Search Results

Search found 1023 results on 41 pages for 'privileges'.

Page 4/41 | < Previous Page | 1 2 3 4 5 6 7 8 9 10 11 12  | Next Page >

• MySQL asking a user for SUPER privilege to perform a delete.

  - by Fran

  Hello, When trying to do a delete operation on a table, mysql reports the following error: Error code 1227: Access denied; you need the SUPER privilege for this operation. However, my user has this privilege granted for all tables in the schema: GRANT ALL PRIVILEGES ON myschema.* TO 'my_admin'@'%' How come it asks me for SUPER privilege for a delete? Thanks in advance.

  Read the article

• Display CPU usage separately (without root privileges)

  - by synaptik

  I need to display the CPU usage for each processing core on a single shared-memory 12-core (SMP) machine. I don't have access to install htop, else I would simply use that. I don't need fancy graphs or meters, though they would be nice. For example, simply displaying: X X X X X X X X X X X X where each X is the percentage utilization of 1 of the 12 processing cores on my machine. FYI: I know I can simply look at the utilization in "top" and divide that number by the number of cores on my machine, but I prefer a solution that shows each core separately.

  Read the article

• Windows Server 2003 - Give User Full Admin Privileges

  - by APShredder

  I am running Windows Server 2003. There are a couple of user accounts that I would like to promote to Administrator accounts. I've tried several ways to do so, but I am still relatively new to setting up a server. If anyone has any ideas on how to go about promoting these users, I thank you in advance. EDIT: I should probably mention that this a domain controller. I didn't realize that this changed the answer I was looking for. I apologize, like I said before I am new to the world of servers. EDIT #2: I've added the users to the Administrator group like most of the answer recommended, but the users don't seem to have admin rights yet. I think this might be because they are also in the Domain Users group, which I can't seem to be able to remove them from.

  Read the article

• Setting up remote filesystem access without root privileges

  - by Luke Massa

  OK here's the situation. I have a computer A with complete admin access, and computer B (actually an account I login to) with very limited access. I am trying to make it so I can access a device on computer A (an external harddrive) on B. If I had more access to B, I would just mount the device on B, but I can't do that. I can ssh both directions, so theoretically I can copy data both directions, so it should be possible. I think a NFS might be helpful for me, but from what I've looked at, they all require the client to at some point perform a "mount" operation, something my client can't do. Thoughts?

  Read the article

• Windows Server 2003 - Give User Full Admin Privileges

  - by APShredder

  I am running Windows Server 2003. There are a couple of user accounts that I would like to promote to Administrator accounts. I've tried several ways to do so, but I am still relatively new to setting up a server. If anyone has any ideas on how to go about promoting these users, I thank you in advance. EDIT: I should probably mention that this a domain controller. I didn't realize that this changed the answer I was looking for. I apologize, like I said before I am new to the world of servers. EDIT #2: I've added the users to the Administrator group like most of the answer recommended, but the users don't seem to have admin rights yet. I think this might be because they are also in the Domain Users group, which I can't seem to be able to remove them from.

  Read the article

• Sync no privileges.

  - by william-hu

  Hi, I gave my client the app for test. He installed on iTunes,but when sync to his iphone, an error is : Application ** install on **'s iphone need privileges. His system is Windows Vista. What the problem is ? Thank you so much.

  Read the article

• WIX debug version "insufficient privileges to start service"

  - by JD

  Hi to all, I have built a WIX project which installs and starts services. For the release version it all seems to work fine but for the debug version I get "insufficient privileges to start service". Any clues why this is happening? Using .net/Visual studio. JD.

  Read the article

• Temporarily impersonate and enable privileges?

