Search Results

Search found 4834 results on 194 pages for 'sudo'.

Page 6/194 | < Previous Page | 2 3 4 5 6 7 8 9 10 11 12 13  | Next Page >

  • Sudoers file allow sudo on specific file for active directory group

    - by tubaguy50035
    I have active directory sign in working on an Ubuntu 12.04 box. When the user signs in, I have a script that runs that needs sudo permission (since it modifies the samba config file). How would I specify this in my sudoer's file? I've tried: %DOMAIN\\AD+Programmers ALL=NOPASSWD: /usr/local/bin/createSambaShare.php I've found various resources on the internet stating that this is how it would be done, but I'm not sure that I have the first part right. What are they using as the DOMAIN? The workgroup or the realm? I use Samba + winbind for active directory integration. Here's my smb.conf: [global] security = ads netbios name = hostname realm = COMPANYNAME.COM password server = passwordserver workgroup = COMPANYNAME idmap uid = 1000-10000 idmap gid = 1000-10000 winbind separator = + winbind enum users = no winbind enum groups = no winbind use default domain = yes template homedir = /home/%D/%U template shell = /bin/bash client use spnego = yes domain master = no EDIT: The users that should have access to run that script are all part of the Programmers group which has an Active Directory Domain Services Folder of Company.com/Staff/Security Groups (not sure if that matters or not).

    Read the article

  • How to fix sudo: setreuid(ROOT_UID, user_uid): Operation not permitted error?

    - by David R.
    I am using LDAP authentication on my Ubuntu 11.10 server. I installed libpam-ldap, and configured things accordingly. It works great, except that I get this error every once in a while when I try to sudo: sudo: setreuid(ROOT_UID, user_uid): Operation not permitted I know I have sudoers set up correctly, since it works most of the time. It's not just my log in either, others have the same problem when I have it. When this error is occurring, I can't ssh in with my regular system user at all. When I sign in directly, I can't get any gnome-terminal to start. Once I restart the server, the problem goes away. 'Course, that's not a solution, if it was a prod server, I'd be in trouble. How do I fix this? Edit 3/1/12: I just figured out that if stop and start the nscd service, the problem goes away. service nscd stop service nscd start Not much of a solution since I have to be logged into the server directly, not via ssh.

    Read the article

  • Sourcing a shell script, while running with sudo

    - by WishCow
    I would like to write a shell script that sets up a mercurial repository, and allow all users in the group "developers" to execute this script. The script is owned by the user "hg", and works fine when ran. The problem comes when I try to run it with another user, using sudo, the execution halts with a "permission denied" error, when it tries to source another file. The script file in question: create_repo.sh #!/bin/bash source colors.sh REPOROOT="/srv/repository/mercurial/" ... rest of the script .... Permissions of create_repo.sh, and colors.sh: -rwxr--r-- 1 hg hg 551 2011-01-07 10:20 colors.sh -rwxr--r-- 1 hg hg 1137 2011-01-07 11:08 create_repo.sh Sudoers setup: %developer ALL = (hg) NOPASSWD: /home/hg/scripts/create_repo.sh What I'm trying to run: user@nebu:~$ id uid=1000(user) gid=1000(user) groups=4(adm),20(dialout),24(cdrom),46(plugdev),105(lpadmin),113(sambashare),116(admin),1000(user),1001(developer) user@nebu:~$ sudo -l Matching Defaults entries for user on this host: env_reset User user may run the following commands on this host: (ALL) ALL (hg) NOPASSWD: /home/hg/scripts/create_repo.sh user@nebu:~$ sudo -u hg /home/hg/scripts/create_repo.sh /home/hg/scripts/create_repo.sh: line 3: colors.sh: Permission denied So the script is executed, but halts when it tries to include the other script. I have also tried using: user@nebu:~$ sudo -u hg /bin/bash /home/hg/scripts/create_repo.sh Which gives the same result. What is the correct way to include another shell script, if the script may be ran with a different user, through sudo?

