Any idea about "security/sudo" ?

[anti]

Hello

I have installed "sudo", but i dont know how can i use it to give a user some root privileges.

 

[Nightweaver]

Just type visudo as root and read through the file. That should give you all the info you need for starters

 

[spoon]

ee /usr/local/etc/sudoers

look for:

# User privilege specification
root    ALL=(ALL) ALL

below root line add:

you	ALL=(ALL) ALL

Replace "you" with your username. You can find more info in man sudo, because i'm no expert...in anything.

 

[anti]

ee /usr/local/etc/sudoers

look for:

# User privilege specification
root    ALL=(ALL) ALL

below root line add:

you	ALL=(ALL) ALL

Replace "you" with your username. You can find more info in man sudo, because i'm no expert...in anything.

I have added : www ALL=(ALL) ALL

and I wrote php page with this code

<?php
system("reboot");
?>

But still no effect of this function!!
any idea?

 

[anti]

Just type visudo as root and read through the file. That should give you all the info you need for starters

I'll try

 

[tkjacobsen]

Well, I answered you in the other post! http://forums.freebsd.org/showthread.php?t=11510

* Type visudo
* Add a line:

www    localhost = NOPASSWD: /sbin/reboot

* execute the command as

sudo /sbin/reboot

which means you have to type the following in your php:

system("sudo /sbin/reboot");

EDIT:
Using

www        ALL=(ALL) NOPASSWD: ALL

would also work, but it's the worst idea in the world to allow the www user to execute with root privileges and no password. At least the line above will only allow for reboot.


Best regards

 

[anti]

Hello tkjacobsen, a lot of thanks for your support but the problem still exist. This msg appears when i excute my php code.

www : user NOT authorized on host ; TTY= unknown ; PWD=/usr/local/www/apache22/data; USER=root ; COMMAND=/sbin/reboot

 

[sixtydoses]

www    localhost = NOPASSWD: /sbin/reboot

Substitute localhost with your hostname or 'ALL'.

 

[sniper007]

can i edit

/usr/local/etc/sudoers

with emacs ?

 

[DutchDaemon]

tried

export EDITOR=emacs ; visudo

or similar?

 

[sniper007]

Cool

I didn't know that visudo use $EDITOR environment

thanks

 

[phoenix]

When in doubt, always check the visudo(8) man page.

       There is a hard-coded list of editors that visudo will use set at
       compile-time that may be overridden via the editor sudoers Default
       variable.  This list defaults to the path to vi(1) on your system, as
       determined by the configure script.  Normally, visudo does not honor
       the VISUAL or EDITOR environment variables unless they contain an
       editor in the aforementioned editors list.  However, if visudo is
       configured with the --with-enveditor option or the env_editor Default
       variable is set in sudoers, visudo will use any the editor defines by
       VISUAL or EDITOR.  Note that this can be a security hole since it
       allows the user to execute any program they wish simply by setting
       VISUAL or EDITOR.