I am trying to unzip a file with the following command but get a privilige error.
-bash-4.2$ unzip traccar-linux-*.zip && ./traccar.run
Archive: traccar-linux-64-latest.zip
replace traccar.run? [y]es, [n]o, [A]ll, [N]one, [r]ename: A
inflating: traccar.run
inflating: README.txt
Administrative privileges required for this archive (use su or sudo)
My user is having sudo 'rights'
-bash-4.2$ sudo -l -U gc_admin
[sudo] password for gc_admin:
Matching Defaults entries for gc_admin on agitated-lewin:
!visiblepw, always_set_home, match_group_by_gid, always_query_group_plugin,
env_reset, env_keep="COLORS DISPLAY HOSTNAME HISTSIZE KDEDIR LS_COLORS",
env_keep+="MAIL PS1 PS2 QTDIR USERNAME LANG LC_ADDRESS LC_CTYPE",
env_keep+="LC_COLLATE LC_IDENTIFICATION LC_MEASUREMENT LC_MESSAGES",
env_keep+="LC_MONETARY LC_NAME LC_NUMERIC LC_PAPER LC_TELEPHONE",
env_keep+="LC_TIME LC_ALL LANGUAGE LINGUAS _XKB_CHARSET XAUTHORITY",
secure_path=/sbin\:/bin\:/usr/sbin\:/usr/bin
User gc_admin may run the following commands on agitated-lewin:
(ALL) ALL
-bash-4.2$ groups gc_admin
gc_admin : psacln wheel
For some reason even with the sudo command, I am not allowed to unzip?
-bash-4.2$ sudo unzip traccar-linux-*.zip && ./traccar.run
[sudo] password for gc_admin:
Archive: traccar-linux-64-latest.zip
replace traccar.run? [y]es, [n]o, [A]ll, [N]one, [r]ename: A
inflating: traccar.run
inflating: README.txt
Administrative privileges required for this archive (use su or sudo)
What am I doing wrong? Any suggestions?
Think I ansewred it myself.
The command that i was trying to use (unzip traccar-linux-*.zip && ./traccar.run) consists of two parts. When run seperatly, both with their own sudo command, it al worked fine.
Related
I am trying to run psql with user postgres. When I run sudo su - postgres AND THEN psql from within the new session, it is working smoothly. In fact, the ~/.bashrc in that session with use postgres has the correct PATH.
However, if I run sudo -u postgres psql, I get sudo: psql: command not found. Even though the session where I am running this command (I use the FISH shell) has the correct PATH as well, and I can invoke psql without the full path with my user.
I need to invoke the command as sudo -u postgres psql, how can this behavior be explained?
Edit: if (from FISH) I switch to BASH and run sudo -u postgres psql, it works! I guess it has to do with the FISH path then...
Edit 2: The issue seems to be that the PATH is reset when using sudo.
➜ ~ psql
psql: error: connection to server on socket "/var/run/postgresql/.s.PGSQL.5432" failed: FATAL: role "opc" does not exist
➜ ~ sudo -u postgres psql
sudo: psql: command not found
➜ ~ echo $PATH
/home/opc/.local /home/opc/.local/bin /usr/pgsql-15/bin /usr/pgsql-15/bin /usr/local/bin /usr/bin /usr/local/sbin /usr/sbin
➜ ~ sudo echo $PATH
/home/opc/.local /home/opc/.local/bin /usr/pgsql-15/bin /usr/pgsql-15/bin /usr/local/bin /usr/bin /usr/local/sbin /usr/sbin
➜ ~ sudo -u postgres /usr/pgsql-15/bin/psql
could not change directory to "/home/opc": Permission denied
psql (15.1)
Type "help" for help.
postgres=#
But if I echo $PATH with sudo, it seems fine...
This is caused by a sudo configuration that has the "secure_path" setting. This causes sudo to reset $PATH to a hardcoded "known safe" value. This might be enabled by your distribution.
