Would it be safe to say that if I build a restricted user: "Desktop" or "unprivileged" user I will be ok? From what I understand - most scripts or applications cannot install without the 'sudo' prompt and user input.
View 8 RepliesI'm creating a bash script to do some tasks for me. I would like the script to be run at a set time of everyday. My first question is if it is possible that if one of the commands in the script requires sudo, is there a way to get around it with out making sudo not require a password. Such as, is there a way to include the password in the script? If that is the case, I can always just set the file as read only by sudo. I've been looking for a way to do this, with no success. if I have a command that wants input, how do I give it to the program. For example, if I want to make a zip file that is encrypted, the command would go as:
Code:
zip -r example * -e
now how would I get the script to insert my wanted password.
I have been reading guides for a while now and so far have not found an exact solution to my problem.
I want a linux user (dave) to be able to switch to another account (patrol) without a password prompt, but dave must still be denied access to root. Patrol must also be denied root access.
In the sudoers file
Code:
User_Alias Patrol=dave,john
root ALL=(ALL) ALL
Patrol ALL=(patrol) NOPSSWD: ALL
[Code].....
I wanna trace user's command input history. but I dont plan to use "history", "lastcomm" becauze there is not detail of the user command history. if there is some software use to log user command to one file or database, it's suit for me.
View 1 Replies View RelatedI am trying to get a non-root account on one of our servers to run a script with sudo capability. To that end, I went into the /etc/sudoers file, and added the following syntax:
Code:
## Enable the nagios user to run the check_iptables.sh script as root
nagios ALL=NOPASSWD: /usr/local/nrpe/libexec/check_iptables.sh, /sbin/iptables
I restarted the nagios service, and tested the results. The results were the user account still could not run the script due to the user, nagios, not having permission to run the iptables binary.
Is there another step(s) that I need to take in order to get the sudo access available to the user account?
Stumped on this one. I'm trying to set up limited sudo authority on a desktop with some sensitive user data, and as an extra precaution I wanted to configure sudo to use a password other than the user's or the root's. I'm not sure how to do this. From the manual, we have a few options, such as "runaspw" or "targetpw", but none seem quite what I'm looking for.For instance, "runaspw" could be used if I created a user for nothing other than sudo(ing) purposes, but it requires you set "runas_default", which means that said user would have to have authority to execute said commands in the first place. This is workable, but seems like a lot of extra configuration for each specific command that I want to run, as well as creating some issues with simply commands such as "shutdown" or "reboot". Also, "targetpw" can be used in conjunction with a sudo(ing)-only user if I set an alias, but, again, this isn't quite what I am looking for.
Ultimately, what I am really concerned about in this situation are keystroke loggers, so I would prefer to avoid repeated entering the user or root password when performing administrative tasks. Also, I would prefer not having to create a sudo(ing)-only user as mentioned above to prevent a comprimised password resulting in an attacker being able to log into my system.
I made a Desktop User account. When I went on that account, it allowed me to execute sudo as if I was an administrator. I don't know what might be causing this. I do have ufw set up and blocking incoming connections. Do you guys know what might be at the root of this?Also, when I used sudo from the user account (which I shouldn't have been able to do), I provided the password for my admin account.
View 9 Replies View Relatedi am relatively new to ubuntu. Just recenty i have not been able to access certain files(for example the history and bookmarks in the firefox folder), download files individually from the internet(music,fonts,etc), recieving an error message
Quote: Originally Posted by firefox error console
Error: [Exception... "Component returned failure code: 0x80520015 (NS_ERROR_FILE_ACCESS_DENIED) [nsIFileOutputStream.init]" nsresult: "0x80520015 (NS_ERROR_FILE_ACCESS_DENIED)" location: "JS frame :: file:///usr/lib/firefox-3.6.13/components/nsSessionStore.js :: sss_writeFile :: line 2944" data: no][code]...
i have sudo priveleges and can install via update manager. i read somewhere that compizfusion might affect access permissions and i do use compiz and emerald at the same time.
