I use gdb-many-windows in emacs as normal user. But the program need to run as root. Can i change to root in emacs before run gdb-many-windows? Is there other way to solve this problem?
Update: Thanks all.
When you do Meta-X gdb, emacs allows you to change the gdb command it will invoke.
Just change it to sudo gdb --annotate=3 ...
Update: as matt comments, this is still quite insecure. Better make it
sudo /usr/bin/gdb -ex 'set auto-load-scripts no' --annotate=3 ...
An even better approach might be to change your setup such that the program you are debugging does not need to run as root in the first place. Perhaps you could use fakeroot instead?
Update 2: sudo appears to interfere with emacs terminal handling. In particular, it tries to read password from /dev/tty and doesn't get input from emacs mini-buffer.
The solution is to allow yourself to invoke GDB without password via sudo. Something like this (in /etc/sudoers) should work:
your_user_id ALL = NOPASSWD: /usr/bin/gdb
A solution not mentioned here is to have your build script set the setuid bit on your binary and set the ownership to root
chmod u+s binaryname
chmod g+s binaryname
chown root:root binaryname
that's probably more secure then either of the two answers (although it'll let anybody that has execute permission run the file as root, that may not be what you want...)
One possible solution is to run emacs as root, which will cause gdb (and any other process you spawn) to run as root.
It seems there is a way to do this with emacs 25 without tinkering with sudoers. You need to got to any buffer in emacs (I usually use a file from my project), do 'M-x cd', select '/sudo::/' - this changes the default directory. Then, when you run 'M-x gdb', gdb will run under sudo (you will be prompted for your password). See also here: https://groups.google.com/forum/#!topic/gnu.emacs.help/DdAev2pWJMw
Related
I made a perl script to change owner of a file owned by some other user. Script is complete. My administrator save that in /sbin directory and set uid for it using chmod u+s name_of_script. But when I run this script it gives me error that chown operation is not permitted. I made a C program and it works by following same steps. So my question is if setuid is working for perl then I should not get that error because C code did not give me any error. So can i setuid for perl script or I should go with c code.
Don't tell me to ask administrator to change owner each time. Actually in server I have user name staging and I am hosting a joomla site in it. Now when I install some plugin then files related to that plugin are owned by www-data. So that's why I do not want to go to admin each time. Or you can give me some other solution also regarding my problem.
Many unix systems (probably most modern ones) ignore the suid bit on interpreter scripts, as it opens up too many security holes.
However, if you are using perl < 5.12.0, you can run perl scripts with setuid set, and they will run as root. How it works is that when the normal perl interpreter runs, and detects that the file you are trying to execute has the setuid bit set, and it then executes a program called suidperl. Suidperl takes care of elevating the user's privileges, and starting up the perl interpreter in a super-secure mode. suidperl is itself running with setuid root.
One of the consequences of this is that taint mode is turned on automatically. Other additional checks are also performed. You will probably see messages like:
Insecure $ENV{PATH} while running setuid at ./foobar.pl line 3.
perlsec provides some good information about securing such scripts.
suidperl is often not installed by default. You may have to install it via a separate package. If it is not installed then you get this message:
Can't do setuid (cannot exec sperl)
Having said all of that - you would be much better off using sudo to execute actions with elevated privileges. It is much more secure as you can specify exactly what is allowed to be executed via the sudoers file.
As of perl 5.12.0, suidperl was dropped. As a result, if you want to run a perl script on perl >= 5.12.0 with setuid set, you would have to write your own C wrapper. Again I recommend sudo as a better alternative.
No, you cannot use setuid aka chmod +s on scripts. The script's interpreter would be the thing that would actually need to be setuid, but doing that is a really bad idea. REALLY bad.
If you absolutely must have something written in Perl as setuid, the typical thing to do would be to make a small C wrapper that is setuid and executes the Perl script after starting. This gives you the best of both worlds in having a small and limited setuid script but still have a scripting language available to do the work.
If you have a sudo configuration that allows it (as most desktop linux distributions do for normal users), you can start your perl script with this line:
#!/usr/bin/env -S -i MYVAR=foo sudo --preserve-env perl -w -T
Then in your script before you use system() or backticks explicitly set your $ENV{PATH} (to de-taint it):
$ENV{PATH} = '/usr/bin';
Other environment variable that your script explicitly mentions or that get implicitly used by perl itself will have to be similarly de-tainted (see man perlsec).
This will probably (again depending on your exact sudo configuration) get you to the point where you only have to type in your root password once (per terminal) to run the script.
To avoid having to type your password at all you can add a line like this to the bottom of /etc/sudoers:
myusername ALL=(ALL) NOPASSWD:ALL
Of course you'd want to be careful with this on a multi-user system.
The -S options to env splits the string into separate arguments (making it possible to use options and combinations of programs like sudo/perl with the shebang mechanism). You can use -vS instead to see what it's doing.
The -i option to env clears the environment entirely.
MYVAR=foo introduces an environment variable definition.
The --preserve-env option to sudo will preserve MYVAR and others.
sudo sets up a minimal environment for you when it finds e.g. PATH to be missing.
The -i option to env and --preserve-env option to sudo may both be omitted and you'll probably end up with a slightly more extensive list of variables from your original environment including some X-related ones (presumably the ones the sudo configuration considers safe). --preserve-env without -i will end up passing along your entire unsanitized environment.
The -w and -T options to perl are generally advisable for scripts running as root.