When you run sudo bash, that bash will read its settings, including .bashrc, and if you set $PATH in that it will then, of course, have that $PATH again.
But if you run a command without going through a shell that resets $PATH, you'll get the hardcoded setting.
It's possible to change that setting by running sudo visudo and changing the line that says
Defaults secure_path="some:path:here"
to
Defaults !secure_path
An alternative is to just run the command via the fully qualified path, like
sudo -u postgres (command -s psql)
One more comment about your tests:
sudo echo $PATH
This doesn't do what you want. The $PATH will be expanded by the shell that runs sudo, and so sudo won't ever see anything but the value of it. It is exactly equivalent to running sudo echo /home/opc/.local /home/opc/.local/bin /usr/pgsql-15/bin ....
You might want to use something like
sudo env
or
sudo sh -c 'echo $PATH'
instead.
I have an odd issue where as of recently I am unable to run mkdir -p for a different user running as root and get the following error:
[root#ip-192-168-1-146 ~]# sudo -u myuser mkdir -p /some/target/path
sudo: mkdir -p: command not found
When I test as the 'myuser' user the mkdir -p command works fine. I have additionally tried the following without success:
su - myuser -c "mkdir -p /some/target/path"
sudo -u myuser -i mkdir -p /some/target/path
sudo -u myuser -i -c "mkdir -p /some/target/path" <---dont think syntax is right on this but tried anyways.
Context: I am executing a script to setup my AWS EC2 instance that populates all defined directories. This has been working fine until recently. Not including my script here as the above command doesn't work by itself.
Env output for 'mysuser':
$ env
XDG_SESSION_ID=1
HOSTNAME=ip-192-168-1-146.ec2.internal
SHELL=/bin/bash
TERM=xterm-256color
HISTSIZE=1000
USER=myuser
LS_COLORS=rs=0:di=38;5;27:ln=38;5;51:mh=44;38;5;15:pi=40;38;5;11:so=38;5;13:do=38;5;5:bd=48;5;232;38;5;11:cd=48;5;232;38;5;3:or=48;5;232;38;5;9:mi=05;48;5;232;38;5;15:su=48;5;196;38;5;15:sg=48;5;11;38;5;16:ca=48;5;196;38;5;226:tw=48;5;10;38;5;16:ow=48;5;10;38;5;21:st=48;5;21;38;5;15:ex=38;5;34:*.tar=38;5;9:*.tgz=38;5;9:*.arc=38;5;9:*.arj=38;5;9:*.taz=38;5;9:*.lha=38;5;9:*.lz4=38;5;9:*.lzh=38;5;9:*.lzma=38;5;9:*.tlz=38;5;9:*.txz=38;5;9:*.tzo=38;5;9:*.t7z=38;5;9:*.zip=38;5;9:*.z=38;5;9:*.Z=38;5;9:*.dz=38;5;9:*.gz=38;5;9:*.lrz=38;5;9:*.lz=38;5;9:*.lzo=38;5;9:*.xz=38;5;9:*.bz2=38;5;9:*.bz=38;5;9:*.tbz=38;5;9:*.tbz2=38;5;9:*.tz=38;5;9:*.deb=38;5;9:*.rpm=38;5;9:*.jar=38;5