Is windows 7 UAC basically a user/system control system like sudo?
View 7 Replies View RelatedDoes Fedora Now Prompt End Users To Install New Versions? If so, what a terrible idea and how do I disable it? So, I get a late night call from one of the people I support with their PC. You know, the basic PC user who barely knows enough to be dangerous. I'm sure we all have friends like this, who we help out and keep Linux running for them. Anyway, he says Fedora prompted him to upgrade to Fedora 15 (from 13) and of course, he says OK. He usually says OK when fedora asks to update his software.
Now things are hosed, he can't get on-line and worst of all, he's running F15 with Gnome3 and can't find his way around or do the things he's used to doing. Why on earth would fedora prompt to upgrade to a new version via the net? (..btw - he said it took forever.. ) I'm sure this exact scenario will be played out 1000s of times and peeps like me will be wasting lots of time straightening things out after the fact. Seems to me Fedora should not prompt for full version upgrades. It's trouble waiting to happen and that kind of thing should be user initiated by someone who actually knows what they are doing, so as to avoid the scenario that just played out with me.
I have this weird problem after a fresh install of Ubuntu 11.04: I can enter desktop using autologin but if i open a terminal i cant run anything as superuser ried:
sudo -i
sudo su
sudo <command>
gksudo <command>
i get somthing like: error, invalid password etc etc 3 incorrect login attemtps Also if i ALT+F2 or close gnome session i cannot login back with my username, same error notes: 1. the password is right, i did a second install of ubuntu to make sure it was not my mistake 2. groups seems ok, user is in admin groups 3. I have a similar error, same computer but on an old installation that i ve updated since ubuntu 9.04 to 10.04, then 11.04 but. But here if i try the password a couple of times then i get it working.
A day ago I finally got around to upgrading the PackageKit installation that had been sitting for a week and a half, so I found a new upgrade for sudo available - the one that gives the sudoreplay command, I forget which version number it is exactly. When I try to use the sudo command I get this notice in my terminal:Code:Can't open /var/db/sudo/me/1: Permission deniedI didn't get it before. What do I have to do to make it open? I'm using SELinux in enforcing mode if that helps.
View 1 Replies View RelatedopenSuse v11.1
Linux 2.6.27.39-0.2-default x86_64
VirtualBox v3.1.0
One user account completely ignores all keyboard input. No other account demonstrates this bizarre behavior. The faulty account has had occasional keyboard difficulty but it has always been related to the Virtual Machines (VirtualBox); the hosting account always functioned correctly.
Then the ban on keyboard input. Poof! "Keyboard? What keyboard? I don't see no stinking keyboard!"
It is not the physical keyboard. Three different hardware exhibit the same fault. It is not the motherboard; two mb's show the same fault. It is only that one account. And I even took the Windows route of re-installing the OS (what a waste of time that was).
If something changed, I am not aware of it (although something must have).
I would like to run some existing scripts and send it to a text file:
Note: 'script' is an exist shell script
Note: '/opt/2011jun15/my.db' auto generates everyday with only changes to the directory 2011jun15 base on the current date
currently i will need to run the script manually and make changes to the path below, change directory name 2011jun15 daily and text file new2011jun15.txt ./script -f /opt/2011jun15/my.db > new2011jun15.txt
Am i able to write a shell script to prompt me for a change of path for only '2011jun15' and 'new2011jun15.txt'?
It will be great if i can automate the whole process?
So here's the problem. We've got the /etc/sudoers file set up so that users can run commands from /bin like "cat" or "mkdir" without entering a password. The problem is that the "su" command is also in /bin, so if they enter "sudo su", it gives them root access without a password. Here's the /etc/sudoers file:
Defaults targetpw
%users ALL=(ALL) ALL
root ALL=(ALL) ALL
support ALL=(ALL) NOPASSWD: /sbin/, /bin/, /opt/, /etc/init.d/, /elo/
support ALL=(ALL) NOPASSWD: /usr/bin/mysql
Is there a way I can deny /bin/su while still allowing the rest of the /bin commands?
if ubuntu netbook remix have a built-in firewall, and how does this firewall work when i install applications like Valknut? Do i have to change firewall, or does it make the changes automatically? If i need to manually change open ports in firewall, then i want a easy to understand gui, if there is one. I want to add port-ranges, with options [tcp],[udp],[both] or single ports with same options. Im looking at Guarddog, since i installed all deps for Guidedog. how Guarddog would behave with ubuntu's config?
