Mac sudo authorization help
-
Corrected the post with the example and added a short not. So the problem is solved :)
-
After running the script that you provided I got an error.
"-bash: ./apachestarter.sh: /bin/bash^M: bad interpreter : No such file or directory".
What is the solution for this?
-
@Volker: are you sure? I exchange continuously files between mac and ubuntu and windows 7 too but the conversions is automatic. It is possible the the folder example that I have suggested can't be applied to the Mac folder structure. I have no idea where apache started is located in the Mac. But I think that Ketan should know.
If the error is what you mean (I suspect too because of this ^M ...) it is strange that happens. Why ?
-
@alicemirror
It heavily depends on the editor and it's settings. The rest is guessing from the crystal ball. You're right, my guess comes from the ^M - I stumbled over that myself already. -
@volker
Me too, that character worried me too. But I use Mac dayly and just when I open a windows file that for sure has a different coding for the line termination the message that I receive is a fast msgBox "converting to line termination characters" etc. then it disappear. So think we can exclude that the problem is it. I know that the Linux of Mac is different from the Linux of debian in the management of /etc/launcher shell commands. Not only, there are different apache versions. My example was regarding the apache 2 on pure debian machine (always used on servers, not on desktop machines) ... -
Thanks Alicemirror and Volker, finally the script executed successfully. As Volker told to change the file to Unix line endings. I did that by removing /r from the file and after that the script executed.
Thanks a lot once again.
-
Well, the important is that this was the correct way.
-
Just a question [O.T.] what method have used to launch the call from inside Qt ? Please can you see few lines of code?
Thank you
-
Sorry, can you please elaborate what you are exactly asking.
-
You have created the shell command that is called in some conditions from inside your QT GUI, as I have understood correctly. Thus what is the code that you have used to launch the shell program from inside the application ?
This was my question.
-
Your script worked, but I didnt used it completely in my Qt app.I had used the following code from your script which was very helpful,
@echo $PASSWORD | sudo -S /Application/apps/apache/bin/httpd@
Actually what I have done is I have build a dialog that will ask the current user for its password and I have stored that password in a variable. After that I have verified it by using the following code,
@QProcess *p = new QProcess;
p->start("bash", QStringList()<<"-c"<<"echo $PASSWORD | sudo -S ls /var/db/shadow/ ; echo $?");
p->waitForStarted(1000);
p->waitForFinished(1000);
QString readcode = p->readAll();@if the command is executed successfully it will return 0 or else it will return 1.
So if the password is correct than I have stored it in the PASSWORD variable and after that have started apache with that password.According to you would it be the right procedure to verify the sudo password?
-
Yes, it is correct.
Just an advice: in this way you wait for a while the process to finish. Maybe best to manage it as a signal. As a matter of fact the shell call is a secondary process launch. With an event-driven it is sure that you return from the task when the process is finished. Then setup a timer too that after a reasonable period (i.e. 30 seconds) stop the process anyway because something was wrong. This is a general consideration, not for a case so simple.
Add too a Busy indicator so the user see that is waiting for the command sequence compleiton. -
Thanks for your advice, will surely work on it.
-
@Ketan: please set this thread to [Solved}. Thanks.
-
@Alicemirror: Sorry, but how can I set this thread to solved.
-
:)
it;s simple: go to the first post (it's your) and click edit.
Correct the title writing [Solved] in front.Cheers
-
Just as a side note, being OSX based on Unix, a getent call could retrieve the hashed password and other user information to check in the Qt application. Of course this means that the application is able to re-cypher the plain password so to perform the check. And this will not give any privilege to the application itself.
However, a possible solution to avoid similar situations is to configure the sudo application to not request a password for a specific user, and set the suid of the qt application to such user. Never tried, but should work.
However, the best solution is to let the system ask for the user password! -
Yes I know this. But as you can read in the specifications of the OS documentation (sudo command etc) the general problem of passing the sudo password in a visible way (i.e. saving it in a text file or leaving all the users with the higher privileges) may have a terrible impact on the entire machine...
-
Well, in any environment having a plain text password saved somewhere is a call for troubles.
I was not saying to use a plain password, but just to cypher the password via md5 or the os alghoritm and check the result against the getent result to see if it is correct. The password could be asked interactively to the user. Again, this has nothing to do with gaining privileges.
Configuring sudo to not require a password is another problem, but could be useful if the user has no machine login. I used it in daemon-like applications, that must be of course well trusted and must run with a nologin user, so to avoid (or delay) a privilege escalation. Of course, it depends on how much you trust your application to make it run suid....