;9:*.war=38;5;9:*.ear=38;5;9:*.sar=38;5;9:*.rar=38;5;9:*.alz=38;5;9:*.ace=38;5;9:*.zoo=38;5;9:*.cpio=38;5;9:*.7z=38;5;9:*.rz=38;5;9:*.cab=38;5;9:*.jpg=38;5;13:*.jpeg=38;5;13:*.gif=38;5;13:*.bmp=38;5;13:*.pbm=38;5;13:*.pgm=38;5;13:*.ppm=38;5;13:*.tga=38;5;13:*.xbm=38;5;13:*.xpm=38;5;13:*.tif=38;5;13:*.tiff=38;5;13:*.png=38;5;13:*.svg=38;5;13:*.svgz=38;5;13:*.mng=38;5;13:*.pcx=38;5;13:*.mov=38;5;13:*.mpg=38;5;13:*.mpeg=38;5;13:*.m2v=38;5;13:*.mkv=38;5;13:*.webm=38;5;13:*.ogm=38;5;13:*.mp4=38;5;13:*.m4v=38;5;13:*.mp4v=38;5;13:*.vob=38;5;13:*.qt=38;5;13:*.nuv=38;5;13:*.wmv=38;5;13:*.asf=38;5;13:*.rm=38;5;13:*.rmvb=38;5;13:*.flc=38;5;13:*.avi=38;5;13:*.fli=38;5;13:*.flv=38;5;13:*.gl=38;5;13:*.dl=38;5;13:*.xcf=38;5;13:*.xwd=38;5;13:*.yuv=38;5;13:*.cgm=38;5;13:*.emf=38;5;13:*.axv=38;5;13:*.anx=38;5;13:*.ogv=38;5;13:*.ogx=38;5;13:*.aac=38;5;45:*.au=38;5;45:*.flac=38;5;45:*.mid=38;5;45:*.midi=38;5;45:*.mka=38;5;45:*.mp3=38;5;45:*.mpc=38;5;45:*.ogg=38;5;45:*.ra=38;5;45:*.wav=38;5;45:*.axa=38;5;45:*.oga=38;5;45:*.spx=38;5;45:*.xspf=38;5;45:
MAIL=/var/spool/mail/myuser
PATH=/sbin:/bin:/opt/home/myuser/.local/bin:/opt/home/myuser/bin
PWD=/opt/home/myuser
LANG=en_US.UTF-8
HISTCONTROL=ignoredups
SHLVL=1
HOME=/opt/home/myuser
LOGNAME=myuser
LESSOPEN=||/usr/bin/lesspipe.sh %s
_=/bin/env
Env output for 'root':
$ env
XDG_SESSION_ID=1
HOSTNAME=ip-192-168-1-146.ec2.internal
SHELL=/bin/bash
TERM=xterm-256color
HISTSIZE=1000
USER=root
LS_COLORS=rs=0:di=38;5;27:ln=38;5;51:mh=44;38;5;15:pi=40;38;5;11:so=38;5;13:do=38;5;5:bd=48;5;232;38;5;11:cd=48;5;232;38;5;3:or=48;5;232;38;5;9:mi=05;48;5;232;38;5;15:su=48;5;196;38;5;15:sg=48;5;11;38;5;16:ca=48;5;196;38;5;226:tw=48;5;10;38;5;16:ow=48;5;10;38;5;21:st=48;5;21;38;5;15:ex=38;5;34:*.tar=38;5;9:*.tgz=38;5;9:*.arc=38;5;9:*.arj=38;5;9:*.taz=38;5;9:*.lha=38;5;9:*.lz4=38;5;9:*.lzh=38;5;9:*.lzma=38;5;9:*.tlz=38;5;9:*.txz=38;5;9:*.tzo=38;5;9:*.t7z=38;5;9:*.zip=38;5;9:*.z=38;5;9:*.Z=38;5;9:*.dz=38;5;9:*.gz=38;5;9:*.lrz=38;5;9:*.lz=38;5;9:*.lzo=38;5;9:*.xz=38;5;9:*.bz2=38;5;9:*.bz=38;5;9:*.tbz=38;5;9:*.tbz2=38;5;9:*.tz=38;5;9:*.deb=38;5;9:*.rpm=38;5;9:*.jar=38;5;9:*.war=38;5;9:*.ear=38;5;9:*.sar=38;5;9:*.rar=38;5;9:*.alz=38;5;9:*.ace=38;5;9:*.zoo=38;5;9:*.cpio=38;5;9:*.7z=38;5;9:*.rz=38;5;9:*.cab=38;5;9:*.jpg=38;5;13:*.jpeg=38;5;13:*.gif=38;5;13:*.bmp=38;5;13:*.pbm=38;5;13:*.pgm=38;5;13:*.ppm=38;5;13:*.tga=38;5;13:*.xbm=38;5;13:*.xpm=38;5;13:*.tif=38;5;13:*.tiff=38;5;13:*.png=38;5;13:*.svg=38;5;13:*.svgz=38;5;13:*.mng=38;5;13:*.pcx=38;5;13:*.mov=38;5;13:*.mpg