Cannot Execute sudo - root

I had accidentally changed ownership of /usr/lib and it's sub folders and files to a user 'A' from it's previous owner 'root'. Now I'm unable to run any command with sudo since root doesn't own usr/lib/sudo/sudoers.so file.

Just an idea ...
boot from "live cd" or usb stick, mount the disk, change the ownership of /usr/lib back to what it should be, reboot.

Related

SUID exploit and patch

I am working on a SUID root binary 'app' that runs a system("ls -la /dir") command and managed to exploit it by writing a malicious ls to get root and changing my user's environment path to set it to higher priority than the kernel's one.
I noticed that executing it as user returns me root shell while executing it with sudo "./example" uses root's path and simply lists the files in dir. As far as i know setuid inherits owner's (in this case root) privileges to user and sudo executes as root.
What are such vulnerabilities called ? How would an app developer patch it? I there any way i can force user's to use sudo ./app to execute a program?
I recommend you change app to use an absolute path for the commands it runs. For example:
system("/bin/ls -la /dir");
Even if the users use the sudo command to execute it, there are sudo arguments they can use (--preserve-env) to preserve their own PATH.
If you want the users to run app using sudo, then there's no need for the binary to be SUID root.

Setting permissions to WordPress to install plugins is preventing access through SSH

I have read several ways to solve the problem of permissions in WordPress to install themes and plugins from the WordPress administration.
As I understand the problem is that the owner of the folder where WordPress is installed must be the user who manages the web server (read postdata). In my case with Apache and AWS, www-data.
However, by changing the owner to www-data (even just changing the group to this user), I lose SSH access to the server. In this case I had to ask the administrator of the entire server to access from its user and restore the owner and permissions of the folder.
I am using Amazon Web Services with Ubuntu 16.0.4 LTS where I have access to a main user and the installation of WordPress is located at the root of the user, i.e. /home/myuser/
I am accessing via SSH with a .pem key and with myuser#publicdns
What can I do?
Thank you so much.
PD: WordPress in this guide says that the owner always has to be the ftp web server owner (i.e. myuser) and never the webserver, I agree.
I hate having to answer my own question but maybe I can help others solve problems easily and fast. This is what worked for me:
BEFORE DOING ALL OF THIS YOU SHOULD TAKE NOTE OF ALL PERMISSIONS, OWNERS AND GROUPS OF ALL THE FOLDERS & FILES WE ARE CHANGING HERE BECAUSE YOUR WEBSITE MAY FAIL AFTER CHANGING THESE SETTINGS. ALL HOSTS HAVE DIFFERENT CONFIGURATIONS.
As long as you don't exit the session, you may be able to return all the changes you have made with sudo privileges.
If your WordPress installation is in the root folder of the user, eg: /home/myuser/
Take note of permissions, owners and groups:
With ls command and the -a -l flags you can see all files using long listing format. Do this being in /home and /home/youruser/ paths.
cd /home
ls -al
cd /home/youruser
ls -al
Copy the output and save it in some text file.
Prevent losing SSH access:
The owner of the folder must be the user you are accessing with.
sudo chown youruser /home/youruser/
I also have set the group of the folder myuser.
sudo chgrp youruser /home/youruser/
Set the permissions of this folder with 751 (I think the important thing here is that the owner has full access)
sudo chmod 751 /home/youruser/
The permissions for the hidden folder .ssh must be 700 for top folder, 600 for files inside the folder and the owner & group must be youruser
sudo chmod 700 ~/.ssh/
sudo chmod 600 ~/.ssh/*
sudo chown -R youruser ~/.ssh/
sudo chgrp -R youruser ~/.ssh/
Solve Plugins & Theme installation problems:
I'm still unsure if this solution is right for site security. However, I think you can apply this fix and then return the changes. The website should run smoothly in both cases.
I have changed permissions for folders and files via sftp in Nautilus. If you are using .pem key remember to add the key using ssh-add path/to/your/key.pem
then connect to the server sftp://youruser#yourpublicdns
Make multiple click in folders wp-content, wp-admin, wp-includes and do Right click -> Properties (or Ctrl + I), change to permission tab and click in the "Apply permissions to Enclosed files" button on the bottom of the window, set:
Files
Owner: Read and Write
Group: Read only
Others: Read only
Folders
Owner: Create and delete files.
Access to files.
Access to files.
This will apply the changes to files and folders inside these three folders selected. Depending on the speed of your internet and how much files do you have, this may take some minutes to finish.
Make multiple click in remaining files and do Right click -> Properties (or Ctrl + I), change to permission tab and set
Owner: Read and Write
Group: Read and Write
Others: Only Read
AND LAST
Change the owner and the group of all the WordPress installation files, i.e. all the files inside /home/youruser
sudo chown -R www-data wp*
sudo chgrp -R www-data wp*
This make changes for all the files that start with the "wp" word recursively. To remaining files, I have made the changes manually. There are better ways like find command but that changed hidden folders too so I decided to do manually.
Apply the corresponding changes to files to the .htaccess as well.
NOTE: Test your website. Access to it, access to your WordPress admin, try installing plugins and themes, open another terminal (DON'T CLOSE the one you were writing the commands) and try to SSH into your webserver. If you have problems use the backup and revert the process.
Hope this helps.

