General :: Sudo For Www User To Run Root Shell Script Via Browser?
Sep 7, 2010
I need sudo for www (apache) user to run a shell script('ip.sh' contains iptables rules) from cgi-bin directory via browser using a per script. I edit sudoers( www ALL=(ALL) NOPASSWD: ALL ),but when run the bellow command that's with err:
# sudo -u www sh /srv/www/cgi-bin/ip.sh
iptables v1.4.4: can't initialize iptables table `filter': Permission denied (you must be root) Perhaps iptables or your kernel needs to be upgraded. And:
Is there a non-root shell command that can tell me if a user's account is disabled or not? note that there is a fine distinction between LOCKING and DISABLED:
LOCKING is where you prepend ! or * or !! to the password field of the /etc/passwd file. On Linux systems that shadow the passwords, this marker flag may be placed in /etc/shadow instead of /etc/passwd. Password locking can be done (at a shell prompt) via password -l username (as root) to lock the account of username, and the use of the option -u will unlock it.
DISABLING an account is done by setting the expiration time of the user account to some point in the past. This can be done with chage -E 0 username, which sets the expiration date to 0 days after the Unix epoch. Setting it to -1 will disable the use of the expiration date.
The effect of locking to to prevent the login process from using a supplied password to hash correctly against the saved hash (by virtue of the fact that the pre-pended marker character(s) are not valid output character(s) for the hash, thus no possible input can ever be used to generate a hash that would match it). The effect of disabling is to prevent any process from using an account because the expiration date of the account has already passed.For my situation, the use of locking is not sufficient because a user might still be able to login, e.g. using ssh authentication tokens, and processes under that user can still spawn other processes. Thus, we have accounts that are enabled or disabled, not just locked. We already know how to disable and enable the account - it requires root access and the use of chage, as shown above.To repeat my question: is there a shell command which can be run without root privileges which can output the status of this account expiration info for a given user? this is intended for use on a Red Hat Enterprise 5.4 system.The output is being returned to a java process which can then parse the output as needed, or make use of the return code.
If I pass to my shell environment as a regular user will it apply to builds ran under sudo?I posted a thread similar to this regarding a build with TOR; however, this is applicable to all programs.
I want to use root password instead of adding my user to the list of sudoers,In Arch wiki ander Root password:Users can configure sudo to ask for the root password instead of the user password by adding "rootpw" to the Defaults line in /etc/sudoers: but that did not work for me. it asks for root password.Why do I want to do that: 1. I want to do that, I like sudo more than su -c 'some_command'. 2. sudo enables bash completion, su -c does not. 3. I don't want to add my user to sudoers list.
I found many users Suggesting alternatives and lowering the important of my need for this, when I asked this question in anther please.
It's been a few years since I last installed Ubuntu. I searched the forums and can't seem to find the answer. I want to be able to do a "su root" and have root access. I know Ubuntu wants you to do the sudo command, and I know you can really mess things up being root. I know I got this to work before. What do I need to do?
Stumped on this one. I'm trying to set up limited sudo authority on a desktop with some sensitive user data, and as an extra precaution I wanted to configure sudo to use a password other than the user's or the root's. I'm not sure how to do this. From the manual, we have a few options, such as "runaspw" or "targetpw", but none seem quite what I'm looking for.For instance, "runaspw" could be used if I created a user for nothing other than sudo(ing) purposes, but it requires you set "runas_default", which means that said user would have to have authority to execute said commands in the first place. This is workable, but seems like a lot of extra configuration for each specific command that I want to run, as well as creating some issues with simply commands such as "shutdown" or "reboot". Also, "targetpw" can be used in conjunction with a sudo(ing)-only user if I set an alias, but, again, this isn't quite what I am looking for.
Ultimately, what I am really concerned about in this situation are keystroke loggers, so I would prefer to avoid repeated entering the user or root password when performing administrative tasks. Also, I would prefer not having to create a sudo(ing)-only user as mentioned above to prevent a comprimised password resulting in an attacker being able to log into my system.
I recently re-installed my U10.04 and this time around, I added a root user and brought the permission levels of my default user to "Desktop User" as well as elevate the root permissions as explained elsewhere in these forums. Everything went fine until I wanted to "sudo" something from the Desktop User account terminal. I use Skype a lot and preferred to use the repos to get it loaded. Into synaptic where it asked me for the password. I entered the password and I was rejected. Ok, maybe I typed it in wrong. Tried again. The third time I checked in an editor to make sure I wasn't in all-caps. Third time OUT!
Switched user to root and there were no problems. Enabled the partner repos, installed Skype, as well as all the other stuff I use to run my home office. I have missed something, I know I have - perhaps a setting somewhere in the user permissions. I don't want to have to switch user every time I have to make changes to the system. Alternatively, if it's better practise to just leave my system as it is for security purposes I'm not running a server, but I'd like to have my system as secure as reasonably possible without elevating my problem to "paranoid security" level.......
I was wondering if someone had a logical reason and therefore complete, hopefully that makes total sense, for why when I install Ubuntu I cannot use the 'sudo' command either with root or user passwords. Even if I try to edit the permissions for sudoers, I still recieve an error message that says access is denied and so as the root user on my pc I don't understand why I can't put my name in the sudoers file or use the sudo command with the correct password.
