Fedora Security :: Cannot Open /var/db/sudo After Sudo Package Upgrade?
Sep 16, 2010
A day ago I finally got around to upgrading the PackageKit installation that had been sitting for a week and a half, so I found a new upgrade for sudo available - the one that gives the sudoreplay command, I forget which version number it is exactly. When I try to use the sudo command I get this notice in my terminal:Code:Can't open /var/db/sudo/me/1: Permission deniedI didn't get it before. What do I have to do to make it open? I'm using SELinux in enforcing mode if that helps.
View 1 Replies
ADVERTISEMENT
May 29, 2010
I am new to fedora (been using debian based distro's for the longest time). With the new release I decided to give FC13 (The kde 64 bit spin) a try. I told it to wipe my entire hdd and encrypt the partitions. The partition manager made a few LVM partitions which I assume are encrypted.
The problem I am having is that if I attempt to use an application that would normally need root access to run, I am not prompted to enter my root password. Instead, I am required to logout and log back in as root. Is there a way to make it so that FC13 will prompt me to enter in my root password so I do not need to log in and out? Or is there something Different I should have done during the install process? Also, what is the terminal equivalent of "sudo" in fedora, or is it still sudo/KDEsudo
I also have not used SE Linux before. Do I need to manually enforce the permissions for my applications and generate my own profiles for it, or is that done automatically?
View 14 Replies
View Related
Oct 11, 2009
Where is the SUDO file at, and remind me how do I add myself as a SUDO'er?
View 3 Replies
View Related
Aug 25, 2011
I've set up an alias in .bashrc (let's call it alias1), and am trying to set up a sudo NOPASSWD rule for that particular command. So far, I've attempted:
user ALL = NOPASSWD: alias1
user ALL=(ALL) NOPASSWD: alias1
But keep getting told I have a syntax error - presumably this is because visudo doesn't recognise alias1? I've already checked that alias1 works correctly, so I assume I'm just referring to it incorrectly.
View 6 Replies
View Related
Jun 10, 2010
explain the difference between these two commands. I'm currently reading about changing your mac address and both of these commands show up a lot. They sound like the same thing to me. Is one better than the other, or do you need to use both to change your mac address?
Code:
sudo ifconfig eth0 down
sudo /etc/init.d/networking stop
View 3 Replies
View Related
Jan 2, 2011
I have a problem when I want to use su I get this error:Code:su: pam_start: error 26I have googled it so I found this topic (http://www.linuxquestions.org/questi...r-26-a-615024/) but it didn't really help me. There was a reply on that topic and his question was what the output of this was:
Code:
ldd /usr/bin/passwd
and
[code]....
View 4 Replies
View Related
Jan 6, 2011
Kernel 2.6.21.5, Slackware 12.0
Code:
Code:
On the other hand
Code:
So, I do not understand why the notification "sudo: cd: command not found", considering cd is a bash built-in command.
View 3 Replies
View Related
Jul 2, 2011
I have read a lot of questions from people wanting to take Debian (or some other distribution) and make its sudo command act more like the way Ubuntu's sudo does. I want to do the exact opposite, I want to make Ubuntu's sudo command act more like the sudo command from another distribution. ie I want there to be one root password
View 8 Replies
View Related
Feb 15, 2011
I have previously set up sudo via adding my name to the wheel group and then giving full privileges to the wheel group in the sudoers file. Now I choose to learn to limit that. Had noticed the most frequent use I have of sudo is to run yum update. This got me thinking, could I remove the wheel group privileges and add the following line in sudoers to limit the privilege to simply running yum, and furthermore, make it so I could run yum without a password:
## Allow root to run any commands anywhere
rootALL=(ALL) ALL
Troy ALL= NOPASSWD: /usr/bin/yum
I think that would in fact work (if I understood one of the pages here, it will work). However, upon further thinking I realized that in such a case then anyone sitting at my computer could then use yum, without a password, to install or remove any file on my system � probably not a good idea. As a result I have to ask, can I tighten the privilege even further such that the only privilege so given was to run �yum update� and nothing else? (for example if they ran �yum install� it would fail). If you can do it, how?
