Ubuntu Security :: Allow ONE Script To Execute With Password
May 12, 2011
I want to a allow a *single* bash script to run with root permissions (without me typing in the password). The script is located in /home/john/Documents/ Eventually the script, will try to execute a program which is located at /home/john/Documents/programs. At the moment, my sudoers file is like this:
[code]...
the line of code root ALL = (ALL:ALL) ALL present in the sudoers file? I mean what does each ALL specifically do? How do I change my sudoers file to accomplish running one single script file?
everytime i try to vnc to my box, it pops up the keyring authentication, which is obviously a huge problem when logging in remotely.how do i change my keyring password to match my login password?
How do I set up SSH so I don't have to type my password? i execute the following command ssh -l admin hostname command but each time i execute it, it ask me to enter password.how i can give it password as default because i'm going to put in bash file ?
I know this has probably been asked too many times here but I need to secure my emails. Personal matters of course. But yeah. I use the program "Password and Encryption Keys" to generate a key to sign my emails with but I do not know what to do. To be blunt, I'm stupid when it comes to this. IF not, steps in creating a key? and giving it (my public key) to the significant other? Finding where both keys are? Implementing it into Thunderbird? If it helps any here's some extra information: Ubuntu distro: Ubuntu 10.04 Email client: Thunderbird
How can I force passwd to use a simple password?I want to change my passwd & delete passwd history (if stored).I plan on creating a Virtual Appliance that uses another password besides my testing password.
I have succesfully installed Debian with gnome-core, iceweasel and other useful packages and also followed this guide to autologin and start X. I noticed that the sudo chmod +s /sbin/halt and adding /sbin/halt in ~/.bashrc made Debian refuse me to log out (from X) and 'log out' turns off the computer insted.Removing /sbin/halt from .bashrc turned everything to as i want it. Should I "repair" or remove something I created with chmod +s command or should I leave it as it is?
Also I would like apt-get(or aptitude) update to run after login (and before startx), so i added sudo apt-get update to .bashrc but it will prompt me with password. Is there someway I could do this without the password(s) which su/sudo needs to execute? This is not so important but it would be very nice to update the system on startup.
I already posted a topic similar to this concerning the Desktop OS version, but this deals with the Netbook because unlike the Desktop, the Netbook is less cooperative. Allow me to elaborate: Today (or rather yesterday since it's not after midnight where I am), I changed my password because I was hopelessly confounded about how to get my Wireless Network card up and running after it had been installed and I was allowing my dad to use it. This issue has since been resolved, however...
When I chose my password during the original installation, there was no mention of it being "too simple." This is where the Desktop OS and the Netbook OS differ. The desktop will let me change it in the terminal without any errors. The Netbook will not. When I've attempted to revert it back to the original, it will not let me do so in the User Profile or in the Terminal. The Passwords and Encryption Keys application also does not appear to help.
So now even after I've changed it to a different "complicated" password I am still prompted to insert two different passwords since I changed my user password but I am unable to change the password I input during the installation. A bit screwy methinks. This is extremely important. I'd like to know how to change the original installation password.
If I can't change the main password on my laptop then this is a serious potential security breach just waiting to happen (especially since it's on a laptop and I will be hauling it around with me) and I will most likely install a different OS if this isn't resolved --- It would be very unfortunate since I spent the whole day fixing it and I really enjoy the interface. Luckily I can live with this on my Desktop since I'm not going to be hauling it around with me everywhere when the school year starts.
php. I am developing a web-interface for an application that sometimes needs root privs. Editting /etc/sudoers is not an option since the web interface needs to be portable to other users when they install my application. Is there any workaround ?PHP Code:
I have a database created by an older program (not Access) that I need to open and retrieve information for my business. The manufacturer put a password on there so that only it's program could open it. I do not use that program, but it has information I need. Is there a way to find that password or circumvent the password altogether?
My program attributes (it uses semanage to change range): I'd like to ordinary user (bartek) can execute my program. I executed as root:
chmod u+s se_chmod4
so now my user can change his range in permissive mode by my program. My politic: In enforcing mode i can see attributes but when i want to excute i get:
How should look like my TE file that user (bartek) could execute my program (forget at moment about "semanage")?
When I confine a user myuser to the type user_u (or staff_u) with the SELinux instruction semanage login -d -s user_u myuser, this user cannot execute OpenOffice.
I suppose the problem occurs because I installed the rpm from the OpenOffice repository, not the standard OpenOffice included in FC13. However I prefer to use the rpm version, because of some bugs in the FC13 OpenOffice version. How can I create a policy to allow the execution of libicuuc and other OpenOffice libraries by my confined user ?
I was running '# ls -l' in '/' directory and I noticed all directories in '/' have the following permeation 'drwxr-xr-x' [except root's home which is 'drwx------' (after I change it from 'drwxr-xr-x' )]
I don't want all the user (except root) to be able to read and execute (in) any directory, I just want every user to be abel to read/write/execute only in his/her home directory.
my question is, is it ok to change file and directory permeation of the following directories in '/' from 'drwxr-xr-x' to 'drwxr-x---' or 'drwx------' recursively?
/bin /boot /dev /etc
[Code]....
-I and the other users use the pc for internet, open office and email mainly.
-It does not run server(s) like smb/cif or NFS.
-There are 5 usernames (created by me, non of them are superusers) in th pc, only one user is required to login at any one time.
Whats wrong with this line?Code:sudo -u user /usr/bin/nohup sh /home/user/somescript.sh &This should ask for the password then execute the script at background and get back to menu
I have been trying to setup sshguard in Ubuntu 10.04 and I cannot manage the log daemon to execute the sshguard command. Has anyone managed to setup sshguard under 10.04?
