Ubuntu Security :: Patch For Sudo That Allows Sudoers Information To Be Pulled From MySQL?
Apr 12, 2011
This may be a stupid (?) question, but does any one know of a patch for sudo that allows the sudoers information to be pulled from mySQL?
I run multiple servers with multiple people working on them and would like a one-stop update of permissions.
Yes, I could use rsync or the like, but I'm just wondering if this has been done, or could be done.
(Sorry if this is the wrong forum, I'm kinda new around here, posting wise and this seemed to fit. Feel free to move it if it's not)
View 3 Replies
ADVERTISEMENT
Feb 15, 2011
I have previously set up sudo via adding my name to the wheel group and then giving full privileges to the wheel group in the sudoers file. Now I choose to learn to limit that. Had noticed the most frequent use I have of sudo is to run yum update. This got me thinking, could I remove the wheel group privileges and add the following line in sudoers to limit the privilege to simply running yum, and furthermore, make it so I could run yum without a password:
## Allow root to run any commands anywhere
rootALL=(ALL) ALL
Troy ALL= NOPASSWD: /usr/bin/yum
I think that would in fact work (if I understood one of the pages here, it will work). However, upon further thinking I realized that in such a case then anyone sitting at my computer could then use yum, without a password, to install or remove any file on my system � probably not a good idea. As a result I have to ask, can I tighten the privilege even further such that the only privilege so given was to run �yum update� and nothing else? (for example if they ran �yum install� it would fail). If you can do it, how?
Last, I was going to limit the privilege, time wise and try wise, by adding the following to the sudoers file:
# Defaults specification
Defaults:Troy timestamp_timeout=0, passwd_tries=3
Will that really work to limit the elevated privilege so I don't have elevated privileges lingering about, or is there a better way to do so?
View 3 Replies
View Related
Mar 25, 2010
I get this message if i try to use sudo/gksudo. What causes this, how can I solve it? It has been working for years. If i remember correcttly there was a sudo update few days ago, maybe it doesnt work since then, i havent used it in the last few days.
View 9 Replies
View Related
Dec 24, 2010
Whenever I try to run something as root using the sudo comand I get: Code: ramy is not in the sudoers file. This incident will be reported.
View 6 Replies
View Related
Jan 4, 2010
I have a problem, I changed the own of all the etc folder, it was a mistake, but I can't change it again, now, I cant use "sudo" because root is not the own. When I try to use "sudo" this is the error: sudo: /etc/sudoers is owned by uid 1000, should be 0. so, the own is my user instead of the root. How can I change it again?
View 6 Replies
View Related
May 31, 2011
When I try to use sudo, I get this error message.
Code:
sudo: /etc/sudoers is owned by uid 1000, should be 0
sudo: no valid sudoers sources found, quitting
View 6 Replies
View Related
Jun 10, 2011
After install TexLive, sudo stop working. If I run sudo:
Quote:
sudo: can't open /etc/sudoers: Permission denied
sudo: no valid sudoers sources found, quitting
Edit: Hal and dbus is not working either, if i startx I don't have network manager or automatic mount of pen and disks.
View 10 Replies
View Related
Oct 18, 2010
After upgrading GNOME to 2.32 in my openSUSE 11.3 x86_64 running graphic applications with sudo is impossible. (that means it worked before upgrading GNOME)
Code:
etam@etam-laptop:~> sudo xeyes
root's password:
No protocol specified
Error: Can't open display: :0.0 From /etc/sudoers:
Code:
Defaults env_keep = "LANG LC_ADDRESS LC_CTYPE LC_COLLATE LC_IDENTIFICATION LC_MEASUREMENT LC_MESSAGES LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER LC_TELEPHONE LC_TIME LC_ALL LANGUAGE LINGUAS XDG_SESSION_COOKIE XMODIFIERS GTK_IM_MODULE QT_IM_MODULE QT_IM_SWITCHER DISPLAY"
Some interesting facts:
[code]....
View 2 Replies
View Related
Jan 21, 2011
I was changing some file permissions with the chmod 777 command and i accidentally executed:
Code:
sudo chmod 777 /*/*/*/*
and now i can't get root access to anything. If I try executing a sudo command i get:
sudo: /etc/sudoers is mode 0777, should be 0440
sudo: no valid sudoers sources found, quitting
View 9 Replies
View Related
Aug 16, 2010
since a recent upgrade to Mandriva 2010.1 I am not able to 'sudo' as administrator or when I use the 'root' password. I am the only user on this machine (Dell Inspiron 530S multi-booted with Window's Vista Home Premium, Ubuntu 10.4, and Mandriva 2010.1). I can get into the 'Manage Users' section of the control center by authenticating as 'root' but I can't access 'sudoers file' from command line.