    Read the article

  • sudo: apache restarting a service on CentOS

    - by WaveyDavey
    I need my web app to restart the dansguardian service (on CentOS) so it needs to run '/sbin/service dansguardian restart' I have a shellscript in /home/topological called apacherestart.sh which does the following: #!/bin/sh id=`id` /sbin/service dansguardian restart r=$? return $r This runs ok (logger statement in script for testing output to syslog, so I know it's running) To make it run, I put this in /etc/sudoers: User_Alias APACHE=www # Cmnd alias specification Cmnd_Alias HTTPRESTART=/home/topological/apacherestart.sh,/sbin/e-smith/db,/etc/rc7.d/S91dansguardian # Defaults specification # User privilege specification root ALL=(ALL) ALL APACHE ALL=(ALL) NOPASSWD: HTTPRESTART So far so good. But the service does not restart. To test this I created a user david, and fudged the uid/gid in /etc/passwd to be the same as www: www:x:102:102:e-smith web server:/home/e-smith:/bin/false david:x:102:102:David:/home/e-smith/files/users/david:/bin/bash then logged in as david and tried to run the apacherestart.sh. The problem I get is: /etc/rc7.d/S91dansguardian: line 51: /sbin/e-smith/db: Permission denied even though S91dansguardian and db are in the sudoers command list. Any ideas?

    Read the article

  • Windows XP 'graphical' analog to sudo

    - by wuser
    Is there any convinient one util? I already know about runas feature. You have to accomplish too many steps to use it: after bringing up shift menu you need to press Tab, select admin user, again tab and finally type password. Besides you can't make it 'remember' password for some time or run msi installers this way.

    Read the article

  • Broke my sudoers password, how do I reset it without using sudo?

    - by Eric Dand
    I thought it would be a good idea to finally take the password off my little netbook since it has never actually been of any use, and has mostly just slowed down . But when I went to change my password, there wasn't even an option to make it blank, and any attempt to make it a few easy characters was met with "Password too weak". So I did what any good geek would do and popped open the terminal, read the manual entry for passwd and quickly used the -d option to remove the password from my account. It all went well for a couple days (I even managed to also make my keychain password blank) until I tried to update the thing. My sudoers password is not blank, and it's not my old password. I have no idea what it is. How do I reset it (or even better, make it blank) without the use of the sudo command?

    Read the article

  • Is sudo dd taking too long to wipe hard drive?

    - by Adam133718
    I have a 200gb HDD which I removed from a macbook due to several corrupt files in startup. One thing led to another and I decided that I needed to format the drive. I used the command sudo dd if=/dev/zero of=/dev/sdb which is supposed to wipe everything off of the hard drive. It is my understanding that the command writes 0's over every bit on the drive, which I would imagine must take a while. The process has been going for about 18 hours now. I can use other functions of operating system like the web browser and I can even use another terminal window, so I know the system is not frozen. Should I restart the process or let it continue on? Any advice will help. Thanks. By the way, I already noticed a post similar to this that was previously answered though the user was not using the same command as I was.

    Read the article

  • How do I tell sudo to write files with a umask of 0022?

    - by mipadi
    I recently upgrading to Snow Leopard. I have noticed that some files written by MacPorts are installed with the wrong permission -- they are written with a umask of 0077. I think I have narrowed down the problem: The port command is invoked via sudo. My .bashrc file specifies a umask of 0077. On older versions of OS X (10.5 and below), sudo used the umask of the root user (which was 0022); however, now it uses my umask of 0077. Is there anyway to have sudo use the old behavior? Right now, it's kind of annoying because I have to use sudo to run simple commands like port installed, port outdated, etc. (The problem is described in more detail in this MacPorts ticket.) Edit I discovered the umask option for sudo, and in /etc/sudoers I added the following line: Defaults umask=0022 However, this did not function as desired, because the real umask used by sudo is the union of the user mask with this default mask.

