General :: Sudo For Www User To Run Root Shell Script Via Browser?
Sep 7, 2010
I need sudo for www (apache) user to run a shell script('ip.sh' contains iptables rules) from cgi-bin directory via browser using a per script. I edit sudoers( www ALL=(ALL) NOPASSWD: ALL ),but when run the bellow command that's with err:
# sudo -u www sh /srv/www/cgi-bin/ip.sh
iptables v1.4.4: can't initialize iptables table `filter': Permission denied (you must be root) Perhaps iptables or your kernel needs to be upgraded. And:
# ls -al ip.sh
-rwxr-xr-x 1 root root 243 Sep 7 14:18 ip.sh
I edit sudoers so
'www ALL=(ALL) NOPASSWD: /srv/www/cgi-bin/ip.sh,/usr/sbin/iptables' too. but it doesn't work too. how can I execute this script via browser ?
View 14 Replies
ADVERTISEMENT
Feb 8, 2010
Can a sudo user do everything what a root user can do? I read sometimes expert say "You should run it as root rather than sudo user".
View 14 Replies
View Related
Aug 10, 2011
Is there a non-root shell command that can tell me if a user's account is disabled or not? note that there is a fine distinction between LOCKING and DISABLED:
LOCKING is where you prepend ! or * or !! to the password field of the /etc/passwd file. On Linux systems that shadow the passwords, this marker flag may be placed in /etc/shadow instead of /etc/passwd. Password locking can be done (at a shell prompt) via password -l username (as root) to lock the account of username, and the use of the option -u will unlock it.
DISABLING an account is done by setting the expiration time of the user account to some point in the past. This can be done with chage -E 0 username, which sets the expiration date to 0 days after the Unix epoch. Setting it to -1 will disable the use of the expiration date.
The effect of locking to to prevent the login process from using a supplied password to hash correctly against the saved hash (by virtue of the fact that the pre-pended marker character(s) are not valid output character(s) for the hash, thus no possible input can ever be used to generate a hash that would match it). The effect of disabling is to prevent any process from using an account because the expiration date of the account has already passed.For my situation, the use of locking is not sufficient because a user might still be able to login, e.g. using ssh authentication tokens, and processes under that user can still spawn other processes. Thus, we have accounts that are enabled or disabled, not just locked. We already know how to disable and enable the account - it requires root access and the use of chage, as shown above.To repeat my question: is there a shell command which can be run without root privileges which can output the status of this account expiration info for a given user? this is intended for use on a Red Hat Enterprise 5.4 system.The output is being returned to a java process which can then parse the output as needed, or make use of the return code.
View 2 Replies
View Related
Nov 6, 2010
How to become a root user without using sudo?So,that i can become super user to edit configuration files in etc directory.
View 1 Replies
View Related
Mar 17, 2011
Why can't you use the command "sudo su root" from a user besides Ubuntu?
View 2 Replies
View Related
Jan 17, 2011
If I pass to my shell environment as a regular user will it apply to builds ran under sudo?I posted a thread similar to this regarding a build with TOR; however, this is applicable to all programs.
View 6 Replies
View Related
Jan 25, 2010
I have a weird question about the sudoers file. Currently, I am running "Red Hat Enterprise Linux ES release 4 (Nahant Update 8)".
I edited the sudoers file (via visudo) and added the following:
User_Alias RPTS2 = vtmtest
RPTS2 xxxxx = (jboss) /oracle/app/oracle/apps/rptsd/deploy-jboss/deploy_rpts_jboss.sh
The user (vtmtest) issues the following command
sudo /oracle/app/oracle/apps/rptsd/deploy-jboss/deploy_rpts_jboss.sh
and gets this message:
user vtmtest is not allowed to execute '/oracle/app/oracle/apps/rptsd/deploy-jboss/deploy_rpts_jboss.sh' as root on xxxxx
When I look at the log, I see the following:
Jan 25 14:17:57 xxxxx sudo: vtmtest : command not allowed ; TTY=pts/12 ; PWD=/export/home/vtmtest ; USER=root ; COMMAND=/oracle/app/oracle/apps/rptsd/deploy-jboss/deploy_rpts_jboss.sh
1. Why does sudo try to run as the root user, when I have specified in the command to run as jboss?
2. Do I need to specify anything else so that this command can run as the "jboss" user and not "root"?
View 2 Replies
View Related
Sep 20, 2010
I want to use root password instead of adding my user to the list of sudoers,In Arch wiki ander Root password:Users can configure sudo to ask for the root password instead of the user password by adding "rootpw" to the Defaults line in /etc/sudoers: but that did not work for me. it asks for root password.Why do I want to do that:
1. I want to do that, I like sudo more than su -c 'some_command'.
2. sudo enables bash completion, su -c does not.
3. I don't want to add my user to sudoers list.
I found many users Suggesting alternatives and lowering the important of my need for this, when I asked this question in anther please.
