Hi all am trying list all the sudo command a user has access to as a root , obviously we can see that in sudoers file but if there are a lot of user/command aliases it becomes difficult
i am trying to do sudo -l for a different user as root
i have tried using -u option
sudo -u testuser -l
throws command usage message
sudo -u testuser sudo -l
prompts for testuser's password (i dont want password prompt as i am doing as root)
su - testuser -c 'sudo -l'
gives me below error
sudo: no tty present and no askpass program specified
please let me know how to go about this
As per man sudo:
-U user, --other-user=user
Used in conjunction with the -l option to list the privileges
for user instead of for the invoking user. The security pol-
icy may restrict listing other users' privileges. The
sudoers policy only allows root or a user with the ALL privi-
lege on the current host to use this option.
you're using -u, which is something completely different:
-u user, --user=user
Run the command as a user other than the default target user
(usually root ). The user may be either a user name or a
numeric user ID (UID) prefixed with the '#' character etc...
Related
I'm getting an error when I try to create a user and add them to a group:
inherit extrausers
EXTRA_USERS_PARAMS = " groupadd radio; \
useradd -g radio -p '' elton;"
I've also tried variations using usermod with similar results. The error log states:
NOTE: Executing set_user_group ...
DEBUG: Executing shell function set_user_group
NOTE: petalinux-user-image: Performing usermod with [-R /home/kenny/Desktop/radio/build/tmp/work/plnx_zynq7-xilinx-linux-gnueabi/petalinux-user-image/1.0-r0/rootfs -P root]
Usage: usermod [options] LOGIN
Options:
-c, --comment COMMENT new value of the GECOS field
-d, --home HOME_DIR new home directory for the user account
-e, --expiredate EXPIRE_DATE set account expiration date to EXPIRE_DATE
-f, --inactive INACTIVE set password inactive after expiration
to INACTIVE
-g, --gid GROUP force use GROUP as new primary group
-G, --groups GROUPS new list of supplementary GROUPS
-a, --append append the user to the supplemental GROUPS
mentioned by the -G option without removing
the user from other groups
-h, --help display this help message and exit
-l, --login NEW_LOGIN new value of the login name
-L, --lock lock the user account
-m, --move-home move contents of the home directory to the
new location (use only with -d)
-o, --non-unique allow using duplicate (non-unique) UID
-p, --password PASSWORD use encrypted password for the new password
-P, --clear-password PASSWORD use clear password for the new password
-R, --root CHROOT_DIR directory to chroot into
-A, --prefix PREFIX_DIR prefix directory where are located the /etc/* files
-s, --shell SHELL new login shell for the user account
-u, --uid UID new UID for the user account
-U, --unlock unlock the user account
-v, --add-subuids FIRST-LAST add range of subordinate uids
-V, --del-subuids FIRST-LAST remove range of subordinate uids
-w, --add-subgids FIRST-LAST add range of subordinate gids
-W, --del-subgids FIRST-LAST remove range of subordinate gids
ERROR: petalinux-user-image: usermod command did not succeed.
I'm using Petalinux 2019.1 which is using Yocto/Thud.
Im writing a shell to automate a process this shell will be run as root or as another user but not as the postgres user (meaning the user will just run the script)
What i did as a postgres user while testing was
touch /var/lib/postgresql/10/main/recovery.conf
sudo nano recovery.conf (wrote some content )
ctrl +O
However whenever I try to do this by using the following lines in my shell as as another user (including root)
sudo -H -u postgres bash -c "touch /var/lib/postgresql/10/main/recovery.conf"
The file is created as postgres user which is what i intended, and then i run
sudo -H -u postgres bash -c echo "content" > /var/lib/postgresql/10/main/recovery.conf
and get a
-bash: /var/lib/postgresql/10/main/recovery.conf: Permission denied
How come I can create the file but not put content on it?
I already tried giving 775 and 777 permisions using chmod
chmod 775 recovery.conf
as the psotgres user and i get
-rwxrwxr-x 1 postgres postgres 133 May 11 22:11 recovery.conf
to this file as a postgres user and still the error persists so im confused about whats going on
At the second line where you try to put the "echo" command, please use:
/var/lib/postgresql/10/main/recovery.conf
With a / at the beginning
I followed this tutorial and made a typo where I was supposed to create a user for my django apps to connect as;
I was supposed to run su - postgres -c "createuser www-data -P" but I ran su - postgres -c "createuser www-dtata -P".
I dont want to proceed until I remove that user, which I don't know the command for. I found and tried DROP USER after searching around, but the terminal returned -su: DROP: command not found.
Run sudo su - postgres -c "dropuser www-dtata"
You can use dropuser console tool (see https://www.postgresql.org/docs/current/static/app-dropuser.html):
su - postgres -c "dropuser www-dtata"
Or use DROP USER SQL query (see https://www.postgresql.org/docs/current/static/sql-dropuser.html):
sudo -u postgres psql -c 'DROP USER "www-dtata";'
These 2 approaches do the same thing. In SQL version, you also need to use double quotes around DB user name, due to - in it.
First run the command
sudo su
Enter the user password for root access.
Then run the below command
su - postgres -c "dropuser www-dtata"
No password will be prompted
In my poky build, I've added a password for root, and also I've added a user "myuser". In addition I've added sudo to the list of IMAGE_INSTALL_append.
When logging as "myuser" and tried to "sudo chmod" a file using the root password, it doesn't work "Sorry try again"...
I can log in normally as root with my password,
Anyone has seen this, is sudo working for poky?
As sudo can be executed an you've got a Sorry try again.. error message I think you either got your password wrong (make sure you use the users password, not roots) or you haven't configured sudo correctly.
For a description on how to use /etc/sudoers take a look at its manpage: https://linux.die.net/man/5/sudoers
No way. There is no su package in Yocto/OE.
Does your image build ? You should have had something like Missing or unbuildable dependency chain error, unless you've created a recipe providing su package.
To add user with sudo capability, below is an example of what you should have in your image's recipe.
Create the user with a suitable password
Add the user to sudo group
Give sudo capabilities to sudo members
I suppose you have an image recipe, or even a bbappend on an existing one.
IMAGE_INSTALL_append = " sudo"
inherit extrausers
PASSWORD = "mypassword"
USER = "myuser"
EXTRA_USERS_PARAMS = "\
useradd -p `openssl passwd ${PASSWORD}` ${USER}; \
usermod -a -G sudo ${USER}; \
"
# Here we give sudo access to sudo members
update_sudoers(){
sed -i 's/# %sudo/%sudo/' ${IMAGE_ROOTFS}/etc/sudoers
}
ROOTFS_POSTPROCESS_COMMAND += "update_sudoers;"
Problem fixed removing "sudo" from IMAGE_INSTALL_append, and just using "su" instead
I am trying to a create a user in postgres, I did the following.
sudo -u postgres createuser mystore
But I found out that I should use -s flag while creating the user, So my question is what is role of -s flag while creating user.
And I tried to remove the user by the following steps
sudo -u postgres psql
drop user mystore
Then tried to create the store with the -s flag, it says
role "mystore" already exists.
How to handle this
createuser -s will give the new user superuser privileges. As with most command-line tools in Linux, you can get a description of each flag by running createuser --help.
The problem in psql appears to be a missing semicolon after your drop command. psql supports multi-line statements, so hitting Enter will simply add a new line; it won't submit the command to the server until it sees a semicolon terminator.