    Read the article

  • Problem bash completion apt-get 12.10

    - by dadexix86
    I've got an annoying problem with completion and sudo apt-get. To give an example: $ sudo apt-get in[Tab][Tab] in intel_bios_reader includeres intel_disable_clock_gating indicator-multiload intel_dpio_read info intel_dpio_write infobrowser intel_error_decode infocmp intel_forcewaked infokey intel_gpu_abrt infotocap intel_gpu_time inimf intel_gpu_top init intel_gtt init-checkconf intel_l3_parity initctl intel_reg_checker initctl2dot intel_reg_dumper initex intel_reg_read inkscape intel_reg_snapshot inkview intel_reg_write inputattach intel_sprite_on insmod intel_stepping install intel_upload_blit_large install-docs intel_upload_blit_large_gtt installfont-tl intel_upload_blit_large_map install-info intel_upload_blit_small installkernel interdiff --More-- While is working right both with just apt-get or doing it in root: $ apt-get in[Tab]stall $ sudo -i [sudo] password for davide: root@brenna:~# apt-get in[Tab]stall So the problem is using autocompletion after sudo? Not really, because $ sudo apt-[Tab][Tab] apt-add-repository apt-extracttemplates apt-key apt-cache apt-file apt-mark apt-cdrom apt-ftparchive apt-sortpkgs apt-config apt-get Summing up, the problem seems to be using sudo and auto-completion for programs options together. Any good advice for that?

    Read the article

  • security issue of Linux sudo command?

    - by George2
    Hello everyone, 1. I am using Red Hat Enterprise 5 Linux box. I find if a user is in /etc/sudoers file, then if the user run command with sudo, the user will run this command with root privilege (without knowing root password, the user runs sudo only need to input the user's own password in order to run a command with sudo). Is that correct understanding? 2. If yes, then is it a security hole? Since users other than root could run with root privilege? thanks in advance, George

    Read the article

  • No Alias's when sudo'ing

    - by Danny Roberts
    I was playing around with aliases today and I noticed that aliases don't seem to be available whilst using sudo: danny@kaon:~$ alias alias egrep='egrep --color=auto' alias fgrep='fgrep --color=auto' alias grep='grep --color=auto' alias l='ls -CF' alias la='ls -A' alias ll='ls -alF' alias ls='ls --color=auto' danny@kaon:~$ ll -d / drwxr-xr-x 23 root root 4096 2011-01-06 20:29 // danny@kaon:~$ sudo -i root@kaon:~# ll -d / drwxr-xr-x 23 root root 4096 2011-01-06 20:29 // root@kaon:~# exit logout danny@kaon:~$ sudo ll -d / sudo: ll: command not found Is there any reason why you cannot use aliases whilst using sudo?

    Read the article

  • How to make Shared Keys .ssh/authorized_keys and sudo work together?