I'm trying to get the "root" user to be included in the list of users that get displayed on the login page.
I found this:[URL]...which seems to indicate that if I add an "Include" line, with the "root" user, that would work. I found the /etc/gdm/custom.conf file, which was empty except for the section header lines, so I added an "Include=root" line, but even after rebooting I just get the regular users, and have to login by typing the "root" username, etc.
So, I was wondering, is there a way to get this to work? P.S. I understand about not wanting to allow root logins, but I need to do this in my situation.
I was trying to edit a file requiring root permissions, so I used sudo. I typed the root password and it failed. This happened three times, and the process was ended. I then logged in as root (su) and was able to navigate to the file and make changes as root. Am I missing something? How would I edit the sudoers file such that this password would work? Or is there another way to log in to the sudo group to make these changes? How do I set sudo passwords?
I have system that was cloned from another system hence the user was same in both computer. I changed the computer name - to TANU. Then I added another user - BANU. I gave admin rights to second user. Logged out the first user DON- who is now only the desktop user. Before deleting the account through users and groups - I deleted the folder DON from home folder. I restarted the comp. unable to login. I had created automatic login for both users. How to restore the folder DON while using root shell.
MACHINE: HP Proliant DL260G5OS: SLES 11 SP1kernel: Linux xserver 2.6.32.12-0.7-default #1 SMP 2010-05-20 11:14:20 +0200 x86_64 x86_64 x86_64 GNU/LinuxIt is used as remote xserver in a LAN.I have configured /usr/lib/restricted/bin/.rbashrc with some environment variables but when the users logon in the system finally is executed $HOME/.bashrc and some environment vars are overwritten.
I've looked everywhere but I can't find where to change the default box for incoming mail, or am I on the wrong track. It's a nuisance having to change folders and I can't configure wastebin to empty on exit.And I can't get kmail to import from evolution. Do I have to go to the evolution storage and do it manually, and if so, how do I do that?
I am using the sudo command to log on locally as another user by the following command:
sudo -u theotheruser -s or sudo -u theotheruser sh
As I see it, this initiates a new shell with the mentioned other user.However, this doesn't load that users profile from his home directory.Is there a way to automatically read the users profile when login in with selected command? I am mostely interested in getting a working prompt when logged in.
Is there any way to 1) write a script to save only the URL opened in a multiple browser and multiple tabs to notepad.2)how to open multiple URL in browser tab through shell script.
i used opensuse 11.1 ...there is option for root user to create password for root...but for ubuntu i did not find anything like that...so how can i create root password....or how can i use root
i just installed linux mandriva 2009. i set password for root and created a user account. when i try to login as root, after logging out as user, it does not allow me and gives the error "root logins are not allowed". even it does not show the root account. if i try to go to root from konsole terminal using su root, it allows to enter as a root but when i try to start the GUI with startx it gives error.not sure what to do and why i can't see my account in GUI mode
When I run sudo as a normal unprivileged user, it asks for my password, not the root password. That's often convenient, but it reduces the amount of information someone would have to have in order to run commands as root. So how can I make sudo ask for the root password instead of the invoking user's password? I know it'd be done with a line in /etc/sudoers, but I can never seem to properly parse the BNF grammar in the man page to figure out exactly what to write.
On my ubuntu I have a command pm-suspend, which puts the computer to sleep. It has to be run with sudo. Since it is inconvenient to be forced to type the password every time I want my computer to sleep, I thought maybe there's a way around it. Naively I thought that if I'd create a script as root, that invokes pm-suspend, and then let anyone execute that script, I could run that script as my own user and then that script would be considered run by root and hence be allowed to run pm-suspend. Obviously that didn't work. The root-check procedure in pm-suspend still found out that the original executor was someone different from root.
Still I think something similar (although slightly more elaborate) should work.I'm thinking about the process that allows the user to mount hard drives for example. Normally root is required, but it is somehow bypassed by the gnome utility mounting.
I am using mint 8 for a 2 weeks, I am noob to linux but I like Mint than any other linux distro which is great alternative to windows. I have a problem regarding password reseting.
1. My laptop automatically get logged in without asking user name and password.
2. I tried to change password for newly created user and root user using graphical way but it does not work.
2. I can perform administrator task using only OEM user which is default inbuilt user of mint.
How can make my laptop to ask password when mint get booted? How to change password for other users?
When I run '# sudo touch newfile' my expectation was that the file would be owned by me, not by root, as my understanding of sudo is that it is giving me, the user, root priviledges but does not actually switch the user.Do I have a fundamental misunderstanding of what sudo is about?
Debugging some of my scripts after upgrading from Debian Lenny to Ubuntu 10.04. In so doing, I tripped over this "problem," the solution to which may give me a clue to others.
On a bash shell command line I created a file thusly:
sudo touch zero_file
and it lists as expected with default permissions 0644:
I can place the command (minus the "sudo") in a script & run it under the auspices of sudo & it works. Am I missing something re the stdin redirection when using sudo?