=38;5;13:*.mpeg=38;5;13:*.m2v=38;5;13:*.mkv=38;5;13:*.webm=38;5;13:*.ogm=38;5;13:*.mp4=38;5;13:*.m4v=38;5;13:*.mp4v=38;5;13:*.vob=38;5;13:*.qt=38;5;13:*.nuv=38;5;13:*.wmv=38;5;13:*.asf=38;5;13:*.rm=38;5;13:*.rmvb=38;5;13:*.flc=38;5;13:*.avi=38;5;13:*.fli=38;5;13:*.flv=38;5;13:*.gl=38;5;13:*.dl=38;5;13:*.xcf=38;5;13:*.xwd=38;5;13:*.yuv=38;5;13:*.cgm=38;5;13:*.emf=38;5;13:*.axv=38;5;13:*.anx=38;5;13:*.ogv=38;5;13:*.ogx=38;5;13:*.aac=38;5;45:*.au=38;5;45:*.flac=38;5;45:*.mid=38;5;45:*.midi=38;5;45:*.mka=38;5;45:*.mp3=38;5;45:*.mpc=38;5;45:*.ogg=38;5;45:*.ra=38;5;45:*.wav=38;5;45:*.axa=38;5;45:*.oga=38;5;45:*.spx=38;5;45:*.xspf=38;5;45:
MAIL=/var/spool/mail/root
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin:/root/bin
PWD=/root
LANG=en_US.UTF-8
HISTCONTROL=ignoredups
SHLVL=1
HOME=/root
LOGNAME=root
LESSOPEN=||/usr/bin/lesspipe.sh %s
_=/bin/env
mkdir is on the system:
[root#ip-192-168-1-146 ~]# ls /bin/mkdir
/bin/mkdir
[root#ip-192-168-1-146 ~]# which mkdir
/bin/mkdir
[myuser#ip-192-168-1-146 ~]$ which mkdir
/bin/mkdir
I am at a loss, if anyone has any suggestions I'ld be greatful. Again this has been working for few months now.
Thanks!
so...no idea how it happened but somehow I pasted a special character M-BM- in place of a proper space char.
The M-BM- characters are an ASCII representation of byte sequence 0xc2 0xa0, which is the UTF8 encoding of unicode character A0 - a non-breaking space character. This character can be inserted in both LibreOffice and Microsoft Word documents using the key sequence Ctrl+Shift+SPACE.
¯\(ツ)/¯
I'm trying to install the Postgresql TDE from Cybertech (https://www.cybertec-postgresql.com/), specifically version 9.6.12.
I followed the entire guide for default installation:
$ wget https://download.cybertec-postgresql.com/postgresql-9.6.12-tde.tar.gz
$ sudo apt-get install libreadline-dev zlibc zlib1g-dev bison flex libssl-dev openssl libperl-dev python-dev
I've created a shell /opt/pg_key.sh with this content:
#!/bin/sh
echo 882fb7c12e80280fd664c69d2d636913
$ chmod +x /opt/pg_key.sh
$ tar xvfz postgresql-9.6.12-tde.tar.gz
$ cd postgresql-9.6.12-tde/
$ ./configure --prefix /usr/local/pgsql/ --with-openssl --with-perl --with-python
$ sudo make install
$ cd contrib/
$ sudo make install
$ sudo chown user:user /usr/local/pgsql/data/
$ initdb -D /usr/local/pgsql/data/ -K /opt/pg_key.sh
I've got an error in this last command:
The files belonging to this database system will be owned by user
"user". This user must also own the server process.
