Security :: Defaults For Sudo - Permission Denied And Script Fails
Mar 18, 2010
I have a CGI script that when called runs another script as a different user. Yet when the script does run I keep getting a permission denied in the logs and the script fails
In the sudoers file-
www-data ALL=(charly) NOPASSWD=ALL
For the full question-
When looking at /etc/sudoers there is the defaults line that you can add things to. When doing a sudo -L so that I can see what I can put on that defaults line. Can an individual user have specific defaults? Ones that don't effect the rest of the people in /etc/sudoers?
If I try the sudo mv command on the file listed below I get the error listed. I am confused. It is my file & I have permissions. Somehow a slew of files on my system are now showing this way. This seems to correspond when I ran rsync from my netbook to sync it up with my desktop where I am having a problem.
I Have been trying to change a file in filestarter using sudo /etc/rsyslog.conf. but am getting a permission denied message. How do I get into this file to change it ? Firestarter is working ok but for some reason it cannot open the system log. I Have found what amendments need to be made to get this to work but simply cannot get access to the file
I am trying to use VirtualBox which worked just a week ago (I haven't changed anything with it) but now it fails. When I try to start it (from the command line) with /usr/bin/VirtualBox, as a regular user, it fails.
I'm trying to setup a samba server to share data among clients via cifs. As a test, I mounted the samba share on the same machine and tried to access the contents of the directory. The mount command was:mount -t cifs -o username=sthomaso,workgroup=WORKGROUP //server/scratch /mnt/server/scratch..which worked fine after entering the password. Although I can "cd /mnt/server/scratch", when I try to list the contents of the directory with "ls", I get error "ls: reading directory .: Permission denied".
nfs mounted directory which is mounted rw. I and everyone else are members of a common group. We all have write permissions in the tree: All files and directories in the tree are in the common group. All directories are set to 775 and all files are set to 664 or 775, as appropriate.If a file is owned by someone else, even though the file and the directory are group writable, I get permission denied when I try to chmod the file.
Here's the command synopsis: 997 > ls -l portparms.txt -rwxrw-r--. 1 bdaugher fc 4091 Sep 5 2003 portparms.txt
I have, say, 10 machines, connected via NFS and NIS. There's a server which exports the /home using NFS, and exports the user names using NIS. All machines are working fine. I am able to ssh to the machines remotely and get my work done.Recently though, one of the machines (say M, for easy reference) would not allow any other machine on the NFS network [or outside the NFS network] to ssh into it. Every time an ssh attempt is made, 3 IP addresses [including the machine from which an ssh attempt was being made] are added to the /etc/hosts.deny file on M, and the error message on the other machine shows 'permission denied' after the password is entered. I tried using various options that ssh provides, but I cannot figure it out. I also tried uninstalling and reinstalling openssh-client and openssh-server on M, but it didn't change anything.
Another point to note is this: another user made use of M before, for a while, by disabling ssh passwords - so he could access M without having to enter his ssh password. That individual can still log in to M. All others who require to enter a password cannot ssh into M.
Is it possible to change the general permission denied error. I have some rather young users on this system that think they can "hack the gibson" and I would love to change the general error message to something a little more rude/funnyex:# cd restricted area -sh: cd: restricted area: Permission deniedI am curious if its possible to change the error message in general?ex:# cd restricted area-sh: cd: restricted area: (funny/rude message goes here)Quick info:This is a Gentoo 2008.0 system, I would also love to do this on my slacware and OpenBSD boxes as well just for kicks.
I did create an rsa certificate with ssh-keygen using my root account on a client: ssh-keygen -t rsa -b 2048 no passphrase I did copy the rsa pub_key from my client to the server scp id_rsa sampleuser@sampleserver:/home/sampleuser/.ssh/authorized_keys
I did change the ownership to the "sampleuser" of the pub key file on the server: I trayd to connect: ssh sampleuser@sapleserver
I get that: permission denied (public key)... I know I do smth wrong but I don't know what.
I am using Ubuntu 10.04-alternate-amd64 for full disk encryption. After getting my updates which i get as soon as they are released. I am getting the issue temp root (sudo) password is not being revoked. After using any app that requires the use of sudo the permission for it does not get removed like it normally does.
I have tried logging out then back in, which usually removes the permission, this no longer works, also tried waiting and even after 1 hour permission still there. The only work around I have found is to use the terminal to execute the required programs then after closing terminal the temp permission is now removed like it should be. This issue has effected all of my systems and a friend of mine as well, (friend uses same distro).
To replicate issue:
1) Boot system. 2) Login. 3) Check for updates or any other app that uses root permission. 4) Logout 5) Login 6) Repeat step 3 7) App will not ask for permission it will use root permission automatically.
I am looking for a way to setup sudo access for a user, so that he can change permission of all files of the given dir.
By this user can change ownership of files which are on depth bellow to given dir (i.e /etc/userA-conf/), but while trying to change permission of /etc/userA-conf/../user-conf2 , getting error, user userA don;t have that permission.
Let me know what will be the right regex/pattern to achieve this.
In Solaris it's working fine, but I am trying it on Linux RHEL5.
A few days ago I tried to install a driver for a Brother printer (HL-5040) in terminal mode by issuing "sudo dpkg -i --force-all hl5040lpr-1.1.2-1.i386.deb" on my Ubuntu 9.10 PC.
During the process several error messages were displayed. All of them say "permission denied" to access a directory /etc/init.d/lpd. Consequently, the installation failed and Synaptic package manager does not work any more and becomes broken.
