Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Block any root Privilege
Operating Systems Linux Red Hat Block any root Privilege Post 303038088 by nimafire on Saturday 24th of August 2019 10:35:43 AM
Old 08-24-2019
Hey, tx from your reply
mmm it dosend matter, i think this FEATURE is base on kernel,
any way, im talking about centos 7
 

10 More Discussions You Might Find Interesting

1. UNIX for Dummies Questions & Answers

Run non-root script as root with non-root environment

All, I want to run a non-root script as the root user with non-root environment variables with crontab. The non-root user would have environment variables for database access such as Oracle or Sybase. The root user does not have the Oracle or Sybase enviroment variables. I thought you could do... (2 Replies)
Discussion started by: bubba112557
2 Replies

2. Solaris

root privilege

Hello All, I need your help to know how i can give regular user ALL root privileges. If there is any way pleas help me :) Regards, Ahmad (7 Replies)
Discussion started by: ahmad_one
7 Replies

3. Solaris

Want to block ftp for root user

Hi Friends, I would like to block the root user for doing ftp. As I am aware that I need to put the entry for root in /etc/ftpusers.....am I right...??? But I am not able to edit the file & even more command is not working. #ls -l ftp* total 14 -rw-r--r-- 1 root sys 1249 Jun... (3 Replies)
Discussion started by: jumadhiya
3 Replies

4. Linux

shrinking root partition and using free space to create a block device

We are intending to protect a set of user specified files using LVM mirroring where the protected space on which the user files are stored is mirrored on an LV on a different disk. Our problem is that for a user with a custom layout has installed linux with 2 partitons for swap and / and there is... (0 Replies)
Discussion started by: kickdgrass
0 Replies

5. Solaris

Root privilege for user

Can anyone please tell how to give root privilege to a normal user in solaris 10? (5 Replies)
Discussion started by: nicktrix
5 Replies

6. Red Hat

How do I run my "SMTP" service as a root privilege ?

Friends , i want to run my smtp service as a root . let me know what r the changes i have to made to my machine . AVklinux (1 Reply)
Discussion started by: avklinux
1 Replies

7. UNIX for Dummies Questions & Answers

How to get the mouse wheel to work without root privilege

Hi, I use a nomachine terminal to access KDE desktop(redhat linux enterprise) on a server. Is there any way to get the mouse wheel to work without root privilege ? I have a usb mouse connected to a nomachine terminal,most likely the mouse wheel problem is not the problem of nomachine, but... (1 Reply)
Discussion started by: grossgermany
1 Replies

8. AIX

Block root user in system console - aix 5.3

How to block the root user login in system direct console. Users should login with non-root ids themselves and then use the su command to become root. Which configuration file i need to check and disable it. (5 Replies)
Discussion started by: kmvinay
5 Replies

9. UNIX for Advanced & Expert Users

For this process, do we need to block Root access???

Hi all, actually my scenario is we are running a webserver using apache-tomcat in that our client uploading resumes, so that particular space we are allowed to upload for that we are running java in root permission, so even we changed the particular folder permission also inside the Webapps but... (1 Reply)
Discussion started by: anishkumarv
1 Replies

10. Solaris

Migration of system having UFS root FS with zones root to ZFS root FS

Hi All After downloading ZFS documentation from oracle site, I am able to successfully migrate UFS root FS without zones to ZFS root FS. But in case of UFS root file system with zones , I am successfully able to migrate global zone to zfs root file system but zone are still in UFS root file... (2 Replies)
Discussion started by: sb200
2 Replies

LEARN ABOUT DEBIAN

users

USERS(5)						FreeRADIUS user authorization file						  USERS(5)

NAME

       users - user authorization file for the FreeRADIUS server

DESCRIPTION

       The users file resides in the RADIUS database directory, by default /etc/raddb.	It contains a series of configuration directives which are
       used by the files module to decide how to authorize and authenticate each user request.

       Every line starting with a hash sign ('#') is treated as comment and ignored.

       Each entry of the file begins with a username, followed by a (possibly empty) list of check items, all on one line.  The next  line  begins
       with  a	tab,  and  a  (possibly  empty) list of reply items.  Each item in the check or reply item list is an attribute of the form name =
       value.  Multiple items may be placed on one line, in which case they must be seperated by commas.  The reply items may  be  specified  over
       multiple lines, in which case each line must end with a comma, and the last line of the reply items must not end with a comma.

       The check items are a list of attributes used to match the incoming request.  If the username matches, AND all of the check items match the
       incoming request, then the reply items are added to the list of attributes which will be used in the reply to that request.   This  process
       is repeated for all of the entries in the users file.

       If the incoming request matches NO entry, then the request is rejected.

CAVEATS

       The special username DEFAULT matches any usernames.