Last, I was going to limit the privilege, time wise and try wise, by adding the following to the sudoers file:
# Defaults specification
Defaults:Troy timestamp_timeout=0, passwd_tries=3
Will that really work to limit the elevated privilege so I don't have elevated privileges lingering about, or is there a better way to do so?
View 3 Replies
View Related
Jun 19, 2011
It is my understanding that they do the same: they ask for my password (if I am allowed in /etc/sudoers), and give me a login shell as root.
Is there any difference between them?
sudo su -
sudo -i
Also, what's the difference between
sudo su
sudo -s
I think that they both ask for my password, and give me a shell with my old environment variables.
View 1 Replies
View Related
Jun 18, 2010
I am having trouble running commands by using sudo. I configured visudo file with localuser ALL=(ALL) ALL but I can't run any command, it tells me command not found.
View 8 Replies
View Related
Mar 17, 2010
tl;dr - sudo make -> operation not permitted, sudo chown -R 777
* -> operation not permitted on some of the files
I am trying to install a library. Sudo make is getting permission denied on file 1, while using regular make I am getting permission denied on file 2. I have noticed some of the directories in the library are under nobody:nogroup. I tried chown and sudo chown, both didn't work. Sudo chown got permission errors, while chown didn't change ALL the files. (operation not permitted once again) Tried sudo su, and working from there, that also did not work. (permission once again). Using lsattr returned "lsattr: Inappropriate ioctl for device While reading flags on".
Code:
sudo chmod -R 777 *
chmod: changing permissions of `Makefile': Operation not permitted
chmod: changing permissions of `Makefile.am': Operation not permitted
chmod: changing permissions of `Makefile.in': Operation not permitted
chmod: changing permissions of `queue.c': Operation not permitted
chmod: changing permissions of `queue.h': Operation not permitted
chmod: changing permissions of `ucutil.h': Operation not permitted
Note the .libs folder not having write permission....
Code:
chmod -R 777 *
constantin@Nadfadfo:~/network_home/constantin/libraries/unicap/libunicap-0.9.8/common$ ls -la
total 68
drwxrwxrwx 4 constantin constantin 4096 2010-03-17 11:31 .
drwxrwxrwx 8 constantin constantin 4096 2010-03-17 11:31 ..
drwxrwxrwx 2 constantin constantin 4096 2010-03-17 11:31 .deps
drwxr-xr-x 2 nobody nogroup 4096 2010-03-17 11:31 .libs
-rwxrwxrwx 1 constantin constantin 15295 2010-03-17 11:31 Makefile
-rwxrwxrwx 1 constantin constantin 130 2010-01-17 08:17 Makefile.am
-rwxrwxrwx 1 constantin constantin 15262 2010-01-17 08:17 Makefile.in
-rwxrwxrwx 1 constantin constantin 6101 2010-01-17 02:49 queue.c
-rwxrwxrwx 1 constantin constantin 1667 2010-01-17 02:49 queue.h
-rwxrwxrwx 1 constantin constantin 125 2010-01-17 02:49 ucutil.h
System: Karmic Koala 64-bit
View 1 Replies
View Related
Mar 25, 2010
When I do 'sudo apt-get update' I get
Sources
Reading package lists... Error!
E: Encountered a section with no Package: header
E: Problem with MergeList /var/lib/apt/lists/mirror.cs.umn.edu_ubuntu_dists_jaunty_universe_bin ary-i386_Packages
E: The package lists or status file could not be parsed or opened.
View 2 Replies
View Related
Dec 24, 2010
as the tittle says, need to make firefox access only to in sudo mode, how can i do this?
View 2 Replies
View Related
Jan 5, 2010
Like many (most?) home users, until now I've had my regular userid in sudoers as "ALL = (ALL) ALL". It occurs to me that, even though my machine has no open ports, this is probably not a good idea - just in case my firewall suddenly burns down. So, if my thinking is right on this, I'm wondering if there is a generally approved list of Cmnd_Alias entries? At this point, I've decided to only add entries as I use them, and to try to honestly appraise my need to do the entry as sudo, vs opening a virtual console as root. My root password is non-trivial.
View 3 Replies
View Related
Apr 5, 2011
Consider: [URL]
In security terms, would using sudo instead of root be safer? I'd actually prefer to use this if so; I like sudo an awful lot. (It's Mark Shuttleworth's fault)
View 10 Replies
View Related
May 9, 2011
I have a RHEL 5.5 system set up with two users in the sudoers file to run certain commands without a password prompt.I do not have "Defaults requiretty" in the sudoers file.However, for both users, when I issue: sudo -l, it prompts for a password and logs in /var/log/secure:sudo: userx: no tty present and no askpass program specified
View 2 Replies
View Related
Jan 10, 2011
trying to devise a new sudoers configuration while building a new SOE and would like to force everyone (including system administrators) to use rootsh in favour of doing things like sudo -s, sudo bash, sudo tcsh and so forth. Effectively, use sudo to use any shell other than rootsh. Is there a way to allow users to run anything they want except shells. I realise this is a default permit which inherently is defective, but I'm not convinced that going through the 1559 executable commands of my (as yet incomplete) built system to decided on the likely 1000+ commands I would want to be genuinely allowed. As I said this is for system administrators first, and I'd like to forcibly instil the habit of sudo <command> or using rootsh to get an audited shell. But I know people are already not doing enough sudo <command> as it stands, rather they switch to bash.
View 7 Replies
View Related
Jan 26, 2011
We have a couple of clusters that are running Oracle. If you're familiar with Oracle you know that it basically has to be installed as root. Something I detest. anyway, when we are building out the box, we change the root pw and give it to the DBA team to do their installs and configs. When they are done, we change the root pw (and do not give it to them), and configure sudo to allow them the rights needed to manage Oracle and their databases.
Now however, we have a different situation. The DBAs need access to uninstall and reinstall components and make modifications on an ongoing basis. Since we only support OS and hardware, not app, they are requesting permanent root access. I promptly told them no, and the politics ensued. Their manager went to their director, who went to my director, and suddenly an exception is given for his good golfing buddy. So here I am, forced to turn lose DBAs on my clusters with full root access/pw. I need a way to allow specific users (or perhaps a specific user group) the ability to become root WITHOUT sharing the root pw with them.
View 3 Replies
View Related
Jun 10, 2011
After install TexLive, sudo stop working. If I run sudo:
Quote:
sudo: can't open /etc/sudoers: Permission denied
sudo: no valid sudoers sources found, quitting
Edit: Hal and dbus is not working either, if i startx I don't have network manager or automatic mount of pen and disks.
View 10 Replies
View Related
Apr 9, 2010
I just read an article saying some unflattering things about Ubuntu's use of sudo. My question is this true?[URL]..
View 6 Replies
View Related
Jun 7, 2010
Certain commands like:
fdisk -l
nmap -sT 192.168.0.1/24
iftop
require administrator privileges to run. A while ago i read a post(forgot where i read it) about being able to let a user run these commands in a script (that contains the desired command) created by the administrator/root without the user having to do a sudo and entering a password. Does anyone know how i can go about doing this?
View 3 Replies
View Related
Jun 14, 2010
I've enabled root under Ubuntu (i know frowned upon), I'd like to change the default behaviour of sudo so that rather than requesting my password (the password I logon with), it requires the root password.
Have searched the forums but can't find the answer.
View 9 Replies
View Related
Oct 18, 2010
At the terminal prompt, I can't login using su nor sudo. I can only login as root at the dialog level. How do I correct this?
