|
|
Sponsored Content
Special Forums
Cybersecurity
Root acces bug through sudo!
Post 302910046 by rbatte1 on Tuesday 22nd of July 2014 07:16:47 AM
|
|
10 More Discussions You Might Find Interesting
1. Linux
Hi all..
I'm secering a RH 2.1 server, with gnome (not my choice...), as X manager.
Is ther anyway to get sudo ask for root password other then the actual user's password? Like when you launch the graphical IHM to create a new user, it asks for root's password? Is there a way to do the same... (5 Replies)
Discussion started by: penguin-friend
5 Replies
2. AIX
Guy's
I'm trying to add some lines in sudo by useing this command visudo
# User privilege specification
root ALL=(ALL) ALL
# Uncomment to allow people in group wheel to run all commands
# %wheel ALL=(ALL) ALL
# Same thing without a password
# %wheel ALL=(ALL) NOPASSWD: ALL
#... (5 Replies)
Discussion started by: ITHelper
5 Replies
3. UNIX for Dummies Questions & Answers
I'm actually working with a Ubuntu-System here and have a question about executing a command with 'sudo'.
I tried and got a error message like "not allowed".
After this I logged in with 'sudo -s' and typed the command without 'sudo'. This worked well.
Can please somebody explain me this... (0 Replies)
Discussion started by: daWonderer
0 Replies
4. UNIX for Dummies Questions & Answers
I've been through many threads before i decide to create a separate thread.
I can't really find the solution to my (simple) problem.
Here's what I'm trying to achieve:
As "canar" user I want to run a command, let's say "/opt/ocaml/bin/ocaml" as "duck" user.
The only to achieve this is to... (1 Reply)
Discussion started by: canar
1 Replies
5. UNIX for Dummies Questions & Answers
Anyone able to explain why if i run "sudo -i" or "sudo -s" i am able to get into root by just keying my own password?
How to avoid this from happening coz i need all the users to use su - only. (2 Replies)
Discussion started by: timmywong
2 Replies
6. Red Hat
I have a set of RHEL 5 boxes running our ERP software on Oracle databases. I need to allow my DBA's to su to oracle and one other account (banner) without knowing the oracle or banner password. But I need to prevent them from su'ing to any other user especially root. I only want them to be able to... (1 Reply)
Discussion started by: westmoreland
1 Replies
7. Shell Programming and Scripting
I want to bug and make lag in the vps using commands on linux by a normal user, SSH on centos 6. (1 Reply)
Discussion started by: [xEF]Danger
1 Replies
8. UNIX for Beginners Questions & Answers
i have tried to use a sudo command from a user level . but instead of asking for user password it asked for root password . how should i go about it .
james@opensuse:/etc> sudo ifconfig
root's password:
And i wish to ask how should i allow a list of command to be allowed to used for a... (4 Replies)
Discussion started by: lobsang
4 Replies
9. Solaris
Hello,
It is Solaris-10. There is a file as /opt/vpp/dom1.2/pdd/today_23. It is always generated by root, so owned by root only.
This file has to be deleted as part of application restart always and that is done by app_user and SA is always involved to do rm on that file.
Is it possible to give... (9 Replies)
Discussion started by: solaris_1977
9 Replies
10. UNIX for Beginners Questions & Answers
I have a coworker that has set up some funky aliases in /etc/bash.alias, and he insists on leaving them that way. For example he aliased "ll" to "ls -lahtr", which really bugs me.
Anyway, I was wondering if there were a way for me to sudo to root without reading /etc/bash.alias, or maybe have... (6 Replies)
Discussion started by: paqman
6 Replies
LEARN ABOUT DEBIAN
puppet-kick
PUPPET-KICK(8) Puppet manual PUPPET-KICK(8) NAME
puppet-kick - Remotely control puppet agent SYNOPSIS
Trigger a puppet agent run on a set of hosts. USAGE
puppet kick [-a|--all] [-c|--class class] [-d|--debug] [-f|--foreground] [-h|--help] [--host host] [--no-fqdn] [--ignoreschedules] [-t|--tag tag] [--test] [-p|--ping] host [host [...]] DESCRIPTION
This script can be used to connect to a set of machines running 'puppet agent' and trigger them to run their configurations. The most com- mon usage would be to specify a class of hosts and a set of tags, and 'puppet kick' would look up in LDAP all of the hosts matching that class, then connect to each host and trigger a run of all of the objects with the specified tags. If you are not storing your host configurations in LDAP, you can specify hosts manually. You will most likely have to run 'puppet kick' as root to get access to the SSL certificates. 'puppet kick' reads 'puppet master''s configuration file, so that it can copy things like LDAP settings. USAGE NOTES
Puppet kick needs the puppet agent on the target machine to be running as a daemon, be configured to listen for incoming network connec- tions, and have an appropriate security configuration. The specific changes required are: o Set listen = true in the agent's puppet.conf file (or --listen on the command line) o Configure the node's firewall to allow incoming connections on port 8139 o Insert the following stanza at the top of the node's auth.conf file: # Allow puppet kick access path /run method save auth any allow workstation.example.com This example would allow the machine workstation.example.com to trigger a Puppet run; adjust the "allow" directive to suit your site. You may also use allow * to allow anyone to trigger a Puppet run, but that makes it possible to interfere with your site by triggering exces- sive Puppet runs. See http://docs.puppetlabs.com/guides/rest_auth_conf.html for more details about security settings. OPTIONS
Note that any configuration parameter that's valid in the configuration file is also a valid long argument. For example, 'ssldir' is a valid configuration parameter, so you can specify '--ssldir directory' as an argument. See the configuration file documentation at http://docs.puppetlabs.com/references/latest/configuration.html for the full list of acceptable parameters. A commented list of all configuration options can also be generated by running puppet master with '--genconfig'. --all Connect to all available hosts. Requires LDAP support at this point. --class Specify a class of machines to which to connect. This only works if you have LDAP configured, at the moment. --debug Enable full debugging. --foreground Run each configuration in the foreground; that is, when connecting to a host, do not return until the host has finished its run. The default is false. --help Print this help message --host A specific host to which to connect. This flag can be specified more than once. --ignoreschedules Whether the client should ignore schedules when running its configuration. This can be used to force the client to perform work it would not normally perform so soon. The default is false. --parallel How parallel to make the connections. Parallelization is provided by forking for each client to which to connect. The default is 1, meaning serial execution. --tag Specify a tag for selecting the objects to apply. Does not work with the --test option. --test Print the hosts you would connect to but do not actually connect. This option requires LDAP support at this point. --ping Do a ICMP echo against the target host. Skip hosts that don't respond to ping. EXAMPLE
$ sudo puppet kick -p 10 -t remotefile -t webserver host1 host2 AUTHOR
Luke Kanies COPYRIGHT
Copyright (c) 2011 Puppet Labs, LLC Licensed under the Apache 2.0 License Puppet Labs, LLC June 2012 PUPPET-KICK(8)