Ubuntu Community Ask! Sign up to join this community. The best answers are voted up and rise to the top. Home Questions Tags Users Unanswered. How can I get the command log of a particular user on Ubuntu Server? Ask Question. Asked 8 years ago. Active 1 year, 11 months ago. Viewed 15k times. Christopher Kyle Horton King Mr. King 2 2 gold badges 6 6 silver badges 14 14 bronze badges. Active Oldest Votes. If you use something like bash as a command interpreter, you could check the history.
How can i check the history with time-stamp? When each commands were used? Under what conditions are commands added to the log? I've read that the commands are only added to the log when you exit. I noticed my commands weren't being added so I thought maybe it was because I was being kicked rather than exiting. Then I tried existing and even the they weren't added.
I ask because I'm only seeing a few commands from early on in my new Ubuntu installation. Mohamed Jawad Mohamed Jawad 1 1 1 bronze badge.
Ask Ubuntu is a question and answer site for Ubuntu users and developers. It only takes a minute to sign up. How to block certain applications from opening on certain accounts eg: Stop account John from opening Firefox or Gimp. If the block is meant to block not-so-experienced users from using certain applications, editing a local copy of the application's desktop file as described in  is probably the fastest and easiest way. The set up is not fit for unattended situations with experienced users.
In "home" situations with average users it will be sufficient in many cases. Edit the file: open it with gedit while you still can : by dragging it over an open gedit window. After we made the changes above, having the gedit. To undo, simply remove the local. While, after editing the. Editing the. As a result, the same You are not allowed to use this application -message will appear.
Another way with more limited effect, see note of redirecting the application's command is to add an alias to the. Note : this is only to be used as an extra measure, since it only prevents the application to be called from the terminal directly. Double clicking on a e.
To prevent the use of the terminal, you can also do the same trick on the gnome-terminal. If you run the script below with either the argument block or unblock you must run it with either oneyou will be presented a list with global desktop files, representing your installed applications:. Pick one, and your application is blocked or unblocked, depending on the argument you run it with. Blocking certain applications can also be done by running a script in the background. The script would have to take certain actions if one of the "forbidden" applications is run.
The script below offers a flexible way to block user defined applications.
It runs with a simple command, with the forbidden applications as an argument, e. The advantage of blocking applications like this is that it is flexible; even within one account, different settings can be used, simply by using other applications as argument. Ubuntu Community Ask! Sign up to join this community. The best answers are voted up and rise to the top. Home Questions Tags Users Unanswered.
How to block specific apps from opening in specific accounts Ask Question. Asked 5 years, 5 months ago. Active 5 years, 3 months ago. Viewed 5k times.This can be done through chmod, chown, etc. Files and directories have permission sets such as owner owner or user of the filegroup associated group and others. In some case multiple users want to access the same file, what will be the solution? I have user called magi and he wants to modify httpd. It is designed to assist with UNIX file permissions.
ACL allows you to give permissions for any user or group to any disc resource. If acl is not listed then you will need to add acl as a mount option. Now, change the option in the current run-time without interruption by running the following command. Make a note, when you run getfacl command on non ACLs file or folder, it wont shows additional user and mask parameter values.
Run the setfacl command with below format to set ACL on the given file. Run the setfacl command with below format to set ACL on the given folder recursively. For multiple users and groups, just add comma between the users or group like below. Run the setfacl command with below format to remove ACL for the given user on the file. This will remove only user permissions and keep mask values as read.
Run the command once again to view the removed ACL values. In the below output i can see the mask values as read. Here everything is gone and there is no mask value also. Run the following command to backup and restore ACLs values. To take a backup, navigate to corresponding directory and do it. We are going to take a backup of sites-available folder. So, you have to do like below. September 12, February 19, December 7, How to allow users to access a specific file or folder using ACL in Linux?
How to edit the TimeZone of your Linux system? Cheat — A collection of practical Linux command examples December 7, A question can only have one accepted answer. Are you sure you want to replace the current answer with this one?
You previously marked this answer as accepted. Are you sure you want to unaccept it? Write for DigitalOcean You get paid, we donate to tech non-profits. DigitalOcean Meetups Find and meet other developers in your city. I am relatively new to unix server admin, so this question may seem dumb. I am running a CentOS 7 droplet. I guess I really have two questions:.
How do I restrict the user to only be able to do anything within that folder? And if so, how? Add comments here to get more clarity or context around a question. These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others. First thing, launch PuTTy, Terminal or your preferred application to access your Droplet and login as either root or your sudo user. First, we need to create a new group for SFTP users.
To this group, we add users that will be able to connect to SFTP. Only users added to this group will be able to SFTP in to your server of course, this does not limit the root user — you do not want to add root to this group, nor modify the root user at all. The newly created user should appear the bottom of the list. Simply change -d to the users home directory and existinguser to the user you wish to modify. To do this, we need to load up our SSH configuration file.Restrict The Normal User To Run Only Limited Set of Commands In RHEL
This prevents us from having to use another piece of software to handle SFTP. Now that we have everything setup, we need to make one final modification to the permissions we have set on our directories this would need to be done for each user. For SFTP to properly work, we need to make sure the home directory is owned by the user and group we just set, everything else needs to be owned by root. So if we set our home directory to the above, we need to run:. When I connect via SFTP with the new user and the correct password, I get disconnected the wrong password asks me to enter the password again.
