Dear List,
I use two shell scripts to connect and disconnect to the internet which also enable and disable vnstat. Right now, I run the scripts using sudo. Is there a way to run them without entering the password each time? I tried using chmod 4777 on the scripts but they are unable to open the interface etc.
Thanks.
Aparna
On 7/16/06, Aparna Appaiah aparna.appaiah@gmail.com wrote:
each time? I tried using chmod 4777 on the scripts but they are unable to open the interface etc.
Make sure that root owns both scripts and then do a `chmod 4777` on them.
Regards, Siddhesh
On Sun, Jul 16, 2006 at 08:46:00AM +0530, Siddhesh Poyarekar wrote:
On 7/16/06, Aparna Appaiah aparna.appaiah@gmail.com wrote:
each time? I tried using chmod 4777 on the scripts but they are unable to open the interface etc.
Make sure that root owns both scripts and then do a `chmod 4777` on them.
Thanks. It works now.
Aparna
On Sun, Jul 16, 2006 at 10:47:34AM +0530, Aparna Appaiah wrote:
On Sun, Jul 16, 2006 at 08:46:00AM +0530, Siddhesh Poyarekar wrote:
On 7/16/06, Aparna Appaiah aparna.appaiah@gmail.com wrote:
each time? I tried using chmod 4777 on the scripts but they are unable to open the interface etc.
Make sure that root owns both scripts and then do a `chmod 4777` on them.
Thanks. It works now.
Actually, it doesn't! My current situation is this:
[aparna@debian bin] ls -l -rwsr-sr-x 1 root root 74 Jun 12 12:56 netdown.sh -rwsr-sr-x 1 root root 64 Jun 12 12:09 netup.sh
However, running the script gives me this:
[aparna@debian bin] ./netup.sh Error: Unable to write database "/var/lib/vnstat/eth0". Make sure it's write enabled for this user. Database not updated. Setting up IP spoofing protection: /etc/init.d/networking: line 17: /proc/sys/net/ipv4/conf/all/rp_filter: Permission denied /etc/init.d/networking: line 17: /proc/sys/net/ipv4/conf/default/rp_filter: Permission denied /etc/init.d/networking: line 17: /proc/sys/net/ipv4/conf/eth0/rp_filter: Permission denied /etc/init.d/networking: line 17: /proc/sys/net/ipv4/conf/lo/rp_filter: Permission denied rp_filter. Configuring network interfaces...ifup: failed to open statefile /etc/network/run/ifstate: Permission denied done.
Where could the mistake be? I am sure it is not being run as root.
Thanks.
Aparna
On Sunday 16 July 2006 11:14, Aparna Appaiah wrote: *snip*
Actually, it doesn't! My current situation is this:
[aparna@debian bin] ls -l -rwsr-sr-x 1 root root 74 Jun 12 12:56 netdown.sh -rwsr-sr-x 1 root root 64 Jun 12 12:09 netup.sh
However, running the script gives me this:
[aparna@debian bin] ./netup.sh Error: Unable to write database "/var/lib/vnstat/eth0". Make sure it's write enabled for this user. Database not updated. Setting up IP spoofing protection: /etc/init.d/networking: line 17: /proc/sys/net/ipv4/conf/all/rp_filter: Permission denied /etc/init.d/networking: line 17: /proc/sys/net/ipv4/conf/default/rp_filter: Permission denied /etc/init.d/networking: line 17: /proc/sys/net/ipv4/conf/eth0/rp_filter: Permission denied /etc/init.d/networking: line 17: /proc/sys/net/ipv4/conf/lo/rp_filter: Permission denied rp_filter. Configuring network interfaces...ifup: failed to open statefile /etc/network/run/ifstate: Permission denied done.
Where could the mistake be? I am sure it is not being run as root.
AFAIK you can't run it as a regular user. You need root privileges to run it. But I'm not 100% sure. It is writing to /proc fs which is only possible by root.
On Sun, Jul 16, 2006 at 11:34:44AM +0530, Dinesh Joshi wrote:
On Sunday 16 July 2006 11:14, Aparna Appaiah wrote: *snip*
However, running the script gives me this:
[aparna@debian bin] ./netup.sh Error: Unable to write database "/var/lib/vnstat/eth0". Make sure it's write enabled for this user. Database not updated. Setting up IP spoofing protection: /etc/init.d/networking: line 17: /proc/sys/net/ipv4/conf/all/rp_filter: Permission denied
AFAIK you can't run it as a regular user. You need root privileges to run it. But I'm not 100% sure. It is writing to /proc fs which is only possible by root.
That's true. Giving root ownership and sticky bit to a script does not entitle it access to root files while a user is logged in. The permission is limitted to allowing the user to run the script, not its access to root files.
The script itself could be modified to have the sudo command and passowrd included in it. Then it need not be root owned. The password will be user password only so the cracker may only get user access if such a situation arises.
Regards,
Rony.
___________________________________________________________ All New Yahoo! Mail � Tired of Vi@gr@! come-ons? Let our SpamGuard protect you. http://uk.docs.yahoo.com/nowyoucan.html
Sometime on Jul 16, AA cobbled together some glyphs to say:
Make sure that root owns both scripts and then do a `chmod 4777` on them.
Thanks. It works now.
Actually, it doesn't! My current situation is this:
[aparna@debian bin] ls -l -rwsr-sr-x 1 root root 74 Jun 12 12:56 netdown.sh -rwsr-sr-x 1 root root 64 Jun 12 12:09 netup.sh
IIRC, shell scripts will not run setuid root. Only compiled executables will.
On Mon, 2006-07-17 at 00:58 +0530, Philip Tellis wrote:
Sometime on Jul 16, AA cobbled together some glyphs to say:
Make sure that root owns both scripts and then do a `chmod 4777` on them.
Thanks. It works now.
Actually, it doesn't! My current situation is this:
[aparna@debian bin] ls -l -rwsr-sr-x 1 root root 74 Jun 12 12:56 netdown.sh -rwsr-sr-x 1 root root 64 Jun 12 12:09 netup.sh
IIRC, shell scripts will not run setuid root. Only compiled executables will.
I think the shell scripts do but not the processes spawned by them. ie. the setuid is not inherited automatically.
-gabin
Sometime on Sun, Jul 16, 2006 at 08:46:00AM +0530, Siddhesh Poyarekar said:
On 7/16/06, Aparna Appaiah aparna.appaiah@gmail.com wrote:
each time? I tried using chmod 4777 on the scripts but they are unable to open the interface etc.
Make sure that root owns both scripts and then do a `chmod 4777` on them.
Hi, please note that mm.glug-bom.org and mm.ilug-bom.org.in are same. Please reply to any one of the list addresses. This post of yours was delivered twice.
Anurag
-
Anurag -
Aparna Appaiah -
Dinesh Joshi -
Gabin Kattukaran -
Philip Tellis -
ronbillypop@yahoo.co.uk -
Siddhesh Poyarekar