Search Results

Search found 158 results on 7 pages for 'sudoers'.

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 2/7 | < Previous Page | 1 2 3 4 5 6 7  | Next Page >

  • Allow user to SUDO a script without password.

    - by John Isaacks
    I have a php script with this: <?php #echo exec('whoami'); $output = shell_exec('bash /usr/local/svn/bash_repo/make-live'); echo "$output"; ?> The make-live script contains this: #!/bin/bash cd /var/www-cake sudo svn checkout file:///usr/local/svn/bash_repo/repo/ echo "Head revision has been pushed to live server" So the PHP user who is www-data needs to have nopasswd for that script. I am told I need to add: www-data ALL=NOPASSWD: /usr/local/svn/bash_repo/make-live To sudoers to allow this. First I run sudo visudo but I have no experience with vi so I try to open it in gedit with export EDITOR=gedit && sudo -E visudo which then just opens a sudoers.tmp file which is empty. I add the line and save it. But it doesn't do save. So I just try sudo visudo and I add the line right beneath this part: # User privilege specification root ALL=(ALL) ALL www-data ALL=NOPASSWD: /usr/local/svn/bash_repo/make-live I closed out sudoers and reopened to verify that it has saved. I even restart apache. I run the php file and it still doesn't work. What am I missing?

    Read the article

  • How disable mysql command in sudoers file?

    - by Carlos A. Junior
    How i can disable /usr/bin/mysql command in sudoers file ? ... Actually I've tryed use with this way: %tailonly ALL=!/usr/bin/mysql But when i'm access if user 'tailonly' of group 'tailonly', this command still enabled. In resume, i'm only want that 'tailonly' user access 'tail -f /usr/app/*.log' ... This is possible ? Edit: With this config, the user 'tailonly' still can access mysql terminal with 'mysql' command: $: sudo su $: visudo Cmnd_Alias MYSQL = /usr/bin/mysql Cmnd_Alias TAIL=/usr/bin/tail -f /jacad/jacad3/logs/*.log # User privilege specification root ALL=(ALL:ALL) ALL # Members of the admin group may gain root privileges %admin ALL=(ALL) ALL # Allow members of group sudo to execute any command %sudo ALL=(ALL:ALL) ALL %swa ALL=/etc/init.d/jacad3 stop %swa ALL=/etc/init.d/jacad3 start %swa ALL=/etc/init.d/jacad3 restart %swa ALL=sudoedit /jacad/jacad3/bin/jacad_start.sh %tailonly ALL=ALL,!MYSQL

    Read the article

  • sudoers file cleanup and consolidation tool/script

    - by Prashanth Sundaram
    Hello All, I am curious to know what other folks out there might be using to keep the sudoers file in a sane manner. I am looking for a tool, that removes redundant entries, overlapping permissions and/or present sudoers file in a organized way(like sorting by permissions/users/Aliases). I use SVN and Confi Mgmt. tool to version control and deploy resp. Is there any add-on/plugin you would recommend/use? User_Alias RT1123 jappleseed, sjobs Host_Alias HOST_RT1123 wdc101.domain.com, wdc104.domain.com Cmnd_Alias ..... Our sudoers file is simple but a lot of entries and it needs to be cleaned up. Does anyone know/have a tool/script to fix/present it ? Thanks!

    Read the article

  • What is the difference between the 'sudo' and 'admin' group?

    - by ændrük
    I noticed that two groups are granted similar-looking permissions in /etc/sudoers: # Members of the admin group may gain root privileges %admin ALL=(ALL) ALL # Allow members of group sudo to execute any command %sudo ALL=(ALL:ALL) ALL My user account with "Administer the system" privileges is in the admin group, and there don't appear to be any users in the sudo group. What are these two groups for?

    Read the article

  • Editing sudoers file to restrict a user's commands

    - by devin
    Is it possible to edit the sudoers file so a user can use sudo for any command except for a specified one? I reverse is true, I believe, that the sudoers file can be setup so that a user can only execute a given list of commands. EDIT: the commands I really want to take away are halt and reboot... this makes me think there are special system calls for halt and reboot. Can you take system calls away from a user? If not, is it because the unix permission system abstracts over system calls neglecting this?