       The  entries are processed in order, from the top of the users file, on down.  If an entry contains the special item Fall-Through = No as a
       reply attribute, then the processing of the file stops, and no more entries are matched.  Any reply  item  list	without  any  Fall-Through
       attribute is treated as though it included a Fall-Through = No attribute.

       If an entry contains the special item Fall-Through = Yes as a reply attribute, then the processing proceeds to the next entry in order.

       Care  should  be  taken when using Fall-Through.  The server should be tested in debugging mode with a number of test requests, in order to
       verify that the configured entries behave as expected.

       The special attribute Auth-Type is used to identify the authentication type to be used for that user.  See the dictionary file for  a  list
       of permitted values for the Auth-Type attribute.

       Once the users file has been processed, the request is authenticated, using the method given by Auth-Type.

OPERATORS

       Additional  operators other than = may be used for the attributes in either the check item, or reply item list.	The following is a list of
       operators, and their meaning.

       Attribute = Value
	    Not allowed as a check item for RADIUS protocol attributes.  It is allowed for server configuration attributes (Auth-Type,	etc),  and
	    sets the value of on attribute, only if there is no other item of the same attribute.
	    As a reply item, it means "add the item to the reply list, but only if there is no other item of the same attribute."

       Attribute := Value
	    Always  matches as a check item, and replaces in the configuration items any attribute of the same name.  If no attribute of that name
	    appears in the request, then this attribute is added.
	    As a reply item, it has an identical meaning, but for the reply items, instead of the request items.

       Attribute == Value
	    As a check item, it matches if the named attribute is present in the request, AND has the given value.
	    Not allowed as a reply item.

       Attribute += Value
	    Always matches as a check item, and adds the current attribute with value to the list of configuration items.
	    As a reply item, it has an identical meaning, but the attribute is added to the reply items.

       Attribute != Value
	    As a check item, matches if the given attribute is in the request, AND does not have the given value.
	    Not allowed as a reply item.

       Attribute > Value
	    As a check item, it matches if the request contains an attribute with a value greater than the one given.
	    Not allowed as a reply item.

       Attribute >= Value
	    As a check item, it matches if the request contains an attribute with a value greater than, or equal to the one given.
	    Not allowed as a reply item.

       Attribute < Value
	    As a check item, it matches if the request contains an attribute with a value less than the one given.
	    Not allowed as a reply item.

       Attribute <= Value
	    As a check item, it matches if the request contains an attribute with a value less than, or equal to the one given.
	    Not allowed as a reply item.

       Attribute =~ Expression
	    As a check item, it matches if the request contains an attribute which matches the given regular expression.  This operator  may  only
	    be applied to string attributes.
	    Not allowed as a reply item.

       Attribute !~ Expression
	    As a check item, it matches if the request contains an attribute which does not match the given regular expression.  This operator may
	    only be applied to string attributes.
	    Not allowed as a reply item.

       Attribute =* Value
	    As a check item, it matches if the request contains the named attribute, no matter what the value is.
	    Not allowed as a reply item.

       Attribute !* Value
	    As a check item, it matches if the request does not contain the named attribute, no matter what the value is.
	    Not allowed as a reply item.

EXAMPLES

       bob  Cleartext-Password := "hello"

	      Requests containing the User-Name attribute, with value "bob", will be authenticated using the "known good" password "hello".  There
	      are no reply items, so the reply will be empty.

       DEFAULT	 Auth-Type = System
	    Fall-Through = Yes

	      For  all users reaching this entry, perform authentication against the system, unless Auth-Type has already been set.  Also, process
	      any following entries which may match.

       DEFAULT Service-Type == Framed-User, Framed-Protocol == PPP
	    Service-Type = Framed-User,
	    Framed-Protocol = PPP,
	    Fall-Through = Yes

	      If the request packet contains the attributes Service-Type and Framed-Protocol, with the given values, then include those attributes
	      in the reply.

	      That is, give the user what they ask for.  This entry also shows how to specify multiple reply items.

       See the users file supplied with the server for more examples and comments.

HINTS

       Run  the  server in debugging mode (-X), and use the radclient program to send it test packets which you think will match specific entries.
       The server will print out which entries were matched for that request, so you can verify your expectations.  This should be the FIRST thing
       you do if you suspect problems with the file.

       Care should be taken when writing entries for the users file.  It is easy to misconfigure the server so that requests are accepted when you
       wish to reject them.  The entries should be ordered, and the Fall-Through item should be used ONLY where it is required.

       Entries rejecting certain requests should go at the top of the file, and should not have a Fall-Through item in their reply items.  Entries
       for  specific  users, who do not have a Fall-Through item, should come next.  Any DEFAULT entries should usually come last, except as fall-
       through entries that set reply attributes.

FILES

       /etc/raddb/users

SEE ALSO

       radclient(1), radiusd(8), dictionary(5), naslist(5)

AUTHOR

       The FreeRADIUS team.

								    04 Jan 2004 							  USERS(5)
All times are GMT -4. The time now is 06:17 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy