General :: Sudo Su Runs Without Password Prompt?
May 25, 2011
So here's the problem. We've got the /etc/sudoers file set up so that users can run commands from /bin like "cat" or "mkdir" without entering a password. The problem is that the "su" command is also in /bin, so if they enter "sudo su", it gives them root access without a password. Here's the /etc/sudoers file:
Defaults targetpw
%users ALL=(ALL) ALL
root ALL=(ALL) ALL
support ALL=(ALL) NOPASSWD: /sbin/, /bin/, /opt/, /etc/init.d/, /elo/
support ALL=(ALL) NOPASSWD: /usr/bin/mysql
Is there a way I can deny /bin/su while still allowing the rest of the /bin commands?
View 1 Replies
ADVERTISEMENT
Jul 22, 2011
A little while ago I moved to F14 from Ubuntu; I've been ok, but recently sudo has been causing me trouble :/It seems to hang, but eventually produces some output indicating that it has been waiting for me to input a password; but it hasn't prompted me for one.
$ sudo ls
Sorry, try again.
Sorry, try again.
Sorry, try again.
sudo: 3 incorrect password attempts
View 10 Replies
View Related
Feb 17, 2011
I have been reading guides for a while now and so far have not found an exact solution to my problem.
I want a linux user (dave) to be able to switch to another account (patrol) without a password prompt, but dave must still be denied access to root. Patrol must also be denied root access.
In the sudoers file
Code:
User_Alias Patrol=dave,john
root ALL=(ALL) ALL
Patrol ALL=(patrol) NOPSSWD: ALL
[Code].....
View 6 Replies
View Related
May 31, 2011
I have written a script to run commands on remote servers, it is working fine. But when I am running "sudo commands" on the remote servers, it asks for me password after prompting for ssh password. I am unable to automate this password prompt (which is just after ssh password prompt). This is the function I am using to provide passwords
Code:
pass ()
{
cd $DIR/"$dt1"_"$dt"
/usr/bin/perl << 'EOF'
use strict;
[code]....
I want the same function to be used , when it expects for sudo passwords for any of the below lines:
Code:
[sudo] password for vikas: orPassword: This is my "cmd" file passed in pass () function.
Code:
ssh -t -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no 192.168.1.100 "bash rcmds"
This is my script output
Quote:
[vikas@box1 ~]$ ./rscript.sh
++ rm -rf /home/vikas/May_31
++ mkdir -p /home/vikas/May_31
++ set +x
[code]....
how to automate the password prompt required for sudo commands.
View 8 Replies
View Related
Jul 30, 2011
I'm creating a bash script to do some tasks for me. I would like the script to be run at a set time of everyday. My first question is if it is possible that if one of the commands in the script requires sudo, is there a way to get around it with out making sudo not require a password. Such as, is there a way to include the password in the script? If that is the case, I can always just set the file as read only by sudo. I've been looking for a way to do this, with no success. if I have a command that wants input, how do I give it to the program. For example, if I want to make a zip file that is encrypted, the command would go as:
Code:
zip -r example * -e
now how would I get the script to insert my wanted password.
View 14 Replies
View Related
Aug 4, 2010
I need to run one command as different user with out a password prompt.
I did this
Code:
one localhost= (two) /usr/bin/whoami
This work but it prompts for password. Is there a way that can be done with NOPASSWD option ?
View 1 Replies
View Related
May 23, 2011
I have an old server running RHEL 5.5 and I normally just type sudo nothing else and I'm instantly root. I copied my sudoers file from here to a new server but it seems not to work cause I type sudo and it ask for usage. Is something else besides the sudoers file that prevents me from logging in with sudo only.
View 5 Replies
View Related
Apr 28, 2011
how to get sudo password? login not working for password
View 10 Replies
View Related
Apr 21, 2011
I'm running Debian Wheezy and I don't know why, but whenI switch to console F1(Ctrl+Alt+f1) I can't enter login information. It's like Debian didn't have completely starting and wait always.The F1 console looks like this:
[screen content]
Starting enhance syslogd: rsyslogd.
Starting system message bus: dbus.
[code]...
View 9 Replies
View Related
Nov 12, 2010
Kernel 2.6.21.5, Slackware 12.0 bash 3.1. I have several times tried to log into my linux box and have seen the password prompt written in upper case chars. Can this be caused by something located on the other side of my connexion? Or by malignous software resident in my hard disk?
