LinuxQuestions.org
Go Job Hunting at the LQ Job Marketplace
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Suse/Novell
User Name
Password
Suse/Novell This Forum is for the discussion of Suse Linux.

Notices

Reply
 
Search this Thread
Old 06-09-2006, 11:08 AM   #1
Andrew Sorensen
LQ Newbie
 
Registered: May 2006
Distribution: Gentoo / custom linux
Posts: 17

Rep: Reputation: 0
Question Yast2 Security issuse form command line


Running Suse 10.0 you can run yast from command line- install software ext without entering your root password the command that brings yast up is
/sbin/yast
how do I block that!!!
 
Old 06-09-2006, 04:25 PM   #2
unSpawn
Moderator
 
Registered: May 2001
Posts: 27,165
Blog Entries: 54

Rep: Reputation: 2807Reputation: 2807Reputation: 2807Reputation: 2807Reputation: 2807Reputation: 2807Reputation: 2807Reputation: 2807Reputation: 2807Reputation: 2807Reputation: 2807
Short answer: restrict access permissions (chmod 0700 filename).
Long answer (probably): Using symlinks from the actual application to (/usr/bin/)userhelper/consolehelper to use PAM auth, distro's utilising PAM also rely on unprivileged users having /usr/bin before /sbin in their $PATH. If you skip all that and just give the full path you are able to access those binaries directly. Since you are not running as root you don't have (write!) access to like the RPM database and shouldn't be able to install system stuff (AFAIK).
 
Old 06-09-2006, 04:28 PM   #3
dasy2k1
Member
 
Registered: Oct 2005
Location: 127.0.0.1
Distribution: Ubuntu 12.04 X86_64
Posts: 956

Rep: Reputation: 34
as root try this

chmod /sbin/yast 700

that should stop all users except root running it atall thiough wetehr it would stop users running it from the GUI and then SUing with KDESU i dont know, give it a try...
 
Old 06-09-2006, 04:29 PM   #4
dasy2k1
Member
 
Registered: Oct 2005
Location: 127.0.0.1
Distribution: Ubuntu 12.04 X86_64
Posts: 956

Rep: Reputation: 34
lol we must have posted the same answer at teh same time as yorr answer wasnet there when i started typing unSpawn!
 
Old 06-10-2006, 05:00 AM   #5
unSpawn
Moderator
 
Registered: May 2001
Posts: 27,165
Blog Entries: 54

Rep: Reputation: 2807Reputation: 2807Reputation: 2807Reputation: 2807Reputation: 2807Reputation: 2807Reputation: 2807Reputation: 2807Reputation: 2807Reputation: 2807Reputation: 2807
we must have posted the same answer at teh same time
Clearly not: I was three minutes ahead of you, heh. Hint: use "preview" before posting.
Doesn't matter tho. What matters is ppl answering questions, cuz in some cases there's more than one POV and more than one answer.


experimanal box
BTW, I think you've got a first there, having an "experimanal" box... ;-p
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Partition resize, YAST2 (Suse 9.0) command line onurbi Linux - Software 4 08-18-2010 03:58 AM
Guile rpm file won't install from command line or yast2 TdlSnare Suse/Novell 5 12-01-2004 07:36 AM
shell script works form command line but not form crontab saifee General 1 10-14-2004 10:27 AM
how do I copy a whoel folder form one directory to another form the command line? zwyrbla Linux - Newbie 8 08-24-2004 06:40 PM
instant message form command line jonfa Linux - General 4 03-10-2004 09:45 PM


All times are GMT -5. The time now is 02:31 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration