Security :: Run Commands As Root ?
Mar 4, 2010
I need to launch a bash file in Linux from an unprivileged user session, file that will run bash commands as root. But I do not want to create an user with root privileges to do that also the process must be silent (no password asked).
How can I do this without adding a user in sudoers and without giving rights to all users to execute the commands from that bash file?
I have tried SUID option witch would had been good as functionality but I understand that SUID doesn't work for script bash files.
View 14 Replies
ADVERTISEMENT
Aug 11, 2010
I want to get a of log all the commands executed by the root user with the following details :
incoming ip
username (thru which su was executed)
time and date
all the commands executed as mentioned above.
Also if user has managed to login as root, he should not be able to disable / delete the above info. Can this info be collected at some other physical server ?
View 5 Replies
View Related
Mar 3, 2010
I need to launch a bash file in Linux from an unprivileged user session, file that will run bash commands as root. But I do not want to create an user with root privileges to do that.
View 10 Replies
View Related
Jun 10, 2009
Senario is we have a system where root has authorised keys set up so that it can do a passwordless ssh to $WORKSTATION. I then need to run a script on $WORKSTATION as user "bob" and NOT as user "root". I do not want to set up user "bob" to be allowed passwordless ssh so any ideas how I can do this?I have tried variations of (as user "root"):ssh $WORKSTATION "su - bob; ./my_script"
View 5 Replies
View Related
Mar 1, 2011
I am trying to administer a small group of ubuntu desktops in my classroom. I can use ssh to perform administrative tasks one at a time on each machine, but I want to automate these tasks through a small number of scripts. I am having trouble with running root commands through a script.
On other distros, I think I would simply ssh into the root account, and run the script. But as an ubuntu user, I have only ever used sudo, and folks at ubuntuforums are understandably hesitant to recommend logging in as root. Instead I am seeing suggestions to disable the password requirement for each specific command I want to run, which does not seem like best practice.
Should I enable the root account, give it a password, and ssh to the root account to run the scripts? To be specific, the scripts will do things like install updates, install programs, add or delete users, configure the desktop, etc.
View 5 Replies
View Related
Jan 20, 2011
want to run VirtualBox with root permissions. Trouble is that only when run as root i can access attached USB devices inside of a virtual machine, otherwise, these a greyed out).Now running VirtualBox as a root user also changes the configuration folders, making all my virtual machines already defined disappear. I also don't want to copy all to the root configuration folders. Is there a way to give the VirtualBox root permissions but without actually running the application as a root user. Is it possible to do without changing the permissions of the non-root user, i.e. i don't want my user to have all root permissions, due to security considerations.
View 1 Replies
View Related
Apr 12, 2010
I run ProFTPd with TLS authentication on my Debian Lenny server. My problem is that despite of the fact that my users connect chrooted, one of my friends had root privileges after logging in form a Macintosh and could browse the root directory, too.
View 1 Replies
View Related
Apr 4, 2016
I use two separate systems both running Debian 8. On one (my main) I can't do some commands including ping, shutdown and reboot without running them as root user, however on my other system I can ping and reboot as a non-privileged user. The permissions on both systems are the same for /bin/ping and /sbin/systemctl (reboot). I thought at first it was something to do with what groups my main was in, but that doesn't seem to be the gase.
I know I can fix it by setting setuid for both, but my question is why is it different on both machines? Is there a global setting controlling this in /etc or perhaps an icmp setting?
View 7 Replies
View Related
Oct 25, 2010
How would like to allow a user to run command such as mount fdisk and lspci which normally you would have to be root to do. How would i go about doing this.
View 4 Replies
View Related
Oct 14, 2010
I have this project and it needs me to write a programe that will interface with a hardware device thruogh the parallelport.I did that, but I feel i might be using the wrong commands because when runing it i get a segmentation fault or a 'changing ownership of file ; operation not permitted.
View 2 Replies
View Related
Nov 7, 2009
After a few hours work I have managed to set up pptd so that my daughter can log into her account at Imperial College. My problem now is that I need to have a script that she can run if she wants to log in. She will have to invoke a couple of root commands and I do not want to give her the root password What she needs to do to set up networking is:
Quote:
pppd call imperial dump debug logfd 2 nodetach require-mppe
/sbin/ip route add default dev ppp0
How can I enable things so that she can run this script as user?
View 12 Replies
View Related
Feb 22, 2011
In order to allow me to shutdown my PC from within fluxbox without being root I ran "visudo" and added the following line:
Code:
psionl0 ALL=(ALL) NOPASSWD: ALL
A check that the line had been accepted showed all ok:
Code:
bash-4.1$ sudo -l
User psionl0 may run the following commands on this host:
(ALL) NOPASSWD: ALL
Yet when I tested it out, I got nowhere:
Code:
bash-4.1$ sudo pkgtool
sudo: pkgtool: command not found
bash-4.1$ sudo shutdown -h now
sudo: shutdown: command not found
bash-4.1$
Have I done something wrong or isn't sudo meant to be used this way?
View 12 Replies
View Related
May 24, 2011
I want to restrict some of my Operating System users running unwanted commands. I just want them to run specified commands only. How can i achieve this?
View 9 Replies
View Related
Oct 14, 2009
How to allow access to some commands having root privleges to be run by non root user. I am new to unix/linux and I have a major assignment. I have to find ways to run particular commands which can be run only by root from a non root user. I know sudo is one of the way but i need some different approach.
