I am trying to get root access on a webserver using:
sudo login root
but I get:
sudo: no tty present and no askpass program specified
I also don't have permission to the sudoers file. How can I proceed?
sudo su -
If you are in the sudoer file, which it seems like you are not.
su -
If you know the root password
If you have neither of these, the admin obviously doesn't want you to have root access.
Related
I am a root user. I want to auto run a script for all the users after login in a root mode. I did find my way to auto run a script for all the users. But for the normal users the permission is denied. Is there any workaround for this?
You should use sudo - your command available in root mode without password for user or group
Cmnd_Alias YCMD = /usr/local/somecommand
username ALL=YCMD, NOPASSWD: YCMD
Make sure the script is owned by root and then try setting the setuid:
# chown root:root script.sh
# chmod +s script.sh
# exit
$ ./script.sh (executed as a normal user, but will have root mode)
The setuid permission make the executable to be executed with the permissions of the owner (root in this case).
But be careful! You could be opening a hole that can be abused to gain root. (but any other solution you try to run an script by an user in root mode will provide the same risk. This solution is not more vulnerable as the others)
Today, I installed testlink. And after I select 'new Installation' and choose 'I agree' option, it failed at the second step. The failed message are as following:
Read/write permissions
For security reason we suggest that directories tagged with [S] on following messages, will be made UNREACHEABLE from browser
Checking if C:\xampp\htdocs\testlink\gui\templates_c directory exists OK
Checking if C:\xampp\htdocs\testlink\gui\templates_c directory is writable (by user used to run webserver process) OK
Checking if /var/testlink/logs/ directory exists [S] Failed!
Checking if /var/testlink/upload_area/ directory exists [S] Failed!
So, can anyone give me a hand? Many thanks!
In C:\xampp\htdocs\testlink\config.inc.php file, change
$g_repositoryPath = 'C:\xampp\htdocs\testlink\upload_area';
$tlCfg->log_path = 'C:\xampp\htdocs\testlink\logs';
Worked for me , make sure you dont have the slash at the end.
i.e, make sure that it is NOT:
$g_repositoryPath = 'C:\xampp\htdocs\testlink\upload_area\';
$tlCfg->log_path = 'C:\xampp\htdocs\testlink\logs\';
If you installed the XAMPP or testlink in another directories, change the paths above accordingly.
Go to config.inc.php and log directory ($tlCfg->log_path) edit the path to C:\xampp\testlink\logs and upload directory ($g_repositoryPath) to C:\xampp\testlink\upload_area
In some cases, you would do like this:
Go to C:\xampp\htdocs\testlink\config.inc.php1
and log directory ($tlCfg->log_path) edit the path to C:\xampp\htdocs\testlink\logs
and upload directory ($g_repositoryPath) to C:\xampp\htdocs\testlink\upload_area
Then you have:
$g_repositoryPath = 'C:\xampp\htdocs\testlink\upload_area';
$tlCfg->log_path = 'C:\xampp\htdocs\testlink\logs';
I had paths set correct , also user, group and access are set correct and still can not get rid of issue. It took me very long to go to the root cause, the issue lies at- http daemon does not have access to file in concern due to SELinux policies. So simple chown, chmod would not help(group and user access). For testlink 1.16 I resolved it with re-installing with sudo user, but for upgrade, an issue arose again even with sudo user.
And resolved issue by executing following commands, I hope this helps. (Note: You might have to mend attributes to run it successfully)
$chcon -t httpd_sys_content_rw_t "<path_to_testlink_folder>/gui/templates_c/"
$chcon -t httpd_sys_content_rw_t "/<path_to_testlink_folder>/upload_area/"
$chcon -t httpd_sys_content_rw_t "<path_to_testlink_folder>/logs"
$semanage fcontext -a -t httpd_sys_content_rw_t "<path_to_testlink_folder>(/.*)?"
$restorecon -R -v path_to_testlink_folder
Ubuntu 12.04 - All you have to do is chmod 777 these directories, Fails will become Pass.
~$ cd into /var/www/testlink
~$ sudo chmod 777 ./gui/templates_c/
~$ sudo chmod 777 ./upload_area/
~$ sudo chmod 777 ./logs/
Whatever the instructions say is total BS. Making these directories unreachable from browser is optional, and that created a confusion. if you chmod 777 them, your Fails will turn into pass and now you'll be able to proceed to step 3 of your testlink installation. Tested with testlink version 1.9.5.
For Mac OS Users try this in 1.9.19 version:
Make Sure with your folder name.