I'm new to ubuntu. Now iam using Karmic Koala. I want to change my password. So i used,
system->Administration->users and groups to change my password . As i entered my new password and clicked on 'Change Password', It is saying, 'password changed'. But when I click the close button in the main users and groups window, it is asking for my password, and I am forced to enter my old password only.
After the window is closed, i logout to check whether my password is changed. But it is not. I have to enter my old password to login.
i set my pass on ubuntu 10.4 and it work so good on installing app but suddenly it stopped working i thought i would restart my pc i tried to inter my pass again ubuntu don't accept it although it's surely true
I had this great idea to try and change the UBUNTU password. So I took not so drastic effort..I went to System>Administration>Users and Groups. There I clicked on my login name.Clicked on Properties and used the Change Password Button to Change my login password. I did that. [I thought this is the way to change the login password]. After that as usual I tried to launch the Empathy! It started asking me about some Keyring password! I gave my new password and it worked. Now, the weirdness of the issue is that..
1)If I want to login to UBUNTU..I have to give the Old Password [The password which I gave when installing Ubuntu;as if the password change has not come into affect] oO mount..I have to give old password To update I have to give old password. But! 2)To get my things done in Empathy..that is to get the Keyring Challenge done! I have to give the new password and old password does not work here.
I want to stop empathy from asking me about the KEYRING thing. Roll back the system to the previous state; before the password change thing. What exactly went wrong or right? and What is really happening to my system. I mean things are all normal, so far..but why the two passwords? I dont use any heavy things on my machine..just a bit of browsing and Empathy..thats all.and only the default applications are installed on my machine. I use Ubuntu Karmic 9.10.
I need to be able to capture a users password when they login. I am well aware of the security issues with this and I'm ok with this.
We run a call center and I am working on migrating from windows to Kubuntu for the callers. It's policy that all callers must report their password to me, so I already know of everyone's password. There has to be some variable/script that I can "hack" to get the password they typed in to the login screen.
What I'm trying to do is that when a user logs in in for the first time, their profile is automatically created and set up. Setting up network drives, email, pidgin (which the password is stored in plain text anyway, so forget about security on that one), web apps, etc.
Trying to find information on How to capture a users password and all have been responded with the usual lecture on why you shouldn't do this. So I've heard it all before and I know of the risks. Like I said, I already have the callers password on file. If I could capture it, I wouldn't have to manually setup each profile every time we get a new caller, which is often since turnover is quite high in call centers.
Every time I log in, I get the "password for keyring default" question two or three times, unless I enter it immediately as it pops up, sometimes even that doesn't prevent it from respawning. What could be causing this? I'm using Maverick.
P.S. Hmm, I don't think I'll be watching the lunar eclipse much now, the sky is covered with smoke, maybe it's lunar apocalypse.
I think it is very easy to hack passwords in Linux, but I did not try it yet. If you use sudo you get 3 attempts for the correct password. But if you get enough time it should be no problem to hack it by bruteforce. Imagine a script an attacker places on your machine which runs for a few hours or days. I think it is much more effective to delete the user out of the admin (or adm?) group so that user cannot be any danger anymore. You would have to login with root and readd the user then.
You now say: but if you login with root you got almost the same effect as with sudo. Of course it is the same. That is why I would use a system (not sure which yet) to create sub enviroments of your OS, which got the attribute that they can run without root, only got one account that can sudo and once sudo access is denied there is no other way to login as root. You just can repermit sudo access by the parent os layer.
I decided to stop using my password to enter Ubuntu (recently installed) and switch to automatic start up. Hit the relevant key, then restart. Received three notices, closed two, entered pass to get encryption code at third, then nothing but a blank, Ubuntu-colour screen. Unable to open Ubuntu. How the heck to I get myself out of this trap?
I need a little insight, and I�m not sure if the two can relate, but I am trying to find out the following. When generating WEP Keys the available bits are: 64/128/152/256; however, you need 5/13/16/29 character respectfully for each key if you generate the key manually.Can this formula be applied to passwords and the length of the password? For example: if my password had 29 characters, could I say that my password is 256-bits?
I'm running 64-bit Ubuntu Karmic, Encrypted HDD.I changed my login passwordwhen i try to boot i click on my name and type in my new password i have 'authentication fail' when i type in my old password this happens"could not update ICEauthority file /home/chris/ICEauthority""Their is a problem with the configuration server. (/usr/lib/libconf2-4/gconf-sanity-check-2) exited with status 256""Nautilus could not create the following required folders/Home/chris/Desktop,/home/chris/.nautilusBefore running nautilus, please create these folders, or set permissions such that nautilus can create them."
I have a dual boot machine and recently did a fresh install of 10.4. It no longer asks for a password to access the Windows partition and I full access to it. This seems insecure to me and was wondering if someone else came across this. I thought I saw this topic discussed before but I can not seem to find it now. Is this a bug or a new unpleasant feature?I don't think it makes a difference but I do have a separate encrypted home partition on this fresh install. I have also done two fresh installs. (Well three...once testing out KDE but didn't try the Win partition. )
I just reinstalled ubuntu lucid after accidentally damaging it, And I used all the same passwords and user names as before, I can login fine, and I can do sudo commands, but the gnome keyring wont accept my password, I tried changing my password using Applications>accessories>Passwords and encryption but that didn't work. How can I fix this so that keyring will accept my password, I need it to save my wireless router password.
I use Ubuntu 10.04 and I want to be able to move around the system without having to frequently enter my password. For example, when waking up the system from a power save state or when accessing Synaptic Package Manager I do not want to be asked to enter my password. There is nothing on my system that matters if its security is breached. Is there a way to turn off these requests for a password?