  - by Luke

  We maintain a DLL that does a lot of system-related things; traversing the file system, registry, etc. The callers of this DLL may or may not be using impersonation. In order to better support all possible scenarios I'm trying to modify it to be smarter. I'll use the example of deleting a file. Currently we just call DeleteFile(), and if that fails that's the end of that. I've come up with the following: BOOL TryReallyHardToDeleteFile(LPCTSTR lpFileName) { // 1. caller without privilege BOOL bSuccess = DeleteFile(lpFileName); DWORD dwError = GetLastError(); if(!bSuccess && dwError == ERROR_ACCESS_DENIED) { // failed with access denied; try with privilege DWORD dwOldRestorePrivilege = 0; BOOL bHasRestorePrivilege = SetPrivilege(SE_RESTORE_NAME, SE_PRIVILEGE_ENABLED, &dwOldRestorePrivilege); if(bHasRestorePrivilege) { // 2. caller with privilege bSuccess = DeleteFile(lpFileName); dwError = GetLastError(); SetPrivilege(SE_RESTORE_NAME, dwOldRestorePrivilege, NULL); } if(!bSuccess && dwError == ERROR_ACCESS_DENIED) { // failed with access denied; if caller is impersonating then try as process HANDLE hToken = NULL; if(OpenThreadToken(GetCurrentThread(), TOKEN_QUERY | TOKEN_IMPERSONATE, TRUE, &hToken)) { if(RevertToSelf()) { // 3. process without privilege bSuccess = DeleteFile(lpFileName); dwError = GetLastError(); if(!bSuccess && dwError == ERROR_ACCESS_DENIED) { // failed with access denied; try with privilege bHasRestorePrivilege = SetPrivilege(SE_RESTORE_NAME, SE_PRIVILEGE_ENABLED, &dwOldRestorePrivilege); if(bHasRestorePrivilege) { // 4. process with privilege bSuccess = DeleteFile(lpFileName); dwError = GetLastError(); SetPrivilege(SE_RESTORE_NAME, dwOldRestorePrivilege, NULL); } } SetThreadToken(NULL, hToken); } CloseHandle(hToken); hToken = NULL; } } } if(!bSuccess) { SetLastError(dwError); } return bSuccess; } So first it tries as the caller. If that fails with access denied, it temporarily enables privileges in the caller's token and tries again. If that fails with access denied and the caller is impersonating, it temporarily unimpersonates and tries again. If that fails with access denied, it temporarily enables privileges in the process token and tries again. I think this should handle pretty much any situation, but I was wondering if there was a better way to achieve this? There are a lot of operations that we would potentially want to use this method (i.e. pretty much any operation that accesses securable objects).