    Read the article

  • Regain Sudo rights after removing from admin group

    - by berkes
    Hello, I accidentally removed myself from the admin group when editing the user. Now I can no longer use sudo. The error says: ber is not in the sudoers file. This incident will be reported. I booted up in rescue mode, but, when going into root prompt, it asks me for the root password. I don't have one, and providing with my own (first and only ubuntu-user) password, it won't allow entrance. My harddisk is encrypted, but only the /home/user part, not the entire disk, afaik. What can I do?

    Read the article

  • Sudoers file permissions

    - by twigg
    I'm trying to run the following command without the need for sudo: echo 1 | sudo tee -a /sys/block/$hd/device/delete The $hd variable changes dynamically from sdb - sdi for each one of my HDD's in my drive bay. I added the following line to the sudoers file: operator ALL=/sys/block/sdb/device/delete But this didn't make a difference its still asking for sudo password even if I run: echo 1 | sudo tee -a /sys/block/sdb/device/delete

    Read the article

  • Fedora, ssh and sudo

    - by Ricky Robinson
    I have to run a script remotely on several Fedora machines through ssh. Since the script requires root priviliges, I do: $ ssh me@remost_host "sudo touch test_sudo" #just a simple example sudo: no tty present and no askpass program specified The remote machines are configured in such a way that the password for sudo is never asked for. For the above error, the most common fix is to allocate a pseudo-terminal with the -t option in ssh: $ ssh -t me@remost_host "sudo touch test_sudo" sudo: no tty present and no askpass program specified Let's try to force this allocation with -t -t: $ ssh -t -t me@remost_host "sudo touch test_sudo" sudo: no tty present and no askpass program specified Nope, it doesn't work. In /etc/sudoers of course I have this line: #Defaults requiretty ... but I can't manually change it on tens of remote machines. Am I missing something here? Is there an easy fix? EDIT: Here is the sudoers file of a host where ssh me@host "sudo stat ." works. Here is the sudoers file of a host where it doesn't work. EDIT 2: Running tty on a host where it works: $ ssh me@host_ok tty not a tty $ ssh -t me@host_ok tty /dev/pts/12 Connection to host_ok closed. $ ssh -t -t me@host_ok tty /dev/pts/12 Connection to host_ok closed. Now on a host where it doesn't work: $ ssh me@host_ko tty not a tty $ ssh -t me@host_ko tty not a tty Connection to host_ko closed. $ ssh -t -t me@host_ko tty not a tty Connection to host_ko closed.

    Read the article

  • sudo: apache restarting a service on CentOS

    - by WaveyDavey
    I need my web app to restart the dansguardian service (on CentOS) so it needs to run '/sbin/service dansguardian restart' I have a shellscript in /home/topological called apacherestart.sh which does the following: #!/bin/sh id=`id` /sbin/service dansguardian restart r=$? return $r This runs ok (logger statement in script for testing output to syslog, so I know it's running) To make it run, I put this in /etc/sudoers: User_Alias APACHE=www # Cmnd alias specification Cmnd_Alias HTTPRESTART=/home/topological/apacherestart.sh,/sbin/e-smith/db,/etc/rc7.d/S91dansguardian # Defaults specification # User privilege specification root ALL=(ALL) ALL APACHE ALL=(ALL) NOPASSWD: HTTPRESTART So far so good. But the service does not restart. To test this I created a user david, and fudged the uid/gid in /etc/passwd to be the same as www: www:x:102:102:e-smith web server:/home/e-smith:/bin/false david:x:102:102:David:/home/e-smith/files/users/david:/bin/bash then logged in as david and tried to run the apacherestart.sh. The problem I get is: /etc/rc7.d/S91dansguardian: line 51: /sbin/e-smith/db: Permission denied even though S91dansguardian and db are in the sudoers command list. Any ideas?