The database cluster will be initialized with locale "en_US.UTF-8".
The default database encoding has accordingly been set to "UTF8". The
default text search configuration will be set to "english".
Data page checksums are disabled.
Data encryption is enabled.
fixing permissions on existing directory /usr/local/pgsql/data ... ok
creating subdirectories ... ok
selecting default max_connections ... 100
selecting default shared_buffers ... 128MB
selecting dynamic shared memory implementation ... posix
creating configuration files ... ok
running bootstrap script ... FATAL: Unknown data received from encryption_key_command
child process exited with exit code 1
initdb: removing contents of data directory "/usr/local/pgsql/data"
Thanks in advance
this is a tutorial to install webacula 7 (after bacula 7 with mysql)
this is the tutorial for centos+bcula that i used (without webmin section)
http://www.backupcentral.com/phpBB2/two-way-mirrors-of-external-mailing-lists-3/bacula-25/howto-install-bacula-7-on-centos-7-fresh-install-126395/
Then to install webacula:
yum install httpd php php-mysql php-gd
wget http://downloads.sourceforge.net/project/webacula/webacula/7.0.0/webacula-7.0.0.tar.gz?r=http%3A%2F%2Fsourceforge.net%2Fprojects%2Fwebacula%2F%3Fsource%3Dtyp_redirect&ts=1429012567&use_mirror=garr
(download webacula 7.0.0)
yum install httpd php php-mysql
tar -xzvf /root/webacula-7.0.0.tar.gz\?r\=http...
mv webacula-7.0.0 /var/www/
mv /var/www/webacula-7.0.0/ /var/www/webacula
chown -R root.root .
chown apache.apache cache
groupadd bacula
usermod -aG bacula apache
chgrp bacula /usr/sbin/bconsole
/etc/bacula/bconsole.conf
chgrp bacula /etc/bacula/bconsole.conf
cd ../application
nano config.ini
update:
bacula.bconsole = "/usr/sbin/bconsole"
bacula.bconsolecmd = "-n -c /etc/bacula/bconsole.conf"
nano /etc/sudoers
comment:
# Defaults requiretty
nano /etc/bacula/bconsole.conf
update:
Password = "YOUR PASS"
nano /etc/selinux/config
update:
SELINUX=disabled
nano /etc/sudoers.d/apache
add:
apache ALL=NOPASSWD: /usr/sbin/bconsole
reboot (because the selinux)
check with this command:
su -l apache -s /bin/sh -c "/usr/bin/sudo /usr/sbin/bconsole -n -c /etc/bacula/bconsole.conf"
normal respons :
Connecting to Director localhost:9101
1000 OK: 1 bacula-dir Version: 7.0.5 (28 July 2014)
Enter a period to cancel a command.
*quit
cd /var/www/webacula/install/apache/
cp webacula.conf /etc/httpd/conf.d/webacula.conf
nano /etc/httpd/conf.d/webacula.conf
update:
Alias /webacula /usr/share/webacula/html
<Directory /usr/share/webacula/html>
...
Deny from all
to:
Alias /webacula /var/www/webacula/html
<Directory /var/www/webacula/html>
...
Allow from all
nano /var/www/webacula/application/config.ini
update your db pass
nano /etc/bacula/bacula-dir.conf
update :
catalog = all, !skipped, !saved
cd /var/www/webacula/install
./password-to-hash.php your bacula webming pass
take ther respons and put in:
nano db.conf
update:
db_pwd="your root mysql pass"
....
webacula_root_pwd="your res from ./password-to-hash.php"
cd MySql/
./10_make_tables.sh
./20_acl_make_tables.sh
systemctl restart httpd
add Zend to webacula:
cd /var/www/webacula/library
wget https://packages.zendframework.com/releases/ZendFramework-1.12.3/ZendFramework-1.12.3-minimal.tar.gz (download only ver 1.12.3!!!!!!)