  Read the article

• Troubleshooting sudoers via ldap

  - by dafydd

  The good news is that I got sudoers via ldap working on Red Hat Directory Server. The package is sudo-1.7.2p1. I have some LDAP/Kerberos users in an LDAP group called wheel, and I have this entry in LDAP: # %wheel, SUDOers, example.com dn: cn=%wheel,ou=SUDOers,dc=example,dc=com cn: %wheel description: Members of group wheel have access to all privileges. objectClass: sudoRole objectClass: top sudoCommand: ALL sudoHost: ALL sudoUser: %wheel So, members of group wheel have administrative privileges via sudo. This has been tested and works fine. Now, I have this other sudo privilege set up to allow members of a group called Administrators to perform two commands as the non-root owner of those commands. # %Administrators, SUDOers, example.com dn: cn=%Administrators,ou=SUDOers,dc=example,dc=com sudoRunAsGroup: appGroup sudoRunAsUser: appOwner cn: %Administrators description: Allow members of the group Administrators to run various commands . objectClass: sudoRole objectClass: top sudoCommand: appStop sudoCommand: appStart sudoCommand: /path/to/appStop sudoCommand: /path/to/appStart sudoUser: %Administrators Unfortunately, members of Administrators are still refused permission to run appStart or appStop: -bash-3.2$ sudo /path/to/appStop [sudo] password for Aaron: Sorry, user Aaron is not allowed to execute '/path/to/appStop' as root on host.example.com. -bash-3.2$ sudo -u appOwner /path/to/appStop [sudo] password for Aaron: Sorry, user Aaron is not allowed to execute '/path/to/appStop' as appOwner on host.example.com. /var/log/secure shows me these two sets of messages for the two attempts: Oct 31 15:02:36 host sudo: pam_unix(sudo:auth): authentication failure; logname=Aaron uid=0 euid=0 tty=/dev/pts/3 ruser= rhost= user=Aaron Oct 31 15:02:37 host sudo: pam_krb5[1508]: TGT verified using key for 'host/[email protected]' Oct 31 15:02:37 host sudo: pam_krb5[1508]: authentication succeeds for 'Aaron' ([email protected]) Oct 31 15:02:37 host sudo: Aaron : command not allowed ; TTY=pts/3 ; PWD=/auto/home/Aaron ; USER=root ; COMMAND=/path/to/appStop Oct 31 15:02:52 host sudo: pam_unix(sudo:auth): authentication failure; logname=Aaron uid=0 euid=0 tty=/dev/pts/3 ruser= rhost= user=Aaron Oct 31 15:02:52 host sudo: pam_krb5[1547]: TGT verified using key for 'host/[email protected]' Oct 31 15:02:52 host sudo: pam_krb5[1547]: authentication succeeds for 'Aaron' ([email protected]) Oct 31 15:02:52 host sudo: Aaron : command not allowed ; TTY=pts/3 ; PWD=/auto/home/Aaron ; USER=appOwner; COMMAND=/path/to/appStop The questions: Does sudo have some sort of verbose or debug mode where I can actually watch it capture the sudoers privilege list and determine whether or not Aaron should have the privilege to run this command? (This question is probably independent of where the sudoers database is kept.) Does sudo work with some background mechanism that might have a log level I could turn up? Right now, I can't fix a problem I can't identify. Is this an LDAP search failure? Is this a group member matching failure? Identifying why the command fails will help me identify the fix... Next step: Recreate the privilege in /etc/sudoers, and see if it works locally... Cheers!

  Read the article

• Allowing non-admins to run programs as admins on Windows 7

  - by Josh

  On *nix, admins can use the setuid flag to allow non-admins to run certain programs that would otherwise require admin privileges. Is there any way to do something similar in Windows 7? This question has been asked here before for Windows XP, and the answers were generally unsatisfying. I'm wondering if Windows 7 provides a better way. One idea I can think of would be to use Microsoft's Subsystem for UNIX Applications, but I'd rather not install that on every user's system if I can avoid it. Another idea I can think of (which would work on XP too, but I haven't seen it mentioned anywhere) would be to create a RunAsAdmin application that runs as a service, that takes a whitelist of "safe" apps and can be asked (from a command line, batch file or script) to run any program on the list as LocalSystem or whatever account the service uses. Is this possible? Are there any solutions that aren't as clunky as those? Or, has anyone implemented either of the above techniques successfully?

  Read the article

• Let a program (called by other program) run as admin without prompt

  - by DarkGhostHunter

  As you may know, Steam doesn't like no-admin accounts for installing games or whatsoever. In my case, I have a user in my computer that usually install a lot of games and every time I have to put my password to successfully play them. Blame, /bin/SteamService.exe. I came up with a solution: using RunAs to make Steam run as the admin user. But that is a potential security risk. So instead of that, I'm asking if is possible to do the following: Hot to run SteamService.exe with high trust levels (or admin privileges) automatically when Steam calls it? That way he can play and install games in Steam leaving the rest of the system alone. I don't mind if the user has to click "yes or no", but without prompt its better because some games asks every time they're executed.

