I downloaded sudo in my DockerFile
RUN yum -y update &&
yum -y install which sudo
I have set suid bit on it
RUN chown root:root /usr/bin/sudo
RUN chmod 4755 /usr/bin/sudo
In container I see lot of binaries with suid bit set
root#89f28b09dee0 go]# ls -la /usr/bin/* | grep rwsr
-rwsr-xr-x 1 root root 73888 Aug 9 2019 /usr/bin/chage
-rwsr-xr-x 1 root root 78408 Aug 9 2019 /usr/bin/gpasswd
-rwsr-xr-x 1 root root 44264 Aug 9 2019 /usr/bin/mount
-rwsr-xr-x 1 root root 41936 Aug 9 2019 /usr/bin/newgrp
-rwsr-xr-x 1 root root 27856 Aug 9 2019 /usr/bin/passwd
-rwsr-xr-x 1 root root 32128 Aug 9 2019 /usr/bin/su
-rwsr-xr-x 1 root root 147320 Aug 9 2019 /usr/bin/sudo
-rwsr-xr-x 1 root root 31984 Aug 9 2019 /usr/bin/umount
Other binaries which are part of base image works seelessly
[test#89f28b09dee0 go]$ passwd
Changing password for user test.
Changing password for test.
(current) UNIX password:
But sudo fails
sudo
sudo: effective uid is not 0, is /usr/bin/sudo on a file system with the 'nosuid' option set or an NFS file system without root privileges?
[test#89f28b09dee0 go]$
Most of search on internet says it may be because of filesystem permission but other binaries are working fine from same location with suid bit set.
Related
I am using jenkins in a docker container and would like to start another instance, whenever I try to use docker command like
docker run -t -i ap/dashboard /bin/bash
I get this error:
bash: line 61: docker: command not found
How do I navigate to another container or solve this error?
I can clearly see that the vm creator was able to use the docker command by reading the /root/.ash_history
here are some details about the system:
[-] Specific release information:
3.3.1
NAME="Alpine Linux"
ID=alpine
VERSION_ID=3.3.1
PRETTY_NAME="Alpine Linux v3.3"
HOME_URL="http://alpinelinux.org"
BUG_REPORT_URL="http://bugs.alpinelinux.org"
Hostname:
b51cdbb7eebd
ENVIRONMENTAL #######################################
Environment information:
JENKINS_VOL=/var/lib/jenkins
JAVA_VERSION_BUILD=17
HOSTNAME=b51cdbb7eebd
JAVA_VERSION_MAJOR=8
JENKINS_HOME=/opt/jenkins
NLSPATH=/usr/dt/lib/nls/msg/%L/%N.cat
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/local/java/jre/bin
JAVA_BASE=/usr/local/java
PWD=/
JAVA_HOME=/usr/local/java/jre
JAVA_PKG=server-jre
LANG=C.UTF-8
XFILESEARCHPATH=/usr/dt/app-defaults/%L/Dt
SHLVL=2
HOME=/root
PKG_URL=https://circle-artifacts.com/gh/andyshinn/alpine-pkg-glibc/6/artifacts/0/home/ubuntu/alpine-pkg-glibc/packages/x86_64
JENKINS_VERSION=1.637
JAVA_VERSION_MINOR=66
_=/usr/bin/env
[-] Available shells:
# valid login shells
/bin/sh
/bin/ash
/bin/bash
[+] We can read root's home directory!
total 76
drwx------ 5 root root 4.0K Aug 28 2018 .
drwxr-xr-x 1 root root 4.0K Nov 24 10:55 ..
-rw------- 1 root root 3.1K Aug 29 2018 .ash_history
-rw------- 1 root root 155 May 16 2016 .bash_history
drwxr-xr-x 2 root root 4.0K May 12 2016 .oracle_jre_usage
drwx------ 2 root root 4.0K Aug 28 2018 .ssh
-rwxr-xr-x 1 root root 46.0K Aug 28 2018 LinEnum.sh
drwxr-xr-x 3 root root 4.0K May 12 2016 dockerfiles
-rw-r--r-- 1 root root 0 Aug 28 2018 foo
Looks like we're in a Docker container:
10:net_prio:/docker/b51cdbb7eebd806431ee4120d9b3ae050dbefe4a835bf2063446724572e45e30
9:net_cls:/docker/b51cdbb7eebd806431ee4120d9b3ae050dbefe4a835bf2063446724572e45e30
8:freezer:/docker/b51cdbb7eebd806431ee4120d9b3ae050dbefe4a835bf2063446724572e45e30
7:devices:/docker/b51cdbb7eebd806431ee4120d9b3ae050dbefe4a835bf2063446724572e45e30
6:memory:/docker/b51cdbb7eebd806431ee4120d9b3ae050dbefe4a835bf2063446724572e45e30
5:blkio:/docker/b51cdbb7eebd806431ee4120d9b3ae050dbefe4a835bf2063446724572e45e30
4:cpuacct:/docker/b51cdbb7eebd806431ee4120d9b3ae050dbefe4a835bf2063446724572e45e30
3:cpu:/docker/b51cdbb7eebd806431ee4120d9b3ae050dbefe4a835bf2063446724572e45e30
2:cpuset:/docker/b51cdbb7eebd806431ee4120d9b3ae050dbefe4a835bf2063446724572e45e30
1:name=openrc:/docker
-rwxr-xr-x 1 root root 0 May 16 2016 /.dockerenv
[-] Anything juicy in the Dockerfile:
-rw-r--r-- 1 root root 617 May 12 2016 /root/dockerfiles/jenkins/Dockerfile
I tried many docker commands without hope
is it because that I'm already inside the container??
Try with docker run -t -i ap/dashboard /bin/ash.
Maybe your container does not use bash so you should try with /bin/sh which is a symcolic link to the default installed shell processor.
I have folder in /media on ubuntu - shared from windows via fstab and cifs-utils. Can I share this folder to other user: "miki" (not root)
root#localhost:/media#
drwxr-xrwx 4 root root 4096 Nov 15 12:21 .
drwxr-xr-x 23 root root 4096 Nov 14 06:34 ..
drwxr-xr-x 2 padm root 0 Nov 15 09:34 Archive
drwxr-xrwx 2 root root 4096 Feb 25 2019 kekik
I have try with:
root#localhost:~# sudo chmod -R 757 /media/Archive/
but get:
chmod: changing permissions of '/media/Archive/': Permission denied
Find a solution:
need to modify /etc/fstab by changing:
//windowsServer/Archive /media/Archive cifs username=wundowsuser,password=somepass,uid=1000,iocharset=iso8859-1,rw,file_mode=0777,dir_mode=0777,vers=1.0 0 0
and change group of folder (must umont it first!)
sudo umount -l /media/Archive
sudo chown miki:miki /media/Archive/
Please find below set of cmds & outputs
[ec2-user#ip-172-31-38-218 opt]$ ls -al
total 9416
drwxr-xr-x 3 root root 4096 Nov 7 13:52 .
dr-xr-xr-x 25 root root 4096 Nov 7 13:16 ..
-rw-r--r-- 1 root root 9625824 Sep 4 22:52 apache-tomcat-8.5.34.tar.gz
drwxr-xr-x 5 root root 4096 Aug 11 01:26 aws
[ec2-user#ip-172-31-38-218 opt]$ sudo groupadd tomcatgrp
[ec2-user#ip-172-31-38-218 opt]$ sudo useradd -s /bin/false -g tomcatgrp -d /opt/tomcatfolder tomcatuser
[ec2-user#ip-172-31-38-218 opt]$ ls -al
total 9420
drwxr-xr-x 4 root root 4096 Nov 7 13:53 .
dr-xr-xr-x 25 root root 4096 Nov 7 13:16 ..
-rw-r--r-- 1 root root 9625824 Sep 4 22:52 apache-tomcat-8.5.34.tar.gz
drwxr-xr-x 5 root root 4096 Aug 11 01:26 aws
drwx------ 2 tomcatuser tomcatgrp 4096 Nov 7 13:53 tomcatfolder
Now, when I run the cmd I am getting Permission denied as follows
[ec2-user#ip-172-31-38-218 opt]$ cd /opt/tomcatfolder/
-bash: cd: /opt/tomcatfolder/: Permission denied
Can you please help in resolving this above issue..?
I followed instructions of installing Tomcat from this link how-to-install-apache-tomcat-8-on-centos-7
It seems you are the ec2-user, but the directory is owned by tomcatuser and the permissions on the directory do now allow other users or groups to read it.
Try sudo chmod 755 /opt/tomcatfolder/ and then cd into it.
That will add read and execute permissions to the directory.
I have a docker container running Ubuntu Server. I am running Docker for Windows and I have the following version of Docker and Docker Compose respectively installed:
> docker-compose -v
docker-compose version 1.11.2, build f963d76f
> docker -v
Docker version 17.03.1-ce-rc1, build 3476dbf
This is what I have tried so far without success:
// The dojo linked file exists so I've tried to update it as per this answer (http://stackoverflow.com/a/1951752/719427)
> docker exec -it dockeramp_webserver_1 ln -sf /var/www/html/externals/dojo /var/www/html/externals/public_html/js/dojo
ln: failed to create symbolic link '/var/www/html/externals/public_html/js/dojo': No such file or directory
// I have deleted the previous linked file and then I tried to create a new one
> docker exec -it dockeramp_webserver_1 ln -s /var/www/html/externals/dojo /var/www/html/externals/public_html/js/dojo
ln: failed to create symbolic link '/var/www/html/externals/public_html/js/dojo': No such file or directory
// removed the directory name from the link name
> docker exec -it dockeramp_webserver_1 ln -s /var/www/html/externals/dojo /var/www/html/externals/public_html/js
ln: failed to create symbolic link '/var/www/html/externals/public_html/js': No such file or directory
Because the error keep saying the directory doesn't exists then I've checked if the error is right or wrong:
> docker exec -u www-data -it dockeramp_webserver_1 ls -la /var/www/html/externals/dojo
total 80
drwxr-xr-x 2 root root 0 Mar 25 15:09 .
drwxr-xr-x 2 root root 4096 Mar 25 15:09 ..
drwxr-xr-x 2 root root 0 Mar 25 15:09 dijit
drwxr-xr-x 2 root root 0 Mar 25 15:09 dojo
drwxr-xr-x 2 root root 0 Mar 25 15:09 dojox
drwxr-xr-x 2 root root 0 Mar 25 15:09 mmi
-rwxr-xr-x 1 root root 74047 Mar 25 15:09 tundra.css
> docker exec -u www-data -it dockeramp_webserver_1 ls -la /var/www/html/public_html/js
total 24
drwxr-xr-x 2 root root 4096 Mar 26 14:40 .
drwxr-xr-x 2 root root 4096 Mar 25 15:11 ..
-rwxr-xr-x 1 root root 7123 Mar 25 15:09 jquery.PrintArea.js
-rwxr-xr-x 1 root root 6141 Mar 25 15:11 quoteit_delegate_search.js
They both exists so ... what I am missing here? It's not supported in Windows just yet? I have found the development team added something called mfsymlinks in a previous version than mine.
The command is telling you that /var/www/html/externals/public_html does not exist. You only showed that the /var/www/html/externals/dojo and /var/www/html/public_html/js folders exist. I believe this is a simple typo in your commands.
Earlier this afternoon I installed Node.js on Fedora 16.
user#$ sudo yum localinstall --nogpgcheck http://nodejs.tchol.org/repocfg/fedora/nodejs-stable-release.noarch.rpm
user#$ sudo yum install nodejs-compat-symlinks npm
Then I installed a package with npm. Every package I've installed with npm on Fedora (this isn't my first time) has involved something like the following process. Read it and weep. Clearly, this is hackish and wrong, but when I decide to install less or any other npm package, I have to go through the same procedure. Why? What is broken about my environment or approach?
user#$ sudo npm install -g jslint
[... this works ... kind of]
user#$ jslint
bash: jslint: command not found
user#$ sudo su
root#$ jslint
No files specified.
Usage: /bin/jslint ... [works]
root#$ which jslint
/bin/jslint
root#$ ls -l jslint
lrwxrwxrwx. 1 root root 38 Jul 15 14:58 /bin/jslint -> /lib/node_modules/jslint/bin/jslint.js
root#$ cd /lib/node_modules; ls -l
...
drwxr-xr-x. 2 root root 4096 Jul 15 14:22 inherits
drwxr-xr-x. 2 root root 4096 Jul 15 14:22 ini
drwx------. 6 nobody usergroup 4096 Jul 15 14:58 jshint
drwxr-xr-x. 3 root root 4096 Jul 15 14:22 lru-cache
...
root#$ find . -type d -print0 | xargs -0 chmod 755
root#$ ls -l
...
drwxr-xr-x. 2 root root 4096 Jul 15 14:22 inherits
drwxr-xr-x. 2 root root 4096 Jul 15 14:22 ini
drwxr-xr-x. 5 nobody usergroup 4096 Jul 15 15:32 jslint
drwxr-xr-x. 3 root root 4096 Jul 15 14:22 lru-cache
...
root#$ su user
user#$ jslint
o files specified.
Usage: /bin/jslint [now it finally works]
Recent versions of npm switch to user "nobody" as a security measure if it's being run with sudo privileges. Try doing global installs while logged in as root, rather than using sudo.