tar -xzf ZendFramework-1.12.3-minimal.tar.gz
mkdir Zend
cp -Rf ZendFramework-1.12.3-minimal/library/Zend/* Zend/.
go to website :)
now we finished but for me the root password did not work, so to fix this i did:
mysql -uroot -p
use bacula;
update webacula_users set email='your email here';
go to website and reset password
Can anyone explain this:
~$ echo $PGDATA
/Library/PostgreSQL/9.2/data
~$ cd /Library/PostgreSQL/9.2/
/Library/PostgreSQL/9.2$ sudo su postgres
bash-3.2$ echo $PGDATA
<blank line>
bash-3.2$ pg_ctl start
pg_ctl: no database directory specified and environment variable PGDATA unset
Try "pg_ctl --help" for more information.
bash-3.2$ export PGDATA="/Library/PostgreSQL/9.2/data"
bash-3.2$ pg_ctl start
server starting
bash-3.2$
The following is in my ~/.bashrc file:
export PGDATA="/Library/PostgreSQL/9.2/data"
I'm not mis-spelling the path in PGDATA:
~$ echo $PGDATA
/Library/PostgreSQL/9.2/data
export PGDATA="/Library/PostgreSQL/9.2/data"
sudo can't be assumed to keep the environment variables of its caller.
See its manpage for the details with your specific OS.
As far as I know, environment variables are attached to a shell, and as far as I can tell I'm in the same shell.
This works for me:
~$ cd /Library/PostgreSQL/9.2/
/Library/PostgreSQL/9.2$ sudo -E su postgres
...
-E The -E (preserve environment) option will override the
env_reset option in sudoers(5)). It is only available when
either the matching command has the SETENV tag or the
setenv option is set in sudoers(5).
I only understand the following:
The -E (preserve environment) option
Next comment:
When I su to postgres I do su - postgres. Notice the hyphen.
Here is what my man pages say about the hyphen:
-l Simulate a full login. The environment is discarded except for
HOME, SHELL, PATH, TERM, and USER. HOME and SHELL are modified
as above. USER is set to the target login. PATH is set to
``/bin:/usr/bin''. TERM is imported from your current environ-
ment. The invoked shell is the target login's, and su will
change directory to the target login's home directory.
- (no letter) The same as -l.
I don't see how that will preserve the PGDATA environment variable, and this is what happened when I tried the hyphen:
/Library/PostgreSQL/9.2$ sudo su - postgres
Password:
7studs-computer:~ postgres$ ls
bin pgAdmin3.app
data pg_env.sh
doc scripts
include share
installer stackbuilder.app
lib uninstall-postgresql.app
7studs-computer:~ postgres$ pg_ctl start
-bash: pg_ctl: command not found
7studs-computer:~ postgres$ ls
bin pgAdmin3.app
data pg_env.sh
doc scripts
include share
installer stackbuilder.app
lib uninstall-postgresql.app
7studs-computer:~ postgres$ cd bin
7studs-computer:bin postgres$ ls
clusterdb pg_config pgbench
createdb pg_controldata pltcl_delmod
createlang pg_ctl pltcl_listmod
createuser pg_dump pltcl_loadmod
dropdb pg_dumpall postgres
droplang pg_receivexlog postmaster
dropuser pg_resetxlog psql
ecpg pg_restore reindexdb
initdb pg_standby vacuumdb
oid2name pg_test_fsync vacuumlo
pg_archivecleanup pg_test_timing
pg_basebackup pg_upgrade
7studs-computer:bin postgres$ ./pg_ctl start
pg_ctl: no database directory specified and environment variable PGDATA unset
Try "pg_ctl --help" for more information.
7studs-computer:bin postgres$
So the hyphen doesn't work for me (OSX 10.6.8).