Results 1 to 6 of 6

Thread: Can I require a user to enter password to open terminal?

  1. #1

    Default Can I require a user to enter password to open terminal?

    I'm in the process of configuring a "guest" account for houseguests to use my computer. I've got the file permissions set, but I'd also like to restrict their access to the terminal. It seems to me that most of the damage that can be done to a computer goes through the terminal.

    I downloaded Pessulus (I use Gnome), but it doesn't require a password. So the profiled user can just open Pessulus and alter their profile -- what's the point?

    Is there a way I can require a user to enter a password, either for any terminal or Pessulus? I like Pessulus -- it's concise and easy to use. But it doesn't seem very secure as I understand it.

    Thanks in advance for any suggestions.

  2. #2

    Default Re: Can I require a user to enter password to open terminal?

    Oh, I've just read that I can run Pessulus as root. However, when I type $ sudo pessulus
    I get this message. Sorry for the long post -- I couldn't figure out how to place the text in a scroll box.

    /usr/lib/python2.6/site-packages/gtk-2.0/gtk/__init__.py:57: GtkWarning: could not open display
    warnings.warn(str(e), _gtk.Warning)
    /usr/lib/python2.6/site-packages/Pessulus/main.py:49: Warning: invalid (NULL) pointer instance
    message_format = _("Cannot contact the GConf server"))
    /usr/lib/python2.6/site-packages/Pessulus/main.py:49: Warning: g_signal_connect_data: assertion `G_TYPE_CHECK_INSTANCE (instance)' failed
    message_format = _("Cannot contact the GConf server"))
    /usr/lib/python2.6/site-packages/Pessulus/main.py:49: GtkWarning: gtk_settings_get_for_screen: assertion `GDK_IS_SCREEN (screen)' failed
    message_format = _("Cannot contact the GConf server"))
    /usr/lib/python2.6/site-packages/Pessulus/main.py:49: Warning: g_object_get: assertion `G_IS_OBJECT (object)' failed
    message_format = _("Cannot contact the GConf server"))
    /usr/lib/python2.6/site-packages/Pessulus/main.py:49: Warning: value "TRUE" of type `gboolean' is invalid or out of range for property `visible' of type `gboolean'
    message_format = _("Cannot contact the GConf server"))
    /usr/lib/python2.6/site-packages/Pessulus/main.py:55: GtkWarning: Screen for GtkWindow not set; you must always set
    a screen for a GtkWindow before using the window
    dialog.run ()
    /usr/lib/python2.6/site-packages/Pessulus/main.py:55: GtkWarning: gdk_pango_context_get_for_screen: assertion `GDK_IS_SCREEN (screen)' failed
    dialog.run ()
    /usr/lib/python2.6/site-packages/Pessulus/main.py:55: PangoWarning: pango_context_set_font_description: assertion `context != NULL' failed
    dialog.run ()
    /usr/lib/python2.6/site-packages/Pessulus/main.py:55: PangoWarning: pango_context_set_base_dir: assertion `context != NULL' failed
    dialog.run ()
    /usr/lib/python2.6/site-packages/Pessulus/main.py:55: PangoWarning: pango_context_set_language: assertion `context != NULL' failed
    dialog.run ()
    /usr/lib/python2.6/site-packages/Pessulus/main.py:55: PangoWarning: pango_layout_new: assertion `context != NULL' failed
    dialog.run ()
    /usr/lib/python2.6/site-packages/Pessulus/main.py:55: PangoWarning: pango_layout_set_text: assertion `layout != NULL' failed
    dialog.run ()
    /usr/lib/python2.6/site-packages/Pessulus/main.py:55: PangoWarning: pango_layout_set_attributes: assertion `layout != NULL' failed
    dialog.run ()
    /usr/lib/python2.6/site-packages/Pessulus/main.py:55: PangoWarning: pango_layout_set_alignment: assertion `layout != NULL' failed
    dialog.run ()
    /usr/lib/python2.6/site-packages/Pessulus/main.py:55: PangoWarning: pango_layout_set_ellipsize: assertion `PANGO_IS_LAYOUT (layout)' failed
    dialog.run ()
    /usr/lib/python2.6/site-packages/Pessulus/main.py:55: PangoWarning: pango_layout_set_single_paragraph_mode: assertion `PANGO_IS_LAYOUT (layout)' failed
    dialog.run ()
    /usr/lib/python2.6/site-packages/Pessulus/main.py:55: PangoWarning: pango_layout_set_width: assertion `layout != NULL' failed
    dialog.run ()
    /usr/lib/python2.6/site-packages/Pessulus/main.py:55: PangoWarning: pango_layout_get_extents: assertion `layout != NULL' failed
    dialog.run ()
    /usr/lib/python2.6/site-packages/Pessulus/main.py:55: GtkWarning: gtk_icon_theme_get_for_screen: assertion `GDK_IS_SCREEN (screen)' failed
    dialog.run ()
    /usr/lib/python2.6/site-packages/Pessulus/main.py:55: GtkWarning: gtk_settings_get_for_screen: assertion `GDK_IS_SCREEN (screen)' failed
    dialog.run ()
    /usr/lib/python2.6/site-packages/Pessulus/main.py:55: GtkWarning: gtk_icon_size_lookup_for_settings: assertion `GTK_IS_SETTINGS (settings)' failed
    dialog.run ()
    /usr/lib/python2.6/site-packages/Pessulus/main.py:55: GtkWarning: Invalid icon size 6

