I need to create directory inside root directory using a qt widget application.
void Home::on_pushButton_clicked()
{
system("mkdir /bin/mydir");
}
But,how to get root privilege before making folder inside /bin folder
you can get root password using pkexec command inside programming like below:
void Home::on_pushButton_clicked()
{
system("pkexec mkdir /bin/myDir");
}
or you can try to using QProcess class, however for your purpose the pkexec is enough.But in this mode you have to enter password manually, but if you want to get root permission without entering password manually and you could enter your password inside of the code then you may consider the below code:
QProcess process;
process.start("echo your_password | sudo -S mkdir /bin/myDir");
A program cannot gain root privileges after it has been started; it is only permitted to (either temporarily or finally) drop privileges.
The best approach is usually to invoke a program such as gksudo or ksudo, which the system will invoke as root, at which point they temporarily drop root privileges, query the user for consent, close their connection to the GUI system, regain root privileges and execute the action.
If you want your application to access some resources which requires root privilege, you have to run that application as root.
e.g
sudo your_application_name
or login as root and then run that application.
Related
Linux C/C++ has open or fopen API, but created file are belong to process uid.
If we want to change owner/group of this file, we can use chown or fchown API after file created.
But, is there one API for creating file as another user, not two API ?
There is no Unix api dedicated for that, but you can change the current user to
other user before create the file, such as:
Make sure you have permission. The current effective user must be "root" OR set user or group ID on executable file.
Call setgid and setuid to other user.
Create the file.
Call setuid and setgid to old user if required.
Because the user is process-wide, if your program is multi-threaded, you may
need to fork a child process doing the steps I listed before.
But if you want non-root user (such as nobody) to run your program, you can give
the permission to your executable file:
sudo chown root:root ./your_app && sudo chmod gu+s ./you_app
Now you can call setuid(0) and setgid(0) to acquire root permission.
It's not possible in Linux.
Allowing this could cause some subtle security bugs (remote code execution, destroying files of other users, etc.) and therefore is not allowed.
Instead, please just run the process under sudo.
Our EC2 instance setup has an ftp user that had successful setup through the vsftpd program with an original home directory of \home\user\, I followed the instructions on this stack overflow, and had the user's shell set to /bin/false
What I'm looking to do is make the ftp user login only accessible to a particular directory, a folder in the html directory - \var\www\html\website.com\userfolder
What I've done:
Added user to a group ftpgroup
Authorized access and ownership of the new directory to the user:ftponly
Changed the user's home directory in /etc/passwd
added .ssh/authorized_keys with user's key in the new directory
changed ChrootDirectory in /etc/ssh/sshd_config to new directory
changed the permissions on the directory to chmod -R 775 user:ftpgroup
mounting \var\www\html\website.com\userfolder
Before these changes I was able to access the FTP, and now upon attempted access I receive the following errors from the Filezilla client:
Error: Disconnected: No supported authentication methods available
(server sent:publickey) ... Status: Connection attempt failed with
"ETIMEDOUT - Connection attempt timed out"
As it was working before, I'm thinking that it might have something to do with permissions, I'm just unsure of where else to change.
Thanks for any insight.
This worked for me.
After creating the user with vsftpd, the user now has access to the directory via FileZilla.
I then added a link from the home/{user} directory to the /var/www/html/{user} directory.
The user can upload files to the home directory and can view it from the html directory.
This is a simple hack. Let me know if this solves your problem.
I was trying to run COMSOL on Amazon AWS.
While file following the link RunningCOMSOLOnTheAmazonCloud.pdf,
I face errors when trying to install COMSOL on the AMI. When I try to install COMSOL into the remote terminal: cd ~/Private/comsol/COMSOL43b_dvd/setup ami, I get this error:
bash: cd: /root/Private/comsol/COMSOL43b_dvd/setup: No such file or directory
The issue seems to be caused by you trying to navigate to a non existing directory
Please check that the directory exists
ls /root/Private/comsol/COMSOL43b_dvd/
I assume you're at part 2 on page 25 of this document. The instructions there are not very well worded but I think I can see what's going wrong:
2 Install COMSOL:
cd ~/Private
/comsol/COMSOL43b_dvd/setup ami
Answer the following questions:
Enter the installation directory: (press enter for default:
/home/ec2-user/Private/)
Accept the license agreement (press the space bar to flip the pages until the last
one, and answer yes to the question if you agree).
Enter the path to the license file: (press enter for default: 1718#localhost)
The tilde (~) is a shorthand for any user's home directory. This is usually in the form /home/user. If you are logged in as the root user, then the home directory is /root. It looks like you are still the root user, when you should be ec2-user, which is Amazon's default username for most of their Linux EC2 instances. (The suggested default installation directory of /home/ec2-user/Private is what makes me think that)
Try running su - ec2-user to change to the right user, then type pwd to get the console to print out the directory you're in. You should be in the home directory.
Use the ls command to list all the contents of the directory you are in, or ls -l to give you a more detailed list.
You can also use the tab button on your keyboard to autocomplete filenames if they exist. Pressing tab twice will give you a list of options. If pressing tab doesn't complete, or show a list of options after a double tap, then the directory does not exist.
I am working in Ubuntu 14.04 I have an C++ application which I have compiled. I get the executable which name is "program". Well the thing is that this program use opencv and sockets then if I try to execute it in the terminal like this:
./program
I got this error:
listener: socket: Operation not permitted
setsockopt: Bad file descriptor
This error appear because I using socket and I need to run my application as root, so I tyoe this:
sudo ./program
This request my password and the program works propertly.
The thing is that I want to run this "program" automatically when I start my Ubuntu, but it does not work. I have another application the name is "camera" which only use opencv, no socket, then I do not need to run as root. So I put this application in the startup application of ubuntu and the "camera" application start at the begining without problem.
So I guess that my problem is that I need to run as root my "program", but I can not get it.
Someone could help me?
Many Thanks
You need to change the ownership of the program to root:root and use the setuid permission so that it runs with the permissions of its owner, not the user who invoked it.
sudo chown root:root ./program
sudo chmod a+s ./program
Now the program will run with root privileges for all users.
Hope that helps.
Side note: As a programmer you should strive to ensure that programs that run with root privileges are free of security holes, so that they're not vulnerable to buffer overflow exploits, etc.
I am trying to run Lynx under apache user via sudo, but it seems that lynx tries to access my home directory:
$ sudo -u apache lynx
/home/ssmirnov/: No such directory
I have such permissions on my home directory: drwx------
Can you advice me how to run Lynx under another user?
You might try using sudo's -H option. It sets $HOME to the home directory of the user you're trying to run as. Perhaps lynx is looking for a file there, i dunno. (It doesn't seem to have a problem on my machine...but eh.)
-i might work as well; it basically sets the environment up as if the user had logged in, including cd'ing to their home directory. Note, that means starting the shell specified for that user, running login scripts, and all that. If the user's not allowed to log in, this will likely fail.
If you want to run it from your home directory, for example to download something to that location, of course you'll have to grant access to apache somehow. This can be done on ext* filesystems on most modern Linux systems (without granting everyone access) by saying something like setfacl -m u:apache:rwx $HOME. In a pinch, you could temporarily put apache in your group and grant group rwx permissions on your homedir...but unless this is your home machine, i wouldn't do that.