Hi everyone, I have an issue with a project of mine. I have to run a program on a terminal which requires to be logged in as su to have it run it. Given that I'm having problem to use expect to give the password I'd like to change the privilege of that program from SU to normal user ( I have the SU password, the problem is that it's going to be a standalone machine with everything automated).
Sorry for my English, I'm not a native speaker
Thanks for your help
Hi,
have you tried ssh keys?
I use ssh keys to connect to the terminal, but once there i need to launch a program as SU, the thing that I wan to do right now is change the privileges needed to run that program from SU to normal users
Ok. try that:
@maya# ssh root@yourhostname ssh anotheruser@yourhostname $PATH/hello_world.sh
Hola we
@maya#
Is it something like chmod 644 rwx?
---------- Post updated at 08:37 PM ---------- Previous update was at 08:35 PM ----------
Thanks for everything I found the answer I was looking for: chmod 777
That is a bad solution, cos' everyone can execute the program. your cuestion was about switch user to execute a program.
good look.
This is not quite right.
You need setuid - the program has to belong to root or whoever you su to.
Assume your file is named "myfile" someuser is whover you su to - could be root
su - someuser
chown someuser:somegroup myfile
chmod 4711 myfile
This will work ONLY if the filesystem where you have "myfile", will allow setuid. The chmod 4711 command sets setuid, and sets permissions to 711. to do a setgid try chmod 2711 [filename]. You do this if having group permissions lets the program run correctly.
Note: setuid programs unless written REALLY well are a security risk.
What I want is for everyone to be able to use that program, because it's going to be automated through a shell script and I have problem to code a way to give the SU password in the script, and I don't seem to be able to use expect on debian
---------- Post updated at 09:58 PM ---------- Previous update was at 09:35 PM ----------
I tried what McNamara suggested but for some weird reason is not working, has anyone some other idea?
Hi everyone, I haven't been able to solve my problem. I'm now trying to run it through the sudo command.
In my /etc/sudoers i add this line :
ssdl-dev ALL=NOPASSWD:/interface/master
But when I exit su mode and I type the following command to run that specific program as sudo:
sudo ./interface/master
it prompts me for the password
Could you please indicate me what I did wrong?
Best
Lorenzo
Is ssdl-dev a user or a group?
Make sure that line appears first, before any other lines relating to ssdl-dev or any groups it's in. sudo will use the first applicable line, even if there's a line further down that'd grant you higher access.
Also: there is an enormous difference between
/interface/master
and
./interface/master
Give sudo the absolute path, and run it with the absolute path.
there is never a good reason to use 777. if you don't believe me give me access to your system 
---------- Post updated at 18:18 ---------- Previous update was at 18:17 ----------
please run sudo -l as the user and post the results
ssdl-dev is a group ad I have it defined under ROOT.
The problems is if I define in sudoers the following path:
ssdl-dev ALL=NOPASSWD:./interface/master (N.B. there's the point)
when I save it and exit it tells me there's an error in the script.
Running the sudo -l command I get this:
(root) NOPASSWD: /interface/master.
Regarding chmod 777 could you please explain me what's the difference between having a single file in chmod 777 and give to your user the sudo ability to run the same program? (Although the main reason I said I don't care is because once done with the initial setup the machine is completly isolated)
Best
Lorenzo
You need to prefix it with %, then, which tells sudoers that it's a group and not a user.
It contains a relative path, which is also wrong. I'd be shocked if it allowed relative paths, since that's a blank cheque to run anything with that name with root permissions!
I repeat: Give sudo the absolute path. And run it with the absolute path.
The user it runs under, for one thing. 'chmod 777' doesn't let a normal user run a program as another user.
It does allow any user whatsoever to modify the file, though! If people are running it as root, you can see why this is a bad idea -- anyone could modify the script into something malicious for anyone else to blunder along and run as root!
You should learn what the UNIX file permissions actually mean, not treat everything with the sledgehammer 777.
Thans for the help and the tips, btw for anyone who might stumble on this discussion the solution would be:
ssdl-dev ALL=NOPASSWD: /home/interface/master