  Read the article

• Muti-Schema Privileges for a Table Trigger in an Oracle Database

  - by sisslack

  I'm trying to write a table trigger which queries another table that is outside the schema where the trigger will reside. Is this possible? It seems like I have no problem querying tables in my schema but I get: Error: ORA-00942: table or view does not exist when trying trying to query tables outside my schema. EDIT My apologies for not providing as much information as possible the first time around. I was under the impression this question was more simple. I'm trying create a trigger on a table that changes some fields on a newly inserted row based on the existence of some data that may or may not be in a table that is in another schema. The user account that I'm using to create the trigger does have the permissions to run the queries independently. In fact, I've had my trigger print the query I'm trying to run and was able to run it on it's own successfully. I should also note that I'm building the query dynamically by using the EXECUTE IMMEDIATE statement. Here's an example: CREATE OR REPLACE TRIGGER MAIN_SCHEMA.EVENTS BEFORE INSERT ON MAIN_SCHEMA.EVENTS REFERENCING OLD AS OLD NEW AS NEW FOR EACH ROW DECLARE rtn_count NUMBER := 0; table_name VARCHAR2(17) := :NEW.SOME_FIELD; key_field VARCHAR2(20) := :NEW.ANOTHER_FIELD; BEGIN CASE WHEN (key_field = 'condition_a') THEN EXECUTE IMMEDIATE 'select count(*) from OTHER_SCHEMA_A.'||table_name||' where KEY_FIELD='''||key_field||'''' INTO rtn_count; WHEN (key_field = 'condition_b') THEN EXECUTE IMMEDIATE 'select count(*) from OTHER_SCHEMA_B.'||table_name||' where KEY_FIELD='''||key_field||'''' INTO rtn_count; WHEN (key_field = 'condition_c') THEN EXECUTE IMMEDIATE 'select count(*) from OTHER_SCHEMA_C.'||table_name||' where KEY_FIELD='''||key_field||'''' INTO rtn_count; END CASE; IF (rtn_count > 0) THEN -- change some fields that are to be inserted END IF; END; The trigger seams to fail on the EXECUTE IMMEDIATE with the previously mentioned error. EDIT I have done some more research and I can offer more clarification. The user account I'm using to create this trigger is not MAIN_SCHEMA or any one of the OTHER_SCHEMA_Xs. The account I'm using (ME) is given privileges to the involved tables via the schema users themselves. For example (USER_TAB_PRIVS): GRANTOR GRANTEE TABLE_SCHEMA TABLE_NAME PRIVILEGE GRANTABLE HIERARCHY MAIN_SCHEMA ME MAIN_SCHEMA EVENTS DELETE NO NO MAIN_SCHEMA ME MAIN_SCHEMA EVENTS INSERT NO NO MAIN_SCHEMA ME MAIN_SCHEMA EVENTS SELECT NO NO MAIN_SCHEMA ME MAIN_SCHEMA EVENTS UPDATE NO NO OTHER_SCHEMA_X ME OTHER_SCHEMA_X TARGET_TBL SELECT NO NO And I have the following system privileges (USER_SYS_PRIVS): USERNAME PRIVILEGE ADMIN_OPTION ME ALTER ANY TRIGGER NO ME CREATE ANY TRIGGER NO ME UNLIMITED TABLESPACE NO And this is what I found in the Oracle documentation: To create a trigger in another user's schema, or to reference a table in another schema from a trigger in your schema, you must have the CREATE ANY TRIGGER system privilege. With this privilege, the trigger can be created in any schema and can be associated with any user's table. In addition, the user creating the trigger must also have EXECUTE privilege on the referenced procedures, functions, or packages. Here: Oracle Doc So it looks to me like this should work, but I'm not sure about the "EXECUTE privilege" it's referring to in the doc.

  Read the article

• Load ActiveX DLL in Internet Explorer with elevated privileges

  - by adum

  I have an ActiveX control that I'm loading with JavaScript in Internet Explorer. It needs to run as medium integrity under UAC in Vista and Win7. This is written in C/C++, compiled in Visual Studio. One way to elevate privileges is to create a broker process that can request a medium integrity level. However, for this project, this is not a practical solution. I really need the ActiveX control itself to run elevated. My question is: what's the easiest way to do this? Can I change the build options on the project to be an exe, and use the COM interprocess connect system to automatically handle the communications, or do I need to be more sophisticated? Do I need to do anything complicated like manually call CreateProcess and make some kind of broker, or can it just work as an ActiveX exe that elevates itself?

