exec master..xp_cmdshell #CMD for sybase ase access denied - sap-ase

I'm using the below code to call an executable file whenever a new row is inserted into the table.
exec master..xp_cmdshell #CMD
The executable file is not getting called. How should i give access for the default sa user the rights to execute the file

The command will be run as the user that your database is running as, not necessarily the user you are connecting to the database with. In many cases the username is sybase, so make sure that the OS user has permissions on the file system to the command.

Please ensure that sp_configure "xp_cmdshell context", 0
Default is 1 , this restrict the client execution privileges of the OS command specified with xp_cmdshell. Consult documentation for further details.

Related

It possible to run command with web access to files?

Have a Linux server with OpenAFS and access to / files.
Access is read-only and like user privileges (ex. can read /etc/passwd, but can't read /etc/shadow).
It possible to run command? With /bin/bash for example?
And, on server have sshd service, but don't have rights to /root/.ssh/id_rsa
Any ideas?

run commands as another user or change user Linux shell script remote execution from windows

I am new to linux world. So please excuse for any stupid questions.
I have a linux machine and I don’t have root access. I have service account which have full access to app folder. My login (ssh) credentials don’t have access to that app folder.
So I will follow the below process.
1) Copy the app folder in windows machine to /tmp/ in linux using winscp.
2) Login to the machine using putty.
3) Change the user to service account using below command.
sudo su – “service account”
4) Then I will copy app files from /tmp/ folder to /app/ folder and start the other configurations.
I want to automate the above process. So for I did below.
#Copy files to tmp folder
winscp.com -hostkey=* user:"password"#host /command "put D:/app_folder/ /tmp/ app_folder"
#Execute the script remotely
plink user:#host -m D:\Install_app.sh
The above script is running fine until I run test echo commands. It is started throwing errors when I run configuration commands due to user don’t have access to app folder. Only service account has access. But service account doesn’t have remote login access. So I can’t run the script with service account.
So I tried to run commands inside the script with service account. I tried below
Echo “password” | sudo –S su - “service account” “commands”
It is not working. Could you please let me know is there any other way to achieve this. I want to change user inside the script, once script start executing.
Note: The process is following by linux admin team due to security reason. So I can’t change the process :(.

FTP From Local Desktop to Server As Sudo User

I have a file on my desktop that I need to FTP to a server. As I've been navigating this server, I need to login with initial credentials to access the box and then needed to run sudo -u [username] ksh to access the folder I need. (No password)
In Filezilla however, I only enter credentials once and therefore, don't have the option to sudo as the user and get permissions to the folder.
Am I going about this process wrong and if so, what's the usual way to do this?
There is no way to switch user on the ftp protocol. You need to know the correct credentials in the first place.
The closest you could come would be to ftp the files to a directory you do have access to, log in with a shell, and then move the files using shell commands after switching user.

Remotely Changing permissions of file pushed to W7 machine using smbclient

I have a file that I want to transfer to a remote machine that is running W7 32 bit
I have a script that enables me to push the file to the machine from a linux management server, using a combination of:
1) smbclient to mount the Admin share on the W7 machine
2) winexe to move the file to the location I require
This leaves me with the file in the correct location, but owned by the Admin user - whereas I need it to be editable by a standard user, User1
I have been trying to resolve this by using icacls
Using winexe I can run this remotely on the W7 machine. Initially I tried setting the poermissions to "Full" for the user account:
icacls c:......\myFile /grant User1:F
Checking this from the command line showed that it had apparently worked:
icacls c:......\myFile
c:......\myFile User1:(F)
However, from the windoes desktop, the file properties dialogue showed User1 having only read permissions, and anything else gave access denied.
My next attempt was:
icacls c:......\myFile /setowner User1
However, when logged in to the windows desktop as User1, attempting to delete or edit the file now tells me that doing so requires permission from User1....which is a bit peverse, since I am logged in as User1....
Any ideas?
This may or may not help, but I was unable to delete a file I copied from a Linux machine to a Windows shared folder - was getting a 'need Administrator permission' type error.
I was trying to solve this with the smbclient -c "setmode -r;" option, but when this didn't work I realised the Windows folder itself was set for read-only access for all but Administrator level.

what permissions should jenkins have to execute shell-commands without being insecure?

I have a script (test.sh) on a local server, which works fine when executed in a terminal. The script removes a directory, and recreates a directory local. It then connects to a remote server using "ssh -i $private_key .." and copies a file there.
When I execute this script in jenkins with
sh test.sh
it doesnt work. I get the following errors:
rm: .. Permission denied
mkdir: .. Permission denied
Warning: Identity file /.ssh/private_key not accessible: Permission denied.
Jenkins is on the same server as the script.
I see that Jenkins is another user and cant do everything that I'm doing as root; how can I set the permissions without losing all security. Especially in case of the private_key, it would be silly to set the permissions to easy - it is currently set to 600 (read and write permission for the owner) and the owner is root.
The whole point of setting the private key's permissions to 600 is that no other user should be able to access it. If you have placed the keys in another user's home directory (/home/anotheruser/.ssh), then neither the Jenkins user, nor anyone else (except root) will be able to access it. This is as designed.
If you want your Jenkins user to be able to use the private key, copy it over to the jenkins users home directory as well (/home//.ssh).
Also, if you are trying to delete/create directories in some other user's directory as the Jenkins user without providing permissions, you will get a permissions error. This is because of security. The only way to allow this is the allow the Jenkins user to make changes to those directories.
One safe option is to add the Jenkins user to the same group as the other user. Once you do this, set the permissions on the directories you want to read from and write to, to allow anyone in the user's group to make changes.
rwxrwx---
The above permissions will allow the owner of the folder and any other users in the same group to make changes, but will not allow anyone else. This is safe, since you control who is part of the other user's group.
EDIT
It looks like your error has changed, though. You're not getting permission denied any more. Can you still do it through terminal? The reason (I think) it is saying that the host key verification has failed is because your key was originally created for the other user. I realise I said to do this in the answer above, but it is not the right way.
As the jenkins user, can you run the following commands:
ssh-keygen (say yes or agree if it asks if you want to replace your current keys)
ssh-copy-id -i ~/.ssh/id_rsa.pub remoteuser#remote_server
ssh remoteuser#remote_server
If this works, try your script through the terminal, and then through jenkins again...

Resources