PDA

View Full Version : Howto run a script as root



Hermanh
01-26-2003, 02:22 PM
I created a script as root to remove some symlinks and to copy some files instead of them.

The problem is that I am not able to run the script as root.
As user knoppix I am able to run the script, but do not have the rights to remove the symlinks.
I want to save the script on the harddisk, so it will be there all the time.
As soon as I save it on harddisk the ownership seems to change to knoppix:knoppix
I tried as root:

chown knoppix:knoppix filename
ownership did not change.
I tried as root:
chmod u+x filename
and
chmod +x filename
root could still not run the script, while knoppix can, but does not have enough rights.

What can I do about this?

Another question is: how do I get the answer on the question if knoppix should remove the symlink answered with yes without human interferance.

eadz
01-26-2003, 02:32 PM
sudo script

tuxtom
01-26-2003, 02:34 PM
I tried as root:

chown knoppix:knoppix filename
ownership did not change.
I think you should issue a

chown root:root filename
or try (as root):

# chmod 777 filename

tom

Hermanh
01-26-2003, 03:17 PM
Thanks for those answers. I tried them both.

When I do as root:

chmod 777 filename
I still can not run the script

When I do as root:

chown root:root filename

I get:

chown: changing ownership of 'filename': operation not permitted

Also
sudo filename does not work as root or as knoppix.

I've started knoppix with the cheatcode knoppix 2 to stay in textmode.
After the script has run the knoppix-box will function as ftp-server.

eadz
01-26-2003, 03:33 PM
maybe put
sudo su
at the top of the script
or put
sudo rm / sudo ln etc

what kind of script? and you are running ./script.sh ?
what happens with
sudo ./script.sh ?

Hermanh
01-26-2003, 03:37 PM
When I do as root:

cp /mnt/hda1/filename /etc/filename
the onwnership of the new file is root:root.
Still I can not run the script as root, not even when I do as root:

chmod u+x filename
or

chmod +x filename
or

chmod 777 filename
Which should work according to several Linux howto's.

I get a message:

bash: filename: command not found

The file exists
When I do:

ls -l filename
I get

-rwxrwxrwx 1 root root 549 jan 26 15:25 filename
('filename' is colored green)
Is user knoppix using another shell or something like that?

eadz
01-26-2003, 03:44 PM
you have to do


./filename

not just


filename

Hermanh
01-26-2003, 04:02 PM
thanks, the script is running.

./filename
did do it. I did not expect that because it runned as knoppix using just

filename


Another question is: how do I get the answer on the question if knoppix should remove the symlink answered with yes without human interferance.

Has one of you also the answer for the second part of my question?

eadz
01-26-2003, 04:04 PM
Another question is: how do I get the answer on the question if knoppix should remove the symlink answered with yes without human interferance.

you mean
rm -f ?

RockMumbles
01-26-2003, 04:04 PM
I'm going from memory, but I saw a post either on this forum or on the linuxtag knoppix forum about a user that could not run scripts. IIRC he had to:

/bin/bash script

rock

Flibble
01-26-2003, 11:55 PM
[quote="Hermanh"]thanks, the script is running.

./filename
did do it. I did not expect that because it runned as knoppix using just

filename

Knoppix user must have pwd in the PATH. Its a really bad idea to do this with root accounts though from a security perspective. I have managed to elevate privilege on a number of *nix boxes (whilst doing authorised pen tests I hasten to add) through this technique. Root has pwd in his path and /tmp is world writable. Stick a script called ls in there and then give him cause to go looking in tmp (fill up disk by stuffing directory full of crap). Poor sap follows standard sysadmin technique and navigates into the directory and runs ls [-alSr] which runs the dropped in script. This usually does something like echo a standard add user line into the /etc/password file and then run the real ls command.

Dave_Bechtel
01-27-2003, 10:48 AM
--Yep, that's pretty much the situation in a nutshell. :)

--BTW, "pwd" is the current working directory. If you issue:
' pwd ' in bash, it will tell you where you are. Same as:
' echo $PWD ' == Which is the environment variable.

--If you have "pwd" (actually :$PWD:) in your $PATH, it tells bash to look in your current directory for executable files... NOT something you want to do as Root, for the aforementioned reasons. Hard-core *nix purists don't have a $PATH *at all* in root; they issue ' /sbin/ifconfig ' and stuff like that so it ALWAYS gets executed from the right directory. (' man whereis ')


[quote=Hermanh]thanks, the script is running.

./filename
did do it. I did not expect that because it runned as knoppix using just

filename

Knoppix user must have pwd in the PATH. Its a really bad idea to do this with root accounts though from a security perspective. I have managed to elevate privilege on a number of *nix boxes (whilst doing authorised pen tests I hasten to add) through this technique. Root has pwd in his path and /tmp is world writable. Stick a script called ls in there and then give him cause to go looking in tmp (fill up disk by stuffing directory full of crap). Poor sap follows standard sysadmin technique and navigates into the directory and runs ls [-alSr] which runs the dropped in script. This usually does something like echo a standard add user line into the /etc/password file and then run the real ls command.

01-27-2003, 05:15 PM
Thanks for your reactions everybody.
:wink: I will not change the PATH.

:lol: I found out that my second question
How do I get the answer on the question if knoppix should remove the symlink answered with yes without human interferance. is solved also, because the script does not halt for an answer, while removing sym-links. I expected it would.

Dave_Bechtel
01-27-2003, 10:58 PM
--The reason ' rm ' usually halts, as root:



' alias rm ' == Answers:
alias rm='rm -i'


--See ' man rm ' for more details. Similarly, if you call the exec directly, such as ' /bin/ls ' or ' /bin/rm ' it will also override the alias. I think the reason the script does not wait for your response at the rm, is because the rm alias has not been defined yet at that point in the boot process.


Thanks for your reactions everybody.
:wink: I will not change the PATH.

:lol: I found out that my second question
How do I get the answer on the question if knoppix should remove the symlink answered with yes without human interferance. is solved also, because the script does not halt for an answer, while removing sym-links. I expected it would.

Hermanh
01-28-2003, 02:19 PM
Well I think it has notthing to do with that because I start the script manually after the boot-process is finished. But still it works fine for me.

I will look into the man rm, I did not do that yet.
(There are a lot man's (to much) I did not look into yet).

strogon42
01-30-2003, 03:05 PM
[quote="Hermanh"]Well I think it has notthing to do with that because I start the script manually after the boot-process is finished. But still it works fine for me.

The reason "rm" does not ask for confirmation is, that aliases have to be defined for every new instance of a shell you run. If you run your script, it gets run in its own subshell where the aliases are not defined. So "rm" is really "rm" not "rm -i"!

You can put the alias definitions in the shell rc file (~/.bahrc for bash) to enable them for every shell.

Hermanh
01-30-2003, 03:10 PM
Thanks for the answer I'll try that once just for fun.