View 9 Replies View RelatedA strange problem has surfaced with my CentOS 5.5 Rackspace Cloud Server. I was doing OK until today. For some strange reason, whenever I login to the server, using ssh and pub/priv key authorization, or password authorization for that matter, the letter E (that's an uppercase 'e') does not echo at the prompt line, it just beeps like an error. At the login prompt, before signing in, the letter E is echoed to the terminal window. I'm using an iMac, OS X 10.6 (Snow Leopard) and the standard Mac terminal application.
This behavior does not occur when using the terminal app locally, i.e., logged into the iMac, and all other applications on the Mac are OK with 'E's. To further test the issue, I used the Java console app that Rackspace provides through a browser (I use Firefox, latest revision). Before logging in, the login prompt will accept and echo 'E'. As soon as I authenticate and get to a system prompt, anytime I press a Shift-e, I get a beep and no echo to the terminal command line. It doesn't matter who I login as, root or another user.
To further confuse things, if I start up an instance of nano in that very same terminal window, nano accepts and echoes the 'E'! Using nano, I've created a short bash script file:
#!/bin/bash
echo "ABCDEFG"
and it echoes properly when run.
Any clues as to where I might look to resolve this bizarre behavior?
My getinfo.sh system specs are here here.
A little while ago I moved to F14 from Ubuntu; I've been ok, but recently sudo has been causing me trouble :/It seems to hang, but eventually produces some output indicating that it has been waiting for me to input a password; but it hasn't prompted me for one.
$ sudo ls
Sorry, try again.
Sorry, try again.
Sorry, try again.
sudo: 3 incorrect password attempts
Original HOWTO can be found at: [URL]... So the other day I was in IRC and someone had brought up a problem where they created a new Administrative user, but didnt have rights to use sudo. Looked into the problem a little bit to figure out what was wrong, and it turns out that when you create a new user through the user manager (in kubuntu, anyways. Havent tested in Gnome.) the user gets added to the adm group, however, a quick look at the sudoers file shows that its looking for users in the admin group to allow the use of sudo. So, to solve the problem we do the following: If youre on the new admin user (which Im assuming you are) use the following commands:
Code:
su [insert username of old account without brackets]
sudo usermod -G admin [username of new admin account without brackets]
exit
Then simply logout, and then log back in (not always necessary, but the easiest way to flush the permissions.)
Code:
su [insert username of old account without brackets]
Means were going to Switch User to the old admin account
Code:
sudo usermod -G admin [username of new admin account without brackets]
This simply adds the admin group to the secondary group list for the new user
Code:
exit
Pretty self explanatory
I have a basic script that I have thrown together and have created a launcher for it so I can update my computer with one click:
Code:
#!/bin/bash
tty -s; if [ $? -ne 0 ]; then gnome-terminal -e "$0"; exit; fi
[code]...
I have written a script to run commands on remote servers, it is working fine. But when I am running "sudo commands" on the remote servers, it asks for me password after prompting for ssh password. I am unable to automate this password prompt (which is just after ssh password prompt). This is the function I am using to provide passwords
Code:
pass ()
{
cd $DIR/"$dt1"_"$dt"
/usr/bin/perl << 'EOF'
use strict;
[code]....
I want the same function to be used , when it expects for sudo passwords for any of the below lines:
Code:
[sudo] password for vikas: orPassword: This is my "cmd" file passed in pass () function.