    Read the article

  • sudo ENV_KEEP not always preserving

    - by mafro
    When I run sudo -s, my environment is preserved. However, when running a simple sudo <command> it appears not to be preserved. The contents of my sudoers file: mafro@ip-10-xx-xx-250:~ > sudo cat /etc/sudoers.d/mafro Defaults env_reset Defaults env_keep += "HOME" mafro ALL=(ALL) NOPASSWD:ALL Using sudo -s, the ll alias is available: mafro@ip-10-xx-xx-250:~ > sudo -s root@ip-10-xx-xx-250:~ > ll total 8K drwxrwxr-x 2 mafro dev 4.0K Jun 9 23:59 bin drwxr-xr-x 20 mafro dev 4.0K Jun 9 23:59 dotfiles Using straight sudo, it is not: mafro@ip-10-xx-xx-250:~ > sudo ll sudo: ll: command not found What is happening here?

    Read the article

  • How to sudo as another user, without specifying the username

    - by Pedro
    So I'm currently trying to create a sudoers file, but I ran into something I can't figure out. The end result I'm looking for is that I want users to be able to do something like: sudo /usr/sbin/script.pl But, instead of running as root, I'd like the script to run as "other_user". I looked into the sudoers file, and I tried adding a line like: pedro ALL = (other_user) /usr/sbin/script.pl But that only works if I specify the user by doing sudo -u other_user /usr/sbin/script. Is there an (easy) way to have the script run as a specific user, without having to specify it in the command line?

    Read the article

  • Best practices to avoid Jenkins error: sudo: no tty present and no askpass program specified

    - by s g
    When running any sudo command from Jenkins I get the following error: sudo: no tty present and no askpass program specified I understand that I can solve this by adding a NOPASSWD entry to my /etc/sudoers file which will allow user jenkins to run commands without needing a password. I can add an entry like this: %jenkins ALL=(ALL)NOPASSWD:/home/vts_share/test/sudotest.sh ...but this leads to the following issue: how to avoid specifying full path in sudoers file? I can add an entry like this: %jenkins ALL=NOPASSWD: ALL ...but this allows user jenkins to avoid the password prompt for all commands, which seems a bit unsafe. I'm just curious what my options are here, and if there are any best practices I should consider.

    Read the article

  • Configuring sudo to work without password

    - by aidan
    I'm trying to configure sudo to allow all users to restart apache without having to enter a password. Security concerns aside, why isn't this working? I added the line to /etc/sudoers: %admin ALL=NOPASSWD: /usr/sbin/apache2ctl $sudo -l User aidan may run the following commands on this host: (root) NOPASSWD: /usr/sbin/apache2ctl (ALL) ALL $sudo /usr/sbin/apache2ctl [sudo] password for aidan: Thanks for any help.

    Read the article

  • Execute build task in Hudson with root privilages

    - by jensendarren
    I have a build script which executes apt-get and therefore requires root privileges. What is the best way to run this script in Hudson? Currently the only solution I have found that works is to add an entry to the sudoers file for the user hudson like so: hudson ALL=(ALL) NOPASSWD:ALL However, although my build script now runs without error in Hudson, I am not entirely comfortable with this solution. Is there a better way?

    Read the article

  • added shell script to sudoers still getting permission denied

    - by Bill S
    I don't understand this? Other uses of sudo work fine. [oracle@o plugins]$ su Password: [root@ plugins]# su nrpe bash-3.2$ /home/oracle/obiee/instances/instance1/bifoundation/OracleBIApplication/coreapplication/setup/bi-init.sh bash: /home/oracle/obiee/instances/instance1/bifoundation/OracleBIApplication/coreapplication/setup/bi-init.sh: Permission denied bash-3.2$ sudo -l Matching Defaults entries for nrpe on this host: env_reset, env_keep="COLORS DISPLAY HOSTNAME HISTSIZE INPUTRC KDEDIR LS_COLORS MAIL PS1 PS2 QTDIR USERNAME LANG LC_ADDRESS LC_CTYPE LC_COLLATE LC_IDENTIFICATION LC_MEASUREMENT LC_MESSAGES LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER LC_TELEPHONE LC_TIME LC_ALL LANGUAGE LINGUAS _XKB_CHARSET XAUTHORITY" Runas and Command-specific defaults for nrpe: User nrpe may run the following commands on this host: (ALL) NOPASSWD: /home/oracle/obiee/instances/instance1/bifoundation/OracleBIApplication/coreapplication/setup/bi-init.sh bash-3.2$

    Read the article

  • Allowing an user to execute just something

    - by Jack
    Hello, which is the best way to allow a new user that I just created on ubuntu linux 9.04 to execute a script that requires some sudo without allowing him to the sudoers? The fact is that I want to give the user just the ability to execute that script, without letting him to do anything more. Is there a simple way to do it?