View 4 Replies
View Related
Sep 16, 2010
A day ago I finally got around to upgrading the PackageKit installation that had been sitting for a week and a half, so I found a new upgrade for sudo available - the one that gives the sudoreplay command, I forget which version number it is exactly. When I try to use the sudo command I get this notice in my terminal:Code:Can't open /var/db/sudo/me/1: Permission deniedI didn't get it before. What do I have to do to make it open? I'm using SELinux in enforcing mode if that helps.
View 1 Replies
View Related
Jun 5, 2010
A few minutes ago I accepted a suggestion from update-manager for restarting my system, such that some security updates could be effective. After restarting and login in as usual, I discovered that I could not use my adminstrative rights as a sudoer. To recover them I booted again, as root, and added my username in the "admin" group. Rebooting, all seemed well again. As an extra check I installed and ran 'chkrootkit' and nothing suspect was found.What could have hapenned? Just a glitch in the system? Can a user disappear from a group for nothing?What further checks can I make to be sure that my system is safe?I'm using Ubuntu Jaunty Jakalope amd64, with kernell 2.6.28-15-generic.
View 5 Replies
View Related
Mar 15, 2011
Suddenly I am not in the sudoers file. I am not sure how to recover from this. I have no grub screen at bootup, so I can't boot into single user. I think I am going to have to boot a live version of ubuntu to start with. Is that right? What's next after that? Also, how could this happen, I haven't touched the sudoers file or added users or anything like that (well not that I am aware of) I am a little concerned that this may be the result of someone breaking in? Would this be a likely symptom?
View 3 Replies
View Related
Aug 31, 2010
I am using MySQL 5.0.77 Version rpm on CentOS 5 Red Hat Linux. I want to install micro second slow query log patch on this MySQL S/W version.As I found the slow query micro second patch on percona site i.e. [URL]step by step to install above mentioned patch with rpm based MySQL installation? Do we need MySQL source files to apply patch ?
View 13 Replies
View Related
Feb 1, 2010
My goal: I want to give users in the group "rtkprd" the ability to elevate their privileges and run a restricted shell script by using sudo. The full path to the shell script is /usr/local/bin/only_rtkprd.sh
The syntax of /etc/sudoers is giving me fits, to I've reduced my sudoers to a single log directive and a single line to enable the rtkprd group.
Code:
Defaults logfile=/var/log/sudo
%rtkprd ALL = (rtkprd) /usr/local/bin/only_rtkprd.sh
[code]....
View 3 Replies
View Related
Aug 2, 2010
In a recent discussion I had, I was led to believe I could use sudoers to restrict using vi (for example) for the editing of say specific config files. I know how to allow root use of vi and how to lock it down from getting to a bash prompt with NOEXEC tag,but I can't figure out how to restrict the use of vi to only edit certain files. Tutorials and howtos I have checked don't address this
View 7 Replies
View Related
Nov 21, 2010
I'm suspicious that the context of /etc/sudoers is wrong. During the last upgrade to Fedora 14, RPM dropped /etc/sudoers.rpmnew, which had a different context than the real sudoers file. But, when I try to get SELinux to relabel the file (using restorecon or fixfiles), it refuses to make a change.
> ls -lZ /etc/sudoers
-r--r-----. root root unconfined_u:object_r:etc_t:s0 /etc/sudoers
> matchpathcon /etc/sudoers
[code]....
View 5 Replies
View Related
May 31, 2011
I have tried several things to attempt to fix my sudoers file however it is still coming up with errors. The error says
[code]...
the sudoers configuration file is set to the default as I have ran a dpkg on it, have also uninstalled and reinstalled it, and went over the configuration file ensuring it looked like the defaults I had seen online.
View 8 Replies
View Related
Jan 16, 2011
This post concerns info found at [URL]. My question is: How do I get the patch. The author makes ref. to "his" git repo and the patch for TOR. I guess the patch allows the use of some compile time options that can harden the build. I looked through the change log of TOR and couldn't see any of the options referenced by Jacob in his post. I have read on the net that compile time hardening options are part of the gnu compiler, not the application to be compiled. Is this true?
View 5 Replies
View Related
Dec 2, 2009
Is there a mailing list or an alert where I can subscribe to, so I know if there's critical or moderate patches I have to apply to my Centos 5 servers.
View 5 Replies
View Related
May 29, 2010
I am new to fedora (been using debian based distro's for the longest time). With the new release I decided to give FC13 (The kde 64 bit spin) a try. I told it to wipe my entire hdd and encrypt the partitions. The partition manager made a few LVM partitions which I assume are encrypted.
The problem I am having is that if I attempt to use an application that would normally need root access to run, I am not prompted to enter my root password. Instead, I am required to logout and log back in as root. Is there a way to make it so that FC13 will prompt me to enter in my root password so I do not need to log in and out? Or is there something Different I should have done during the install process? Also, what is the terminal equivalent of "sudo" in fedora, or is it still sudo/KDEsudo
I also have not used SE Linux before. Do I need to manually enforce the permissions for my applications and generate my own profiles for it, or is that done automatically?
