Folks,
We are trying to develop a utility program (ChangePassword) which allows users to change their password automatically by executing:
exp_spawnl("passwd", "username")
The passwd command requires root privileges in order to change password of another user, however we like to run our utility program using setuid so that the user executing the program does not have to be root but receives the root privileges from the executable file.
So we execute:
sudo chown root ChangePassword
sudo chmod 6755 ChangePassword
But from some reason this does not work, when we execute ChangePassword the passwd command spawned by exp_spawnl does not inherit the root privileges.
Any ideas ?
The problem is that passwd already has setuid and it handles its own permissions.
Related
I'm setting up a new server and want to have a sftpuser for our /var/www/ directory to upload webcontent without installing a ftp server like proFTPD.
Did u can help me to do this? I just know how about with a FTP Server like proFTPD.
Best regards
Create user:
sudo useradd -d /var/www username
Set them a password:
sudo passwd username
Open the /etc/ssh/sshd_config file and append the below given code. (Remember to replace "username" with username you have created):
subsystem sftp internal-sftp
Match User username
ChrootDirectory %h
AllowTCPForwarding no
X11Forwarding no
ForceCommand internal-sftp
Restart the ssh :
sudo service ssh restart
Now it should work. There may be some ownership problems (just chown things for the user if they really need to use that).
On a unix server, I need always do sudo su - superusername Due to this no two or more people can work simultaneously on a process. I need to remove this overhead by removing the sudo step. Every user will have its own profile and they will no more share the same environment by doing sudo. Kindly help how can I create a user with same privileges as of superusername.
You can use these command to do that but it is not a good idea to give root priveledge to normal user
$ sudo useradd -ou 0 -g 0 username
Little Extra : This to set password to the new user you have created
$ sudo passwd username
I'm new to Linux (using Debian). How to make writeable dir for user and for web-server?
I connect to server via ssh, upload my files. And run next commands:
sudo chown -R www-data:www-data writeable/
sudo chmod -R g+rw writeable/
Then nginx and php (running by www-data user) writes files to writeable. Auter that i do not able to edit or delete those files.
Please help me. I know what that question was asked a million times, but i could not to find solution.
Thanks!
not sure to understand, but I guess you want your dir to be writable for user "www-data" and for another user, let's call it "medvedev".
You can put both users in a group, and grant write permissions for owner (www-data) and group.
useradd -G medvedev www-data
I am a root user. I want to auto run a script for all the users after login in a root mode. I did find my way to auto run a script for all the users. But for the normal users the permission is denied. Is there any workaround for this?
You should use sudo - your command available in root mode without password for user or group
Cmnd_Alias YCMD = /usr/local/somecommand
username ALL=YCMD, NOPASSWD: YCMD
Make sure the script is owned by root and then try setting the setuid:
# chown root:root script.sh
# chmod +s script.sh
# exit
$ ./script.sh (executed as a normal user, but will have root mode)
The setuid permission make the executable to be executed with the permissions of the owner (root in this case).
But be careful! You could be opening a hole that can be abused to gain root. (but any other solution you try to run an script by an user in root mode will provide the same risk. This solution is not more vulnerable as the others)
I am trying to get root access on a webserver using:
sudo login root
but I get:
sudo: no tty present and no askpass program specified
I also don't have permission to the sudoers file. How can I proceed?
sudo su -
If you are in the sudoer file, which it seems like you are not.
su -
If you know the root password
If you have neither of these, the admin obviously doesn't want you to have root access.