can't apply partial context to unlabeled file `pre-commit' - pre-commit-hook

I am getting this error when trying to modify the SELinux label on a pre-commit hook.
My first try was
chcon -t httpd_exec_t pre-commit
Then I tried by adding the full context to the command
chcon -u unconfined_u -r object_r -t httpd_exec_t pre-commit
But got the same error. Checking the labels I figured out that it doesn't have the SELinux label at all. The ls -Z command returns the following
-rwxr-x--x apache apache ? pre-commit
Notice the ? symbol it should look something like this
-rwxr-x--x apache apache unconfined_u:object_r:httpd_exec_t:s0 pre-commit
I think that the error makes sense since the file does't have the SELinux label for some reason, the question is why and how to solve this.
I tried to restore the default SELinux context with the "restorecon -R -v /hooks" command but it doesn't work as expected.

try this:
chcon -R -h unconfined_u:object_r:httpd_exec_t:s0 pre-commit

Related

AD-HOC edit /etc/sudoers from Ansible server side

I'm trying to add privilege to Ansible node via Ansible server using "lineinfile" via ad-hoc command as ROOT :
ansible -i rec-apache.inv -m lineinfile -a "path=/etc/sudoers \
line ='ansible-node1 ALL=(ALL:ALL) NO PASSWD:ALL'" --become-method=su --become -K all
I got the following error
ERROR! this task 'lineinfile' has extra params, which is only allowed in the following modules:
shell, win_shell, include_vars, add_host, raw, include_role, meta, set_fact, include,
import_tasks, script, import_role, include_tasks, group_by, command, win_command
I already did the key exchange and everything went good and right . This problems occurs only when I use root user in the server side.
I know that I can do it using playbook ,but I'm interesting on the ad-hoc command. Thank you !
A space after line in line ='...' might have cause Ansible to treat ='...' as a parameter, which is not supported. Try removing the space as: line='ansible-node1 ALL=(ALL:ALL) NO PASSWD:ALL'

How to change default shell of OpenWrt?

The default shell of OpenWrt is ash, but I would like to change it to fish.
When I ran chsh -s /usr/bin/fish (the absolute path of fish), it returned -ash: chsh: not found.
The I changed the first line of /etc/passwd from:
root:x:0:0:root:/root:/bin/ash
to:
root:x:0:0:root:/root:/usr/bin/fish
I could't login again (wrong password), and the system log showed:
authpriv.warn dropbear[14288]: User 'root' has invalid shell, rejected
Is there any other way to change the default shell?
(By the way, I am using a popular fork of OpenWrt instead of the official, but it doesn't seem to be the reason of this problem)
chsh -s /usr/bin/fish is correct.
But openwrt doesn't have chsh command installed.
You need to run
opkg install shadow-chsh first to install the chsh command.
Then run
chsh -s /usr/bin/fish
Finally, run
echo $SHELL to see if the replacement is successful.
Note that the above operations require root privileges to run.
Sorry for my poor English, hope you can understand.
There are two ways to solve this. You can either:
Add /usr/bin/fish to /etc/shells
This solution is provided by #glenn-jackman above in the comments.
Or:
Replacing dropbear by openssh-server
I've figured out another way: if you happen to have openssh-server installed, I would recommend you to use it as default following this tutorial.
And remember to change the first line of /etc/passwd to:
root:x:0:0:root:/root:/usr/bin/fish

sudo: command not found

I am trying to execute screen as another user using sudo.
I'm using the command:
echo 'userpassword' | /usr/bin/sudo -u 'myuser' -S '/usr/bin/screen -ls'
Any help found on the internet says that the sudo clears the environment variables (like PATH). So I decided to use the full path to the applications but I'm still getting the command not found error.
Error:
sudo: /usr/bin/screen -ls: command not found
Sudo is installed on the system.
Screen is installed on the system.
For sudo, I have tried the -E and -H flag but it doesn't help.
I tried to set PATH variable using something like this:
... | /usr/bin/sudo -u 'myuser' -S 'env PATH=$PATH; /usr/bin/screen -ls'
Supposedly the $PATH was suppose to expand before the command executes but I was getting other errors...
Can someone provide a command that will let me execute commands as another user and explain what each part of the command does so I can understand it?
Thanks.
Try,
export PATH=/usr/bin:/bin:/usr/sbin:/sbin:/usr/local/bin:$PATH
Probably you replaced the path variable while trying to set a new path variable.
Going forward, do 'echo $PATH' before adding a new path variable.
There doesn's seem to be any need to encapsulate command in quotes, without them it even works.
echo 'userpassword' | /usr/bin/sudo -u 'myuser' -S screen -ls

Linux chcon: can't apply partial context to unlabeled file

I'm getting and error when i'm trying to run this command:
chcon -t textrel_shlib_t /usr/lib/vmware-vcli/bin/esxcli/_ssl.so
The error that i got:
chcon: can't apply partial context to unlabeled file `/usr/lib/vmware-vcli/bin/esxcli/_ssl.so'
Any idea how to solve it?
Try to run this:
chcon -h system_u:object_r:httpd_sys_content_t /usr/lib/vmware-vcli/bin/esxcli/_ssl.so
instead of:
chcon -t textrel_shlib_t /usr/lib/vmware-vcli/bin/esxcli/_ssl.so
There's not quite enough context of what your goal is to answer with great accuracy, but here's some things that may help.
If you want to restore a context to a section of a directory tree:
restorecon -rnv /path/to/dir
the flags are recursive, no-changes, and verbose
You can also use use
chcon --reference=file_with_good_perms your_file
ls -Z --> to view selinux contexts

Running Remote Root Scripts on Fedora

I'd like to automate root scripting actions on my remote Fedora server via SSH without having to install the scripts on the server. To do this, I'm trying to use Bash's inline script notation. This works fine in Ubuntu, but I'm getting strange errors on Fedora.
e.g.
#!/bin/bash
ssh -t myuser#myserver <<EOI
su -
ls /root
exit
exit
EOI
This gives me the output:
standard in must be a tty
ls: cannot open directory /root: Permission denied
I've also tried:
#!/bin/bash
ssh -t myuser#myserver <<EOI
sudo ls /root
exit
EOI
but this gives me:
sudo: no tty present and no askpass program specified
If I manually ssh in and run these commands, they run fine since myuser is in the sudoers file. I've Googled these errors and have tried some fixes, but nothing's worked so far. How do I resolve this?
Looks like you're being prompted for the password but have no way to enter it. Here's a few things that should help.
Try an extra -t option: ssh -tt myuser#myserver <<EOI
Also this is a handy trick to log on as root without the root password being enabled: sudo su -
As a last resort you can setup your user to sudo without a password using visudo. You might see some comments like these to help you out:
# Uncomment to allow members of group sudo to not need a password
# (Note that later entries override this, so you might need to move
# it further down)
# %sudo ALL=NOPASSWD: ALL

Resources