  Read the article

• 'ORA-01031: insufficient privileges' error received when inserting into a View

  - by Patrick K

  Under the user name 'MY_ADMIN', I have successfully created a table called 'NOTIFICATIONS' and a view called 'V_NOTIFICATIONS'. On the 'V_NOTIFICATIONS' view I have successfully created a trigger and a package that takes what the user attempts to insert into the view and inserts it into the table. The 'V_NOTIFICATIONS' trigger and package also perform the update and delete functions on the table when the user attempts to perform the update and delete functions on the view. I have done this with many views in the project I am currently working on, as many views sit over the top of many different tables, however when attempting to insert a record into this view I receive an 'ORA-01031: insufficient privileges' error. I am able to insert directly into the table using the same code that is in the package, but not into the view. Any help on this would be greatly appreciated.

  Read the article

• Enumerate shared folders on Windows with low privileges

  - by Phil Nash

  Using C++ (VS2008) I need to be able to enumerate all shared folders on the current machine and get or construct the local and remote names. We've been using NetShareEnum for this fairly successfully, but have hit a problem where we need to run with a user account with low privileges. To get the local path using NetShareEnum we need to retrieve at least SHARE_INFO_2 structures - but that requires "Administrator, Power User, Print Operator, or Server Operator group membership". I've been trying to use WNetOpenEnum and WNetEnumResource instead but I don't seem to be getting the local name back for that for shares either - and I can't seem to get it to enumerate just local resources - it goes off and finds all shared resources on the local network - which is not an acceptable overhead. So I'd either like help on where I'm going wrong with WNetEnumResource, or a suggestion as to another way of doing this. Any suggestions are much appreciated.

  Read the article

• How can I implement forum privileges

  - by RobertPitt

  I've started developing a forum application in PHP on my MVC Framework and I've got to the stage where I assign permissions to members (for example: READ, WRITE, UPDATE, DELETE). Now, I know I can add 5 columns under the user table in my database and set them to 1 | 0, but that to me seems like too much if I want to add other rules, like MOVE for example. And how can I dynamically assign these privileges them to users individually? I've heard of using a bitmasks, but it would be really good if I could fully understand them before I continue. Do you have an example of how I might implement this?

  Read the article

• Testing install procedure of a program requiring administrative privileges

  - by Lucas Meijer

  I'm trying to write automated test, to ensure that the installer for my program works okay. The program can be installed for all users (requires admin privs), or for current user (does not require admin privs). The program can also autoupdate itself, which in some cases requires admin privileges, and in some cases doesn't. I'm looking for a way where I can have an automated test click "Yes, Allow" on the UAC dialogs, so I can write tests for all different scenarios, on many different operating systems, so that I can be confident when I make changes to the installer that I didn't break anything. Obviously, the installer process itself cannot do this. However, I control the complete machine, and could easily start some sort of daemon process with administrative rights, that the testprogram could make a socket connection to, to request it to "please click ok on the UAC now".

  Read the article

• I can't create a view in oracle database using sqlplus (insufficient privileges)

  - by Nubkadiya

  I'm running this SQL: CREATE VIEW showMembersInfo(MemberID,Fname,Lname,Address,DOB,Telephone,NIC,Email,WorkplaceID,WorkName,WorkAddress,WorkTelephone,StartingDate,ExpiryDate,Amount,WitnessID,WitName,WitAddress,WitNIC,WitEmail,WitTelephone) AS SELECT mem.MemberID,mem.FirstName,mem.LastName,mem.Address,mem.DOB,mem.Telephone,mem.NIC,mem.Email, wrk.WorkPlaceID,wrk.Name,wrk.Address,wrk.Telephone, anl.StartingDate,anl.ExpiryDate,anl.Amount, wit.WitnessID,wit.Name,wit.Address,wit.NIC,wit.Email,wit.Telephone FROM Member mem, WorkPlace wrk, AnnualFees anl, Witness wit WHERE mem.MemberID = anl.MemberID AND mem.WorkPlaceID = work.WorkPlaceID AND mem.WitnessID = wit.WitnessID When I try to create the view I get this error: ERROR at line 1: ORA-01031: insufficient privileges Why is that? I'm logged in to sqlplus using sysman