I am using a vpn service from certain server. I was given with a root account, and when I connect with a root account, the command line looks like below.
root#xa9g82:/etc/#
Then I used useradd to add an account called 'temp'
When I connected to the server with temp, then the command line only has a single character.
$
The user information is not shown, neither the path. Also, note that, in root's command line I can use tab to automatically complete the filename, however 'temp's command line inserts tab space, when I press tab. It is very inconvenient.
I am using Ubuntu 10.04. How can I resolve this issue?
I usually edit ~/.bashrc. Being root, you might want to change the system-wide preferences, at /etc/bash.bashrc. Personally, I changed some lines in ~/.bashrc to look like:-
# If this is an xterm set the title to user#host:dir
case "$TERM" in
xterm*|rxvt*)
## PS1="\[\e]0;${debian_chroot:+($debian_chroot)}\u#\h: \w\a\]$PS1" # default
PS1="\[\e]0;${debian_chroot:+($debian_chroot)}\h: \W\a\]$PS1" # How I like it
;;
*)
;;
esac
use prompt to set the prompt.... (man prompt...)
it depends on what shell you run each one has it's own tricks, but you can make it looks as you wish.
BASH
TCSH
It is likely that the default shell for root is set to /bin/sh, which does not provide many of the features that you may used to if you use a shell like bash. To check if this is the case, run the following command:
cat /etc/passwd | grep ^root
The last component of the line that this command outputs will be your shell (which, as stated previously, I'm guessing is /bin/sh). If this is not the shell you want (it probably isn't), then edit /etc/passwd (using nano or whatever editor you're most comfortable with) and change your shell to something more palatable, like /bin/bash. After doing this, you'll need to log out and then log back in.
I need to run a privilegied command on a gtk2-perl user program. I'm googling about how to use the default dialog for getting root privilegies on Gnome, but can find an answer.
The only approach I have is to ask the password and use in a command
"echo $passwod | sudo -S priv-command"
but it's a bit ugly. I'm looked for the old gtksudo and similar helper programs but seems that there aren't in Ubuntu 10.10
Any pointers?
Not gtksudo, but GKSu is the name. The same thing in KDE is called kdesu.
The dialog you are talking of is from PolicyKit.
I use an emacs daemon to preserve my emacs session even if I have to reboot the machine that I run my X server on or if I want to access the same session from a different machine. This works very well but when restoring a session I'd quite like to just run "emacsclient --create-frame --no-wait" to connect to the daemon without opening a new file. It won't let me get away without specifying a filename.
I've tried using --eval to execute a function rather than open a file but the window just goes away when the evaluation is complete.
(Emacs 23.1 via backports on Debian GNU/Linux 5.0.)
From the help provided by emacsclient, you have a few options. First, is the one mentioned already which is emacsclient -c. That will try to create a frame associated with the emacs daemon. The advantage to this is that if DISPLAY is not set, then it will open emacs in the terminal.
Which brings us to the next best option (especially if you are logging in remotely): emacsclient -t which forces emacs to open up in terminal mode even if DISPLAY is set.
Also keep in mind that you can set the display from the command-line as well. I use this often when logging in remotely from VNC. The full command would be emacsclient -d DISPLAY -c
emacsclient -c works for me.
emacsclient -n -e "(make-frame)"
The -n flag means that the emacsclient doesn't wait, and the emacs instance doesn't destroy the frame.
If you are using emacs from the command line, you might also want to consider emacsclient -t
When working on a linx CShell u get the option to press the up / down arrows to select the last command/s typed or the Command Buffer. This even works on Windows.
However this is not functional when working on Solaris, to which i recently switched. I am guessing that the shell is also a CShell.
Please tell me what key combination is required to have this feature on Solaris ?
The default shell in Solaris has command history, but you can also use Bash instead, it's more user friendly. Just type 'bash' (no quotes) at the command line. You can also edit /etc/passwd to make bash your default shell.
The "official" default shell for Solaris is actually sh, the original Bourne shell (see Chapter 10 of the Advanced User Guide for Solaris for more info). If you'd like to change it to csh or tcsh—and you're not root (it's generally considered bad practice to use anything but sh as root's default)—just issue passwd -e /path/to/shell_of_your_choice <loginname>. I'm guessing this would probably look like passwd -e /bin/csh <loginname>, but you'd probably want to make sure it exists, first.
It may be that it's the Korn shell in which case try <ESC>k.
bash at least will allow you to switch modes with "set -o vi" or "set -o emacs".
Maybe you can use the !! command, to repeat the previous one.
Use "echo $SHELL" to see what your login shell is. If it's ksh or bash, try "set -o emacs". If that works, you'll be able to use ^P to go back a command. ^R lets you search for a command, ^F and ^B to move around within the command.
If you can´t change your default shell, or you just want to try out one that works, you can kick off any other shell from your command line. I recommend you tcsh, which will have good command line editing and history using the arrow keys. Type /bin/tcsh at your prompt to try it out. You can use the earlier responses to change your default shell if you like tcsh. Make sure your have the following in your $HOME/.cshrc file:
set filec
set history=1000 # or some other large number
set autologout=0 # if you are logging in remotely under your account.
I hope this helps.
You enable history temporarily if you use BASH by typing
HISTSIZE=1000
which will enable up and down keys and store 1000 commands. After termal disconnetion all history will be gone.
This works on solaris 10.
For permanent solution add these lines to ~/.bashrc
HISTSIZE=1000
HISTFILESIZE=1000