similar to: How to log pubkey used in a keyring

For security, many systems are configured so you cannot log directly as root via the initial authentication in openssh. What is usually done is that you log onto as your normal login and once you get a interactive shell you su to root to run the command that requires root. Does openssh have a more elegant way of exec'ing a command as root so I can run the command non-interactively? I know:

- add a flag to request chroot for the process, which is done only as very last (before chdir) operation before exec'ing the process in the child: this avoids using CHROOT_IN & CHROOT_OUT around command* invocations, and reduces the code spent in chroot mode - add failure checks for dup2 and open done in child, not proceeding to executing the process if they fail - open /dev/null

Here's a simple patch which retrieves authorized_keys via exec'ing a program, rather than reading a flat file. I added a simple option, AuthorizedKeysExec, to sshd_config which simply executes the respective file, passing the username as argv[1]. Keys are returned via stdout. Notes: If AuthorizedKeysExec is set and an authorized_keys file exists, checking the existing authorized_keys

John, Thanks for the quick reply.  Using a PassManager object should work fine.  As you said, my only objection is to exec'ing opt.  I had actually tried instantiating a PassManager object before, but I was definitely not doing it right.  I will take a look at how clang and SAFECode use it, and see if I can get it working. Thanks, David ----- Original Message ----- From:

https://bugzilla.netfilter.org/show_bug.cgi?id=1355 Bug ID: 1355 Summary: Error parsing JSON config via a pipe to subprocess's stdin Product: nftables Version: unspecified Hardware: x86_64 OS: Ubuntu Status: NEW Severity: normal Priority: P5 Component: nft

hiya. i'm using ices 0.2.2 with icecast 1.3.10 and otto 1.0 (a web/db playlist mgmt tool). overall, i'm very pleased with the setup, but i'm having a few problems. 1) whenever otto plays a track (by exec'ing ices), that same track keeps playing over and over. i have to direct otto to kill the track (and the ices process) in order to get it to play the next track. i notice this

On 7/29/11 10:00 AM, david.dewey at comcast.net wrote: > > John, > > Thanks for the quick reply. Using a PassManager object should work > fine. As you said, my only objection is to exec'ing opt. > > I had actually tried instantiating a PassManager object before, but I > was definitely not doing it right. I will take a look at how clang > and SAFECode use it,

I should mention that I'm a total newbie with keyrings! I tried searching for help sites - found 1, but I still have a problem. If there is a website (or sites) that explain this, please post it (them)! Ok, so I have a laptop with wifi, running CentOS 5.2. When I boot it, it finds the nearby wifi signals, and tries to connect to mine. To do this, it puts up a window to get my default

Hi Ryan, On Fri, 2007-04-06 at 13:34 -0500, Ryan M. Lefever wrote: > I am running the following llvm-ld command to produce native code: > > llvm-ld -native -o code.exe code.bc -lm > > However, I am getting the following assertion failure in llc. The > bytecode has been processed with opt, it passes opt bytecode > verification. I'm not too familiar with backend

CentOS Errata and Bugfix Advisory 2012:1334 Upstream details at : https://rhn.redhat.com/errata/RHBA-2012-1334.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) i386: 834ad2fc6f3d74700c5fc601b4298e7383b8eddd8e4e1aff7d6f3144361bfa76 gnome-keyring-2.28.2-8.el6_3.i686.rpm

Hello. I'm using my laptop (an Acer Aspire 3680, with built-in Atheros wifi). I installed 5.2 on it, and it's working nicely. But, I have an issue with the keyring. I should mention that this is my *first* experience with keyrings. When I set up the wifi, it stated basically that "nm-applet wants to access the default keyring, but it's locked. Enter password." So I did.

Hi everybody, I have a CentOS 5.4 server I need to se-up as Subversion server. On the server GNOME keyring has been installed and the integration with Subversion works fine: I'm asked for the keyring password the first time and that's it. I am now trying to set it up so that after login the default keyring is unlocked. This way I won't be asked for the keyring password ever. I have

I am having an issue I have not ran into before... I set my box to "auto" login by changing the file: more /etc/gdm/custom.conf # GDM configuration storage [daemon] AutomaticLoginEnable=true AutomaticLogin=silentm TimedLoginEnable=true TimedLogin=silentm TimedLoginDelay=0 [security] [xdmcp] [greeter] [chooser] [debug] It does auto login - however then when I try to VNC into

I want to install debian-backports-keyring on puppet clients. However, I can''t install it because the client doesn''t already have the key: -------------------------------------------------------------------------------- err: //Node[basenode]/tclbase/Package[debian-backports-keyring]/ensure: change from purged to present failed: Execution of ''/usr/bin/aptitude -y -o

Hey all, I am preparing some workstations with C8/GNOME here and wonder if there is a smart way to automatically lock the keyring after some defined time (e.g 1800 seconds). The net suggests killing the gnome-keyring-daemon process - not the smartest way. I can manually lock the keyring with seahorse but this way doesn't scale very well :-) Any hints? Leon

I hope someone can help me because I have spent a week on this and still I can't make it to work. I have a CentOS 5.5 server and I am trying to set it up so that upon login the gnome default keyring is unlocked. I don't have a desktop as users will login using ssh only. I have search the forum and google it, and I did find some help. All the articles though said to change /etc/pam.d/gdm

Thanks !! This clarifies completely what is happening. I'll look into running virsh as root/attaching to qemu:///system. Or, perhaps I can 'statically' create tun devices, to which the domains attach when started (although I have no idea weather this is possible). Best, Govert 2017-01-17 20:46 GMT+01:00 Laine Stump <laine@laine.org>: > On 01/14/2017 06:30 AM, Govert wrote:

On Fri, Feb 21, 2014 at 01:50:30PM +0100, Pino Toscano wrote: > On Friday 21 February 2014 11:10:54 Richard W.M. Jones wrote: > > On Thu, Feb 20, 2014 at 11:53:17AM +0100, Pino Toscano wrote: > > > Create a temporary directory and tell gpg to use it as homedir, so > > > imported keys do not get into the user's keyring. This also avoid > > > importing the

Hi David, It looks like you added the PWD= magic to Makefile.spec. It is preventing me from running bugpoint on the desktop, with errors like this: /Users/sabre/llvm/projects/llvm-test/External/SPEC/Sandbox.sh bugpoint- train Output/176.gcc.bugpoint-opt /Users/sabre/cvs/benchmarks/ speccpu2000/benchspec/CINT2000/176.gcc/data/train/input/ \

--- run.in | 1 + 1 file changed, 1 insertion(+) diff --git a/run.in b/run.in index ed4971b..548ac20 100644 --- a/run.in +++ b/run.in @@ -51,6 +51,7 @@ b=@abs_builddir@ # # chcon --reference=/tmp tmp export TMPDIR="$b/tmp" +mkdir -p "$b/tmp" # Set local environment relative to this script. export LIBGUESTFS_PATH="$b/appliance" -- 1.7.10.4