06-03-2010
Giving access to non root users to run application
Hi All,
I have created an RPM installer and installed it via ROOT user & which works fine on Red Hat.
But the problem oocurs when a non root users try to run that application (from their account), it never got executed (being it has the execute permission i.e. chmod a+x somefile.sh).
I want that application should be easily run by the non-root user.
Any help?
This User Gave Thanks to jw_amp For This Post:
10 More Discussions You Might Find Interesting
1. Solaris
Hi all,
how can i grant write access to a selective users only with write access to a certain filesystem/directory in solaris 10.
Please help..i tried "fs setacl"...does not seem to work
Please adv..thanks in advance... (4 Replies)
Discussion started by: cromohawk
4 Replies
2. UNIX for Dummies Questions & Answers
hi
i am new to unix and i have abig task. i have to \run particular commands having root privileges from a non root user. i know sudo is one of the way but i need sum other approach kindly help
Thanks (5 Replies)
Discussion started by: suryashikha
5 Replies
3. UNIX for Dummies Questions & Answers
hi all,
i want to know y kernel is giving access for multiple users to access a file when one user may be the owner is executing that file. Because other user can manipulate that file when the other user is executing that file, it will give the unexpected result to owner . plz help me... (1 Reply)
Discussion started by: jimmyuk
1 Replies
4. Web Development
Hi to all,
Please, some help over here. IŽll try to be as much clear I can.
In summary my problem is:
I have a PHP application installed in a folder of my domain that reads CSV.txt files from
another folder in my domain and I need to restrict direct access to see and download these CSV.txt... (0 Replies)
Discussion started by: cgkmal
0 Replies
5. SuSE
I am using SUSE Linux Enterprise Server 10 SP2 (i586) and I had earlier ammended my sudoers file to allow users to become root user with "sudo su - " command
Now I am trying to add multiple users to the sudoers file to run several commands such as restarting the server, restarting the nagios... (9 Replies)
Discussion started by: hedkandi
9 Replies
6. Solaris
Hi all
I am try NFS on node1 & node2 servers.
On node1, when I am using
# share -F nfs -o rw,anon=0 /abc
On node2, when I am using
# mount -f nfs node1:/abc /a
in /a folder, root user is able to create files but any other user from node2 is not able to create files, please... (1 Reply)
Discussion started by: sb200
1 Replies
7. Solaris
Hi All,
I want to configure samba share permission so that only directory creator/owner has a read and write permission and other users should not have any read/write access to that folder.Will that be possible and how can this be achieved within samba configuration.
Regards,
Sahil (1 Reply)
Discussion started by: sahil_shine
1 Replies
8. Shell Programming and Scripting
I need to list users in /etc/passwd with root's GID or UID or /root as home directory
If we have these entries in /etc/passwd
root:x:0:0:root:/root:/bin/bash
rootgooduser1:x:100:100::/home/gooduser1:/bin/bash
baduser1:x:0:300::/home/baduser1:/bin/bash... (6 Replies)
Discussion started by: anil510
6 Replies
9. Shell Programming and Scripting
local script:
cat > first.sh
cd /tmp
echo $PWD
echo `whoami`
cd /tmp/123
tar -cvf 789.tar 456
sleep 10
except script:
cat > first
#!/usr/bin/expect
set ip 10.5.15.20
set user "xyz123"
set password "123456"
set script first.sh
spawn sh -c "ssh $user@$ip bash < $script" (1 Reply)
Discussion started by: Aditya Avanth
1 Replies
10. UNIX for Beginners Questions & Answers
Hi,
We have two LDAP servers. Whenever we get a ticket to reset the password, we login to LDAP primary server and reset the password. For below example, I logged into primary LDAP server and resetting password to john to Welcome123#
We are giving this work to tier-1 team, so that they can reset... (1 Reply)
Discussion started by: ron323232
1 Replies
LEARN ABOUT SUSE
wpa_priv
WPA_PRIV(8) WPA_PRIV(8)
NAME
wpa_priv - wpa_supplicant privilege separation helper
SYNOPSIS
wpa_priv [ -c ctrl path ] [ -Bdd ] [ -P pid file ] [ driver:ifname [driver:ifname ...] ]
OVERVIEW
wpa_priv is a privilege separation helper that minimizes the size of wpa_supplicant code that needs to be run with root privileges.
If enabled, privileged operations are done in the wpa_priv process while leaving rest of the code (e.g., EAP authentication and WPA hand-
shakes) to operate in an unprivileged process (wpa_supplicant) that can be run as non-root user. Privilege separation restricts the effects
of potential software errors by containing the majority of the code in an unprivileged process to avoid the possibility of a full system
compromise.
wpa_priv needs to be run with network admin privileges (usually, root user). It opens a UNIX domain socket for each interface that is
included on the command line; any other interface will be off limits for wpa_supplicant in this kind of configuration. After this, wpa_sup-
plicant can be run as a non-root user (e.g., all standard users on a laptop or as a special non-privileged user account created just for
this purpose to limit access to user files even further).
EXAMPLE CONFIGURATION
The following steps are an example of how to configure wpa_priv to allow users in the wpapriv group to communicate with wpa_supplicant with
privilege separation:
Create user group (e.g., wpapriv) and assign users that should be able to use wpa_supplicant into that group.
Create /var/run/wpa_priv directory for UNIX domain sockets and control user access by setting it accessible only for the wpapriv group:
mkdir /var/run/wpa_priv
chown root:wpapriv /var/run/wpa_priv
chmod 0750 /var/run/wpa_priv
Start wpa_priv as root (e.g., from system startup scripts) with the enabled interfaces configured on the command line:
wpa_priv -B -c /var/run/wpa_priv -P /var/run/wpa_priv.pid wext:wlan0
Run wpa_supplicant as non-root with a user that is in the wpapriv group:
wpa_supplicant -i ath0 -c wpa_supplicant.conf
COMMAND ARGUMENTS
-c ctrl path
Specify the path to wpa_priv control directory (Default: /var/run/wpa_priv/).
-B Run as a daemon in the background.
-P file
Set the location of the PID file.
driver:ifname [driver:ifname ...]
The <driver> string dictates which of the supported wpa_supplicant driver backends is to be used. To get a list of supported driver
types see wpa_supplicant help (e.g, wpa_supplicant -h). The driver backend supported by most good drivers is wext.
The <ifname> string specifies which network interface is to be managed by wpa_supplicant (e.g., wlan0 or ath0).
wpa_priv does not use the network interface before wpa_supplicant is started, so it is fine to include network interfaces that are
not available at the time wpa_priv is started. wpa_priv can control multiple interfaces with one process, but it is also possible to
run multiple wpa_priv processes at the same time, if desired.
SEE ALSO
wpa_supplicant(8)
LEGAL
wpa_supplicant is copyright (c) 2003-2007, Jouni Malinen <j@w1.fi> and contributors. All Rights Reserved.
This program is dual-licensed under both the GPL version 2 and BSD license. Either license may be used at your option.
16 January 2010 WPA_PRIV(8)