Running os.Chown, and escalating privileges - linux

I need to run an os.Chown() on a directory, but I have no idea how to do this safely. I have the user that the binary runs as in sudoers, but since this is an internal function, how would I escalate privileges?
I don't want to shell to find or chown in Linux with a sudo, however, that would work. But is there a better option?

Related

Solution for Linux "permission denied"

I am pretty new to the Ubuntu environment and I have a question regarding the solution to "permission denied" error.
When I am trying to run the following command that executes a shell script and writes the result into a txt file, I get the permission denied error.
./test_image.sh > testCase.txt
I know that I can just sudo run the command, but I am hoping to do this command through a Java program and was wondering if there would be a way to give permission to any user that is trying to run this command.
Thank you in advance!!
Why do you have permission deny error? Maybe you need to give your script rights to execute (eg. chmod +x test_image.sh) or give the user rights to write/change testCase.txt in a given directory. I am afraid you need to learn a bit about standard permissions or even ACLs, Selinux policy, setuid, sticky bits, etc.

VS Code on linux, various permissions errors

Is there any way to get vs code to work properly in linux? I can't run sudo code . because that gives me an error saying it's not secure to do so, I can't do anything within the editor to force doing things, like staging a file in git, or reloading a newly installed extension. I've googled around, and it seems nobody else has posted about this, and it seems highly unlikely that I'm the first to raise issue about this. (Take it easy on me, I'm a relatively new linux user). I'm trying to figure this out on Ubuntu 18.04 if that's relevant at all. My version of vs code is 1.30.2
I guess my main question is what's the right way to get applications like vs code to be able to perform tasks that required doing things without fighting the OS about sudo and privileges?
Launch via sudo from terminal
To launch VSCode as root --which is highly discouraged-- you must specify an alternate user data directory as follows:
$ sudo code --user-data-dir /path/to/alternate/folder
VSCode will automatically generate the required folders in the selected directory and launch with root privileges.
Change permissions to fix "permission denied" error
The solution in this case is to manually change the permissions of the two directories /home/$USER/.config/Code/ and /home/$USER/.vscode/. Perform these steps:
$ sudo chmod 755 /home/$USER/.config/Code
$ sudo chmod 755 /home/$USER/.vscode
To answer your other question:
If you really need to run several commands as root and you are annoyed by having to enter your password several times (when sudo has expired), just do sudo -i and you'll become root.
If you want to run commands using pipes, use sudo sh -c "comand1 | command2".
You may also want to take a look at this Ask Ubuntu answer about running applications as root.
I solve this problem using:
sudo chown -R YOUR_USER YOUR_PROJECT/
You basically need to tell the OS that you are the owner of the files you create. Use sudo chown <user name> <projects directory>
However, if you already created some files before applying chown, don't forget to change their permission also sudo chown <user name> <projects directory>/<file name>.

Need to reboot Xubuntu to make chgrp work?

I recently noticed a fairly strange and for me unexpected behaviour in Xubuntu 12.04 and 14.04.
I was doing the following:
Testing if my user in in the group users, with
groups $USER
This is not the case by default. So I add my user to this group:
sudo usermod -a -G users $USER
I the can check the file /etc/group and will see my user added in the entry.
I then would like to give the group users access to some files, in my example the www and cgi-bin directory:
sudo chgrp users /var/www /usr/lib/cgi-bin
I also want that my group can write into the directories:
sudo chmod g+w /var/www /usr/lib/cgi-bin
I would assume, that I can now create a file in those directories, but I can't. Neither by commandline, nor by the standard filebrowser from Xubuntu.
Somewhere I read, that I need to logout from the terminal to make it work, so I close and reopen the commandline terminal, but it is still now working.
But: It I reboot the whole system everything works as it should...
Seriously??? Why is this, is it a bug or a feature and are there better ways then restarting the complete OS?
(I thought the strength of Linux is exactly that you don't need to reboot all the time like in other "popular" OS)
(Note: I have not tested this on other systems as e.g. Debian yet...)
Group memberships are inherited from process to process like many other things in a unixoid environment. That means a running shell will not be affected from such changes in the account configuration. Also just opening a new terminal or shell will not show the change, since it is spawned from an already running process, ultimately from the initial process started right after the login.
You have to re-run the login process instead. Either by restarting the graphical environment, or by doing a logout/login sequence when working on the virtual terminals. Also obviously rebooting will lead to a new login process.
The only direct alternative is to spawn a new login shell explicitly: bash -l for example does the trick: it re-executes all stuff run through at login time. But note that this only effects that started shell and processes spawned from it. It does not affect other already running processes. So you have a somewhat mixed environment then...

"sudo command" doesn't work, but "command" as root works

I'm trying to install Phusion Passenger on Ubuntu 12.04.
When I try:
sudo passenger-install-apache2-module
...I get:
sudo: passenger-install-apache2-module: command not found
However, when I omit the sudo, it works fine. Also, when I log in as root and run passenger-install-apache2-module, it works fine as well. Why would sudo passenger-install-apache2-module not work when logged in as my non-root user, yet work fine when logged in as root?
This is because passenger-install-apache2-module is not on your path as a normal user, but it is as root. (it's probably in /usr/sbin - see below)
run which passenger-install-apache2-module as root and it will tell you where it is (which you can then run using sudo /full/path/to/passenger-install-apache2-module
sbin directories (/sbin and /usr/sbin normally) contain the commands that are used for system administration. Typically these require elevated privileges or just don't make sense for ordinary users to be running them. This is why by default these directories are not on ordinary user's paths - it would just clutter things up.

Why running sudo to my own account fixes graphical problems in Swing GUI

My swing GUI application starts with a script.
When I run that script under Linux without sudo it gives me unexpected Look and feel and other graphical problems.
Why is running with sudo su to my own account fixes this problem?
One might guess that the program is trying to make use of a file that has permissions that allow root to access it, but not your uid. Perhaps you have a library installed with wrong permissions?
strace will tell you what files your app is trying to access.

Resources