linux - Shell script getting superuser privilege without being run as sudo -

-

here script:

script.sh:

sudo cat /etc/passwd-

if in sudo session (e.g ran other command sudo few minutes ago), , run 

script.sh

the script sudo access. if run cat /etc/passwd-/, permission denied error.

as user, wouldn't expect script.sh able super user privileges (e.g without me giving access superuser privileges sudo script.sh).

is expected behavior ? configurable ?

i see behavior being similar sudo su, e,g potentially giving superuser access script run in session, worse, because might not aware of it, , don't know when ends (at least not without checking manually)

is expected behaviour ?

yes, indeed expected behavior. user's cached credentials sudo responsible it.

is configurable ?

yes configurable.

and think security concern valid one. running script.sh in terminal sudo command run before (within timeout), give script superuser privilege if script written explicit sudo commands.

you can avoid script not prompting password when run sudo running with:

sudo -k script.sh

it ask password regardless of previous sudo command/s or session.

and run script.sh without sudo i.e script.sh , still prompt password sudo command/s:

you can change timeout value (the duration sudo maintains session) permanently:

run sudo visudo

then change line:

defaults        env_reset

to

defaults        env_reset,timestamp_timeout=0

save , exit (ctrl+x y)

this ensure sudo asks password every time run.

or if don't want change permanently , want script prompt password @ least once (while maintaining session), can change script this:

sudo -k first-command-with-sudo sudo second-command sudo third , on

this script prompt password @ least once regardless of previous sudo command/s or session.

in case unaware of (or don't have access to) content of script script.sh (it can have sudo commands inside or not)

and want sure sudo command surely prompt password @ least once, run sudo -k (capital k) before running script.

now if run script.sh , if contains sudo command, surely prompt password.


Comments

Post a Comment

Popular posts from this blog

Java 3D LWJGL collision -

-
i making 3d java game lwjgl library, , wondering how add collision detection, player not go through models. i using obj models. here objloader class, loads models: package renderengine; import java.io.bufferedreader; import java.io.file; import java.io.filenotfoundexception; import java.io.filereader; import java.util.arraylist; import java.util.list; import models.rawmodel; import org.lwjgl.util.vector.vector2f; import org.lwjgl.util.vector.vector3f; public class objloader { public static rawmodel loadobjmodel(string filename, loader loader){ filereader fr = null; try { fr = new filereader(new file("res/"+filename+".obj")); } catch (filenotfoundexception e) { system.err.println("couldn't load file!"); e.printstacktrace(); } bufferedreader reader = new bufferedreader(fr); string line; list<vector3f> vertices = new arraylist<vector3f...
Read more

methods - python can't use function in submodule -

-
my folder structure this: pythonstuff/ program.py modulea/ __init__.py foo.py bar.py here's code bar.py : def hello(): print("hello, world!") here's code program.py : #!/usr/bin/env python3 modulea import bar bar.hello() i run $ python3 program.py somehow error: file "program.py", line 3, in <module> bar.hello() attributeerror: 'module' object has no attribute 'hello' edit: __init__.py file empty. edit2: after trying realized had bar.py in root directory contained hello() method. bar.py in modulea/ directory empty. add it import os __all__ = [] module in os.listdir(os.path.dirname(__file__)): if module != '__init__.py' , module[-3:] == '.py': __all__.append(module[:-3]) the init .py files required make python treat directories containing packages; done prevent directories common name, such string, unintentionally hiding v...
Read more

c# - ErrorThe type or namespace name 'AxWMPLib' could not be found (are you missing a using directive or an assembly reference?) -

-
what possible reference handler axwmplib._wmpocxevents_playstatechangeeventhandler ? when pass event in method, private void axwindowsmediaplayer1_playstatechange(object sender,axwmplib._wmpocxevents_playstatechangeevent e) compiling throws following error: the type or namespace name 'axwmplib' not found (are missing using directive or assembly reference?) if using visual studio make sure have axwmplib listed under references in solution explorer. if have embedded windows media player control in form, should have been added automatically along wmplib . an easy way add these libraries if missing add windows media player control form (an existing 1 do). right-click on toolbox , pick "choose items..." context menu, tick "windows media player" control on "com components" tab , click ok. should have little windows media player icon attached cursor; click on form add it. add axwmplib , wmplib references solution. can delete w...
Read more