    - by farinspace
    I've setup the .ssh/authorized_keys and am able to login with the new "user" using the pub/private key ... I have also added "user" to the sudoers list ... the problem I have now is when I try to execute a sudo command, something simple like: $ sudo cd /root it will prompt me for my password, which I enter, but it doesn't work (I am using the private key password I set) Also, ive disabled the users password using $ passwd -l user What am I missing? Somewhere my initial remarks are being misunderstood ... I am trying to harden my system ... the ultimate goal is to use pub/private keys to do logins versus simple password authentication. I've figured out how to set all that up via the authorized_keys file. Additionally I will ultimately prevent server logins through the root account. But before I do that I need sudo to work for a second user (the user which I will be login into the system with all the time). For this second user I want to prevent regular password logins and force only pub/private key logins, if I don't lock the user via" passwd -l user ... then if i dont use a key, i can still get into the server with a regular password. But more importantly I need to get sudo to work with a pub/private key setup with a user whos had his/her password disabled. Edit: Ok I think I've got it (the solution): 1) I've adjusted /etc/ssh/sshd_config and set PasswordAuthentication no This will prevent ssh password logins (be sure to have a working public/private key setup prior to doing this 2) I've adjusted the sudoers list visudo and added root ALL=(ALL) ALL dimas ALL=(ALL) NOPASSWD: ALL 3) root is the only user account that will have a password, I am testing with two user accounts "dimas" and "sherry" which do not have a password set (passwords are blank, passwd -d user) The above essentially prevents everyone from logging into the system with passwords (a public/private key must be setup). Additionally users in the sudoers list have admin abilities. They can also su to different accounts. So basically "dimas" can sudo su sherry, however "dimas can NOT do su sherry. Similarly any user NOT in the sudoers list can NOT do su user or sudo su user. NOTE The above works but is considered poor security. Any script that is able to access code as the "dimas" or "sherry" users will be able to execute sudo to gain root access. A bug in ssh that allows remote users to log in despite the settings, a remote code execution in something like firefox, or any other flaw that allows unwanted code to run as the user will now be able to run as root. Sudo should always require a password or you may as well log in as root instead of some other user.

    Read the article

  • sudo nohup nice <-- in what order?

    - by Jonah Braun
    So I have a script that I want to run as root, without hangup and nicely. What order should I put the commands in? sudo nohup nice foo.bash & or nohup nice sudo foo.bash & etc. I suspect it doesn't matter but would like some insight from those who really know.

    Read the article

  • symlink and sudo executable

    - by CodeMedic
    If I have the below sudoers entry usera ALL=(userb) NOPASSWD: /home/userc/bin/executable-file usera ALL=(userb) NOPASSWD: /home/userc/bin/link-to-another-executable-file When I log-on as usera and try running the below commands, it works sudo -u userb /home/userc/bin/executable-file but NOT the one below. sudo -u userb /home/userc/bin/link-to-another-executable-file Sorry, user usera is not allowed to execute '/home/userc/bin/link-to-another-executable-file' as userb on hostname. Any ideas?

    Read the article

  • If sudo is broken, what should be used instead?

    - by ivant
    I found the following answer to a FAQ question about a security problem in Oprofile: This "problem" only occurs if you actively, and mistakenly, configure access to OProfile via sudo. OProfile uses shell scripts which have not been audited (nor is it likely to happen) for use through the broken sudo facility (anything that lets you alter root's path arbitrarily counts as horribly broken). Do not use sudo! As I see it, the author of the answer suggests that sudo is broken, so that it should not be used not only with oprofile, but for other purposes as well. Are there better alternatives to sudo in Linux?

