Certain commands like:
fdisk -l
nmap -sT 192.168.0.1/24
iftop
require administrator privileges to run. A while ago i read a post(forgot where i read it) about being able to let a user run these commands in a script (that contains the desired command) created by the administrator/root without the user having to do a sudo and entering a password. Does anyone know how i can go about doing this?
There where some updates for 10.04.1 yesterday, after I installed them, a few hours later I restarted my machine as new headers and kernel files where downloaded.So this morning, when I come in, I wanted to check my software sources as I saw something a little odd yesterday.When I try to start that program; I am asked for my administrator password. Not the password I use for administrative tasks; which is what I am generally asked for.Anyone else seeing this? And if so, what happened. The admin account I have setup is My account, I am the only person on the machine. In the past I have entered my password and carried on; not this morning. Not sure what is happening; but I have not setup an actual admin account / password.
View 4 Replies View RelatedI am only user on this ubuntu 10.10 install. I have admin rights but when I try to change some settings via Ubuntu tweak unlock or alter user and groups via advanced tab I never get the option to enter my password. I have added a new user 'tempuser' via safe mode and this user is administrator too but everything works fine from this user..
Results from $ grep admin /etc/group
lpadmin:105:heath,tempuser
admin:119:firstuser,tempuser,heath
Results from groups
admin adm dialout fax cdrom floppy tape audio dip video plugdev fuse lpadmin sambashare
I am thinking of making a fresh install if I cant sort this but would like to fix if possible.
A day ago I finally got around to upgrading the PackageKit installation that had been sitting for a week and a half, so I found a new upgrade for sudo available - the one that gives the sudoreplay command, I forget which version number it is exactly. When I try to use the sudo command I get this notice in my terminal:Code:Can't open /var/db/sudo/me/1: Permission deniedI didn't get it before. What do I have to do to make it open? I'm using SELinux in enforcing mode if that helps.
View 1 Replies View RelatedI am trying to run eclipse with administrator rights so that it can access any folder on my system.
View 9 Replies View RelatedI love My linux OS, and I carry It with me all the time in USB. I used to be able to boot from USB in the University computers, but not any more. Now it required Admin password in order to boot from CD or USB. I tried The VMWare, but I didn't like it. Is there any way I can get around it.
View 1 Replies View RelatedI have been wondering if a guest user could compromise a machine which is set in the following way: they are not able to open the computer case, to boot from either an USB flash drive or an optical-disc drive, nor have any knowledge of the administrator-user password. Thus, they are landing on their guess account, and have to work their privilege escalation from there.
Therefore, what can they do to gain it? Could they download or otherwise install or run from a thumb drive an application that could be used to crack the administrator-user password? Because, it seems to me, could they enter into the system such a password-cracking application, the whole system could be compromised given the administrator-user password contains less than 9-or-so characters. What do you think? Can I lend my computer to anybody without them having beforehand gained my trust in them? Is the reasoning reasonable?
newbie changing to Linux, but not comps.as I said in newbie forum, putting them together since mid 80's w/5150's. that said most exp is old dos command line and commodore 64 basic. our economy here in USA causes change for many of us. I am now reading CompTIA study guide for Linux+ certification by Robb H. Tracy, pro Linux administration by James Turnbull,Peter Lieverdink, and Dennis Matotek. I have downloaded and installed PcLinuxOs, Fedora, SuSe.(three separate disks) have Linux Mint, Ubuntu, on cd. I also have Helix, DEFT, FIRE, FCCU, and Live Forensics Toolkit for Windows. because of pending legislation in our state and current or pending in others, taking classes@community college for private investigator. end goal?: Linux Systems Administrator/security/private investigator specializing in forensics?as I learn I'll probably install a server version on 1 of my drives and ask some of you to use it to work with/hack me/give me help in general.
View 5 Replies View RelatedI am new to fedora (been using debian based distro's for the longest time). With the new release I decided to give FC13 (The kde 64 bit spin) a try. I told it to wipe my entire hdd and encrypt the partitions. The partition manager made a few LVM partitions which I assume are encrypted.
The problem I am having is that if I attempt to use an application that would normally need root access to run, I am not prompted to enter my root password. Instead, I am required to logout and log back in as root. Is there a way to make it so that FC13 will prompt me to enter in my root password so I do not need to log in and out? Or is there something Different I should have done during the install process? Also, what is the terminal equivalent of "sudo" in fedora, or is it still sudo/KDEsudo
I also have not used SE Linux before. Do I need to manually enforce the permissions for my applications and generate my own profiles for it, or is that done automatically?
