:x:22:
cdrom:x:24:
floppy:x:25:
tape:x:26:
sudo:x:27:
audio:x:29:
dip:x:30:
www-data:x:33:
backup:x:34:
operator:x:37:
list:x:38:
irc:x:39:
src:x:40:
gnats:x:41:
shadow:x:42:
utmp:x:43:
video:x:44:
sasl:x:45:
plugdev:x:46:
staff:x:50:
games:x:60:
users:x:100:
nogroup:x:65534:
libuuid:x:101:
crontab:x:102:
avahi-autoipd:x:103:
scanner:x:104:saned
messagebus:x:105:
colord:x:106:
lpadmin:x:107:
ssl-cert:x:108:
Debian-exim:x:109:
mlocate:x:110:
ssh:x:111:
avahi:x:112:
netdev:x:113:guest,test
bluetooth:x:114:
saned:x:115:
test:x:1000:
fuse:x:116:
guest:x:1001:
utempter:x:117:


this makes me think that my 2 users 'test' and 'guest' are only in their own and 'netdev' group
and when i check the groups 'guest' is in i get

Code: Select all
test@1001px-d:~$ groups guest
guest : guest netdev
test@1001px-d:~$


I haven't seen powerdev a group
tomjtoth
 
Posts: 6
Joined: 2012-09-30 11:17

Re: restrict user privileges

Postby nadir » 2012-10-01 22:36

I am using xfce4 without a display/login manager, and my users can't reboot or shutdown the computer.
But they have to go through the hell of typing startx after logging in (Looks like everything comes at a price)
"I am not fine with it, so there is nothing for me to do but stand aside." M.D.
User avatar
nadir
 
Posts: 5964
Joined: 2009-10-05 22:06
Location: away

Re: restrict user privileges

Postby tomjtoth » 2012-10-02 09:53

nadir wrote:I am using xfce4 without a display/login manager, and my users can't reboot or shutdown the computer.
But they have to go through the hell of typing startx after logging in (Looks like everything comes at a price)


not even from console?
tomjtoth
 
Posts: 6
Joined: 2012-09-30 11:17

Re: restrict user privileges

Postby adenukolnis » 2012-10-02 10:29

Code: Select all
user@debian:~$ reboot
bash: reboot: command not found
user@debian:~$ shutdown
bash: shutdown: command not found
user@debian:~$ halt
bash: halt: command not found


A regular user can reboot from a tty with a 3 finger salute but you should be able to disable that in the /etc/inittab file.

Instead of the user needing to type startx you can just set it up so that X is automatically started at login. If you wanted to do that.
adenukolnis
 
Posts: 459
Joined: 2012-02-24 18:36

Re: restrict user privileges

Postby dasein » 2012-10-02 14:48

I'll say it again. Anyone with physical access to the machine can shut it down. Trying to prevent a software-based shutdown/reboot is a classic case of solving the "wrong problem."
User avatar
dasein
 
Posts: 7775
Joined: 2011-03-04 01:06
Location: Terra Incantationum

Re: restrict user privileges

Postby tomjtoth » 2012-10-02 15:58

adenukolnis wrote:
Code: Select all
user@debian:~$ reboot
bash: reboot: command not found
user@debian:~$ shutdown
bash: shutdown: command not found
user@debian:~$ halt
bash: halt: command not found


A regular user can reboot from a tty with a 3 finger salute but you should be able to disable that in the /etc/inittab file.

Instead of the user needing to type startx you can just set it up so that X is automatically started at login. If you wanted to do that.


I see, so basicly the slim/xfce-session gives the normal users the privilege to shutdown/reboot.
I won't remove slim, because a guest user (windows/mac user) wouldnt be able to fire up my computer, but i hid some entries in the xfce menu so they'll be les probable to mess it up.
tomjtoth
 
Posts: 6
Joined: 2012-09-30 11:17

Re: restrict user privileges

Postby tomjtoth » 2012-10-02 16:03

dasein wrote:I'll say it again. Anyone with physical access to the machine can shut it down. Trying to prevent a software-based shutdown/reboot is a classic case of solving the "wrong problem."


well I'm not trying to create a super-secure dumbass-proof computer. My only point was to prevent them from shutting it down, or rebooting it.
Now i see i was wrong, and a user doesnt have the privilege to do that by default, xfce/slim gives them the right to do that, so i hid these options in the xfce menu, thus making my problem solved.
tomjtoth
 
Posts: 6
Joined: 2012-09-30 11:17

Re: restrict user privileges

Postby tomjtoth » 2012-10-02 16:06

how do i mark it solved?
tomjtoth
 
Posts: 6
Joined: 2012-09-30 11:17

Re: restrict user privileges

Postby 4D696B65 » 2012-10-02 16:13

tomjtoth wrote:how do i mark it solved?

Edit the topic line in your first post and add [SOLVED]
User avatar
4D696B65
 
Posts: 2411
Joined: 2009-06-28 06:09

Re: restrict user privileges

Postby nadir » 2012-10-02 16:27

tomjtoth wrote:I won't remove slim, because a guest user (windows/mac user) wouldnt be able to fire up my computer

Like said: What he or she will have to learn in addition to type a username and a password is to write "startx" and hit enter.
I would say it is do-able.

But sure: i see your point (it will lead to questions and confusion and so on ... Rather a workaround than a proper solution)
"I am not fine with it, so there is nothing for me to do but stand aside." M.D.
User avatar
nadir
 
Posts: 5964
Joined: 2009-10-05 22:06
Location: away


Return to System configuration

Who is online

Users browsing this forum: No registered users and 14 guests

fashionable