    Read the article

  • Troubleshooting sudoers via ldap

    - by dafydd
    The good news is that I got sudoers via ldap working on Red Hat Directory Server. The package is sudo-1.7.2p1. I have some LDAP/Kerberos users in an LDAP group called wheel, and I have this entry in LDAP: # %wheel, SUDOers, example.com dn: cn=%wheel,ou=SUDOers,dc=example,dc=com cn: %wheel description: Members of group wheel have access to all privileges. objectClass: sudoRole objectClass: top sudoCommand: ALL sudoHost: ALL sudoUser: %wheel So, members of group wheel have administrative privileges via sudo. This has been tested and works fine. Now, I have this other sudo privilege set up to allow members of a group called Administrators to perform two commands as the non-root owner of those commands. # %Administrators, SUDOers, example.com dn: cn=%Administrators,ou=SUDOers,dc=example,dc=com sudoRunAsGroup: appGroup sudoRunAsUser: appOwner cn: %Administrators description: Allow members of the group Administrators to run various commands . objectClass: sudoRole objectClass: top sudoCommand: appStop sudoCommand: appStart sudoCommand: /path/to/appStop sudoCommand: /path/to/appStart sudoUser: %Administrators Unfortunately, members of Administrators are still refused permission to run appStart or appStop: -bash-3.2$ sudo /path/to/appStop [sudo] password for Aaron: Sorry, user Aaron is not allowed to execute '/path/to/appStop' as root on host.example.com. -bash-3.2$ sudo -u appOwner /path/to/appStop [sudo] password for Aaron: Sorry, user Aaron is not allowed to execute '/path/to/appStop' as appOwner on host.example.com. /var/log/secure shows me these two sets of messages for the two attempts: Oct 31 15:02:36 host sudo: pam_unix(sudo:auth): authentication failure; logname=Aaron uid=0 euid=0 tty=/dev/pts/3 ruser= rhost= user=Aaron Oct 31 15:02:37 host sudo: pam_krb5[1508]: TGT verified using key for 'host/[email protected]' Oct 31 15:02:37 host sudo: pam_krb5[1508]: authentication succeeds for 'Aaron' ([email protected]) Oct 31 15:02:37 host sudo: Aaron : command not allowed ; TTY=pts/3 ; PWD=/auto/home/Aaron ; USER=root ; COMMAND=/path/to/appStop Oct 31 15:02:52 host sudo: pam_unix(sudo:auth): authentication failure; logname=Aaron uid=0 euid=0 tty=/dev/pts/3 ruser= rhost= user=Aaron Oct 31 15:02:52 host sudo: pam_krb5[1547]: TGT verified using key for 'host/[email protected]' Oct 31 15:02:52 host sudo: pam_krb5[1547]: authentication succeeds for 'Aaron' ([email protected]) Oct 31 15:02:52 host sudo: Aaron : command not allowed ; TTY=pts/3 ; PWD=/auto/home/Aaron ; USER=appOwner; COMMAND=/path/to/appStop The questions: Does sudo have some sort of verbose or debug mode where I can actually watch it capture the sudoers privilege list and determine whether or not Aaron should have the privilege to run this command? (This question is probably independent of where the sudoers database is kept.) Does sudo work with some background mechanism that might have a log level I could turn up? Right now, I can't fix a problem I can't identify. Is this an LDAP search failure? Is this a group member matching failure? Identifying why the command fails will help me identify the fix... Next step: Recreate the privilege in /etc/sudoers, and see if it works locally... Cheers!

    Read the article

  • Accidentally deleted symlink libc.so.6 in CentOS 6.4. How to get sudo privilege to re-create it?

    - by Eric
    I accidentally deleted the symbol link /lib64/libc.so.6 - /lib64/libc-2.12.so with $ sudo rm libc.so.6 Then I can not use anything including ls command. The error appears for any command I type ls: error while loading shared libraries: libc.so.6: cannot open shared object file: No such file or directory I've tried $ export LD_PRELOAD=/lib64/libc-2.12.so After this I can use ls and ln ..., but still can not use sudo ln ..., sudo -E ln ..., sudo su or even su. I always get this err sudo: error while loading shared libraries: libc.so.6: cannot open shared object file: No such file or directory or su: error while loading shared libraries: libc.so.6: cannot open shared object file: No such file or directory It seems LD_PRELOAD works only for the current shell session of my account, but not for a new account like root or a new session. It's a remote server so I can not use a live CD. I now have a ssh bash session alive but can not establish new ones. I have sudo privilege, but don't have root password. So currently my problem is I need to run sudo sln -s libc-2.12.so libc.so.6 to re-create the symlink libc.so.6, but I can not run sudo without libc.so.6. How can I fix it? Thanks~

    Read the article

  • Why does redirecting "sudo echo" stdout to a file not give root ownership?