View 6 Replies
View Related
Mar 22, 2011
why when I type sudo su in a terminal there's no need to enter my password, I just go straight into root
View 5 Replies
View Related
Apr 1, 2011
I am using Ubuntu 10.04-alternate-amd64 for full disk encryption. After getting my updates which i get as soon as they are released. I am getting the issue temp root (sudo) password is not being revoked. After using any app that requires the use of sudo the permission for it does not get removed like it normally does.
I have tried logging out then back in, which usually removes the permission, this no longer works, also tried waiting and even after 1 hour permission still there. The only work around I have found is to use the terminal to execute the required programs then after closing terminal the temp permission is now removed like it should be. This issue has effected all of my systems and a friend of mine as well, (friend uses same distro).
To replicate issue:
1) Boot system.
2) Login.
3) Check for updates or any other app that uses root permission.
4) Logout
5) Login
6) Repeat step 3
7) App will not ask for permission it will use root permission automatically.
View 3 Replies
View Related
May 30, 2011
When I access a remote Natty client using VNC I cannot use the sudo command in a terminal. In fact, the terminal closes itself as soon as I type the sequence sud. Even su d. Or su d.
Sua, su a, su c, su e do not cause the terminal to close itself.
This appears to be some sort of new security "feature".
How do I "work around" it?
[edit]
I'd better elaborate.
I have a remote Natty running 11.04 64-bit desktop version. I have installed tightvncserver on it. I log in on 5901 from a Ubuntu 10.04 64-bit desktop using vinagre. The desktop works fine except when I open a terminal in it and type sud. As soon as I type the d the terminal vanishes. This appears to be a deliberate feature. I also log in to other clients that run 10.04 and this does not happen. I have run Mint 11 in VirtualBox on my local machine and created the same remote desktop and viewed it from mint 11 itself. Same thing happens.
It seems to me that 11.04 has been modified to kill a terminal that is part of a VNC display when sud are typed.
how to remotely administer a 11.04 desktop?
View 2 Replies
View Related
Jan 18, 2011
I am trying to get a non-root account on one of our servers to run a script with sudo capability. To that end, I went into the /etc/sudoers file, and added the following syntax:
Code:
## Enable the nagios user to run the check_iptables.sh script as root
nagios ALL=NOPASSWD: /usr/local/nrpe/libexec/check_iptables.sh, /sbin/iptables
I restarted the nagios service, and tested the results. The results were the user account still could not run the script due to the user, nagios, not having permission to run the iptables binary.
Is there another step(s) that I need to take in order to get the sudo access available to the user account?
View 1 Replies
View Related
Feb 19, 2010
Stumped on this one. I'm trying to set up limited sudo authority on a desktop with some sensitive user data, and as an extra precaution I wanted to configure sudo to use a password other than the user's or the root's. I'm not sure how to do this. From the manual, we have a few options, such as "runaspw" or "targetpw", but none seem quite what I'm looking for.For instance, "runaspw" could be used if I created a user for nothing other than sudo(ing) purposes, but it requires you set "runas_default", which means that said user would have to have authority to execute said commands in the first place. This is workable, but seems like a lot of extra configuration for each specific command that I want to run, as well as creating some issues with simply commands such as "shutdown" or "reboot". Also, "targetpw" can be used in conjunction with a sudo(ing)-only user if I set an alias, but, again, this isn't quite what I am looking for.
Ultimately, what I am really concerned about in this situation are keystroke loggers, so I would prefer to avoid repeated entering the user or root password when performing administrative tasks. Also, I would prefer not having to create a sudo(ing)-only user as mentioned above to prevent a comprimised password resulting in an attacker being able to log into my system.
View 3 Replies
View Related
May 6, 2010
I am looking for a way to setup sudo access for a user, so that he can change permission of all files of the given dir.
eg:
By this user can change ownership of files which are on depth bellow to given dir (i.e /etc/userA-conf/), but while trying to change permission of /etc/userA-conf/../user-conf2 , getting error, user userA don;t have that permission.
Let me know what will be the right regex/pattern to achieve this.
In Solaris it's working fine, but I am trying it on Linux RHEL5.
View 3 Replies
View Related