View 2 Replies
View Related
Nov 22, 2010
This is on my host machine. I'm the only one using it so it's fairly safe, but I have a very complex password that is hard to type over and over. I use the console for moving files around and executing arbitrary commands a LOT, and I switch terminals, so sudo remembering for the console isn't enough (AND I still have to type in my terrible password at least once!) In the past I have used the NOPASSWD trick in sudoers but I've decided to be more secure. Is there any sort of compromise besides allowing no password access to certain apps? (which can still be insecure) Something that will stop malware and remote logins from sudo rm -rf /-ing me, but in my terminals I can type happily away? Can I have this per terminal, perhaps, so just random commands won't make it through? I've tried running the terminal emulations as sudo, but that puts me as root.
View 6 Replies
View Related
Oct 7, 2010
Is there a way I can setup sudo with a seprate password other than root and the user password and yet I need it to pull the password from the passwd file. Ok here is why they are wanting to tie the sudo password into cyberark appliance that manages the passwords. So when the user needs to run a root command they would check out a password from cyberark. cyberark changes password from in the password file. So to restate myself is there a way to set sudo up to pull its own password from the password file and not the users or root.
View 3 Replies
View Related
Apr 19, 2010
I have set up a new account, with a user name of Benjamin.However, when running a sudo command, while logged in with the user name 'Benjamin', I receive an incorrect password error.Yes, I am entering the password for user name 'Benjamin' and not that of the root account.
View 9 Replies
View Related
Feb 16, 2010
Having a problem with sudo. I'm down as a user who can run all commands as root provided I enter my password. The relevant line from my /etc/sudoers file :
Code:
user1 ALL=(ALL) ALL
There are several commands that I run quite frequently such as mount and fdisk but would like to avoid having to enter a password each time I use them. What would be the appropriate change to the sudoers file ?
UPDATE: I neglected to scroll down to the bottom of the /etc/sudoers file where there was the line :
Code:
%admin ALL=(ALL) ALL
and since user1 was a member of the admin group any predeeding lines were being overidden by this. Commenting out this line and adding
Code:
user1 ALL= NOPASSWD: /bin/mount, /sbin/fdisk
View 1 Replies
View Related
Jan 30, 2010
I have bought a Mac Laptop however it has a username and password which I don't know. I've looked all over to see how I can overcome this lot's of people have said to enter at Grub prompt to take you to recovery, however I have no Grub prompt and Mac is not booting from cd rom.
View 1 Replies
View Related
Feb 23, 2011
I am new to using Ubuntu 10.10 that was installed by a friend of mine, but he didn't give me a password for administrator and now when I try to install VLC I am blocked by a password prompt. To make things worse I can't use F1 key, esc key, tab key, 1key (I copy and paste 1 from other pages when I need it). I am at a loss here and all I want is to change the administrator password without validating the current password first.
View 2 Replies
View Related
Jun 4, 2010
How can a user be setup to sudo (or su -) without entering a password?
View 1 Replies
View Related
Jul 9, 2010
When I run sudo as a normal unprivileged user, it asks for my password, not the root password. That's often convenient, but it reduces the amount of information someone would have to have in order to run commands as root. So how can I make sudo ask for the root password instead of the invoking user's password? I know it'd be done with a line in /etc/sudoers, but I can never seem to properly parse the BNF grammar in the man page to figure out exactly what to write.
View 4 Replies
View Related
Apr 20, 2010
I wish to allow a user to use sudo to run a single command (service app status) to determine if my application app is running, in my sudoers file i have: user ALL= /sbin/service app status I understand that there is a parameter called timestamp_timeout that will set the timeout for the 'user', but requires at least 1 entry of the root password.
I wish to allow the user to do "sudo service app status" and not have to enter the root password ever(maybe once is ok), but still make the user enter the root password for all other root activities. Is there a way to prevent the password entry for this command only and no others?
View 3 Replies
View Related
Jun 23, 2010
I'd like to start a background job using the sudo command and route its output to a file. This presents a problem because the prompt for the password doesn't work properly. It looks something like this when I try it:
Code:
Mac:server user$ sudo php crossdomain_server.php > data/crosscomain_output.txt &
[3] 30303
Mac:server user$ Password:
[3]+ Stopped sudo php crossdomain_server.php > data/crosscomain_output.txt
Mac:server user$
Basically I'm not properly prompted for the password and as soon as I type anything in my background job fails because it didn't receive the password. Is there any way to execute a sudo command by supplying the password on the same line as the command?
View 9 Replies
View Related
Jul 13, 2011
I followed instructions to enter single user mode by adding single at the end of kernel line but after that it doesn't ask for root password but brings up the sh# prompt. Isn't that supposed to be insecure? I understand for this the grub password can be applied but even after adding "single" it should ask for root password..or it should not..??