    dialog.run ()
    /usr/lib/python2.6/site-packages/Pessulus/main.py:55: GtkWarning: gtk_icon_theme_load_icon: assertion `GTK_IS_ICON_THEME (icon_theme)' failed
    dialog.run ()
    /usr/lib/python2.6/site-packages/Pessulus/main.py:55: GtkWarning: Error loading theme icon 'gtk-dialog-error' for stock:
    dialog.run ()
    /usr/lib/python2.6/site-packages/Pessulus/main.py:55: GtkWarning: gtkstyle.c:2355: invalid icon size '6'
    dialog.run ()
    /usr/lib/python2.6/site-packages/Pessulus/main.py:55: GtkWarning: gtk_style_render_icon: assertion `pixbuf != NULL' failed
    dialog.run ()
    /usr/lib/python2.6/site-packages/Pessulus/main.py:55: Warning: g_object_ref: assertion `G_IS_OBJECT (object)' failed
    dialog.run ()
    /usr/lib/python2.6/site-packages/Pessulus/main.py:55: PangoWarning: pango_layout_set_wrap: assertion `PANGO_IS_LAYOUT (layout)' failed
    dialog.run ()
    /usr/lib/python2.6/site-packages/Pessulus/main.py:55: Warning: g_object_unref: assertion `G_IS_OBJECT (object)' failed
    dialog.run ()
    /usr/lib/python2.6/site-packages/Pessulus/main.py:55: GtkWarning: gdk_screen_get_width: assertion `GDK_IS_SCREEN (screen)' failed
    dialog.run ()
    /usr/lib/python2.6/site-packages/Pessulus/main.py:55: PangoWarning: pango_layout_get_line_count: assertion `layout != NULL' failed
    dialog.run ()
    Floating point exception

  3. #3
    Join Date
    Jun 2008
    Location
    Earth - Denmark
    Posts
    10,730

    Default Re: Can I require a user to enter password to open terminal?

    xpacker wrote:
    > Thanks in advance for any suggestions.


    using this google search string:
    prevent user "terminal access" SUSE

    i found several likely candidates to solve your problem (i've not
    faced it myself so don't know _the_ best answer for you)..

    --
    DenverD
    CAVEAT: http://is.gd/bpoMD [posted via NNTP w/openSUSE 10.3]

  4. #4

    Default Re: Can I require a user to enter password to open terminal?

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    I'm skeptical about the feasibility of what you're after. The terminal is
    not evil... inappropriate rights assignments are evil. Even if you were
    to delete all shells a user could throw in a thumb drive or download a new
    one from the Internet. If you do not make a shell obvious chances are
    guest users won't use one. Even if you do hide it, though, somebody
    wanting to do something nasty will not be in inhibited by your attempts
    (imo). If you restrict permissions properly the most malicious of
    commands will have no real effect.

    Good luck.





    On 09/21/2010 08:46 AM, xpacker wrote:
    >
    > I'm in the process of configuring a "guest" account for houseguests to
    > use my computer. I've got the file permissions set, but I'd also like
    > to restrict their access to the terminal. It seems to me that most of
    > the damage that can be done to a computer goes through the terminal.
    >
    > I downloaded Pessulus (I use Gnome), but it doesn't require a password.
    > So the profiled user can just open Pessulus and alter their profile --
    > what's the point?
    >
    > Is there a way I can require a user to enter a password, either for any
    > terminal or Pessulus? I like Pessulus -- it's concise and easy to use.
    > But it doesn't seem very secure as I understand it.
    >
    > Thanks in advance for any suggestions.
    >
    >