    - by orokusaki
    I'm pretty new to using Linux heavily, and I'm trying to learn more about file ownership and permissions. One thing that I stumbled on just now was exactly what the title says, running: weee@my-server:~$ sudo echo "hello" > some-file.txt weee@my-server:~$ ls -lh total 4.0K -rw-rw-r-- 1 weee weee 6 Dec 5 21:21 some-file.txt The file is owned by me, whereas touch works like one would expect: weee@my-server:~$ sudo touch other-file.txt weee@my-server:~$ ls -lh total 4.0K -rw-r--r-- 1 root root 0 Dec 5 21:22 other-file.txt How can I force the file to be created by root? Do I simply have to create the file in my homedir, then sudo chown root... and sudo mv ... move it to /var where I need it to be? I was hoping there'd be a single step to accomplish this.

    Read the article

  • How to append to a file as sudo? [closed]

    - by obvio171
    Possible Duplicate: sudo unable to write to /etc/profile I want to do: echo "something" >> /etc/config_file But, since only the root user has write permission to this file, I can't do that. But this: sudo echo "something" >> /etc/config_file also doesn't work. Is there any way to append to a file in that situation without having to first open it with a sudo'd editor and then appending the new content by hand?

    Read the article

  • Is there a way to change the root password while still logged in? I did something bad by accdient -_-

    - by Robert
    So I was trying to add my printer, and I wasn't able to make any changes due to the fact that cups was not accepting my root password. I was Googling some changes and trying to fix the problem when one of the commands CHANGED MY SUDO PASSWORD! Can someone please tell me which one of these is the culprit? I was trying to these commands: cat /etc/group | grep root cat /etc/group | grep myUserName usermod -a -G lpadmin myUserName sudo usermod -a -G lpadmin myUserName sudo gedit /etc/cups/cupsd.conf lppasswd -a myUserName lppasswd -a root sudo lppasswd -a myUserName I think it was this one, but I know which passwords I put in! There was nothing which I typed in besides my strong password or my easy temporary password. Unless I made a typo... please no. restart cups sudo password root This is so not cool, I was just trying to add a printer :'( Please help my stupidity!

    Read the article

  • How can I implement ansible with per-host passwords, securely?

    - by supervacuo
    I would like to use ansible to manage a group of existing servers. I have created an ansible_hosts file, and tested successfully (with the -K option) with commands that only target a single host ansible -i ansible_hosts host1 --sudo -K # + commands ... My problem now is that the user passwords on each host are different, but I can't find a way of handling this in Ansible. Using -K, I am only prompted for a single sudo password up-front, which then seems to be tried for all subsequent hosts without prompting: host1 | ... host2 | FAILED => Incorrect sudo password host3 | FAILED => Incorrect sudo password host4 | FAILED => Incorrect sudo password host5 | FAILED => Incorrect sudo password Research so far: a StackOverflow question with one incorrect answer ("use -K") and one response by the author saying "Found out I needed passwordless sudo" the Ansible docs, which say "Use of passwordless sudo makes things easier to automate, but it’s not required." (emphasis mine) this security StackExchange question which takes it as read that NOPASSWD is required article "Scalable and Understandable Provisioning..." which says: "running sudo may require typing a password, which is a sure way of blocking Ansible forever. A simple fix is to run visudo on the target host, and make sure that the user Ansible will use to login does not have to type a password" article "Basic Ansible Playbooks", which says "Ansible could log into the target server as root and avoid the need for sudo, or let the ansible user have sudo without a password, but the thought of doing either makes my spleen threaten to leap up my gullet and block my windpipe, so I don’t" My thoughts exactly, but then how to extend beyond a single server? ansible issue #1227, "Ansible should ask for sudo password for all users in a playbook", which was closed a year ago by mpdehaan with the comment "Haven't seen much demand for this, I think most people are sudoing from only one user account or using keys most of the time." So... how are people using Ansible in situations like these? Setting NOPASSWD in /etc/sudoers, reusing password across hosts or enabling root SSH login all seem rather drastic reductions in security.

    Read the article

< Previous Page | 2 3 4 5 6 7 8 9 10 11 12 13  | Next Page >