View 8 Replies
View Related
Mar 9, 2011
is there a way to monitor use of rm, cp and mv commands? (other than in history)... i would prefer if it were logged in /var/log directory with time and command (with its arguments).
View 5 Replies
View Related
Dec 15, 2010
I've firewall machine customers connect on it then connect to one of another 3 machines as root through ssh key , is there any way to know which user connect to which machine and what command that he has executed without using script command ?
View 1 Replies
View Related
Feb 5, 2010
I read somewhere that 'sync' and 'who' commands in linux should be disabled. While i can understand that for the 'who' command, why so for 'sync'?
I can find sync and who as one of shell commands, whereas also in /bin/sync and /usr/bin/who. Are the shell commands and those in bin directory meant to serve the same purpose?
Finally, how can i disable these commands?
View 4 Replies
View Related
Jan 10, 2011
trying to devise a new sudoers configuration while building a new SOE and would like to force everyone (including system administrators) to use rootsh in favour of doing things like sudo -s, sudo bash, sudo tcsh and so forth. Effectively, use sudo to use any shell other than rootsh. Is there a way to allow users to run anything they want except shells. I realise this is a default permit which inherently is defective, but I'm not convinced that going through the 1559 executable commands of my (as yet incomplete) built system to decided on the likely 1000+ commands I would want to be genuinely allowed. As I said this is for system administrators first, and I'd like to forcibly instil the habit of sudo <command> or using rootsh to get an audited shell. But I know people are already not doing enough sudo <command> as it stands, rather they switch to bash.
View 7 Replies
View Related
Jul 15, 2009
I've setup dimdim (opensource, centos 5.3) and noticed yum & rpm commands fail when executed as root because it uses librpmio from openoffice3 instead of /usr/lib (I'm running from memory so I may have misstyped). But sudo doesn't have this problem.
How can root's search path be different, especially after I state /usr & /usr/lib at the top of /etc/ld.so.conf.
View 2 Replies
View Related
Jun 26, 2010
php. I am developing a web-interface for an application that sometimes needs root privs. Editting /etc/sudoers is not an option since the web interface needs to be portable to other users when they install my application. Is there any workaround ?PHP Code:
php code:$command = "./script.sh /dev/$DISKNAME &";$shellOutput = shell_exec($command);
Code:
[code]...
View 2 Replies
View Related
Jan 27, 2011
I am a linux newbie. I have a situation where I need to send a command line -X command to a screen session owned by root from a nonprivliged account. The command is executed by a shell script, which in turn is executed from a PHP script. Is there a way to make this work?
View 3 Replies
View Related
Jun 13, 2010
Accidently ran rm -rf while the pwd was /home/user-name
Now I'm unable to run any command whatsoever as root, ls,vi,cnf whatever, they don't work.
However the commands work as normal user.
I can guess that the files with root ownership in the home folder were deleted but I would like to revert everything back to normal and would like to know how to solve this problem.
View 5 Replies
View Related
Mar 25, 2010
Having read on the forums about some of the dangers of running Wireshark as root, I would like to know if anyone can suggest some alternative packet sniffers/network analyzers which will offer similar results but without the security issues. I am using Karmic Koala on a Fujitsu Siemens laptop with wireless router (firewall enabled)
View 7 Replies
View Related
Sep 8, 2010
Whenever I login as root, an e-mail with the subject "Security information" is sent outwhere the e-mail address for this message is configured? I need to change it (or perhaps disable it).
View 9 Replies
View Related
Oct 20, 2010
I found this on Bee's website. For more info on this exploit there are links there:[URl]..All you have to do in Fedora 13 is enter the following lines in a shell as normal user:
[Code]...
I don't think this can be considered solely an "upstream" problem, because I first tried it in Arch using the same version of glibc, and the final command causes both gnome-terminal and xterm windows to disappear.
View 14 Replies
View Related
Jan 5, 2011
I am trying to set up an automatic backup using rsync and a publickey SSH, which requires using an empty password on the private key. I would like to lock down the key on the server so that it can only run rsync, but my attempts to use a forced command (or any other option such as no-port-forwarding) do not appear to have any effect when I run ssh -v.
I am currently debugging using the following line in ~/.ssh/authorized_keys
Code:
But when I connect, it opens up an interactive command prompt and does not display the "goodbye world" that I expect.
I am running an OpenSSH server on Ubuntu 10.04
View 2 Replies
View Related
Jun 7, 2011
I followed this thread:[URL]...When I get to this part:sudo genprof firefox it does not work in the terminal. Is this still supported for Ubuntu 11?
Also, I installed the profiles. Is something supposed to happen now or do I need to configure them?
sudo apt-get install apparmor-profiles
View 6 Replies
View Related
Oct 16, 2010
how to prevent the execution of the following commands or how to set a policy or rule that prevents the execution of the following malicious commands
dd if=/dev/zero of=/dev/sda
rm -rf /
View 3 Replies
View Related
Jul 21, 2011
I need to use Live Media to make changes to a hard disk drive. I tried to sudo to no effect.
Seems like it would be troublesome to authorize root access on Live Media or have sudo allow commands such as pvcreate,lvcreate,vgcreate, especially if the hard disk is not encrypted.
View 1 Replies
View Related
Jul 5, 2011
I am using Fedora 14, I need to change the directory of a folder(myweb) from "homeuserdesktop" to "varwwwhtml" . Please give the Fedora commands to do this.
View 2 Replies
View Related