View 8 Replies
View Related
Apr 23, 2010
It's been a few years since I last installed Ubuntu. I searched the forums and can't seem to find the answer. I want to be able to do a "su root" and have root access. I know Ubuntu wants you to do the sudo command, and I know you can really mess things up being root. I know I got this to work before. What do I need to do?
View 3 Replies
View Related
Feb 19, 2010
Stumped on this one. I'm trying to set up limited sudo authority on a desktop with some sensitive user data, and as an extra precaution I wanted to configure sudo to use a password other than the user's or the root's. I'm not sure how to do this. From the manual, we have a few options, such as "runaspw" or "targetpw", but none seem quite what I'm looking for.For instance, "runaspw" could be used if I created a user for nothing other than sudo(ing) purposes, but it requires you set "runas_default", which means that said user would have to have authority to execute said commands in the first place. This is workable, but seems like a lot of extra configuration for each specific command that I want to run, as well as creating some issues with simply commands such as "shutdown" or "reboot". Also, "targetpw" can be used in conjunction with a sudo(ing)-only user if I set an alias, but, again, this isn't quite what I am looking for.
Ultimately, what I am really concerned about in this situation are keystroke loggers, so I would prefer to avoid repeated entering the user or root password when performing administrative tasks. Also, I would prefer not having to create a sudo(ing)-only user as mentioned above to prevent a comprimised password resulting in an attacker being able to log into my system.
View 3 Replies
View Related
Feb 22, 2011
I recently re-installed my U10.04 and this time around, I added a root user and brought the permission levels of my default user to "Desktop User" as well as elevate the root permissions as explained elsewhere in these forums. Everything went fine until I wanted to "sudo" something from the Desktop User account terminal. I use Skype a lot and preferred to use the repos to get it loaded. Into synaptic where it asked me for the password. I entered the password and I was rejected. Ok, maybe I typed it in wrong. Tried again. The third time I checked in an editor to make sure I wasn't in all-caps. Third time OUT!
Switched user to root and there were no problems. Enabled the partner repos, installed Skype, as well as all the other stuff I use to run my home office. I have missed something, I know I have - perhaps a setting somewhere in the user permissions. I don't want to have to switch user every time I have to make changes to the system. Alternatively, if it's better practise to just leave my system as it is for security purposes I'm not running a server, but I'd like to have my system as secure as reasonably possible without elevating my problem to "paranoid security" level.......
View 5 Replies
View Related
May 15, 2011
Take a simple requires-root option, such as:
Code:
[Leo@chessman ~]$ cat /etc/shadow
cat: /etc/shadow: Permission denied
[code]...
View 5 Replies
View Related
Apr 19, 2010
I was wondering if someone had a logical reason and therefore complete, hopefully that makes total sense, for why when I install Ubuntu I cannot use the 'sudo' command either with root or user passwords. Even if I try to edit the permissions for sudoers, I still recieve an error message that says access is denied and so as the root user on my pc I don't understand why I can't put my name in the sudoers file or use the sudo command with the correct password.
View 9 Replies
View Related
Jan 6, 2011
Kernel 2.6.21.5, Slackware 12.0
Code:
Code:
On the other hand
Code:
So, I do not understand why the notification "sudo: cd: command not found", considering cd is a bash built-in command.
View 3 Replies
View Related
May 30, 2011
I'm trying to get the "root" user to be included in the list of users that get displayed on the login page.
I found this:[URL]...which seems to indicate that if I add an "Include" line, with the "root" user, that would work. I found the /etc/gdm/custom.conf file, which was empty except for the section header lines, so I added an "Include=root" line, but even after rebooting I just get the regular users, and have to login by typing the "root" username, etc.
So, I was wondering, is there a way to get this to work? P.S. I understand about not wanting to allow root logins, but I need to do this in my situation.
View 4 Replies
View Related
Apr 9, 2010
I was trying to edit a file requiring root permissions, so I used sudo. I typed the root password and it failed. This happened three times, and the process was ended. I then logged in as root (su) and was able to navigate to the file and make changes as root. Am I missing something? How would I edit the sudoers file such that this password would work? Or is there another way to log in to the sudo group to make these changes? How do I set sudo passwords?
View 1 Replies
View Related
Apr 14, 2011
I have system that was cloned from another system hence the user was same in both computer. I changed the computer name - to TANU. Then I added another user - BANU. I gave admin rights to second user. Logged out the first user DON- who is now only the desktop user. Before deleting the account through users and groups - I deleted the folder DON from home folder. I restarted the comp. unable to login. I had created automatic login for both users. How to restore the folder DON while using root shell.
View 2 Replies
View Related
Feb 12, 2011
How to call Nautilus file browser with root permissions? "sudo nautilus" does not work. Under Ubuntu there is a command:
"gksu nautilus"
but this does not work in CentOS either.
