LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 06-07-2007, 08:57 AM   #1
yousmg
LQ Newbie
 
Registered: May 2007
Posts: 4

Rep: Reputation: 0
commande execution with sudo(on ssh)


i want to limit acces to my linux machine so i used sudo


i opened a ssh session on linux machine and i wanted to execute this commande:"sudo sh script.sh "remotly (ssh)
but it doesn't work.
this commande work on the same machine and i have all rights to execute it (i tested it locally)
 
Old 06-07-2007, 10:22 AM   #2
MensaWater
LQ Guru
 
Registered: May 2005
Location: Atlanta Georgia USA
Distribution: Redhat (RHEL), CentOS, Fedora, CoreOS, Debian, FreeBSD, HP-UX, Solaris, SCO
Posts: 7,831
Blog Entries: 15

Rep: Reputation: 1669Reputation: 1669Reputation: 1669Reputation: 1669Reputation: 1669Reputation: 1669Reputation: 1669Reputation: 1669Reputation: 1669Reputation: 1669Reputation: 1669
That's a little confusing.

You are doing ssh from first server to remote server THEN doing sudo sh script.sh" on the remote?

First off that would require you to setup sudoers on the remote host to do "sh script.sh" on the remote host.
1) If sh or script.sh aren't in the directory you expect it will fail.
2) Why do "sh script.sh" at all - modify the script so that it has the shell interpreter line:
#!/bin/sh
That way it will know to run as shell - you then setup sudo to just run "sudo script.sh" instead of "sudo sh script.sh" which is less dangerous anyway - giving someone "sudo sh" is the equivalent of giving them the root password.
3) Since script.sh is script be DARN sure that it is ONLY writable and executable by root. Otherwise some other user could modify it to do something like "su -" so that when you do "sudo script.sh" it gives them a root prompt.

Lastly: You need to give the command line and the error you are seeing. "It doesn't work." isn't very helpful in troubleshooting.
 
Old 06-13-2007, 03:30 PM   #3
yousmg
LQ Newbie
 
Registered: May 2007
Posts: 4

Original Poster
Rep: Reputation: 0
Thanks for your help
you have say:
First off that would require you to setup sudoers on the remote host to do "sh script.sh" on the remote host.

Here is my problem because en local sudo sh script.sh work but with remote host doesn't.

how i can add in the file suoders this accees to remote host?


Thanks.
 
Old 06-13-2007, 03:34 PM   #4
MensaWater
LQ Guru
 
Registered: May 2005
Location: Atlanta Georgia USA
Distribution: Redhat (RHEL), CentOS, Fedora, CoreOS, Debian, FreeBSD, HP-UX, Solaris, SCO
Posts: 7,831
Blog Entries: 15

Rep: Reputation: 1669Reputation: 1669Reputation: 1669Reputation: 1669Reputation: 1669Reputation: 1669Reputation: 1669Reputation: 1669Reputation: 1669Reputation: 1669Reputation: 1669
You have to ssh into the remote host so you have prompt there.

You can ssh to it either as root or ssh as another user then su (not sudo) to root on the remote. Once you are root on the remote you'd have to run visudo to edit the sudoers file there.

You can use the sudoers file on your local machine to figure out the correct entry for the sudoers on the remote.

If you don't already have root access to the root you can not do the above. You'd need to get whoever does have root access on the remote to add you to the sudoers there.
 
Old 06-14-2007, 11:04 AM   #5
yousmg
LQ Newbie
 
Registered: May 2007
Posts: 4

Original Poster
Rep: Reputation: 0
I have a connexion SSH and in my sudoers file i give to user1 the role root. i tried it local with:
user1@localhost sudo sh script.sh and it execute the script(of iptables) becuase i give to user1 the role of root.

So i didn't untersand why in remote machin does not work???

can you give me an example how to offer to user1 of remote machine with adress 132.124.32.3 to access do execute the script.sh in suoders file?

Perhaps my file is false.
here is my file:
# User alias specification
User_Alias ADMIN_AUTO_FIRE= X,Y
# Cmnd alias specification
Cmnd_Alias NET=/sbin/iptables,/usr/bin/dos2unix,/bin/chmod,/usr/bin/who,/bin/sh,/bin/,/bin/bash
# Defaults specification
# User privilege specification
root ALL=(ALL) ALL
ADMIN_AUTO_FIRE ALL=(ALL) NOPASSWD:NET

Last edited by yousmg; 06-14-2007 at 03:10 PM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Automated execution of a command on a remote system via SSH GUIPenguin Linux - General 1 02-28-2006 11:23 PM
ssh : remote command execution doesn't work for modifying env variables pypieuvre Programming 10 02-24-2006 09:50 AM
How to configure settings without Yast2 using the commande line lonecrow Linux - Software 15 11-04-2005 11:54 AM
sudo ethereal with ssh adamwenner Linux - Software 0 09-10-2004 02:21 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 04:44 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration