setuid bit allows the process to execute the file with the uid of the file. But, what is the purpose of setting setuid without execute bit? The man page tells that if a file is setuid without execute flag, the permission will be displayed as 'S' (capital s) in ls command. Why should anyone set the setuid without execute flag? Does setting setuid without execute flag have any special meaning?
View 1 RepliesI am running Linux Mint on my primary hard drive, and I would like to access some folders I have on my second hard drive, which has Windows XP installed on it. However, whenever I try to use these folders, I am greeted with the error message, "The file is not marked as executable." While I know how to set files as executable whenever I am using folders on my Linux drive, whenever I try to set such permissions on my XP folders, I can't seem to make it work. The files revert to their former status, and I'm told that I don't have permission. Should I set the files as sharable from within XP, so that they aren't marked as read-only? Or is there another solution I've missed?
View 8 Replies View RelatedI would like to give a non-root user (nicollet) the ability to detect and send a signal to processes started by Apache2 (those processes are FastCGI scripts and the signal tells them to empty their cache). The processes are owned by the web user (www-data), and I'm running on Debian unstable.
I can't find any way to have the nicollet user see those processes.
The processes are running and can see by both root and www-data:
root@linux-01:~# ps -Af | grep baryton
www-data 17649 17648 0 10:27 ? 00:00:00 baryton
www-data 28145 1 0 Nov01 ? 00:00:12 baryton --bot
root 18701 18700 0 10:46 pts/0 00:00:00 grep baryton
root@linux-01:~#
[Code]....
The most surprising is that the grep process is indeed run by www-data (because it's started from a setuid executable) and is visible, but the baryton process isn't.
What's going on here? Why can ps run by www-data show those processes, but ps run by a setuid executable running as www-data cannot, when it's started by nicollet?
I am setting up a cron job on my DD-WRT router to execute a WOL command, and would like to know if what I have is correct.
Format:
Execute @ 12:00 on Wed, Thur, Fri, Sat every month/Yr
0 12 * * 2345 root /usr/sbin/wol -i 192.168.1.255 00:00:00:00:00:00
I know how to search for normal files but can you let me know " How to search for 5 setuid files on the system. Also explain, for each file, why setuid mechanism is necessary for the command to function properly"
View 1 Replies View RelatedI have a root process (on linux) that forks a child and the child process then drops privileges by doing a setuid() to a normal user. After the child setuid()'s, it is of course impossible for it to gain root again by itself. But since the main process is still running as root, i was wondering if there was a simple/smart way of getting the root-master-process to elevate the child back to root (or maybe just to another non-privi uid). Is there some way to do a setuid() on another pid? or maybe something can be done through /proc/<pid>/? Killing the child is not an option (because its what it does today and im trying to find a smarter way). (The program is apache2's mpm-itk worker and the "child" is the actual apache2 process serving a page.)
View 11 Replies View RelatedIt is known that binaries with the SetUID bit enabled are a threat for the system.I saw on this ArchLinux wiki[URL].tead_Of_Setuida way to limit the use of SetUID bit thanks to POSIX capabilities.It looks very interesting.Does anyone of you used it already?Is it a burden for the system afterwards (like binaries not working, needing to be fixed); or is it seamless
View 3 Replies View RelatedHave installed Suse 11.2. how can I change the calendar format dd/mm/yyyy and how to configure the system to sync.from an ntp?
View 1 Replies View RelatedI have a ubuntu server , can advise if I want to change the network setting ( eg. IP address , gateway address etc ) , which one is the configuration file ? for example , if I want to change eth0 setting , what file I should update ?
View 10 Replies View RelatedI am using ubuntu 10.04 on an iMac 7.1. What do the following log entries mean? I recently had a "sbin/init infected" alarm with chkrootkit (or rkhunter, I forget which) and reinstalled, and I thought I was rid of the problem, whatever it was (could have been a kernel panic), but now the checksecurity setuid stuff reappeared (the checksecurity.log only appears in the log file viewer after resetting it with gconftool-2 --recursive-unset /apps/gnome-system-log, which seems suspicious; why is the log hidden by default?); also there are "outbound" messages that I don't understand. I have another ubuntu install on another Mac which seems to be unaffected (and also has checksecurity installed; I just ran it manually and also got setuid stuff, but there is no "outbound" and ufw.log is empty). I can't really think I have a rootkit (I don't notice any effects except these anomalous logfiles, and my browsing habits don't include sleazy websites). And what exactly are bound sockets? There is a lot of information about sockets on the net but it's all rather technical. I continue to look of course. I ran chkrootkit and rkhunter again, and they read clean (if I can trust them).
Is it possible that the trouble is related to the Mac's BIOS emulation? (Apple does not seem to take security very seriously; Snow Leopard does not even ask for a password for Software Update - I asked my premium reseller and he confirmed it. I should not be surprised to find out that the iMac's BIOS emulation is unsafe. I'll need to get a real computer). The MacBook Pro 5.1 has a newer firmware (for instance, it will boot ubuntu from external disks which the iMac will not), and as I said that install seems to be unaffected (The setuid stuff is probably normal, but I'm not sure the "outbound" messages are). I use grub legacy, which seems to install to the Mac's EFI partition as /dev/sda (GParted shows 18.1 MB of 200MB used on both computers with ubuntu on them, whereas an HFS+ disk without ubuntu, or with GRUB in a partition, will show 3.09 MB used).
