Mac sudo authorization help
-
@Volker: are you sure? I exchange continuously files between mac and ubuntu and windows 7 too but the conversions is automatic. It is possible the the folder example that I have suggested can't be applied to the Mac folder structure. I have no idea where apache started is located in the Mac. But I think that Ketan should know.
If the error is what you mean (I suspect too because of this ^M ...) it is strange that happens. Why ?
-
@alicemirror
It heavily depends on the editor and it's settings. The rest is guessing from the crystal ball. You're right, my guess comes from the ^M - I stumbled over that myself already. -
@volker
Me too, that character worried me too. But I use Mac dayly and just when I open a windows file that for sure has a different coding for the line termination the message that I receive is a fast msgBox "converting to line termination characters" etc. then it disappear. So think we can exclude that the problem is it. I know that the Linux of Mac is different from the Linux of debian in the management of /etc/launcher shell commands. Not only, there are different apache versions. My example was regarding the apache 2 on pure debian machine (always used on servers, not on desktop machines) ... -
Thanks Alicemirror and Volker, finally the script executed successfully. As Volker told to change the file to Unix line endings. I did that by removing /r from the file and after that the script executed.
Thanks a lot once again.
-
Well, the important is that this was the correct way.
-
Just a question [O.T.] what method have used to launch the call from inside Qt ? Please can you see few lines of code?
Thank you
-
Sorry, can you please elaborate what you are exactly asking.
-
You have created the shell command that is called in some conditions from inside your QT GUI, as I have understood correctly. Thus what is the code that you have used to launch the shell program from inside the application ?
This was my question.
-
Your script worked, but I didnt used it completely in my Qt app.I had used the following code from your script which was very helpful,
@echo $PASSWORD | sudo -S /Application/apps/apache/bin/httpd@
Actually what I have done is I have build a dialog that will ask the current user for its password and I have stored that password in a variable. After that I have verified it by using the following code,
@QProcess *p = new QProcess;
p->start("bash", QStringList()<<"-c"<<"echo $PASSWORD | sudo -S ls /var/db/shadow/ ; echo $?");
p->waitForStarted(1000);
p->waitForFinished(1000);
QString readcode = p->readAll();@if the command is executed successfully it will return 0 or else it will return 1.
So if the password is correct than I have stored it in the PASSWORD variable and after that have started apache with that password.According to you would it be the right procedure to verify the sudo password?
-
Yes, it is correct.
Just an advice: in this way you wait for a while the process to finish. Maybe best to manage it as a signal. As a matter of fact the shell call is a secondary process launch. With an event-driven it is sure that you return from the task when the process is finished. Then setup a timer too that after a reasonable period (i.e. 30 seconds) stop the process anyway because something was wrong. This is a general consideration, not for a case so simple.
Add too a Busy indicator so the user see that is waiting for the command sequence compleiton. -
Thanks for your advice, will surely work on it.
-
@Ketan: please set this thread to [Solved}. Thanks.
-
@Alicemirror: Sorry, but how can I set this thread to solved.
-
:)
it;s simple: go to the first post (it's your) and click edit.
Correct the title writing [Solved] in front.Cheers
-
Just as a side note, being OSX based on Unix, a getent call could retrieve the hashed password and other user information to check in the Qt application. Of course this means that the application is able to re-cypher the plain password so to perform the check. And this will not give any privilege to the application itself.
However, a possible solution to avoid similar situations is to configure the sudo application to not request a password for a specific user, and set the suid of the qt application to such user. Never tried, but should work.
However, the best solution is to let the system ask for the user password! -
Yes I know this. But as you can read in the specifications of the OS documentation (sudo command etc) the general problem of passing the sudo password in a visible way (i.e. saving it in a text file or leaving all the users with the higher privileges) may have a terrible impact on the entire machine...
-
Well, in any environment having a plain text password saved somewhere is a call for troubles.
I was not saying to use a plain password, but just to cypher the password via md5 or the os alghoritm and check the result against the getent result to see if it is correct. The password could be asked interactively to the user. Again, this has nothing to do with gaining privileges.
Configuring sudo to not require a password is another problem, but could be useful if the user has no machine login. I used it in daemon-like applications, that must be of course well trusted and must run with a nologin user, so to avoid (or delay) a privilege escalation. Of course, it depends on how much you trust your application to make it run suid.... -
Ahha ok, this maybe a way. I agree, my post was only an add-on to your previous comment. It will be interesting to require or not the passwor following the directions of the user: if user has setup his machine for auto-login then it should else not.
Consider alsothat this applicaiton launch a system command and it is normal that it wil be done asking for a password. Like when you launch other commands that involve root privileges to be exectued. With sudo, the effect is that the user is only asked for his password but the reality is that you access root-privilege commands. -
[quote author="Alicemirror" date="1316166789"]Yep
It is clear nowFirst ifnore cocasudo. To start apache I think that you should do something like the following:
@
$cd /etc/apache2
$sudo
insert password:
$./apache2
@
At this point you should know that sudo has more options and try to create a small shell script like the following naming it apachestarter.sh
@
#!/bin/bash
NUMPARMS=1 # Minimum required parametersget the current user userId
ACTUALUSER=$(whoami)
check for parms
if [ $# -lt "$NUMPARMS" ]
then
echo
echo "Apache starter"
echo
echo "usage: ./apachestarter.sh <password for user $ACTUALUSER>"
echo "password omitted, so insert manually"
read PASSWORD
else
# read password argument
PASSWORD=$1
fiThe following command will run apache with the sudo password without asking nothing
echo $PASSWORD | sudo -S /etc/apache2/apache2
@
Then save this file in the user home folder or somewhere in the user area. Then remember to change the privileges of this command to be executable, i.e.
@
$sudo chmod +x apachestarter.sh
@
[Edit: the previous line has been changed as it is now for a correct and secure operation. See the following posts to understand the reasons]
At this point you can launch your command (that will be part of the package, installed in the installation folder etc.) directly from inside your GUI calling him with the password set by the user.[/quote]
Hi,
how can I start apache if the sudo has no password(no password is set for user) ?