In config.inc.php file:
$tlCfg->log_path = TL_ABS_PATH . 'logs' . DIRECTORY_SEPARATOR;
$g_repositoryPath= TL_ABS_PATH . 'upload_area' . DIRECTORY_SEPARATOR;
After this if you got read write permission issue failed.
Goto testlink -> logs / upload_area -> press Command + I -> in Permission Enable Read Write to Everyone.
on Linux; ensure the paths are as follows:
$tlCfg->log_path
$g_repositoryPath
are
/var/www/html/testlink/logs/
/var/www/html/testlink/upload_area/
Valid for ubuntu 16.04 LTS add permisions
Change:
$g_repositoryPath = 'var/www/html/testlink/upload_area'; //linux user
$tlCfg->log_path = 'var/www/html/testlink/logs';
~$ cd into /var/www/testlink
~$ sudo chmod 777 ./gui/templates_c/
~$ sudo chmod 777 ./upload_area/
~$ sudo chmod 777 ./logs/
In CentOS go to /var/www/html/testlink-code-1.9.16 and edit the file custom_config.inc.php replace these two lines
// $tlCfg->log_path = '/var/testlink-ga-testlink-code/logs/'; /* unix example */
// $g_repositoryPath = '/var/testlink-ga-testlink-code/upload_area/'; /* unix example */
with
$tlCfg->log_path = '/var/www/html/testlink-code-1.9.16/logs/';
$g_repositoryPath = '/var/www/html/testlink-code-1.9.16/upload_area/';
Make sure you have disabled the selinux. If not to do so edit the file /etc/sysconfig/selinux and change the variable SELINUX to disabled and reboot the machine. Now these errors should have gone.
on ubuntu 18.04, will need to run
apt-get remove apparmor
in order to install it
To solve the problem :
Checking if /var/www/html/testlink-1.9.16/gui/templates_c directory is writable (by user used to run webserver process) on Centos 7.
Disable SELinux, and then restart your system.
You should no longer have this error message.
I feel like this is more of a unix question, but I'm looking to compile node projects without using the sudo command each time.
Example:
$ node server.js
Results in the following error:
node.js:63
throw e;
^
Error: EACCES, Permission denied
....
Is there any way to permanently give node root access?
Thanks!
Matt
Root has permanent root access, so just become root.
$ sudo su
Or:
Install node.js without using sudo
Double-check that your directories you are working in are actually writable by a non-root user.
So I want to be able to cap:deploy without having to type any passwords. I have setup all private keys so I can get to the remote servers fine, and am now using svn over ssh, so no passwords there.
I have one last problem, I need to be able to restart nginx. Right now I have sudo /etc/init.d/nginx reload. That is a problem b/c it uses the capistrano password, the one I just removed b/c I am using keys. Any ideas on how to restart nginx w\out a password?
I just spent a good hour looking at sudoer wildcards and the like trying to solve this exact problem. In truth, all you really need is a root executable script that restarts nginx.
Add this to the /etc/sudoers file
username hostname ALL=NOPASSWD: /path/to/script
Write script as root
#! /bin/bash
/bin/kill -HUP `cat /var/run/nginx.pid`
Make the script executable
Test.
sudo /path/to/script
There is a better answer on Stack Overflow that does not involve writing a custom script:
The best practice is to use /etc/sudoers.d/myusername
The /etc/sudoers.d/ folder can contain multiple files that allow users
to call stuff using sudo without being root.
The file usually contains a user and a list of commands that the user
can run without having to specify a password.
Instructions:
In all commands, replace myusername with the name of your user that you want to use to restart nginx without sudo.
Open sudoers file for your user:
$ sudo visudo -f /etc/sudoers.d/myusername
Editor will open. There you paste the following line. This will allow that user to run nginx start, restart, and stop:
myusername ALL=(ALL) NOPASSWD: /usr/sbin/service nginx start,/usr/sbin/service nginx stop,/usr/sbin/service nginx restart
Save by hitting ctrl+o. It will ask where you want to save, simply press enter to confirm the default. Then exit out of the editor with ctrl+x.
Now you can restart (and start and stop) nginx without password. Let's try it.
Open new session (otherwise, you might simply not be asked for your sudo password because it has not timed out):
$ ssh myusername#myserver
Stop nginx
$ sudo /usr/sbin/service nginx stop
Confirm that nginx has stopped by checking your website or running ps aux | grep nginx
Start nginx
$ sudo /usr/sbin/service nginx start
Confirm that nginx has started by checking your website or running ps aux | grep nginx
PS: Make sure to use sudo /usr/sbin/service nginx start|restart|stop, and not sudo service nginx start|restart|stop.