  Read the article

• python - checking if a user has admin privileges

  - by Matt

  Hi, I'm writing a little program as a self-learning project in Python 3.x. my idea is for the program to allow two fields of text entry to the user, and then plug the user's input into the value of two specific registry keys. What I was wondering, and something my books don't seem to cover, is if there is a simple way to make it check if the current user can access the registry. I'd rather it cleanly tell the user that he needs admin privileges than for the program to go nuts and crash because it's trying to access a restricted area. I'd like it to make this check as soon as the program launches, before the user is given any input options. What code is needed for this? thanks for the help

  Read the article

• routing table permissions under Windows 7 and openvpn

  - by pilcrow

  My ovpn client, 32-bit OpenVPN 2.1.1 on 64-bit Windows 7 Pro, cannot accept routes pushed to it by my remote endpoint ovpn server. This happens even if I invoke OpenVPN as a member of Administrators, and whether or not I've specified script-security 2 (as suggested by [this question][2]). Mon Mar 29 12:57:19 2010 Notified TAP-Win32 driver to set a DHCP IP/netmask of 192.168.254.3/255.255.255.0 on interface {8BE2E9CF-F4C9-4A5E-98FD-E12DF1B6C3A4} [DHCP-serv: 192.168.254.3, lease-time: 86400] Mon Mar 29 12:57:19 2010 NOTE: FlushIpNetTable failed on interface [14] {GUID} (status=5) : Access is denied. Mon Mar 29 12:57:24 2010 TEST ROUTES: 8/8 succeeded len=8 ret=1 a=0 u/d=up Mon Mar 29 12:57:24 2010 C:\WINDOWS\system32\route.exe ADD 172.20.1.0 MASK 255.255.255.0 192.168.254.1 Mon Mar 29 12:57:24 2010 ROUTE: route addition failed using CreateIpForwardEntry: Access is denied. [status=5 if_index=14] Mon Mar 29 12:57:24 2010 Route addition via IPAPI failed [adaptive] Mon Mar 29 12:57:24 2010 Route addition fallback to route.exe Mon Mar 29 12:57:24 2010 ERROR: Windows route add command failed [adaptive]: returned error code 1 ... and so on for each specific route the server pushes out. It doesn't seem right to me that the administrative user, the one configured at Windows 7 install time, should need further privileges. What am I missing?

  Read the article

• Run Flyff without elevating user to Admin or requiring Admin Password

  - by AnonJr

  Bottom Line: I need to set up one game on my little sister's laptop to run without requiring an admin password/account. Its the only game that seems to insist on it... so far. Detailed Version: I set up my 14-year-old sister as a regular user on her Windows 7 Home Premium laptop, and almost everything has been fine - until she found a new game (Flyff) that doesn't seem to want to run without an Admin Password (or being logged in as an Admin). For what should be obvious reasons, I'm not going to make her an Admin. or give her the Admin password (which she swears she'll only use to run this game... anyone else buying that? Bueller?) Also, the parents aren't admins on her laptop (they are on their own, but that's another discussion for another day) and I'm not going to set them up as one as I know from past experience that the 3rd time my sister asks them to put in their password, they'll just tell her what it is - at which point I might as well as have just set her up as an admin from the outset. This is a Win7 Home Premium (64-bit, but I doubt that makes a difference) laptop, so using GPEdit is out. I also tried an answer provided in a related (but less specific) question. The app has read/write permissions for its folder in Program Files (x86), yet that doesn't seem to make a difference. I have not yet dug through the registry as mentioned in another answer to the aforementioned question. Just to be thorough, I have checked the "Run as Admin" option on the shortcut's properties to no avail. Am I missing something? Addendum 2010-11-11: Re-Checked permissions as per Joel's answer, and it didn't make a difference. Followed Jane T's suggestion (and Aeo's second) and created a "Games" folder outside Program Files, installing the game there - and making sure regular users had all the permissions they would need. No joy. After the latter of the above two changes, it occurred to me that it may be a UAC issue, so for kicks I turned off UAC - still the damn message. Last item noted: could it be a result of the publisher not being specified/verified? I've been taking a closer look at the error message and it occurred to me that the missing/unverified publisher info could have been the problem all along... Correct me if I'm wrong, but if that's the case, that means there's nothing I can do short of giving her some sort of Admin privileges (i.e. elevating her account, or giving her the password to a separate Admin account) or giving Mom an Admin account.