    Read the article

  • allowing sudo to delete certain files

    - by chandank
    I would like to allow to delete certain files in /tmp directory to sudo users. I have added the Allow_Cmnd /usr/sbin/userdel for sudo users but this does not delete all /tmp files associated with the user. So how shall I tweak the sudoers to allow them to delete certain files in /tmp directory only. I googled a bit but learned that regex may be be application at this. I tried couple of tweaks but its not working for me. I would like the users to have ability to execute command such as find /tmp -uid 10002 | grep joeuser | xargs rm -rf

    Read the article

  • sudoer scheme for a web developer that retains future control of a server?

    - by Tchalvak
    Background I have a server that I'm looking to set up, and provide access to another web developer. I don't want to put many constraints on him, though I wouldn't mind isolating the site that he'll be developing from others on the server that I will develop. The problem Mainly what I want is to make sure that I retain control over the server in the future. I want to reserve the ability to create/promote/demote and other administrative functions that don't deal with web software. If I make him an admin, he can sudo su - and become root and remove root control from me, for example. What is a good setup for the sudoers file so that he can do things like: *install software (through apt-get) restart apache access mysql configure mysql/apache reboot edit web development configuration type files in /etc * And can't do things like: take away other admin permissions change the root password have control over other security/administrative functions Example sudoer files that accomplish something like that could be useful, I'm sure that people have needed to do this before.

    Read the article

  • Creating svn repo programmatically from a webpage and sudo

    - by Adriano Varoli Piazza
    We want to automate the creation of the svn repos and trac environments for new projects. Basically, this would mean creating a web script that got some info (like env and repo name, etc) from the user and then executed sudo -u svn svnadmin create /var/svn/<projectname> trac-admin /var/trac/sites/<projectname> initenv [... All extra params...] For the second command, this is simple, as it already runs as the www-data user, so I wouldn't have to use sudo. But for the first command, I'd have to use sudo and add www-data to the sudoers file. I was wondering if this is a good idea, and how to do it in that case. Reading the manpage has left me with more doubts than certainties about this. This webserver would only be accessible from our internal network, by the way. The OS is Ubuntu Server 10.04.

    Read the article

  • Executing a command as apache

    - by Lord Loh.
    This script keeps outputting a 1. and I cannot understand why. <?php passthru("nohup sudo rndc reload sd.example.com",$op); print_r($op); ?> I have also tried the above code without the nohup. I have the following line in my sudoers file apache ALL = NOPASSWD: /usr/sbin/rndc reload sd.example.com Just to test, temporally, I allowed apache a shell, logged in as apache by sudo su apache and successfully managed to execute sudo rndc reload sd.example.com. I do not see any error message in my log files wither. What could I be possibly doing wrong? None of the similar threads have pointed me to anything that solved my problem or debug it.

    Read the article

  • a safer no password sudo?

    - by Stacia
    Ok, here's my problem - Please don't yell at me for being insecure! :) This is on my host machine. I'm the only one using it so it's fairly safe, but I have a very complex password that is hard to type over and over. I use the console for moving files around and executing arbitrary commands a LOT, and I switch terminals, so sudo remembering for the console isn't enough (AND I still have to type in my terrible password at least once!) In the past I have used the NOPASSWD trick in sudoers but I've decided to be more secure. Is there any sort of compromise besides allowing no password access to certain apps? (which can still be insecure) Something that will stop malware and remote logins from sudo rm -rf /-ing me, but in my terminals I can type happily away? Can I have this per terminal, perhaps, so just random commands won't make it through? I've tried running the terminal emulations as sudo, but that puts me as root.

    Read the article

  • sudoer scheme for another web developer that retains my future control of a virtual server?

