Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here. |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
06-07-2007, 08:57 AM
|
#1
|
LQ Newbie
Registered: May 2007
Posts: 4
Rep:
|
commande execution with sudo(on ssh)
i want to limit acces to my linux machine so i used sudo
i opened a ssh session on linux machine and i wanted to execute this commande:"sudo sh script.sh "remotly (ssh)
but it doesn't work.
this commande work on the same machine and i have all rights to execute it (i tested it locally)
|
|
|
06-07-2007, 10:22 AM
|
#2
|
LQ Guru
Registered: May 2005
Location: Atlanta Georgia USA
Distribution: Redhat (RHEL), CentOS, Fedora, CoreOS, Debian, FreeBSD, HP-UX, Solaris, SCO
Posts: 7,831
|
That's a little confusing.
You are doing ssh from first server to remote server THEN doing sudo sh script.sh" on the remote?
First off that would require you to setup sudoers on the remote host to do "sh script.sh" on the remote host.
1) If sh or script.sh aren't in the directory you expect it will fail.
2) Why do "sh script.sh" at all - modify the script so that it has the shell interpreter line:
#!/bin/sh
That way it will know to run as shell - you then setup sudo to just run "sudo script.sh" instead of "sudo sh script.sh" which is less dangerous anyway - giving someone "sudo sh" is the equivalent of giving them the root password.
3) Since script.sh is script be DARN sure that it is ONLY writable and executable by root. Otherwise some other user could modify it to do something like "su -" so that when you do "sudo script.sh" it gives them a root prompt.
Lastly: You need to give the command line and the error you are seeing. "It doesn't work." isn't very helpful in troubleshooting.
|
|
|
06-13-2007, 03:30 PM
|
#3
|
LQ Newbie
Registered: May 2007
Posts: 4
Original Poster
Rep:
|
Thanks for your help
you have say:
First off that would require you to setup sudoers on the remote host to do "sh script.sh" on the remote host.
Here is my problem because en local sudo sh script.sh work but with remote host doesn't.
how i can add in the file suoders this accees to remote host?
Thanks.
|
|
|
06-13-2007, 03:34 PM
|
#4
|
LQ Guru
Registered: May 2005
Location: Atlanta Georgia USA
Distribution: Redhat (RHEL), CentOS, Fedora, CoreOS, Debian, FreeBSD, HP-UX, Solaris, SCO
Posts: 7,831
|
You have to ssh into the remote host so you have prompt there.
You can ssh to it either as root or ssh as another user then su (not sudo) to root on the remote. Once you are root on the remote you'd have to run visudo to edit the sudoers file there.
You can use the sudoers file on your local machine to figure out the correct entry for the sudoers on the remote.
If you don't already have root access to the root you can not do the above. You'd need to get whoever does have root access on the remote to add you to the sudoers there.
|
|
|
06-14-2007, 11:04 AM
|
#5
|
LQ Newbie
Registered: May 2007
Posts: 4
Original Poster
Rep:
|
I have a connexion SSH and in my sudoers file i give to user1 the role root. i tried it local with:
user1@localhost sudo sh script.sh and it execute the script(of iptables) becuase i give to user1 the role of root.
So i didn't untersand why in remote machin does not work???
can you give me an example how to offer to user1 of remote machine with adress 132.124.32.3 to access do execute the script.sh in suoders file?
Perhaps my file is false.
here is my file:
# User alias specification
User_Alias ADMIN_AUTO_FIRE= X,Y
# Cmnd alias specification
Cmnd_Alias NET=/sbin/iptables,/usr/bin/dos2unix,/bin/chmod,/usr/bin/who,/bin/sh,/bin/,/bin/bash
# Defaults specification
# User privilege specification
root ALL=(ALL) ALL
ADMIN_AUTO_FIRE ALL=(ALL) NOPASSWD:NET
Last edited by yousmg; 06-14-2007 at 03:10 PM.
|
|
|
All times are GMT -5. The time now is 04:44 PM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|