Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Admin privileges check
Top Forums Shell Programming and Scripting Admin privileges check Post 302179317 by gliesian on Thursday 27th of March 2008 11:30:50 AM
Old 03-27-2008
Hammer & Screwdriver Thanks again!
Does the trick ( with a bang ) Smilie
 

8 More Discussions You Might Find Interesting

1. UNIX for Dummies Questions & Answers

privileges

I have a website that I am working on and one of the pages allows people to upload pictures to be used on other pages. My question is: is it safe to set the privileges to 777 on the folder that the pictures are saved in? Or would that open up my site to be hacked, bugged, wormed...and everything... (1 Reply)
Discussion started by: paladaxar
1 Replies

2. Programming

root privileges

Hi I have make a program that needs root privleges but any user can try to run it, so what I want it is, when any user tries( other than root ) to run the program, an input prompt would open to enter root password ( if user knows ) and program will run ( otherwise exit ), and after completing... (21 Replies)
Discussion started by: sumsin
21 Replies

3. UNIX for Dummies Questions & Answers

root privileges

Hello, As admin with root rights, to execute any command from another user without password-ask, I do : su - <user> -c "<cmd>" But how can I do to give the same rights to another physical user without using root user ? :confused: I've try to create another user "toor" with the same primary... (4 Replies)
Discussion started by: madmat
4 Replies

4. AIX

copy a fs with the same privileges

Hi All, I use "cp -R /fs/* /newfs" and I can copy everything except it won't have the files/directories the same privileges. Is there a trick to this without using a software-backup. Thanks in advance, itik (3 Replies)
Discussion started by: itik
3 Replies

5. Windows & DOS: Issues & Discussions

Lost Domain Admin Privileges in Samba

Hello, I have apparently lost all domain admin privledges in Samba. I have had several problems ever since I installed the 1/31 Solaris patch cluster. I had to roll out one Samba update (146363-01), which denied all logons network access. However, this particular problem seems to have begun... (0 Replies)
Discussion started by: stringman
0 Replies

6. What is on Your Mind?

Windows Admin switching to *nix Admin

I'm currently a Windows admin and have wanted to jump ship to the *nix side for a while now. I've been studying both through an lpic level 1 manual as I have time (focusing on debian), and a solaris 10 cert book. The problem is I only have a handful of hours a week to study, and my current job... (3 Replies)
Discussion started by: bobwilson
3 Replies

7. UNIX for Dummies Questions & Answers

Command run with admin privileges

Hi all, I want to run a single command (gdm-restart) which has admin privileges as normal user. I have done these below steps so for. 1. cp -p /usr/sbin/gdm-restart /usr/bin 2. chmod o+w /usr/bin 3. chown user /usr/bin. But still not success. So kindly please let me know whether there is... (3 Replies)
Discussion started by: mastansaheb
3 Replies

8. What is on Your Mind?

Regarding Admin life either as DBA or UNIX Linux admin

I am planning to choose my career as Unix/Linux Admin or a DBA. But I have come to know from forums and few admins like the job will be 24/7. I have few questions on that. Can we get "DAY" shifts in any one of the admin Job ? Can't we have shift timings in any company ? Eventhough the... (7 Replies)
Discussion started by: Jacktts
7 Replies

LEARN ABOUT CENTOS

pkexec

PKEXEC(1)							      pkexec								 PKEXEC(1)

NAME

       pkexec - Execute a command as another user

SYNOPSIS

       pkexec [--version] [--disable-internal-agent] [--help]

       pkexec [--user username] PROGRAM [ARGUMENTS...]

DESCRIPTION

       pkexec allows an authorized user to execute PROGRAM as another user. If username is not specified, then the program will be executed as the
       administrative super user, root.

RETURN VALUE

       Upon successful completion, the return value is the return value of PROGRAM. If the calling process is not authorized or an authorization
       could not be obtained through authentication or an error occured, pkexec exits with a return value of 127. If the authorization could not
       be obtained because the user dismissed the authentication dialog, pkexec exits with a return value of 126.

AUTHENTICATION AGENT

       pkexec, like any other polkit application, will use the authentication agent registered for the calling process or session. However, if no
       authentication agent is available, then pkexec will register its own textual authentication agent. This behavior can be turned off by
       passing the --disable-internal-agent option.