    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v2.0.15 (GNU/Linux)
    Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

    iQIcBAEBAgAGBQJMmOVjAAoJEF+XTK08PnB58B4P/10DnHpAkh/q8oiqCx/dMgrn
    BG01K7Sw5nh2fWmyP0Hc6Lj/STbw+zy2U7bk3XMzkFnrB6A3HHwfjGU2Wrpadu2N
    u27yAu2eJc9Q7mKHLBLqePRBljmbjMKKqfxSWYIcVcNy4HEN1z8y1fFCdJp8mxgu
    iV9IJJwueyvIeXe1d5JuK8d5l7ZsjnEXX6xnjzyomJk5RGMduv6cRsCRDlZ4xXpF
    J8ElUdp6kT89NTZuir02hlzpDzQFJbevnj8gH3uaoSfkV5uL3FlhDxDGZ9ZehHMr
    OlsWG4I5QFiAVCSefv+AKJiN3CxuB2b/4iwx0c+sqJMvyxuUUPUxngOKgsWW32DI
    AcIQkbykdwCkgnn3HphXgRdJKx2cygjjk4Hap6K9St8a6jQePrsKbubJy6xRK/L5
    Wk133B5vzL5aLsMx6D1vFWHlY84apgF8KvRlNqXJXs47C6MrJUWS6TIzWoX2yEPM
    WG4pAD53HpUQaLbJ2bni7tHdyFsc7eX3CBVZFsqHeoLuV112H1DGiNC+ZmlHdML3
    UKlaLrJsFlOlVJ7UP5OSq+9tBolSSn260+ZVruHJH68nKYItTNdzVpyOL/QV3NZG
    rWGq4KQD8fLV9H/lTmAi3pe+IzEG0FTvLxobs9sfV7SwzPCSUDdCPoapAmrCFM5z
    sp0enc7Mkhsuj6MHll2U
    =aqZk
    -----END PGP SIGNATURE-----

  5. #5
    Join Date
    Nov 2009
    Location
    West Virginia Sector 13
    Posts
    15,765

    Default Re: Can I require a user to enter password to open terminal?

    If someone with knowledge and bad intent has physical access to your machine the can do just about anything they want.

  6. #6

    Default Re: Can I require a user to enter password to open terminal?

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    Exactly, and regardless of the presence of a terminal. The power button
    along with a USB stick or bit of optical media can mean doom for your data
    either by destruction or theft.

    Good luck.





    On 09/21/2010 12:06 PM, gogalthorp wrote:
    >
    > If someone with knowledge and bad intent has physical access to your
    > machine the can do just about anything they want.
    >
    >

    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v2.0.15 (GNU/Linux)
    Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

    iQIcBAEBAgAGBQJMmQ54AAoJEF+XTK08PnB5tSYP/2ws6BG1vwJOl9Sv8Gz285NJ
    gejvJiDH/GVzFGCNMxVXzEq6DYBPRAfa8PiNte7IbAgaP9qrpFX4pT1B/V7KnC71
    c008DJUPV8PM/wYf2ExUwyjFuasml1x6RCj54eiHUn5qcgAY52twM3BuAEL0gGOh
    ABODCkNQJHVG6dXGDysrfRHqIII2jOHxvvlxr/4y15URRlUqCHx2DySuuyHR/yf6
    F4E9fPLV8DtZvXRSIuHcH9+re42KgPLQyoQPmzg/8S/MDi4T2/6NmBPr7hynX007
    Tibp6WEXCfCQbveY7jOKZ9yczvDfs8AXromCXnhkxNHknJubtLoAkOkWIBdOyQ3g
    SEj90HjHNnPliervNHwiM71eUkxpVGD5MI26lFEfFc7J6KDkmsiyWDTLRv1UsWvy
    U4fgra6U9wVAPOcHb4HjLkoG7omMUHwIeYH+24MYekBzwK1ABXGZuD4civ65FkAy
    4HYkdGGbQZcuZ9pOT/Hq/Bc2uNgtGSE899ah0Z7UH6OLr61fijbUfRSeqrOw461l
    uN5o9Tw0ovOFDuJjDVwMd2UlnlOXNma+6UK7Rbv6cd7HqXbFkKTNUs3PeY9xKuHV
    l2Yd7nOO8aNnd8XuJ7mhMVkeaRW8jqsBvZRxZxXsmK46ThzmPAjYYf/5kRY/9L9X
    jgnB2REkbMmCrB1S28ct
    =CX3A
    -----END PGP SIGNATURE-----

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •