similar to: user nobody can't access file

On 2/3/2015 2:32 PM, Tim Dunphy wrote: > -bash-3.2$ php /var/www/qa/launchpadnew/site/ftp_check.php > [sudo] password for nobody: where did sudo even come into this picture? does this ftp_check.php script fork a shell with sudo or something? sounds like a VERY bad way of doing whatever it is you're trying to do. -- john r pierce 37N 122W

> > What does the sudo log say? This is all the secure logs say about the ssh session: [root at logs:~] #tail -f /var/log/secure Oct 31 19:15:20 logs sshd[24407]: Accepted publickey for bluethundr from 47.18.111.100 port 47469 ssh2: RSA ae:62:1f:de:54:89:af:2c:10:16:0e:fd:8d:7e:81:06 Oct 31 19:15:21 logs sshd[24407]: pam_unix(sshd:session): session opened for user bluethundr by (uid=0)

hello list, I've been asked to give someone sudo rights across an entire environment without the benefit of something like puppet or chef or cfengine et al. What I've come up with so far is this: ssh -t miaprbicsra04v sudo -S /bin/echo "rsherman ALL=\(ALL\) NOPASSWD: /sbin/service /bin/rm /usr/bin/du /bin/df" >> sudo tee /etc/sudoers Right now that's just to one

> > Have you tried running the command from a conventional login? > sudo -S > expects a password from stdin, where is that being supplied? Yep! That works fine. #ssh -qt bluethundr at es1.example.com "/bin/sudo -S /bin/systemctl restart elasticsearch" #ssh -qt bluethundr at es1.example.com "/bin/echo $?" 0 And the user has 'NOPASSWD' access. Any

Hey all, I'm having a little trouble opening up a port on a C7 machine. Here's the default zone: [root at appd:~] #firewall-cmd --get-default-zone home So I try to add the port: [root at appd:~] #firewall-cmd --zone=home --add-port=8181/tcp success Then I reload firewalld: [root at appd:~] #firewall-cmd --reload success Simple! That should do it. Right? Well not quite. Cuz when

Hi all, I need to restart a service on a few elasticsearch nodes. I'm trying to do it with pssh. I'm getting this error when I try to do that: pssh -h es_list "/bin/sudo -S /bin/systemctl restart elasticsearch" [1] 17:01:50 [FAILURE] bluethundr at es2.example.com Exited with error code 1 [2] 17:01:51 [FAILURE] bluethundr at es3.example.com Exited with error code 1 [3]

Hey Gordon, Sorry, man my bad! Disabling the tty requirement for my sudo user does indeed work. I had a type-o in the sudoers file, and when I corrected it, my sudo command via pssh started working! #pssh -i -h es_list "/bin/sudo /bin/systemctl restart elasticsearch; sleep 10" [1] 20:31:32 [SUCCESS] bluethundr at es3.jokefire.com Stderr: sudo: sorry, you must have a tty to run sudo

Hey all, I just unstalled MariaDB version 10 from the mariadb repositories under a CentOS 7 host. The install went fine! [root at nfsdb1 ~]# rpm -qa | grep -i mariadb MariaDB-common-10.0.19-1.el7.centos.x86_64 MariaDB-server-10.0.19-1.el7.centos.x86_64 MariaDB-client-10.0.19-1.el7.centos.x86_64 MariaDB-shared-10.0.19-1.el7.centos.x86_64 However, when I go to start up the service, I'm

Hello list, I took another stab at finding a way to add a sudo user remotely and it gets you most of the way there. If you execute the script as root it works beautifully and does just what you want. Which is add the user to the group and gives that user group rights to certain commands. But if you execute it as a user who only has sudo access to the /etc/sudoers file it errors out. cloud:~]

I took your suggestion and turned my (ill advised) sudoers bash script into an expect script! It works a lot better this way and is more secure. Because I'm not trying to store a password in a script (which I recognize as a bad idea anyway, I I think I've learned my lesson here). It really works well. But the only thing I'm still trying to figure out is how to put a if statement in

Hi Earl, >I think I found your problem, you do not have the correct package installed >[root at c7-db1 ~]# rpm -qa | grep maria >mariadb-libs-5.5.41-2.el7_0.x86_64 >mariadb-server-5.5.41-2.el7_0.x86_64 >mariadb-5.5.41-2.el7_0.x86_64 >[root at c7-db1 ~]# >Install the mariadb-x package and you should be able to start the service Thanks. While I could go with mariadb 5, the

> > The easiest answer is to edit the Selinux config file. By default it is > set to enforce, which really locks it down. > cd /etc/selinux > edit the config file and change SELUNIX=enforcing to SELUNIX=permissive > Save the file and restart httpd, you should be fine.. Yeah dude, exactly. Except I actually do want to start using it. I've been disabling SELINUX forever

Hi Earl, >The problem is you added the rule in runtime and when you reloaded it >removed the rule that you added; therefore you need to use --permanent >or >do not reload. Thanks! That worked. [root at appd:~] #firewall-cmd --zone=home --list-ports [root at appd:~] #firewall-cmd --zone=home --add-port=8181/tcp --permanent success [root at appd:~] #firewall-cmd --reload success [root

Hey all, I'm attempting to build a spec file of php 5.6.7 - the latest stable - into an rpm. And it's failing with this set of errors: Processing files: php-5.6.7-1.el7.x86_64 warning: File listed twice: /etc/rc.d/init.d/php-fpm error: Symlink points to BuildRoot: /usr/bin/phar -> /home/bluethundr/rpmbuild/BUILDROOT/php-5.6.7-1.el7.x86_64/usr/bin/phar.phar warning: File listed twice:

Hey Jeremy, > Have you tried changing the folder where it's writing into with these > lables? httpd_sys_content_rw_t or httpd_user_content_rw_t Adding 'rw' to the command did the trick. I tried httpd_sys_content_rw_t and that works fine! Thanks for the tip! Tim On Thu, Jan 22, 2015 at 1:19 PM, Jeremy Hoel <jthoel at gmail.com> wrote: > Have you tried changing

Hey guys, I'm trying to echo my password into some commands inside of a bash script. But I think I'm going about it incorrectly. Here's the top part of my script: #!/bin/bash pub="~/.ssh/id_rsa.pub" dps_pass="my_pass" ssh="/usr/bin/ssh" scp="/usr/bin/scp" for i in 10.10.10.2{5,6} do echo "xfring key up" echo $dps_pass | $scp $PUB

Hi Eric, Thanks for your reply. I do have nrpe running under xinetd on the host I'm trying to monitor. And running the nrpe checl locally: [root at ops:~] #/usr/local/nagios/libexec/check_nrpe -H localhost NRPE v2.15 [root at ops:~] #grep only_from /etc/xinetd.d/nrpe only_from = 127.0.0.1 216.120.248.126 And I do have port 5666 open on the security group for this host.

Hey Rodrigo, Thanks for your reply. Well those errors are pulled from the Chrome developer tools. I notice if I do a GET on that file using both all lower case as well as the upper case that's in the URL I get the same result: [root at aozwsls00019la apache2]# GET http://stage.theshopatmycompanystudios.com/mycopmanyStore/images/altImg.png <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML

> > You may also need to restart sssd or nslcd, depending upon which one is > running the backed ldap connection service on the clients. Hmm.. I got a different result after restarting nclcd. Instead of logging me in and just complaining that it couldn't create the home directory, it still complains about not creating the home directory, but now it doesn't let me in: #ssh

Hello, I am trying to monitor a host in the Amazon EC2 cloud. Yet when I try to check NRPE from the monitoring host I am getting an SSL handshake error: [root at monitor1:~] #/usr/local/nagios/libexec/check_nrpe -H ops.jokefire.com CHECK_NRPE: Error - Could not complete SSL handshake. And if I telnet into the host on port 5666 to see if the FW port is open, the connection closes right away: