I tried limiting ls command to a specific user. It works, but when I execute /bin/ls, it executes successfully again, how to restrict here.
useradd -m $username -s /bin/rbash
echo "$username:$password" | chpasswd
mkdir /home/$username/bin
chmod 755 /home/$username/bin
echo "PATH=$HOME/bin" >> /home/$username/.bashrc
echo "export PATH" >> /home/$username/.bashrc
ln -s /bin/ls /home/$username/bin/
Related
I wrote a shell script like this
#!/bin/bash
sudo mkdir /var/www/html/test
sudo cp ./index.html /var/www/html/test/index.html
echo "Hi" > /var/www/html/test/index.html
if I runt this with sudo it works well.
$ sudo ./script.sh
but I don't want to run with sudo. because echo doesn't need root privilege. In other hand if I run this without sudo like this:
$ ./script.sh
for the first command (mkdir) it asks me for root password and second command doesn't run and give me a permission denied error.
How can I handle this situation?
Based on your setup, e.g. in ubuntu if I run sudo 2 times, the second time I don't have to give the password. So it is possible that the second sudo DID run, without asking for password again.
You can clarify, try this:
sudo echo a
sudo echo b
It is most likely, as Kip K commented, the error originates from the echo "Hi"... since the normal user has no permission to write /var/www/html/test/index.html .
Kinda overkill, but you can give constant feedback like this:
sudo bash -c 'echo mkdir; mkdir /var/www/html/test'
sudo bash -c 'echo cp; cp ./index.html /var/www/html/test/index.html'
Try chown for directory test:
#!/bin/bash
sudo bash -c 'mkdir /var/www/html/test && chown -R USER /var/www/html/test'
cp ./index.html /var/www/html/test/index.html
echo "Hi" > /var/www/html/test/index.html
or ... chmod o+w /var/www/html/test
I wanted to make this Script kinda Secure, so it cannot be direct exploited.
I have a Bash file called Test.sh, I gave a User Sudo rights on it:
user ALL=(root) NOPASSWD: /home/user/Test.sh
So the User has full Sudo permission to this file.
Next Step was to ensure that the User cannot edit this file with:
chown root:root /home/user/Test.sh
chmod u=rwx,g=rwx,o=rx /home/user/Test.sh
The File for example contains this Command
if [ "$1" = "run" ]; then
sudo -u ${2} ${3};
fi
OR
`sudo cp -R /home/test/test/${2}/* /home/${3}/test/
useradd ${2} -r -d /home/${2} -s /bin/bash
userdel -r ${2}
Basically the User could even Login as root and fuck things up.
So my first thought was, lets check if the Home folder exists like that:
if [ -d "/home/$2" ] && [ "$2" != "" ]; then
Which would prevent such things like run crap as root and only let them log into th other users like i want. Or do i think wrong?
I would also check that the Command begins with /home/....
grep '^/home/....' $3
So, is that enought? or Not? I guess I should filter also ;
I am trying to execute the following command but the output is not coming as required.
var=$(echo "<password>"|sudo -S su -l <user> -c "<command>")
Please help if anyone can?
Expected Result:
var=$(echo ""|sudo -S su -l -c "pwd")
echo $var /home/bhushan
$:
Actual Result:
echo $var
$:
You can use backticks
var=`sudo -S su -l -c ""`
or the $(command) syntax
var=$(sudo -S su -l -c "")
(keep in mind though that sudo -S su -l -c "" doesn't output anything so $var will be empty)
You can workaround it by storing the output of the command into a file, then change its permission so that all users will see it and in a following command load it from the file:
sudo -S "<command> > /tmp/sudocmd.out && chmod 644 /tmp/sudocmd.out"
var=$(cat /tmp/sudocmd.out)
I want to install a the pub key for user test using the command below.
I know the root password and the user test does not exist.
cat test.pub | ssh root#127.0.0.1 "useradd -m test || su - test -c 'umask 077; mkdir /home/test/.ssh; cat >> /home/test/.ssh/authorized_keys'"
But the command does not work.
Error: Creating mailbox file: File exists
The problem is useradd -m test. I delete user test by userdel test && rm -rf /home/test. It should be userdel -r test.
The command below works:
cat test.pub | ssh root#127.0.0.1 "useradd -m test && su - test -c 'umask 077; mkdir /home/test/.ssh; cat >> /home/test/.ssh/authorized_keys'"
I have two scripts, owned by root.
#!/bin/sh
#script1.sh
echo "all: first" > my_makefile
echo >> my_makefile
echo "first: " >> my_makefile
echo "\ttouch file.txt" >> my_makefile
#!/bin/sh
#script2.sh
while true
do
make -f my_makefile
sleep 10
done
script2.sh is called as "sudo sh script.sh" and continually runs make on my_makefile. script1.sh is called by individual users to alter the makefile.
How can I run the makefile command so that the file.txt is owned by the user, rather than root?
#!/bin/sh
#script1.sh
...
echo "\tchown "`logname`" file.txt" >> my_makefile
Sorry, I wasn't using sudo correctly. I just needed to replace the last line of script2.sh with:
echo "sudo su -m -l `whoami` -c \"touch file.txt\"" >> my_makefile