View 2 Replies
View Related
Jun 15, 2011
MACHINE: HP Proliant DL260G5OS: SLES 11 SP1kernel: Linux xserver 2.6.32.12-0.7-default #1 SMP 2010-05-20 11:14:20 +0200 x86_64 x86_64 x86_64 GNU/LinuxIt is used as remote xserver in a LAN.I have configured /usr/lib/restricted/bin/.rbashrc with some environment variables but when the users logon in the system finally is executed $HOME/.bashrc and some environment vars are overwritten.
View 2 Replies
View Related
Apr 18, 2010
How to run Shell Script from a browser using External Protocol request ?i try this however it did work
Code:
Code:
< a href="sh:/path/of/my/script.sh" >YourLinkText< / a >
[code]...
View 3 Replies
View Related
Feb 25, 2010
I've looked everywhere but I can't find where to change the default box for incoming mail, or am I on the wrong track. It's a nuisance having to change folders and I can't configure wastebin to empty on exit.And I can't get kmail to import from evolution. Do I have to go to the evolution storage and do it manually, and if so, how do I do that?
View 1 Replies
View Related
Dec 11, 2009
I am using the sudo command to log on locally as another user by the following command:
sudo -u theotheruser -s
or
sudo -u theotheruser sh
As I see it, this initiates a new shell with the mentioned other user.However, this doesn't load that users profile from his home directory.Is there a way to automatically read the users profile when login in with selected command? I am mostely interested in getting a working prompt when logged in.
View 11 Replies
View Related
Jan 24, 2011
Is there any way to 1) write a script to save only the URL opened in a multiple browser and multiple tabs to notepad.2)how to open multiple URL in browser tab through shell script.
View 1 Replies
View Related
Mar 2, 2010
i used opensuse 11.1 ...there is option for root user to create password for root...but for ubuntu i did not find anything like that...so how can i create root password....or how can i use root
View 1 Replies
View Related
Dec 2, 2010
i just installed linux mandriva 2009. i set password for root and created a user account. when i try to login as root, after logging out as user, it does not allow me and gives the error "root logins are not allowed". even it does not show the root account. if i try to go to root from konsole terminal using su root, it allows to enter as a root but when i try to start the GUI with startx it gives error.not sure what to do and why i can't see my account in GUI mode
View 5 Replies
View Related
Jul 9, 2010
When I run sudo as a normal unprivileged user, it asks for my password, not the root password. That's often convenient, but it reduces the amount of information someone would have to have in order to run commands as root. So how can I make sudo ask for the root password instead of the invoking user's password? I know it'd be done with a line in /etc/sudoers, but I can never seem to properly parse the BNF grammar in the man page to figure out exactly what to write.
View 4 Replies
View Related
Jan 24, 2010
On my ubuntu I have a command pm-suspend, which puts the computer to sleep. It has to be run with sudo. Since it is inconvenient to be forced to type the password every time I want my computer to sleep, I thought maybe there's a way around it. Naively I thought that if I'd create a script as root, that invokes pm-suspend, and then let anyone execute that script, I could run that script as my own user and then that script would be considered run by root and hence be allowed to run pm-suspend. Obviously that didn't work. The root-check procedure in pm-suspend still found out that the original executor was someone different from root.
Still I think something similar (although slightly more elaborate) should work.I'm thinking about the process that allows the user to mount hard drives for example. Normally root is required, but it is somehow bypassed by the gnome utility mounting.
View 8 Replies
View Related
Jan 15, 2010
I am using mint 8 for a 2 weeks, I am noob to linux but I like Mint than any other linux distro which is great alternative to windows. I have a problem regarding password reseting.
1. My laptop automatically get logged in without asking user name and password.
2. I tried to change password for newly created user and root user using graphical way but it does not work.
2. I can perform administrator task using only OEM user which is default inbuilt user of mint.
How can make my laptop to ask password when mint get booted? How to change password for other users?
View 1 Replies
View Related
Jul 9, 2010
When I run '# sudo touch newfile' my expectation was that the file would be owned by me, not by root, as my understanding of sudo is that it is giving me, the user, root priviledges but does not actually switch the user.Do I have a fundamental misunderstanding of what sudo is about?
View 4 Replies
View Related
Mar 9, 2011
Debugging some of my scripts after upgrading from Debian Lenny to Ubuntu 10.04. In so doing, I tripped over this "problem," the solution to which may give me a clue to others.
On a bash shell command line I created a file thusly:
sudo touch zero_file
and it lists as expected with default permissions 0644:
-rw-r--r-- 1 root root 0 2011-03-09 11:18 zero_file
But then this command fails
sudo echo abcdef >>zero_file
-bash: zero_file: Permission denied
I can place the command (minus the "sudo") in a script & run it under the auspices of sudo & it works. Am I missing something re the stdin redirection when using sudo?
View 9 Replies
View Related
