-bash: syntax error near unexpected token `newline'

Melensa · 04-13-2012, 03:37 PM

I wrote;

1): $ sudo chmod +a “group:staff deny execute” <program name>

(All users on the system are in the “staff” group, so the
commands below should allow members of the admin group to execute <program name>,
but deny that right to members of the staff group:

2): $ sudo chmod +a# 0 “group:admin allow execute” <program name>

With the first command I had no problem but when I wrote the second, it appeared:

-bash: syntax error near unexpected token `newline'

Does somebod have an idea of what is going on?...
I am desperate, I am afraid that the first command alone might have caused a damage to the rights of the admin / root account

Thank you for every help

melensa

Tinkster · 04-13-2012, 05:46 PM

First things first: what are you trying to achieve?
And is what you posted above what you literally typed?
If it is it's quite surprising that it worked, because
what I see there is not valid syntax for chmod in any
incarnation I've come across.

Cheers,
Tink

yoK0 · 04-13-2012, 07:44 PM

Indeed, wierd. Im also suprised that chmod +a worked. Even tried it myself
and didnt work.

man chmod will solve your problem.

r -read
w -write
x - execute

chmod +x <file> will grant executable permission to everyone.

Melensa · 04-14-2012, 07:58 AM

Thank you for your answer and forgive please my incompetence,I am a newcomer.

This is a quote from the Apple security configuration (you can download it from Apple)

" Using ACLs to Restrict Usage of Setuid Programs
The ACL feature of Mac OS X can also be used to restrict the execution of setuid
programs. Restricting the execution of setuid programs to administrators prevents
other users from executing those programs. It should also prevent attackers who are
currently running with ordinary user privileges from executing the setuid program and
trying to elevate their privileges. All users on the system are in the “staff” group, so the
commands below allow members of the admin group to execute <program name>,
but deny that right to members of the staff group:
$ sudo chmod +a “group:staff deny execute” <program name>
$ sudo chmod +a# 0 “group:admin allow execute” <program name> "
Only the first command
$ sudo chmod +a “group:staff deny execute” <program name>
has been accepted. The second
$ sudo chmod +a# 0 “group:admin allow execute” <program name>
has been refused with the answer:
-bash: syntax error near unexpected token `newline'.

What I want to achieve is restricting the execution of setuid programs to the admin account. The other accounts should not be able to do it.

manu-tm · 04-14-2012, 08:37 AM

Linux is not Apple (fortunatelly...)

man setuid

colucix · 04-14-2012, 11:14 AM

Moved: This thread is more suitable in Other *nix and has been moved accordingly to help your thread/question get the exposure it deserves.

David the H. · 04-14-2012, 01:21 PM

Please use [code][/code] tags around your code and data, to preserve formatting and to improve readability. Please do not use quote tags, colors, or other fancy formatting.

Code:

$ sudo chmod +a# 0 “group:admin allow execute” <program name>

You do realize that "#" is the character that starts a shell comment, right? So everything after it is invisible to the shell. If the # is intended to be passed to chmod, then it needs to be quoted or escaped first.

Also, do be aware that only ['] and ["] are correct quote characters. The fancy [”] quotes above are not proper shell syntax.

Melensa · 04-14-2012, 03:16 PM

Thank you very much for the answer David. I am a totally newcomer so I don't know much at the moment.

Could you please tell me HOW I should write that command to tell Terminal that I want that only Admin can execute <program name>?

You also say that "The fancy [”] quotes above are not proper shell syntax": why the first command has been accepted? Or the fact that Terminal didn't react doesn't mean that it accepted it?

Melensa · 04-14-2012, 03:51 PM

Perhaps my question was not so clear. I have a MacOsx 10.5.8 I have experienced some strange features (The mouse was moving by itself in more than a situation - I found an IMAP entrance in my email (gmail: details) with an unknown IP number - My desktop screen changed the image by itself and the new image was a strange one with many numbers and written Hash, plain and cracked - plus some more things happened,which made me arrive to the conclusion that it was time for me to improve the security of my computer. Therefore I downloaded the security configuration from Apple, from which I copied the command that doesn't work with the ["] and provokes the sintax error in Terminal.

The Apple security configuration for Leopard seems to have a tipping mistake. Could u please tell me what should I write instead?

I am a student and I have nothing important in my computer but I feel violated. it is a very bad feeling to have 'intruders' in a private sphere, it is a virtual stalking.

Thank you and greetings.

Melensa · 04-14-2012, 04:07 PM

I tried
$ sudo chmod +a# 0 "group:admin allow execute" <program name>

but the answer was still

-bash: syntax error near unexpected token `newline'

Tinkster · 04-14-2012, 08:52 PM

You still haven't escaped the hash ... try that, see what it does.

Melensa · 04-15-2012, 03:25 AM

I just tried

$ sudo chmod +a 0 "group:admin allow execute" <program name>

...same answer :-(

Tinkster · 04-15-2012, 01:51 PM

And the next question .. are you entering <program name> literally?