  Read the article

• Giving a Zone "More Power"

  - by Brian Leonard

  In addition to the traditional virtualization benefits that Solaris zones offer, applications running in zones are also running in a more secure environment. One way to quantify this is compare the privileges available to the global zone with those of a local zone. For example, there a 82 distinct privileges available to the global zone: bleonard@solaris:~$ ppriv -l | wc -l 82 You can view the descriptions for each of those privileges as follows: bleonard@solaris:~$ ppriv -lv contract_event Allows a process to request critical events without limitation. Allows a process to request reliable delivery of all events on any event queue. contract_identity Allows a process to set the service FMRI value of a process contract template. ... Or for just one or more privileges: bleonard@solaris:~$ ppriv -lv file_dac_read file_dac_write file_dac_read Allows a process to read a file or directory whose permission bits or ACL do not allow the process read permission. file_dac_write Allows a process to write a file or directory whose permission bits or ACL do not allow the process write permission. In order to write files owned by uid 0 in the absence of an effective uid of 0 ALL privileges are required. However, in a non-global zone, only 43 of the 83 privileges are available by default: root@myzone:~# ppriv -l zone | wc -l 43 The missing privileges are: cpc_cpu dtrace_kernel dtrace_proc dtrace_user file_downgrade_sl file_flag_set file_upgrade_sl graphics_access graphics_map net_mac_implicit proc_clock_highres proc_priocntl proc_zone sys_config sys_devices sys_ipc_config sys_linkdir sys_dl_config sys_net_config sys_res_bind sys_res_config sys_smb sys_suser_compat sys_time sys_trans_label virt_manage win_colormap win_config win_dac_read win_dac_write win_devices win_dga win_downgrade_sl win_fontpath win_mac_read win_mac_write win_selection win_upgrade_sl xvm_control However, just like Tim Taylor, it is possible to give your zones more power. For example, a zone by default doesn't have the privileges to support DTrace: root@myzone:~# dtrace -l ID PROVIDER MODULE FUNCTION NAME The DTrace privileges can be added, however, as follows: bleonard@solaris:~$ sudo zonecfg -z myzone Password: zonecfg:myzone> set limitpriv="default,dtrace_proc,dtrace_user" zonecfg:myzone> verify zonecfg:myzone> exit bleonard@solaris:~$ sudo zoneadm -z myzone reboot Now I can run DTrace from within the zone: root@myzone:~# dtrace -l | more ID PROVIDER MODULE FUNCTION NAME 1 dtrace BEGIN 2 dtrace END 3 dtrace ERROR 7115 syscall nosys entry 7116 syscall nosys return ... Note, certain privileges are never allowed to be assigned to a zone. You'll be notified on boot if you attempt to assign a prohibited privilege to a zone: bleonard@solaris:~$ sudo zoneadm -z myzone reboot privilege "dtrace_kernel" is not permitted within the zone's privilege set zoneadm: zone myzone failed to verify Here's a nice listing of all the privileges and their zone status (default, optional, prohibited): Privileges in a Non-Global Zone.