Does it make sense to reconfigure checksecurity to check for setuid changes daily (change CHECK_WEEKLY="SETUID" in /etc/checksecurity.conf to CHECK_DAILY="SETUID")?
checksecurity.log:
messages (part):
There also was a lot of terminal output similar to the iMac's which I forgot to save, and when I ran checksecurity again it was blank. (Incidentally, the list of setuid programs on Mac OS is a lot longer)
i created a /tmp partition amd mounted it like this:" mount -o loop,noexec,nosuid,rw /usr/tmpDSK /tmp"
I know i can't execute things in /tmp now but is there a way to execute only one file and no more???
According to Security standards given in[URL]Quote:Unless otherwise approved the following setuid root binaries are the only ones allowed on production servers:
* /bin/su
* /usr/bin/sudo
* /usr/bin/passwd
[code]....
i'm running slack 13.0 and using the "sonar" screensaver, and it keeps telling me to "setuid" so it can ping.
View 6 Replies View Relatedhow to execute csh in sh ie, if I have a script in csh syntax as , ( my.csh )
##################
set x = y
setenv xx YY
##################
And I have a sh script ( my.sh )
#####################
#!/bin/sh
I want to call here the my.csh in such a way that I have access to variables set by the
csh script
ie. echo $x $xx shoud work from sh ( main script )
######################
I have a two seperate files on my computer,
which execfile
/usr/local/bin/
/usr/bin/
so, i have two files with the same name in two different directories. How can I specify exactly which command to run?
There are many ways to execute a script (*.sh). But what is the best way to execute a script also what should be its location. So that it can be executed from anywhere in the shell. I don't want to execute them with ./*.sh.
View 8 Replies View RelatedTrying to run an executable, but it's not working for some reason:
Code:
I m trying to execute my file from with in vi. i m using following syntax esc :!<program-name> m i making any mistake as it is giving me an error.
My program is this:
#This program takes 3 Parameters from user namely name,address,phonenumber and store those details in detail.out file .
#To store output in only milind directory by doing this if we run this file within any directory the file get stored in milind directory only.
Downloading Virtual box, I saw a link with title All distributions on its home page:
VirtualBox-3.2.8-64453-Linux_x86.run
I have not downloaded it yet, I wanted to know how to execute it ? I've never seen a .run file before ! Does this mean this file is supposed to run on all distributions ?
ill have this question on the test maybe : In dir00 directory create files year01.txt, year02, ...year05.txt with January calendar for 2001-2005 years in it.-i'm lost. i execute this : cat | cal 01 2001 > year01.txt
View 12 Replies View RelatedIs there a way to execute some command and then after the command completes utomatically reboot the system and then after the system reboots execute another command ? For example look at the sequence shown below(1) Execute command-1(2) After the command-1 in (1) is completed,reboot the system (3) Execute command-2(4) After execution of command-2 reboot the sytemIs there a way i can automate this process so that i need not reboot the system manually
View 5 Replies View RelatedTrying to setup a new Ubuntu machine and just downloaded 'p4' (Perforce command line client). It's a single file download - a statically-linked binary executable, so I just did:
wget [URL]
...right into /usr/bin. Simple enough. Except:
root@aj-ubuntu:/usr/bin# ll p4
-rwxr-xr-x 1 root root 748808 2010-02-11 16:54 p4
root@aj-ubuntu:/usr/bin# ./p4
[Code].....
I want a quick and simple way to execute a command whenever a file changes. I want something very simple, something I will leave running on a terminal and close it whenever I'm finished working with that file. Currently, I'm using this: while read; do ./myfile.py ; done And then I need to go to that terminal and press Enter, whenever I save that file on my editor. What I want is something like this: while sleep_until_file_has_changed myfile.py ; do ./myfile.py ; done
Or any other solution as easy as that. BTW: I'm using Vim, and I know I can add an autocommand to run something on BufWrite, but this is not the kind of solution I want now. Update: I want something simple, discardable if possible. What's more, I want something to run in a terminal because I want to see the program output (I want to see error messages).
How do I set up SSH so I don't have to type my password? i execute the following command ssh -l admin hostname command but each time i execute it, it ask me to enter password.how i can give it password as default because i'm going to put in bash file ?
View 2 Replies View RelatedCreate a file. change its permissions at a specific time. change the permission.
At the moment this is what I have and it changes the permissions of the file but not according to the time specified.
I am working in a CentOS environment with numerous CentOS machines. Currently there are multiple developers that each have their own login/home directory and then for various admin tasks we all share a single super user account.
The problem
I have a number of aliases, variables, functions, and settings that exist in my personal login's .bash_profile. None of these are available in the shared super user's .bash_profile. My current work around is that everytime I sudo in as the super user and I re-execute my .bash_profile from my personal user's home directory. I am not allowed to edit the init stuff for the super user
The Question
Is there any way I can automate my sudo sequence such that it will execute my personal .bash_profile after I've executed sudo without requiring me to edit the super user's bash init stuff?
I want to allow a user to reset people's faillog. When I go into the /etc/sudoers file and put this syntax in I still get an error stating : /var/log/faillog permission denied.
Here is what I put syntax:
%user ALL=/usr/bin/faillog,/var/log/faillog
I have and entry in a crontab for my user (appadmin) that when it executes it does not start with the proper path. It needs to start as the appadmin user as appadmin owns all the directories for glassfish. However, once glassfish restarts, the hudson application cannot find the default JDK. I get an error. If I initiate the restart via command line, all works as it should. I believe it has something to do with PATH in the crontab but am not sure what I need to set the PATH to in crontab.
View 1 Replies View RelatedI was always confused about the way it says that the execute permission for a directory means "able to list it". I just don't get it.Does no exec permission mean "still able to read files from in the directory, but not able to find out what files it contains" or what?
View 2 Replies View RelatedWhen i click in one icon (for example), this icon executes "java -jar ...". In another words: Make a .exe on linux.
View 2 Replies View Related