Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 1 year ago.
Improve this question
I have a strange issue, trying to run mate-screensaver-dialog with root privileges using SUID bit:
[root#localhost ~]# ls -l /usr/libexec/mate-screensaver-dialog
-rwsr-s--t. 1 root root 72920 мар 22 2021 /usr/libexec/mate-screensaver-dialog
And with that, launching this (from a user user) and looking for the effective uid gives me info of the user, who ran this executable:
[root#localhost ~]# ps aux | grep screensaver-dialog
user 3673 0.6 0.4 894304 38504 pts/3 Sl+ 19:29 0:00 /usr/libexec/mate-screensaver-dialog
This case happens, when user session is locked by a timeout with a screensaver. So can anyone please help me, why could SUID bit do not work for this case? I would be glad for any advice.
Using OS: RedOS 7.3, x64
Browsing through the source code on github i have found this comment:
Initializations that potentially take place as a priveleged user:
If the executable is setuid root, then these initializations
are run as root, before discarding privileges.
The function which this comment addresses:
static gboolean privileged_initialization(int* argc, char** argv)
Is called from the main function here.
In addition to that, the privileged_initialization function calls another function hack_uid present in the setuid.h header in the same directory which has a similar comment above it:
If we've been run as setuid or setgid to someone else (most likely root)
turn off the extra permissions so that random user-specified programs
don't get special privileges.
Based on this i assume that the executable follows a common practice of dropping elevated privileges before running actual functionality. This is a popular approach of reducing impact of potential security holes.
Effectively, it means that the executable probably starts running as root, because of the SUID bit, performs any tasks that actually need root privileges and afterwards reduces the privileges to the user level.
Related
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed last year.
Improve this question
I installed go on ubuntu 16.04 from the archive and tried to test my installation by issuing the command go on my terminal. It keeps prompting me / not root-owned 1000:0.
I installed go on /usr/local folder and also included it into my path as instructed on the official golang installation. I removed go and tried to install it again, but found the same result. It sounds more of a linux root permission issue, but I have no clue how to fix it. I tried other commands that I installed from archive and they work perfectly fine. Any kind of help would be appreciated.
It seems to complain that the system root directory / has the wrong owner. This is a security problem because you don't want to have regular users changing system files at will. It looks like you changed this on purpose at some point in the past; change it back, or reinstall your system if you have wrecked more permissions than just this one.
sudo chown root /
For the record, the proper way to give yourself limited system access is to use sudo. Add yourself to sudoers (usually this is already set up by the OS installer on any reasonably consumer-oriented Linux distro) and when you need privileges for something, run that command with sudo.
Simple, in the command line:
sudo chown root:root /
In addition to the root permission issue I had, I also found that I installed go using snap to: snap install --classic go, which wasn't a good idea. I was also unable to remove the go folder in /snap, even as root. I now reinstall my system and hopefully the issue will be solved.
sudo chown root /var
This will solve your problem
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 4 years ago.
Improve this question
I've got a shell script which is supposed to install some packages from the Arch User Repository. The shell script is as follows:
#!/bin/sh
pacaur -S google-chrome --noconfirm # install google-chrome
The problem is, if I run this script using sudo sh script.sh, it'll just return: "you cannot perform this operation as root". If I run it without sudo, it'll ask for sudo later on when installing.
My question is, how can I avoid it asking me. I'd like this script to take care of installing all my packages just as is, without requiring me to actually give access manually. Would there be a way?
If you run sudo -v before calling the pacaur, this will ask you for your credentials and cache them for the next 15 minutes. You don't need to call sudo with pacaur anymore. As long as pacaur finishes running within the next 15 minutes, it will not have to ask for credentials again.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 4 years ago.
Improve this question
After a typo in a change to /etc/pam.d/sudo no user can sudo at all. The package cannot be modified as it requires sudo privileges, but all attempts result in rm: cannot remove ‘/etc/pam.d/sudo’: Permission denied and attemps to escalate to sudo result in sudo: PAM authentication error: Module is unknown. The package cannot be removed as it requires sudo. What is there to be done?
My account was part of the sudoers group, was able to pkexec vi /etc/pam.d/sudo and make the appropriate changes to the file as described here
In this situation where root access is required you have 2 options: (1) acquire the root password and fix pam.d/sudo or (2) boot with the install media with init=/bin/bash (or linux init=/bin/bash using LILO).
If you can't get the root password and must rely on the install media, then you will need to boot the install media, at the grub or lilo menu choose Boot Options and set:
init=/bin/bash (if you are using GRUB Boot loader)
linux init=/bin/bash (if you are using LILO Boot Loader)
Then check that the / filesystem is mounted read/write with the mount command. If not rw, then:
mount -o remount,rw /
You can then modify/replace pam.d/sudo. Reboot or telinit. (Note: you will need to modify the commands for systemd)
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 9 years ago.
Improve this question
I recently changed the permissions around for the /var/www/ directory on my Ubuntu 12.04 machine. Now my user can save to the directory but I get an error whenever I try to run the sudo command stating that my user is not in the sudoers file. I booted up grub to take a look and have tried to run "sudo usermod -G sudo kevin" a few times and get the error cannot lock /etc/passwd/; try again later. Is there any way to re add myself to that group without re-installing Ubuntu?
It sounds like your problem stems from the file system being mounted read-only as it is by default in recovery mode. Try remounting the filesystem in read-write mode using
"mount -o remount,rw /"
Are you sure your system is mounted in read/write mode when you're using GRUB? This can be achieved through the mount -o remount,rw / command.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 9 years ago.
Improve this question
I accidentally set owner of root folder (/) and all subfolders to one user by command
$ sudo chown -R 'userName' /*
Now I wanna set owner back to root user by command
$ chown -R root:root /*
But I have no permission for this operation.
If i use command
$ sudo chown -R root:root /*
it returns
sudo: effective uid is not 0, is sudo installed setuid root?
What should I do to fix that?
I am guessing when you ran the first command you also ended up modifying the ownership of the /usr/bin/sudo executable.
It is saying that effective UID isn't 0 (since root has EUID equal to 0).
So try to change owner of /usr/bin/sudo, and then try change the ownership of other files.
You broke your system pretty badly. Next time be more careful using sudo.
Now, start your system using a rescue disk, probably your install disk.
Mount your broken file system in the rescue system.
Fix the permission/owner stuff.
Reboot using your original system.
Depending on how much you changed using that chown, you will have to fix a lot in step 3. You probably might want to have a look at a working proper installation of the same system to find out which user should be the owner of things like /dev/mem etc.
A re-install of the OS might be faster.
:O I offer my condolence!
The problem is that the sudo binary itself must be owned by root. If you have the root password you could just get root to fix the problem:
su
If not, you could boot using a rescue system, mount the partition and
chown root:root /mnt/usr/bin/sudo
or fix the whole problem using the rescue system.
But it will be hard to fix all that ownerships. I would suggest to craft a script that reads the file ownerships from a vanilla installation of your system (having installed the same packages as you) and applies them to the crashed system. (Custom files in the /home/... you'll have to chown yourself) Without such a script it will get really hard but it should be easy to code that