I need to add a program to my startup menu (webserver which needs sudo for port80). I follow their directions, but it breaks the program and no pages are served. I will not be home to guide wife and kids every time they boot the machine to sudo start the program. How do you start a program at boot, as root or sudo start.
View 2 Replies View RelatedI cannot figure how to make a program start-up when Ubuntu boots. I want the "sudo firestarter" command to run so the firestarter icon appears in the panel.
View 7 Replies View RelatedI am running an Ubuntu Server 10.10. I have installed Apache2, I put my perl script in /var/lib/cgi-bin. When I run this perl script from the terminal it works fine. When go to a web browser it doesn't. When I look at Apache's error log, I see this line :"sudo no tty present and no askpass program specified"I tried editing the sudoers file, with the user www-data ALL=(ALL) NOPASSWD:/path_to_my_script. But nothing changed. What am I doing wrong?
View 5 Replies View RelatedI'm looking to allow sudo for openvpn for a user.
I cannot find the openvpn program path though, i try a 'which openvpn' command and it returns nothing! :S
What is the path? or how to allow a normal user account to run openvpn with sudo?
Solution found:
Working directories for openvpn on debian 8 are:
/etc/openvpn
/usr/sbin/openvpn
To add sudo capability to a guest account, run this with your admin account:
Code: Select allsudo visudo
then add the line, with your guest username substituted:
Code: Select allusername ALL=/etc/openvpn, /usr/sbin/openvpn
tada! guest account now runs only openvpn.
I just read an article saying some unflattering things about Ubuntu's use of sudo. My question is this true?[URL]..
View 6 Replies View RelatedI've enabled root under Ubuntu (i know frowned upon), I'd like to change the default behaviour of sudo so that rather than requesting my password (the password I logon with), it requires the root password.
Have searched the forums but can't find the answer.
At the terminal prompt, I can't login using su nor sudo. I can only login as root at the dialog level. How do I correct this?
View 6 Replies View Relatedwhy when I type sudo su in a terminal there's no need to enter my password, I just go straight into root
View 5 Replies View RelatedI am using Ubuntu 10.04-alternate-amd64 for full disk encryption. After getting my updates which i get as soon as they are released. I am getting the issue temp root (sudo) password is not being revoked. After using any app that requires the use of sudo the permission for it does not get removed like it normally does.
I have tried logging out then back in, which usually removes the permission, this no longer works, also tried waiting and even after 1 hour permission still there. The only work around I have found is to use the terminal to execute the required programs then after closing terminal the temp permission is now removed like it should be. This issue has effected all of my systems and a friend of mine as well, (friend uses same distro).
To replicate issue:
1) Boot system.
2) Login.
3) Check for updates or any other app that uses root permission.
4) Logout
5) Login
6) Repeat step 3
7) App will not ask for permission it will use root permission automatically.
When I access a remote Natty client using VNC I cannot use the sudo command in a terminal. In fact, the terminal closes itself as soon as I type the sequence sud. Even su d. Or su d.
Sua, su a, su c, su e do not cause the terminal to close itself.
This appears to be some sort of new security "feature".
How do I "work around" it?
[edit]
I'd better elaborate.
I have a remote Natty running 11.04 64-bit desktop version. I have installed tightvncserver on it. I log in on 5901 from a Ubuntu 10.04 64-bit desktop using vinagre. The desktop works fine except when I open a terminal in it and type sud. As soon as I type the d the terminal vanishes. This appears to be a deliberate feature. I also log in to other clients that run 10.04 and this does not happen. I have run Mint 11 in VirtualBox on my local machine and created the same remote desktop and viewed it from mint 11 itself. Same thing happens.
It seems to me that 11.04 has been modified to kill a terminal that is part of a VNC display when sud are typed.
how to remotely administer a 11.04 desktop?
In a rage of anger against VI I decided to open my firewall config file in gedit, made some changes and was then confronted by the fact that it was read only. I decided to change the permissions for the whole of the /etc folder with:
Code:
sudo chmod 777 /etc/*
This also changed /etc/sudoers so that now whenever I try to use sudo I get the error:
sudo: /etc/sudoers is 0777, should be 0440
segmentation fault
I cannot change it back to 440 because I need sudo to do that.
I'm trying to configure my SUDO entries, for this I've added the next lines:User_List ADM = usernameADM ALL=(ALL) NOPASSWD: ALLWhen I close and save the file sends me the following warning>>> /etc/sudoers: syntax error near line 12 <<<visudo: Warning: User_Alias `ADM' referenced but not definedhat now?