WordPress file permissions on CentOS7 requiring sudo

I'm running WordPress on my VPS with CentOS 7 LAMP stack.I've followed this guide to set permissions, i.e. I've run
sudo chown apache:apache -R *
to ensure that my wordpress directory is owned by apache:apache.
I've also set WordPress directory and file permissions with these commands:
find . -type d -exec chmod 755 {} \;
find . -type f -exec chmod 644 {} \;
(I had to prefix the above commands with sudo)
Normally I manage the server by logging in through SSH using myuser, where myuser belongs to the apache group and the wheel group.
I have 3 problems:
Any file CRUD command in the WordPress directory still requires me to prefix the command with sudo, or else I get a permission error. Since myuser belongs to apache and apache owns the directory, I'm confused as to why I still need to prefix the commands with sudo.
Similar to problem 1, any git command such as a git pull requires me to prefix the command with sudo or else I get a permission error.
When I try to automatically update theme files from my WordPress dashboard web interface, I get permission errors. Interestingly, I'm able to install/update plugins via the WordPress dashboard without any permissions errors.
Any ideas on what I'm missing?
Look at:What does mode_t 0644 mean?
644 means:
* (owning) User: read & write
* Group: read
* Other: read
CRUD is a write command, so you're not allowed to do that. Either you change to 664 or keep using sudo. Basically any writing procedure on the file system would not be allowed without sudo since your user is not the owner (event though he is in the group).
#fortuneRice, CentOS7 features selinux enabled by default, which is often the cause of many hard-to-understand file permission errors.
I would suggest the following:
Edit /etc/sysconfig/selinux
Change SELINUX=permissive (or whatever SELINUX is currently set to in the file) to SELINUX=disabled
Reboot your server (not just the apache web server, but the whole machine)
Disabling SELINUX completely is not a good idea, therefore if this procedure works, you should re-enable SELINUX and fix its configuration.
Configuring SELINUX can be a difficult task, so I suggest you read up on google how to do that :)
chown -R -f user:apache /path of the directory
I also faced that issue and solved this problem by changing the PHP handler.
it is important to use PHP Handler that will run as the file owner.
After I installed HTTP2 and another few features on the way, I changed the PHP handler.
I am running WHM/CPanel on my VPS, and I fixed my issue following these steps:
Under WHM > Software > EasyApache 4 > Customize
Look for the: mod_suphp under the Apache Modules tab and make sure it is enabled, and if you just turned it on to install, follow step two.
Go to the Review tab and click the Provision button to save.
Under Whm > Software > MultiPHP Manager look for PHP Handlers tab.
Choose suphp as the handler for the current PHP version.
That's it. It was the PHP handler.
Edit: I notice that suphp had a conflict with one of my user uploads directories that I am adding dynamically to images a watermark. It seems the suphp handler had permission to upload but doesn't show the pictures.
I also tried the lsapi for the PHP Handler, and it seems to work correctly with the file's permissions and attaching via the .htaccess file watermarks for images.