SECURITY NOTES

       Executing a program as another user is a privileged operation. By default the action to check for (see the section called "ACTION AND
       AUTHORIZATIONS") requires administrator authentication. In addition, the authentication dialog presented to the user will display the full
       path to the program to be executed so the user is aware of what will happen.

       The environment that PROGRAM will run it, will be set to a minimal known and safe environment in order to avoid injecting code through
       LD_LIBRARY_PATH or similar mechanisms. In addition the PKEXEC_UID environment variable is set to the user id of the process invoking
       pkexec. As a result, pkexec will not by default allow you to run X11 applications as another user since the $DISPLAY and $XAUTHORITY
       environment variables are not set. These two variables will be retained if the org.freedesktop.policykit.exec.allow_gui annotation on an
       action is set to a nonempty value; this is discouraged, though, and should only be used for legacy programs.

       Note that pkexec does no validation of the ARGUMENTS passed to PROGRAM. In the normal case (where administrator authentication is required
       every time pkexec is used), this is not a problem since if the user is an administrator he might as well just run pkexec bash to get root.

       However, if an action is used for which the user can retain authorization (or if the user is implicitly authorized) this could be a
       security hole. Therefore, as a rule of thumb, programs for which the default required authorization is changed, should never implicitly
       trust user input (e.g. like any other well-written suid program).

ACTION AND AUTHORIZATIONS

       By default, the org.freedesktop.policykit.exec action is used. To use another action, use the org.freedesktop.policykit.exec.path
       annotation on an action with the value set to the full path of the program. In addition to specifying the program, the authentication
       message, description, icon and defaults can be specified. If the org.freedesktop.policykit.exec.argv1 annotation is present, the action
       will only be picked if the first argument to the program matches the value of the annotation.

       Note that authentication messages may reference variables (see the section called "VARIABLES"), for example $(user) will be expanded to the
       value of the user variable.

WRAPPER USAGE

       To avoid modifying existing software to prefix their command-line invocations with pkexec, it's possible to use pkexec in a she-bang
       wrapper[1] like this:

	   #!/usr/bin/pkexec /usr/bin/python

	   import os
	   import sys

	   print "Hello, I'm running as uid %d"%(os.getuid())

	   for n in range(len(sys.argv)):
	       print "arg[%d]=`%s'"%(n, sys.argv[n])

       If this script is installed into /usr/bin/my-pk-test, then the following annotations

	     [...]
	     <annotate key="org.freedesktop.policykit.exec.path">/usr/bin/python</annotate>
	     <annotate key="org.freedesktop.policykit.exec.argv1">/usr/bin/my-pk-test</annotate>
	     [...]

       can be used to select the appropriate polkit action. Be careful to get the latter annotation right, otherwise it will match any pkexec
       invocation of /usr/bin/python scripts.

VARIABLES

       The following variables are set by pkexec. They can be used in authorization rules and messages shown in authentication dialogs:

       program
	   Fully qualified path to the program to be executed. Example: "/bin/cat"

       command_line
	   The requested command-line (do not use this for any security checks, it is not secure). Example: "cat /srv/xyz/foobar"

       user
	   The user name of the user to execute the program as. Example: "davidz"

       user.gecos
	   The full name of the user to execute the program as. Example: "David Zeuthen"

       user.display
	   A representation of the user to execute the program as that is suitable for display in an authentication dialog. Is typically set to a
	   combination of the user name and the full name. Example: "David Zeuthen (davidz)"

AUTHOR

       Written by David Zeuthen <davidz@redhat.com> with a lot of help from many others.

BUGS

       Please send bug reports to either the distribution or the polkit-devel mailing list, see the link
       http://lists.freedesktop.org/mailman/listinfo/polkit-devel on how to subscribe.

SEE ALSO

       polkit(8), polkitd(8), pkaction(1), pkcheck(1), pkttyagent(1)

NOTES

	1. she-bang wrapper
	   http://en.wikipedia.org/wiki/Shebang_(Unix)

polkit								     May 2009								 PKEXEC(1)
All times are GMT -4. The time now is 07:04 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy