|
|
Sponsored Content
Operating Systems
AIX
Sudo and smitty
Post 302325147 by bakunin on Saturday 13th of June 2009 01:37:56 AM
06-13-2009
Yes, you could do so but it would be VERY UNWISE to do it: sudo starts a shell (as root) and executes your command in it, then the shell is closed again. Suppose you do a "sudo ls -l": sudo opens a shell as root in this shell "ls" is executed under root privileges, then "ls" terminates, then the root shell terminates.
Now suppose you start a command which doesn't end immediately but is an interactive program like "ksh" or "smit": instead of doing its work it will expect the user to enter commands, which will be executed as - root, of course! The same is true for SMITty: start SMITty via sudo as root, use the "open shell" facility and you are root in this shell.
This means: if you allow anybody to use an interactive program via sudo you could also allow him to su to root directly. In effect it is the same.
I hope this helps.
bakunin
Corollary: i once worked in a bank where the "security department" (trained monkeys with a jargon file learned by heart) had insisted on using sudo for virtually every task. Additionally several files were only read/write for root and these files had to be edited sometimes. For this they set up a sudo-command like "vi /path/to/some/file". I simply used this command, did a shell escape from the vi - and had a root shell for my convenience. They are still wondering how i could advise them about their configuration problems (they had a lot) without having any access to the machine while their own administrators being root were still analysing.
It's so easy when you're evil....
Now suppose you start a command which doesn't end immediately but is an interactive program like "ksh" or "smit": instead of doing its work it will expect the user to enter commands, which will be executed as - root, of course! The same is true for SMITty: start SMITty via sudo as root, use the "open shell" facility and you are root in this shell.
This means: if you allow anybody to use an interactive program via sudo you could also allow him to su to root directly. In effect it is the same.
I hope this helps.
bakunin
Corollary: i once worked in a bank where the "security department" (trained monkeys with a jargon file learned by heart) had insisted on using sudo for virtually every task. Additionally several files were only read/write for root and these files had to be edited sometimes. For this they set up a sudo-command like "vi /path/to/some/file". I simply used this command, did a shell escape from the vi - and had a root shell for my convenience. They are still wondering how i could advise them about their configuration problems (they had a lot) without having any access to the machine while their own administrators being root were still analysing.
It's so easy when you're evil....
|
|
10 More Discussions You Might Find Interesting
1. AIX
I have a couple systems that are acting strangely. In 'smitty tcpip' everything is displayed twice. Even going into the submenus (like minimum configuration and startup) everything is displayed twice. Has anyone seen this? Know how to fix it?
Thanks (3 Replies)
Discussion started by: pmmill2
3 Replies
2. AIX
I want to change my ip by not using smitty, could please help me and what to edit files. So that everytime i will restart my server it will not change. (10 Replies)
Discussion started by: kenshinhimura
10 Replies
3. AIX
Hello
I need to make a mksysb, I try with smitty but I get the next message
0512-017 mksysb: Cannot write to the device /dev/rmt3.
Either write protected or in use.
My tape are ready to write ( dont get protection)
I use the clean tape
and I try with other tapes but I... (6 Replies)
Discussion started by: lo-lp-kl
6 Replies
4. AIX
hi all:cool:
was just wonderin..by the way im new here..hi all:D...was just wonderin if i smitty fs backup a file system to tape if the permissions and ownership of the files and dir are retained?:confused:
o.s is AIX 5.3L
thanks all (12 Replies)
Discussion started by: redmanshogun
12 Replies
5. HP-UX
i need to change OS level parameter like number of user
how to change system environment variable ???
equivalent to smitty in IBM (1 Reply)
Discussion started by: oracle_rajesh_k
1 Replies
6. AIX
In "smitty mktcpip", the last item you can change is the "START Now". Does any one change this to "yes" when setting the IP? If so, what agrument would you use to convice others to use it also? (1 Reply)
Discussion started by: kah00na
1 Replies
7. AIX
i'm using smitty to create user...what happen is it prompt me "failed" with error
3004-703 Check "/etc/security/login.cfg" file.
3004-691 Error changing "shell".
3004-703 Check "/usr/lib/security/mkuser.default" file.
3004-721 Could not create user.
3004-703 Check... (13 Replies)
Discussion started by: thecobra151
13 Replies
8. Shell Programming and Scripting
I am writing a BASH script to update a webserver and then restart Apache. It looks basically like this:
#!/bin/bash
rsync /path/on/local/machine/ foo.com:path/on/remote/machine/
ssh foo.com sudo /etc/init.d/apache2 reloadrsync and ssh don't prompt for a password, because I have DSA encryption... (9 Replies)
Discussion started by: fluoborate
9 Replies
9. AIX
Hello,
in which situations should I use smitty alt_mksysb ? What is the general purpose of this tool.
Thanks for help,
p (1 Reply)
Discussion started by: pitmod
1 Replies
10. UNIX for Advanced & Expert Users
Hi All,
Im new in aix, anyone can advice is there any way to understand smitty ?:confused:
Thanks.
TCP. (4 Replies)
Discussion started by: tcp01315
4 Replies
LEARN ABOUT DEBIAN
xcfa
xcfa(1) Manual: Xcfa xcfa(1) NAME
xcfa - GTK+ Implementation of the GNU shell command. SYNOPSIS
xcfa [OPTION]... [FILE]... -h, -help Displays this help section and exits. -version Displays the version of the program and exits. -verbose Activate verbose mode -systray Activate systray mode DESCRIPTION Interface contains console tools (cdparanoia, lame, oggenc, ...). Allows extraction of audio from DVD to .wav format. Allows extracting audio from CD to formats such as: wav, mp3, flac, ogg, m4a, mpc, ape. Allows encoding audio to: wav, mp3, flac, ogg, m4a mpc, ape. Allows encoding the .wma format to: wav, mp3, flac, ogg, m4a mpc, ape. Allows cutting of files. Allows management of common file-types before converting. Allows management of bitrates, frequencies, and channels. Allows creation of CD covers. Developed with Gtk2 and Glade and runs under the X window system on the GNU platform. USAGE
After the first launch, go to the Options tab and modify the settings to your liking. ADDING THE GPG KEY
With sudo: $ wget http://download.tuxfamily.org/xcfaudio/download/xcfaudio.key.asc -O - | sudo apt-key add - Without sudo: $ su root [Enter the password for root.] # wget http://download.tuxfamily.org/xcfaudio/download/xcfaudio.key.asc -O - | apt-key add - Another solution with root: # gpg --keyserver subkeys.pgp.net --recv 00B21603DD5C7A79 # gpg --export --armor 00B21603DD5C7A79 | sudo apt-key add - SOURCES.LIST Add the following lines to your [ /etc/apt/sources.list ] file for automatic updates: ## Xcfa for i386 and amd64 deb http://download.tuxfamily.org/xcfaudio/xcfa dev contrib deb-src http://download.tuxfamily.org/xcfaudio/xcfa dev contrib COMPLEMENTARY PACKAGE INSTALLATION
: See the Recovery and Complementary package installation guide: http://www.xcfa.tuxfamily.org/index.php?static2/xcfa CHANGELOG
Read the ChangeLog file and view the source code. AUTHOR
XCFA is developed by Claude Bulin (xcfa@tuxfamily.org) 4.3.1 Wed, 23 May 2012 xcfa(1)