It means what it says. The permissions of the sudo executable are incorrect for some reason, preventing it from running as root, preventing it from changing users. On my system(not AIX) sudo's permissions are:
I am trying to run chown and chmod from a script owned by root. The permissions are set to 4755 so that users can execute the script as root. However, when I run the script as a user other than root, I get "Operation not permitted" for both chown and chmod. Any ideas as to why this is? (6 Replies)
Hi all..
I'm secering a RH 2.1 server, with gnome (not my choice...), as X manager.
Is ther anyway to get sudo ask for root password other then the actual user's password? Like when you launch the graphical IHM to create a new user, it asks for root's password? Is there a way to do the same... (5 Replies)
Hi,
I have a program with the following suid setup
-rwsr-sr-x 1 root other 653 Aug 16 17:00 restart_server
It basically starts up a service that has to be started by root. I just want the normal users to be able to restart the service using the script above.
But when the... (7 Replies)
I'm actually working with a Ubuntu-System here and have a question about executing a command with 'sudo'.
I tried and got a error message like "not allowed".
After this I logged in with 'sudo -s' and typed the command without 'sudo'. This worked well.
Can please somebody explain me this... (0 Replies)
I've been through many threads before i decide to create a separate thread.
I can't really find the solution to my (simple) problem.
Here's what I'm trying to achieve:
As "canar" user I want to run a command, let's say "/opt/ocaml/bin/ocaml" as "duck" user.
The only to achieve this is to... (1 Reply)
Anyone able to explain why if i run "sudo -i" or "sudo -s" i am able to get into root by just keying my own password?
How to avoid this from happening coz i need all the users to use su - only. (2 Replies)
I have a set of RHEL 5 boxes running our ERP software on Oracle databases. I need to allow my DBA's to su to oracle and one other account (banner) without knowing the oracle or banner password. But I need to prevent them from su'ing to any other user especially root. I only want them to be able to... (1 Reply)
Hello,
It is Solaris-10. There is a file as /opt/vpp/dom1.2/pdd/today_23. It is always generated by root, so owned by root only.
This file has to be deleted as part of application restart always and that is done by app_user and SA is always involved to do rm on that file.
Is it possible to give... (9 Replies)
Just learning about the privilege escalation method provided by setuid. Correct me if I am wrong but what it does is change the uid of the current process to whatever uid I set. Right ?
So what stops me from writing my own C program and calling setuid(0) within it and gaining root privileges ?
... (2 Replies)
I have a coworker that has set up some funky aliases in /etc/bash.alias, and he insists on leaving them that way. For example he aliased "ll" to "ls -lahtr", which really bugs me.
Anyway, I was wondering if there were a way for me to sudo to root without reading /etc/bash.alias, or maybe have... (6 Replies)
Discussion started by: paqman
6 Replies
LEARN ABOUT OSX
heimdal_debug
heimdal_debug(5) BSD File Formats Manual heimdal_debug(5)NAME
heimdal_debug -- how to turn on/off debugging for Kerberos tools
DESCRIPTION
The heimdal_debug kerberos frameworks have several knobs for controlling logging. The different framework knobs are:
libkrb
The Kerberos library, some gss-api Kerberos output ends up here too
kcm the kcm library (credentials cache, ntlm client)
kdc the kerberos KDC output
digest-service
the digest service (ntlm server)
CONFIGURATION FILE
[logging]
<subsystem> = 0-/SYSLOG:
and watch syslog for logging information.
APPLE MAC OS X
First turn up syslog debugging
sudo syslog -c 0 -d
then you can see the syslog output in Console.app or by running
syslog -w -k org.h5l.asl
To enable more extensive debugging logging for each subsystem, use the following commands:
Kerberos Library
sudo defaults write /Library/Preferences/com.apple.Kerberos logging -dict-add krb5 '0-/ASL:'
digest-server
sudo defaults write /Library/Preferences/com.apple.Kerberos logging -dict-add digest-service '0-/ASL:'
kcm sudo defaults write /Library/Preferences/com.apple.Kerberos logging -dict-add kcm '0-/ASL:'
kdc sudo defaults write /Library/Preferences/com.apple.Kerberos logging -dict-add kdc '0-/ASL:'
MIT Kerberos Shim
defaults write com.apple.MITKerberosShim EnableDebugging -bool true
GSS-API framework logging
sudo defaults write /Library/Preferences/com.apple.GSS DebugLevel -int 10
Other options on Mac OS X
Make the admin API pretend to the server even on client
sudo defaults write /Library/Preferences/com.apple.Kerberos ForceHeimODServerMode -bool true
SEE ALSO gss(5), kerberos(8)HEIMDAL Sep 30, 2011 HEIMDAL