Fatal error: cannot mkdir R_TempDir

When attempting to run R, I get this error:
Fatal error: cannot mkdir R_TempDir
I found two possible fixes for this problem by googling around. The first was to ensure my tmp directory didn't contain a load of subdirectories - it doesn't and it's virtually empty. The second fix was to ensure that TMP, TMPDIR, and R_USER in my environment weren't set to non-existent paths - I didn't even have these set. Therefore, I created a tmp directory in my home directory and added it's path to TMP in my environment. I was able to run R once and then I got the fatal error again. Nothing was in the TMP directory that I set in my environment. Does anyone know what else I can try? Thanks.
Dirk is right, but misses a point: If /tmp is full, you can't create subdirectories there. Try
df /tmp
I just hit this on a shared server, where /tmp is mounted on it's own partition, and is shared by many users. In this particular case, you can't really see who's fault it is, because permissions restrict you seeing who is filling up the tmp partition. Basically have to ask the sys admins to figure it out.
Your default temporary directory appears to have the wrong permissions. Here I have
$ ls -ld /tmp
drwxrwxrwt 22 root root 4096 2011-06-10 09:17 /tmp
The key part is 'everybody' can read or write. You need that too. It certainly can contain subdirectories.
Are you running something like AppArmor or SE Linux?
Edit 2011-07-21: As someone just deemed it necessary to downvote this answer -- help(tempfile) is very clear on what values tmpdir (the default directory for temporary files or directories) tries:
By default, 'tmpdir' will be the directory given by 'tempdir()'. This
will be a subdirectory of the temporary directory found by the
following rule. The environment variables 'TMPDIR', 'TMP' and 'TEMP'
are checked in turn and the first found which points to a writable
directory is used: if none succeeds '/tmp' is used.
So my money is on checking those three environment variables. But AppArmor and SELinux have shown to be an issue too on some distributions.
Go to your user directory and create a file called .Renviron and add the following line, save it and reopen RStudio or Rgui or Rterm
TMP = '<path to folder where Everyone has full control>'
This worked with me on Windows 7
If you are running one of the rocker docker images (e.g., rocker/verse), you need to map a local directory to the /tmp directory in the container. For example,
docker run --rm -v ${PWD}/tmp:/tmp -p 8787:8787 -e PASSWORD=password rocker/verse:4.0.4
where ${PWD} for me is ~/devProjs/r, and I created a /tmp directory inside it, so that the container's /tmp is mapped to my ~/devProjs/r/tmp directory.
Just had this issue and finally solved it. Simply a windows permission issue. Go to environment variables and find the location of the temp folders. Then right click on the folder > properties > security > advanced > change everyone to full control > tick "replace all child object permission entries with inheritable permission entries from this object" > Ok > ok.
This will also happen when your computer is completely, utterly out of space. Currently, my Mac has 0 kb free and it's causing this error. Freeing up some space solved the problem.
Check for the user account with which you are launching the RStudio with. Now u check the TMP(System Environment variable) for its location. If the user who is launching RStudio has Write access for those directories you will not face this issue. Being said that you are facing this issue, all you have to do is to change the permissions for that user to have write access on those directories.
Running R on CentOS system and had the same issue. I had to remove all R folders from the tmp directory. Usually all R folders will be in the form of /tmp/Rtmp*****
so i tried to delete the folders from /tmp by running the below.
CD into /tmp directory and run rm -rf Rtmp*
R shell Worked for me afterwards
I had this issue, solution was slightly different. I run R on a linux server - it turned out for me R had made a whole load of tempdirs when running jobs with cron that had hung and not been cleaned up, clogging up the root /tmp directory with ~300 RtmpXXXXXX folders.
Using terminal access, I navigated to the /tmp folder did a recursive find/rm - deleting all of them using this command:
find . -type d -name 'Rtmp*' -exec rm -r -v {} \;
After this, Rstudio took a while to load up, but was once again happy and my scripts began to run again.
You will need the appropriate admin rights for this solution. And always be careful when running rm -r, especially with a find command, as it's easy to remove things unexpectedly.
When it comes to deleting tmp files, make sure that the tmp files are in the server or in local.
If its in the remote, 1st check for the df /tmp in the server or in the remote to see who uses more storage.
Then use rm(file_name)` to remove the files which cause the blocking.
If its in the remote, then use rm /tmp/(file_name)..
MOreover, you can also refer to https://support.rstudio.com/hc/en-us/articles/218730228-Resetting-a-user-s-state-on-RStudio-Server

Drupal 7 file system error: The directory sites/default/files exists but is not writable and could not be made writable

I'm copying a Drupal 7 installation from one machine to another. Both machines are Mac OSX running current versions of MAMP. Procedure as follows:
create sql dump file
rsync -ar path/to/source path/to/destination
chmod -R 755 destination/sites/default/files
chown -R username destination
import sql dumpfile
adjust settings.php (actually, they remain the same across environments, but just checking db connect info and $base_url.)
Everything works here, on the destination side, except that the sites/default/files directory can not be made writable[sic]. Something in the directory tree and/or permissions is changing, but I can't figure out what/how. What gives?
sites/default/files needs to be writable by the web user, or writable by all users.
all users:
chmod -R a+w destination/sites/default/files
or, make apache (or whoever your web user is) the owner
chown -R apache:apache destination/sites/default/files
Note: 755 and 777 sets everything as executable. 777 would have worked, it's just not proper. Executable permission is necessary for directories, but files generally should not be executable unless they need to be.
I personally prefer making apache the owner of the files directory and all the contents inside because that's what happens anyway when Drupal writes files.
Probably you need to run restorecon on the directory for eg:
restorecon -rv default/

Resources