Run sudo visudo
Append with below lines (in this example you can add multiple scripts and services after comma)
# Run scripts without asking for pass
<your-user> ALL=(root) NOPASSWD: /opt/fixdns.sh,/usr/sbin/service nginx *,/usr/sbin/service docker *
Save and exit with :wq
Create a rake task in Rails_App/lib/capistrano/tasks/nginx.rake and paste below code.
namespace :nginx do
%w(start stop restart reload).each do |command|
desc "#{command.capitalize} Nginx"
task command do
on roles(:app) do
execute :sudo, "service nginx #{command}"
end
end
end
end
Then ssh to your remote server and open file
sudo vi /etc/sudoers
and the paste this line (after line %sudo ALL=(ALL:ALL) ALL)
deploy ALL=(ALL:ALL) NOPASSWD: /usr/sbin/service nginx *
Or, as in your case,
deploy ALL=(ALL:ALL) NOPASSWD: /etc/init.d/nginx *
Here I am assuming your deployment user is deploy.
You can add here other commands too for which you dont require to enter password. For example
deploy ALL=(ALL:ALL) NOPASSWD: /usr/sbin/service nginx *, /etc/init.d/mysqld, /etc/init.d/apache2
I am a newbie in php, mysql. I have written a hello.php script, which I am trying to copy into /var/www directory (and will later want to open it through web browser). The problem with the same is that I am not allowed to save/write any files in /var/www despite me being the root. I tried implementing steps in this question, but I get the following error when I process the third line
find /var/www/ -type f -exec chmod g+w '{}' ';'
chmod: changing permissions of `/var/www/index.html': Operation not permitted
I know symlink is also an option. I would want to be able to write/copy files directly to /var/www/ directory.
Any suggestions on what is going wrong?
it'matter of *unix permissions, gain root acces, for example by typing
sudo su
[then type your password]
and try to do what you have to do
Do you have a file in /var/www called hello.php already that has permissions on it? Maybe the system can't replace the file?
Although, root access should supersede any user on the system.
Have you tried applying permissions to the www folder?
If you can do this, try the following:
sudo chmod -R 777 /var/www
then do:
sudo cp hello.php /var/www
I only recommend doing this if you know 100% that it is ok to set permissions on the whole www folder. By the sounds of it, you are running on your own production server as most live/shared hosting servers are setup so that the www folder is not in the /var folder (instead it is in the home folder of the user).
Be VERY careful when doing anything with the sudo prefix though, you can seriously damage your system if you do it wrong.
Are you in a development environment ? If Yes, You can do
chown -R user:group /var/www
so you will be able to write with your user.
Execute the following command
sudo setfacl -R -m u:<user_name>:rwx /var/www
It will change the permissions of html directory so that you can upload, download and delete the files or directories
Encountered a similar problem today. Did not see my fix listed here, so I thought I'd share.
Root could not erase a file.
I did my research. Turns out there's something called an immutable bit.
# lsattr /path/file
----i-------- /path/file
#
This bit being configured prevents even root from modifying/removing it.
To remove this I did:
# chattr -i /path/file
After that I could rm the file.
In reverse, it's a neat trick to know if you have something you want to keep from being gone.
:)
sudo chown -R $USER:$USER /var/www
First off, this has nothing to do with php. This is a unix permission issue. You need to login as a superuser ( sudo/su ) and type your password, then try that command.
$ su
(type password )
\# your command
$ sudo command
$ (type password)
It might also help if you actually specified the operating system you use.
sudo cp hello.php /var/www/
What output do you get?
If none of the above works, you might be dealing with a vfat filesystem. Use "df" to check.
See http://www.charlesmerriam.com/blog/2009/12/operation-not-permitted-and-the-fat-32-system/ for more details.
First of all, you need to login as root and than go to /etc directory and execute some commands which are given below.
[root#localhost~]# cd /etc
[root#localhost /etc]# vi sudoers
and enter this line at the end
kundan ALL=NOPASSWD: ALL
where kundan is the username and than save it. and then try to transfer the file and add sudo as a prefix to the command you want to execute:
sudo cp hello.txt /home/rahul/program/
where rahul is the second user in the same server.
You just have to write sudo instead of su.
Then just copy the PHP file to the var/www/ directory.
Then go to the browser, and write local host/test.php or whatever the .php filename is.
Enter the following command in the directory you want to modify the right:
for example the directory: /var/www/html
sudo setfacl -m g:username:rwx . #-> for file
sudo setfacl -d -m g:username: rwx . #-> for directory
This will solve the problem.
Replace username with your username.
The problem is a privilege issue navigate to the var/www/
right-click in it and select open as admin
then continue your work