View 14 Replies
View Related
Mar 22, 2011
I am learning PHP to take information submitted in a web-form and store it in a MySQL database, but I also need it to automatically print to the laser printer I have setup. So that a notice or printout is produced of the information.
My question is... what route do I go to automate printing from web-based information in a PHP/MySQL database?
Is it PERL ? or does PHP have a feature to do this?
View 2 Replies
View Related
Aug 26, 2011
Does anyone know if this kernel patch has been applied to any 11.04 kernels? [URL]
View 5 Replies
View Related
Jun 28, 2010
My system is trying to install security update, but I get the following message: A package could not that allows the task to complete.
Details are as follows:
patch:libfreebl3-2258.noarch conflicts with libfreebl3-32bit.x86_64 < 3.12.6-3.1.1 provided by libfreebl3-32bit-3.12.6-2.pm.6.2.x86_64
View 9 Replies
View Related
Oct 27, 2010
I have SuSE 11.2. There is a security patch for Mozilla NSS Library. However, I get told by YaST that the libfreebl3-3241.noarch conflicts with mozilla-nspr.i586. (There's also a patch for glibc but apparently, it is not "willing" to install this without installing the other patch first). Anyway, I did the following: zypper lp and then rpm -qi libfreebl3 and then zypper lr -d.
Here are the results:
Code:
zypper lp
Repository 'Updates for openSUSE 11.2-0' is out-of-date. You can run 'zypper refresh' as root to update it.
Loading repository data...
Reading installed packages.....
Code:
zypper refresh
Repository '11.2' is up to date.
Repository 'Education' is up to date.
Repository 'Printing' is up to date.
Retrieving repository 'games' metadata [done]
Building repository 'games' cache [done]
Retrieving repository 'Updates for openSUSE 11.2-0' metadata [done]
Building repository 'Updates for openSUSE 11.2-0' cache [done]
Repository 'mozilla/openSUSE_11.2' is up to date.
Repository 'openSUSE-11.2-Non-Oss' is up to date.
Repository 'openSUSE-11.2-Oss' is up to date.
All repositories have been refreshed. I don't know what to do. In order to update FireFox, (on Aug 1, 2010) I had to do as posted in this thread: (instructions by caf4926) Updating firefox. So, I followed these directions: ImageBam - Fast, Free Image Hosting and Photo Sharing. Now what do I do?
View 3 Replies
View Related
Dec 8, 2010
I've been a distro-hopper for a while and just installed FC14. I like it and it seems very stable on my older Presario laptop (2170us with 1-Gig Memory and 80-gig HDD).In other distros, I was able to open a Terminal, type "su" & <password> then type "gedit" and take care of things like the Workgroup name in Samba, adding a user to sudoers, etc.....but in FC14's Terminal, typing "su" & <password> and then "gedit" results in all kinds of error messages (that I can't recall right now). I did find after typing "su" & <password>, that if I then typed "sudo gedit", gedit opens just fine.I had tried to type "sudo gedit" (before trying "su") but was told I wasn't in sudoers.I suppose it's minor for someone like me who can eventually find a way around it...but why won't gedit open when I'm a superuser by just typing "gedit"?
View 3 Replies
View Related
Apr 13, 2010
When booting up the system I noticed that there is a statement of a CPUid patch listed as systems boots.
View 1 Replies
View Related
Jan 16, 2011
What is sudo? I tried to do this : sudo apt-get install mysql-server
And then it gave me this :
We trust you have received the usual lecture from the local System
Administrator. It usually boils down to these three things:
1) Respect the privacy of others.
2) Think before you type.
3) With great power comes great responsibility.
[sudo] password for mlocicero: mlocicero is not in the sudoers file. This incident will be reported.
View 4 Replies
View Related
Apr 8, 2011
I just want to upgrade my Slackware 13.1 kernel (2.6.33.4) to the latest stable kernel from kernel.org (2.6.38.2). I have never done anything like this and I am a Linux newbie, so I would appreciate a "Kernel Patching for Dummies" version if possible. I did do a search on this forum and most of what I read was over my head. I found an FAQ on kernelnewbies.org on "How To Apply A Patch" but when I attempted what they suggested, it said it couldn't find the file to patch at line 5 and asked me which file to patch. So I CTRL-Z'd out of there and came here. Here's what I tried:
[code]...
View 14 Replies
View Related
Mar 11, 2011
I am having problems on a server installation (9.10) with a kind of unstable sudoers file. Logging in as a user of group admin allows only sometimes to issue sudo commands.Most of the time I am getting a "not in sudoers file" errror.
Code:
$ sudo COMMAND
[sudo] password for USER:
[code]....
View 2 Replies
View Related