View 3 Replies
View Related
Mar 31, 2011
I have the following commande /sbin/fuser -f -u /u/DT01/F010107 1>/tmp/null 2>/tmp/seausr.T0069 when executing as root 'su' this give me all user using the file. but when tried with 'sudo' i am asked with 'user password'. Is ther anyway to simply get the result without having to supply a password and to see all user not only me. (i have the file open also).
View 1 Replies
View Related
Sep 9, 2010
In Ubuntu 10.04, I logged in as user1 and when I open a new terminal and issue any command it is asking password.user@ubun-laptop:~$ sudo ifconfig[sudo] password for user: It is asking for password only for first time.From the next command onwards it is not asking.Can some one please tell me if it is possible to issue ONLY ONE COMMAND, in which even if the password request comes, it will automatically fill the password.Just like "ps -elf | grep NetworkManager". I am expecting any combination of commands in a single line, so that password is filled automatically IF PASSWORD IS ASKED. If password is not asked, the command must be executed.
View 17 Replies
View Related
Apr 27, 2010
I needed to use Synaptic Package Manager to install an app, but the dialog box ("enter the Administrative Password") that pops up before you can use Synaptic doesn't recognize my password ("incorrect password). I tried typing it into a text editor and it's spelled right, caps lock not turned on or anything.
In Terminal, sudo recognizes it, and it is recognized when I log into Ubuntu. I'm the sole user, I have admin privileges, I've been doing admin things.
I just now did System > Administration > Users and Groups and got a dialog box saying
"Failed to contact configuration server; some possible causes are that you need to enable TCP/IP networking for ORBit, or you have stale NFS locks due to a system crash. See [URL] for information. (Details - 1: Server ping error: IDLmg.org/CORBA/COMM_FAILURE:1.0)"
Moving past that, I changed my user password, and Ubuntu authenticated it.
How do you launch Synaptic Package Manager from the command line?
View 4 Replies
View Related
Jun 25, 2010
Is it possible to have your login password t be different then your SUDO password. I did a search on sudo password- Almost every post has the term in it.
View 2 Replies
View Related
Feb 12, 2010
Would it be safe to say that if I build a restricted user: "Desktop" or "unprivileged" user I will be ok? From what I understand - most scripts or applications cannot install without the 'sudo' prompt and user input.
View 8 Replies
View Related
Apr 19, 2010
I'm writing a script which will log into a list of servers if they have public/private keypairs set up. If a server doesn't, I want the script to move on to the next server rather than wait at a password prompt.I'm using OpenSSH version 5.1p1 Debian-5, OpenSSL 0.9.8g 19 Oct 2007 on both client and server.I'm using this command: Code: ssh root "at" "IP" -o PasswordAuthentication=no KbdInteractiveAuthentication=no I had to write "at" instead of the symbol, as I'm not allowed to "post URLs to other sites after you have made 15 posts or more."This works for most servers, but not all (on some of them the script halts at a password prompt). I suspect those servers may run an older version of SSH which doesn't support the options I'm providing
View 3 Replies
View Related
Apr 9, 2010
I was trying to edit a file requiring root permissions, so I used sudo. I typed the root password and it failed. This happened three times, and the process was ended. I then logged in as root (su) and was able to navigate to the file and make changes as root. Am I missing something? How would I edit the sudoers file such that this password would work? Or is there another way to log in to the sudo group to make these changes? How do I set sudo passwords?
View 1 Replies
View Related
Jun 22, 2011
Is there a way to getting around not having to put in the user password everytime my Wireless connects, or Install software, etc? I changed the user role to Administrator under users from the control panel (x Windows user )
View 4 Replies
View Related
May 14, 2010
delay the retry response from SSH (for, say, 10, 20 or 30 seconds) when a bad password is tried by a whacker? I mean, when I'm getting hit by 10 or more break-in attempts, is there some way to make SSH delay the next try from the site that's trying?I seem to remember something about this but haven't been able to find it and, so far, reading the SSH documentation hasn't been
I have DenyHosts running (that puts entries in /etc/hosts.deny after a few tries to break in) and I completely block China, Korea and a few others that are a constant annoyance with IPTABLES but I do get hit pretty much every day and would like to discourage the bastards as much as possible (the hits are a second or so apart which tells me they're automated and I figure delaying the response will discourage 'em).For example, here's the overnight entries from /var/log/messages (the "refused connect" are from /etc/hosts.deny entries generated by DenyHosts):
Code:
May 13 03:49:50 fubar sshd[30255]: refused connect from 200.49.226.12 (200.49.226.12)
May 13 03:51:27 fubar sshd[30256]: refused connect from 200.49.226.12 (200.49.226.12)
[code]....
View 12 Replies
View Related