Questions: Why did I get "permission denied" as a su? How can I get around the problem so I can re-install the driver?
This is weird, today I updated my system and while trying to visudo from single user mode got
"cannot read /etc/shadow: Permission denied"
which kept me from doing anything until I switched to file permissions of 400 on shadow, then back. Is this being experienced by anyone else or just me? /etc/security/limits.conf doesn't seem like it wants to change in enforcing mode either and I can't find any alerts to provide clues on the situation.
I have recently bought a new laptop, installed my first linux OS on it (Ubuntu 9.10) and an external hard drive with 500GB on it for backup. For the first few days my external hard drive was working fine, but then eventually it wouldn't let me copy/move/delete stuff to and from it. So I kept trying to change the permissions but it wouldn't let me.
I figured this would be a very very common problem, so I looked up some forums to try out the methods but they didn't work. So I thought I would ask you guys for help because I am pleased with the support. I wouldn't think this would be a hard problem to solve.
I have an external hard drive that has all of my Apple Powerbook G4 files on it. I plugged in my "Journal Extended" external hard drive into my new HP laptop with Ubuntu 10.10 on it.
All of my files are on the hard drive still, however lots of them have a little X on the folders and when I try to open them it tells me I don't have permission? How can I force the permission for everything on my external? It's my own files and I can't even access them lol.
Whenever i copy ELF or BIN files from the filesystem of linux i must get permission denied. For this case i have gone through the linux security module but didn't get much help regarding the permission denied only in case of copy of ELF and BIN files from filesystem. how can i proceed in this. WORK DONE:
1. Downloaded linux-184.108.40.206
WORK NEEDS TO BE DONE:
1. compile the kernel with some modifications in linux security module to get the desired results but this time i am unaware of that.
I am trying to wade through the semanage jungle to get permissions for a tftp client. I followed the HowTos [URL] but I get the following at the client:
tftp> status Connected to 192.168.1.101. Mode: netascii Verbose: off Tracing: off Rexmt-interval: 5 seconds, Max-timeout: 25 seconds tftp> get hello.o4 tftp: hello.o4: Permission denied
I finally figured out that the firewall directives shown at the end of the HowTo refer to semanage although the options are stated incorrectly according to the man page for semanage. I did insure that the file hello.o4 in /tftpboot has read permission for everybody.
I'm trying to set up a Fedora 11 server so that users have only SFTP access. The relevant lines from my "/etc/ssh/sshd_config" are:
I can log in okay, I can type "cd /" and "cd upload", but when I try an "ls" command, I get: Couldn't get handle: Permission deniedand when I try to get the file "junk" (listed above), I get: Couldn't stat remote file: Permission deniedAnyone know what I'm doing wrong?
A day ago I finally got around to upgrading the PackageKit installation that had been sitting for a week and a half, so I found a new upgrade for sudo available - the one that gives the sudoreplay command, I forget which version number it is exactly. When I try to use the sudo command I get this notice in my terminal:Code:Can't open /var/db/sudo/me/1: Permission deniedI didn't get it before. What do I have to do to make it open? I'm using SELinux in enforcing mode if that helps.
I installed the Elegant Gnome theme/package and I uninstalled it after about a week of use. Even after reverting back to the ambiance theme, or other themes, I've noticed that some elements of the Elegant Gnome theme have remained (e.g. the panel color and icons in Chrome or after right clicking and the system font).Is there a way to restore the Gnome defaults or Ubuntu system defaults so that everything is as it should be?
I have a user (let's call him John) who is not able to list contents of several 777 directories even though it appears he has permission to.
Case in point, as root:
If I use ls -a or strictly ls as john, I can list the contents of the nss directory:
That says to me that I have an issue listing permissions. Fine, I don't really need john to be able to list permissions. I want him to have rwx access to /media/nss/ENG which as you can see from my listing as root shouldn't be a problem since the perms on that dir are 777.
I am able to CD into the ENG directory or any other directory or subdirectory in /media/nss that has equivalent 777 perms, but once in the directories I can't list the contents:
I can get anywhere and do anything I want under the media/nss folder as john, except listing files. I even tried using an ACL i.e.
I am trying to give an SSH user on my server permission to compile C exploit with gcc, and I have had no luck. Every time i try to run gcc i get: "sh: /usr/bin/gcc: Permission denied. Has anyone else had this problem with this ?
For some reason I am having some issues with permissions of some images. They don't render because they are not set to 644. Now for some reason when I uploaded these files onto my shared hosting with cPanel the files work fine and permissions are fine. I can see there is a permission issue for the files locally on my Mac (OS X - El Capitan).
When I changes these locally on Mac the permissions go all weird and are prefixed with Custom, rather than mac-user-name: Read & Write, staff: Read, everyone: no access. then changes to custom: read & write etc. So then i tried changing permissions on web server see below and I get permission denied and after all the files are gone, i can't delete the images folder through SFTP or SSH. I changed back the image to 755 and tried deleting and still nothing. Not sure what the problem is. Before I chmod I checked that the images are set to the correct user and group as per the rest of the site.
So I try: Code: Select alluser_name@debian:/var/www/html/_files$ chmod -R 644 images
and I get this return: Code: Select allchmod: cannot access ‘images/box-icon.svg’: Permission denied chmod: cannot access ‘images/ie-icon.svg’: Permission denied chmod: cannot access ‘images/google-plus-icon.svg’: Permission denied chmod: cannot access ‘images/mobile-ready-icon.svg’: Permission denied chmod: cannot access ‘images/404.jpg’: Permission denied