Code:
ssh -t -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no 192.168.1.100 "bash rcmds"
This is my script output
Quote:
[vikas@box1 ~]$ ./rscript.sh
++ rm -rf /home/vikas/May_31
++ mkdir -p /home/vikas/May_31
++ set +x
[code]....
how to automate the password prompt required for sudo commands.
Where does input to sudo go? I mean when we give password to sudo prompt where it actually goes? If it goes to a file what is its name or what is its file descriptor?
View 1 Replies View RelatedI am new to fedora (been using debian based distro's for the longest time). With the new release I decided to give FC13 (The kde 64 bit spin) a try. I told it to wipe my entire hdd and encrypt the partitions. The partition manager made a few LVM partitions which I assume are encrypted.
The problem I am having is that if I attempt to use an application that would normally need root access to run, I am not prompted to enter my root password. Instead, I am required to logout and log back in as root. Is there a way to make it so that FC13 will prompt me to enter in my root password so I do not need to log in and out? Or is there something Different I should have done during the install process? Also, what is the terminal equivalent of "sudo" in fedora, or is it still sudo/KDEsudo
I also have not used SE Linux before. Do I need to manually enforce the permissions for my applications and generate my own profiles for it, or is that done automatically?
I'm using an application, then suddenly, it won't take any typed input. Happens on my internal and USB keyboard (is a laptop). Happens usually to just one application at a time (I can type in other applications). The only way I see to fix it is to quit the application, and restart the application. Very bad if I have lots of work open!
Software where I have seen this problem:
firefox
gedit
gimp
save dialogs
My setup:
Debian 5.0.4
XFce
SCIM
I just added a new user to my ubuntu by:
useradd -gdevelopers -d/home/peter -m peter
when peter logs in (after I created a passwd for him) he doesn't see the shell as I do:
me:
adhg@server:~$
peter
$
ALSO, he can't user the TAB to move inside a folder (when you type cs /home/p and use tab to get /home/peter)
My normal prompt looks like: username(at)ubuntu + current directory. (Odd format, it doesn't really look like that, but I was told I needed 15 posts to post an URL).Whenever I change user with "su username" (at least when changing from root to normal user), this prompt completely disappears. All it says on the left in front of the input "$". Also the history doesn't work, and the tab key doesn't complete anything, but rather acts as the normal tab in an editor. do I fix this? It is very annoying. Sorry for the stupid question, but I've searched around for an answer, finding none.
View 1 Replies View RelatedHow is the super user determined for the dialog box that pops up when trying to perform administrative tasks, "An application is attempting to perform an action that requires privileges. Authentication as the super user is required to perform this action."? Does it always ask for the password of the default user created during the OS install, or should it prompt for the current user's password if that person is an administrator?I use likewise-open for windows domain authentication, so I typically log in as a windows user that likewise-open has added to the list of users on this system. I have given this user sudo access and added the user to all the same groups as the default user, yet whenever I perform an administrative task in gnome I am prompted for the password of the default user. Is this normal? It seems like the behavior would be to ask for the current user's password if that user is an administrator, and if so what determines that the current user is an administrator?
View 4 Replies View RelatedI have one Ubuntu 10.04 machine that is configured this way.I want GDM to prompt the user to enter their username via a text field, and then a password, instead of displaying a list of users to choose from.One way to configure GDM's appearance is to run the following from a terminal: gksudo -u gdm dbus-launch gnome-appearance-properties.If I remember correctly, there is a different dialog to run than "gnome-appearance- properties" that allows changing whether GDM prompts for a username or displays a list. But I do not know what it is.
View 2 Replies View Relatedwhen I click on "Users and Groups" the dialogue box shows up, but I'm unable to make any changes because I'm not prompted for authentication (the "add", "delete" etc., buttons are grayed out). I'm using 10.10.
View 2 Replies View RelatedHow do I disable showing Usernames? I want to be prompted for BOTH un and pw. If it is necessary I could just change it so that it boots into a fullscreen terminal so that you would have to input "startx" and then username and password. Or I could just change it through gui or 3rd party software.
View 7 Replies View Related