View 1 Replies View RelatedUsers of Lacie's 4L which is used to burn labels for your Lightscribe disks, are required to have the app run with sudo privileges, (the command being: gksudo 4L-gui). On an older version of an Ubuntu install, I had it set up so that it did this automatically, without it, (or me), being asked for a password. I thought it was something I added to the sudoers file, to give 4l-gui automatic authority, but I forgot how i did it.
View 2 Replies View RelatedI've installed Ubuntu via UNetbootin from USB on my child's computer. It comes by default with the sudo command which I find really annoying to work with. I'd rather have my su command.
Now, while googling for a removal instruction, I've read that the sudo command is tied to system functions on some Ubuntu live systems and can't be removed easily. Does anyone know if this applies to the 10.04 live version used by UNetbootin and how to work around this problem?
If not, is it simply enough to remove 'sudo' via the software center? I find many tutorials on how to switch from su to sudo but not much about the other way around.
So, I'm not quite sure what the difference is? Is it that sudo allows you to "borrow" superuser privileges, whilst su allows you to actually log in as superuser? Also, when I sudo [command] and get prompted for a password, after I input it, things work just fine, but if I su, and then get prompted for a password, I can't log in as superuser... Why is this?
View 9 Replies View RelatedLike many (most?) home users, until now I've had my regular userid in sudoers as "ALL = (ALL) ALL". It occurs to me that, even though my machine has no open ports, this is probably not a good idea - just in case my firewall suddenly burns down. So, if my thinking is right on this, I'm wondering if there is a generally approved list of Cmnd_Alias entries? At this point, I've decided to only add entries as I use them, and to try to honestly appraise my need to do the entry as sudo, vs opening a virtual console as root. My root password is non-trivial.
View 3 Replies View RelatedConsider: [URL]
In security terms, would using sudo instead of root be safer? I'd actually prefer to use this if so; I like sudo an awful lot. (It's Mark Shuttleworth's fault)
I have a RHEL 5.5 system set up with two users in the sudoers file to run certain commands without a password prompt.I do not have "Defaults requiretty" in the sudoers file.However, for both users, when I issue: sudo -l, it prompts for a password and logs in /var/log/secure:sudo: userx: no tty present and no askpass program specified
View 2 Replies View Relatedtrying to devise a new sudoers configuration while building a new SOE and would like to force everyone (including system administrators) to use rootsh in favour of doing things like sudo -s, sudo bash, sudo tcsh and so forth. Effectively, use sudo to use any shell other than rootsh. Is there a way to allow users to run anything they want except shells. I realise this is a default permit which inherently is defective, but I'm not convinced that going through the 1559 executable commands of my (as yet incomplete) built system to decided on the likely 1000+ commands I would want to be genuinely allowed. As I said this is for system administrators first, and I'd like to forcibly instil the habit of sudo <command> or using rootsh to get an audited shell. But I know people are already not doing enough sudo <command> as it stands, rather they switch to bash.
View 7 Replies View Related We have a couple of clusters that are running Oracle. If you're familiar with Oracle you know that it basically has to be installed as root. Something I detest. anyway, when we are building out the box, we change the root pw and give it to the DBA team to do their installs and configs. When they are done, we change the root pw (and do not give it to them), and configure sudo to allow them the rights needed to manage Oracle and their databases.
Now however, we have a different situation. The DBAs need access to uninstall and reinstall components and make modifications on an ongoing basis. Since we only support OS and hardware, not app, they are requesting permanent root access. I promptly told them no, and the politics ensued. Their manager went to their director, who went to my director, and suddenly an exception is given for his good golfing buddy. So here I am, forced to turn lose DBAs on my clusters with full root access/pw. I need a way to allow specific users (or perhaps a specific user group) the ability to become root WITHOUT sharing the root pw with them.
On my HTPC/Server unbuntu box I have installed logwatch in order to get a daily look on my computer activity.
And I often have this line in the report :
Quote:
root => my_user
-------------
/usr/bin/gconftool - 3 Times.
The corresponding line in auth.log are :
Quote:
./auth.log:Jan 28 07:59:31 sweetBox sudo: root : TTY=unknown ; PWD=/ ; USER=my_user ; COMMAND=/usr/bin/gconftool --get /system/http_proxy/use_http_proxy
./auth.log:Jan 28 07:59:32 sweetBox sudo: root : TTY=unknown ; PWD=/ ;
[Code].....
