01-08-2014
I think sudo is successful because it is setuid-root.
Then it can do a setuid(0) to remove restrictions, maybe along with some other magic, and finally it can setuid(user) to switch to a user and run an unrestricted exec().
If you have time, study the sudo source files (sudo.c etc.)!
9 More Discussions You Might Find Interesting
1. Shell Programming and Scripting
I need to find all the files that have group Read or Write permission or files that have user write permission.
This is what I have so far:
find . -exec ls -l {} \; | awk '/-...rw..w./ {print $1 " " $3 " " $4 " " $9}'
It shows me all files where group read = true, group write = true... (5 Replies)
Discussion started by: shunter63
5 Replies
2. Solaris
Hi
my directory not accepting any commands. its simply telling permission denied. i tried ( cp, mv, rm ) as roor
i want to set default permissons to this DIR
please find the Logs below.
dr-xr-xr-x 1 root root 1 Jun 1 09:04 AP1_ROP ( original dir)
root> chmod 777... (5 Replies)
Discussion started by: vijayq8
5 Replies
3. Shell Programming and Scripting
Hi,
The requirement is like,
the program needs 2 argument one is user_id and second one is directory path. My script will check if that user_id has write access to the directory path. The directory path may be in any file system like AFS or NFS.
Can any one please suggest some points to... (1 Reply)
Discussion started by: siba.s.nayak
1 Replies
4. Shell Programming and Scripting
Guys, i wanna get any user files with write permission (on user or group permission) for review but i confuse with -perm parameter.
any body can help me to explain what is that mean?
thank's (1 Reply)
Discussion started by: michlix
1 Replies
5. Shell Programming and Scripting
I want to check access rights permissions not for 'user', not for 'group', but for 'others'.
I want to do it by system command in which i want to use 'ls -l' and 'awk' command.
I have written the following program :
#!/usr/bin/local/perl
#include <stdlib.h>
system ("ls -l | awk... (1 Reply)
Discussion started by: shubhamsachdeva
1 Replies
6. UNIX for Dummies Questions & Answers
Hi,
I have a shell script(test.sh) and need to give execute permission for this shell script to user group
cobr_sftp and oracle.
Could you please help as to how to give this permission.
I have already given full access(777) to script test.sh. Does this mean all the users/user group can access... (1 Reply)
Discussion started by: abhi_123
1 Replies
7. Web Development
Hi
I am trying to make a web program which is command line equivalent. i have done the coding in cgi program in perl and html for basic forms to take inputs. when i ran the program from web application i see permission denied messages. after analyzing i found apache is running as wwwrun which... (2 Replies)
Discussion started by: rakeshkumar
2 Replies
8. UNIX for Beginners Questions & Answers
Hi All,
We have a scenario in production where we want only one user from a group to modify the file. The file is not set to write permission for application manager.
-r--r--r-- 1 amgr u00 15661716 Aug 30 00:06 DCI.dat
So here amgr will have permission to edit the file. We want a... (10 Replies)
Discussion started by: arunkumar_mca
10 Replies
9. AIX
I have searched this quite a long time but couldn't find the right method for me to use. I need to assign read write permission to the user for specific directories and it's sub directories and files. I do not want to use ACL. I do not want to assign user the same group of that directories too.... (0 Replies)
Discussion started by: blinkingdan
0 Replies
LEARN ABOUT DEBIAN
pam_timestamp_check
PAM_TIMESTAMP_CHECK(8) Linux-PAM Manual PAM_TIMESTAMP_CHECK(8)
NAME
pam_timestamp_check - Check to see if the default timestamp is valid
SYNOPSIS
pam_timestamp_check [-k] [-d] [target_user]
DESCRIPTION
With no arguments pam_timestamp_check will check to see if the default timestamp is valid, or optionally remove it.
OPTIONS
-k
Instead of checking the validity of a timestamp, remove it. This is analogous to sudo's -k option.
-d
Instead of returning validity using an exit status, loop indefinitely, polling regularly and printing the status on standard output.
target_user
By default pam_timestamp_check checks or removes timestamps generated by pam_timestamp when the user authenticates as herself. When the
user authenticates as a different user, the name of the timestamp file changes to accommodate this. target_user allows to specify this
user name.
RETURN VALUES
0
The timestamp is valid.
2
The binary is not setuid root.
3
Invalid invocation.
4
User is unknown.
5
Permissions error.
6
Invalid controlling tty.
7
Timestamp is not valid.
NOTES
Users can get confused when they are not always asked for passwords when running a given program. Some users reflexively begin typing
information before noticing that it is not being asked for.
EXAMPLES
auth sufficient pam_timestamp.so verbose
auth required pam_unix.so
session required pam_unix.so
session optional pam_timestamp.so
FILES
/var/run/sudo/...
timestamp files and directories
SEE ALSO
pam_timestamp_check(8), pam.conf(5), pam.d(5), pam(8)
AUTHOR
pam_tally was written by Nalin Dahyabhai.
Linux-PAM Manual 06/04/2011 PAM_TIMESTAMP_CHECK(8)