  Read the article

• Impersonate SYSTEM (or equivalent) from Administrator Account

  - by KevenK

  This question is a follow up and continuation of this question about a Privilege problem I'm dealing with currently. Problem Summary: I'm running a program under a Domain Administrator account that does not have Debug programs (SeDebugPrivilege) privilege, but I need it on the local machine. Klugey Solution: The program can install itself as a service on the local machine, and start the service. Said service now runs under the SYSTEM account, which enables us to use our SeTCBPrivilege privilege to create a new access token which does have SeDebugPrivilege. We can then use the newly created token to re-launch the initial program with the elevated rights. I personally do not like this solution. I feel it should be possible to acquire the necessary privileges as an Administrator without having to make system modifications such as installing a service (even if it is only temporary). I am hoping that there is a solution that minimizes system modifications and can preferably be done on the fly (ie: Not require restarting itself). I have unsuccessfully tried to LogonUser as SYSTEM and tried to OpenProcessToken on a known SYSTEM process (such as csrss.exe) (which fails, because you cannot OpenProcess with PROCESS_TOKEN_QUERY to get a handle to the process without the privileges I'm trying to acquire). I'm just at my wit's end trying to come up with an alternative solution to this problem. I was hoping there was an easy way to grab a privileged token on the host machine and impersonate it for this program, but I haven't found a way. If anyone knows of a way around this, or even has suggestions on things that might work, please let me know. I really appreciate the help, thanks!

  Read the article

• Blocking access to websites with objective-C / root privileges in objective-C

  - by kvaruni

  I am writing a program in Objective-C (XCode 3.2, on Snow Leopard) that is capable of either selectively blocking certain sites for a duration or only allow certain sites (and thus block all others) for a duration. The reasoning behind this program is rather simple. I tend to get distracted when I have full internet access, but I do need internet access during my working hours to get to a number of work-related websites. Clearly, this is not a permanent block, but only helps me to focus whenever I find myself wandering a bit too much. At the moment, I am using a Unix script that is called via AppleScript to obtain Administrator permissions. It then activates a number of ipfw rules and clears those after a specific duration to restore full internet access. Simple and effective, but since I am running as a standard user, it gets cumbersome to enter my administrator password each and every time I want to go "offline". Furthermore, this is a great opportunity to learn to work with XCode and Objective-C. At the moment, everything works as expected, minus the actual blocking. I can add a number of sites in a list, specify whether or not I want to block or allow these websites and I can "start" the blocking by specifying a time until which I want to stay "offline". However, I find it hard to obtain clear information on how I can run a privileged Unix command from Objective-C. Ideally, I would like to be able to store information with respect to the Administrator account into the Keychain to use these later on, so that I can simply move into "offline" mode with the convenience of clicking a button. Even more ideally, there might be some class in Objective-C with which I can block access to some/all websites for this particular user without needing to rely on privileged Unix commands. A third possibility is in starting this program with root permissions and the reducing the permissions until I need them, but since this is a GUI application that is nested in the menu bar of OS X, the results are rather awkward and getting it to run each and every time with root permission is no easy task. Anyone who can offer me some pointers or advice? Please, no security-warnings, I am fully aware that what I want to do is a potential security threat.

  Read the article

• run sfc /scannow as administrator, but I am administrator

  - by Luigi

  On my windows 2003 I have to run sfc /scannow as admin. I have tried to run it as local administrator and domain administrator, but it says I need of administrator privilege ???? I have tried runas /user:administrator cmd and then on a new shell sfc /scannow. But it does not work too. The error message is: You must be an administrator running a console session in order to use the Windows File Checker utility. the error message is in italian and should be translated in english as above. The following is the cmd's screenshot of the error. I am connected as domain administrator but I run it a runas to be local admin.

  Read the article

< Previous Page | 1 2 3 4 5 6 7 8 9 10 11 12  | Next Page >