This is one part that is very specific when it comes to successfully logging in or always being denied. If this option is not commented and set to noand you want to use passwords instead of SSH Keys, then change no to yes and make sure this line is not prefixed with a. The default option when commented is yesthough we can be specific and specify it to make sure and troubleshoot. Now try to login once again. Maxoplata - My apologizes for the delay, my son has been sick and in turn, passed it on to me it seems and I was going strong at almost three years of not a single issue!
That said, the mini-guide above is what I often use, though I normally use SSH Keys with a passkey on each SSH Key over basic password authentication simply for better overall security. Sorry to hear about that. Either way, I tried that and still was unable to login via sftp still has the same behavior as described before. I tried to use your method but failed to sftp by the exampleuser and corrent passwd. I followed step by step your instructions.
All is setup like in your example.Today's Posts. Quick Links. Search Forums. Show Threads. Show Posts. Registered User. Join Date: Jul I have some users that have sudo access. All of them belong to the 'sudoers' user group. I don't like this because I cannot see what they're doing. I have googled and found lots of examples of allowing a specific list of commands and blocking everything else, but I want the opposite; I want to allow sudoers to run any commands they like, except for the few I specify on my "block list".
Does someone know how I can implement this? Thank you. Join Date: Aug The problem is the use of "default permit". Like in a firewall, this opens not just a security hole but all possible security holes. Whenever they think of a new way to get root shells you haven't thought of, they will be able to do it.
Block everything by default. Remove the allow-everything sudo rule. The only holes in the configuration will be ones you open. Then make individual sudo rules to allow only the few things they actually need. Find all posts by Corona Originally Posted by Corona I fear you are faced with the problem of stopping root from being root, but blacklists appear to be possible using aliases, though they're not called blacklists because you can't say "permit everything" then add another rule saying " It would end up as more of a "permit everything but this" rule.
This is how I'm doing it currently: sudo -u username command. Is there another way to run the command as another user? If you source that at the top of your init script, all of it's functions become available.
The specific function provided to help with this is daemon. If you are intending to use it to start a daemon-like program, a simple usage would be:. If that is too heavy-handed for what you need, there is runuser see man runuser for full info; some versions may need -u prior to the username :.
In my experience, sudo is not always available on RHEL systems, but su is, because su is part of the coreutils package whereas sudo is in the sudo package. I usually do it the way that you are doing it i. But, there is also the 'djb' way to run a daemon with privileges of another user.
Adding this answer as I had to lookup multiple places to achieve my use case. I had a script that runs on startup. This script runs process as a specific passwordless user and is running on multiple linux flavors. Here are options on different flavors: I have taken java as target process for example. Learn more. How to run a command as a specific user in an init script? Ask Question. Asked 6 years, 8 months ago.
Active 4 months ago. Viewed k times. Alberto de Paola 1, 2 2 gold badges 15 15 silver badges 29 29 bronze badges. Notice that this question is about something set up exclusively by the administrator typically, a daemon that runs as some user for security.
A slightly different case is users setting up on their own commands to run at boot, with their user crontab. See askubuntu.In some other Linux distributions, useradd command may comes with lightly difference version. I suggest you to read your documentation, before using our instructions to create new user accounts in Linux.
In this article we will show you the most used 15 useradd commands with their practical examples in Linux. We have divided the section into two parts from Basic to Advance usage of command. Only one user can be added and that username must be unique different from other username already exists on the system.
The file is used to store users information and the entry should be. You can see the user home directory and other user related information like user id, group id, shell and comments. By default, whenever we create a new user accounts in Linuxit assigns userid, and so on…. Each group name is separated by a comma, with no intervening spaces. In such situation, when a user logs into a system that has just restarted, its home directory will be root.
Subscribe to RSS
This is helpful for creating temporary accounts for a specific period of time. A value of 0 inactive the user account as soon as the password has expired. By default, the password expiry value set to -1 means never expire. Here in this example, we will set a account password expiry date i.
The comment can be added as a single line without any spaces. Sometimes, we add users which has nothing to do with login shell or sometimes we require to assign different shells to our users. This following command is very different than the other commands explained above.
setfacl -m u:test1:r /bin/su
Read Also : 15 usermod Command Examples. TecMint is the fastest growing and most trusted community site for any kind of Linux Articles, Guides and Books on the web. Millions of people visit TecMint! If you like what you are reading, please consider buying us a coffee or 2 as a token of appreciation. We are thankful for your never ending support. Tags: adduser linux users useradd. View all Posts. I am Ravi Saive, creator of TecMint. Your name can also be listed here.
Got a tip? Submit it here to become an TecMint author. I created a new user and it came up with some results, not so relevant to the user creation date.
However, it seems like showing me authentication success or failure for the user. To find out correct user creation date in Linux, you need to check the stats of.
I installed and run without any luck. It returned no results. You just installed auditdso it will not track existing users.
Try to create a new user and see. How can I create a user which shows the date of creation date stamp so that IS security can audit it, down the road. At work, I have a scenario where we generally create a user a day in advance of his joining date.
If I follow, what you said I can get approximation and not exact date as a user will log in and logout the following day.