    - by Tchalvak
    Background: Virtual Private Server I have a virtual private server that I'm looking to host multiple websites on, and provide access to another web developer. I don't care about putting too many constraints on him, though I wouldn't mind isolating the site that he'll be developing from other sites on the server that I will develop. The problem: retain control Mainly what I want is to make sure that I retain control over the server in the future. I want to reserve the ability to create/promote/demote and other administrative functions that don't deal with web software. If I make him an admin, he can sudo su - and become root and remove root control from me, for example. I need him not to be able to: take away other admin permissions change the root password have control over other security/administrative functions I would like him to still be able to: install software (through apt-get) restart apache access mysql configure mysql/apache reboot edit web development configuration type files in /etc/ Other Standard Setups would be happily considered I've never really set up a good sudoers file, so simple example setups would be very useful, even if they're only somewhat similar to the settings that I'm hoping for above. Edit: I have not yet finalized permissions, standard, useful sudo setups are certainly an option, the lists above are more what I'm hoping I can do, I don't know that that setup can be done.

    Read the article

  • sudoer scheme to allow useful access to another web developer yet retain future control of a virtual

    - by Tchalvak
    Background: Virtual Private Server I have a virtual private server that I'm looking to host multiple websites on, and provide access to another web developer. I don't care about putting too many constraints on him, though I wouldn't mind isolating the site that he'll be developing from other sites on the server that I will develop. The problem: retain control Mainly what I want is to make sure that I retain control over the server in the future. I want to reserve the ability to create/promote/demote and other administrative functions that don't deal with web software. If I make him an admin, he can sudo su - and become root and remove root control from me, for example. I need him not to be able to: take away other admin permissions change the root password have control over other security/administrative functions I would like him to still be able to: install software (through apt-get) restart apache access mysql configure mysql/apache reboot edit web development configuration type files in /etc/ Other Standard Setups would be happily considered I've never really set up a good sudoers file, so simple example setups would be very useful, even if they're only somewhat similar to the settings that I'm hoping for above. Edit: I have not yet finalized permissions, so standard, useful sudo setups are certainly an option, the lists above are more what I'm hoping I can do, I don't know that that setup can be done. I'm sure that people have solved this type of problem before somehow, though, and I'd like to go with something somewhat tested as opposed to something I've homegrown.

    Read the article

  • How to allow unprivileged apache/PHP to do a root task (CentOS)

    - by Chris
    I am setting up a sort of personal dropbox for our customers on a CentOS 6.3 machine. The server will be accessible thru SFTP and a proprietary http service base on PHP. This machine will be in our DMZ so it has to be secure. Because of this I have apache running as an unprivileged user, hardened the security on apache, the OS, PHP, applied a lot of filtering in iptables and applied some restrictive TCP Wrappers. Now you might have suspected this one was coming, SELinux is also set to enforcing. I'm setting up PAM to use MySQL so my users in the web application can login. These users will all be in a group that can use SSH only for SFTP and users will be chrooted to their own 'home' folder. To allow this SELinux wants the folders to have the user_home_t tag. Also the parent directory needs to be writable by root only. If these restrictions are not met SELinux will kill the SSH pipe immediately. The files that need to be accessible thru both http and SFTP so I have made a SELinux module to allow Apache to search/attr/read/write etc. to directories with the user_home_dir_t tag. As sftp users are stored in MySQL I want to setup their home dirs upon user creation. This is a problem since Apache has no write access to the /home dir, it's only writable by root since it's required to keep SELinux and OpenSSH happy. Basically I need to let Apache do only a few tasks as root and only within /home. So I need to somehow elevate the privileges temporarily or let root do these tasks for apache instead. What I need to have apache do with root privileges is the following. mkdir /home/userdir/ mkdir /home/userdir/userdir chmod -R 0755 /home/userdir umask 011 /home/userdir/userdir chcon -R -t user_home_t /home/userdir chown -R user:sftp_admin /home/userdir/userdir chmod 2770 /home/userdir/userdir This would create a home for the user, now I have an idea that might work, cron. That would mean the server needs to check for users that have no home every minute, then when creating users the interface would freeze for an average of 30 seconds before the account creation can be confirmed which I do not prefer. Does anybody know if something can be done with sudoers? Or any other idea's are welcome... Thanks for your time!

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 1 2 3 4 5 6 7  | Next Page >