In my client and server model, only root and sudousers has permissions to talk each other. Firstly, server authenticate client user(users on server), if any user other than root or sudousers then "permission denied message" is given backup to the client. But when client login as sudouser then it fails to execute certain commands which needs root privileges. but in case of root it works fine.
So,
1) How to give sudouser privileges in c/c++ program if logged in user is
in sudousers list?
I tried to find out whether user is in sudousers list or not by command "sudo -v" and then if user is in sudouser I set the "userid" of the root rather than sudousers uid using "setuid()" system call. It worked but Does it is a right way to do the same?
Related
I have a few files that I cannot delete. In the security tab I can see that no one, including SYSTEM has modificaiton permissions (only read and execute). The file is owned by some service called SSAT. I looked deepter and it seemed that it was NT Service\SSAT. I tried using PSEXEC to impersonate the NT Service account but it gives me an error saying that the pipe broke. How can I go about deleting the file? Using takeown and Icacls is giving me access denied, even as NT Authority. Seems like the only way to actually modify the file is somehow login to the NT Service account. Please help !!
So I have PostgreSQL installed fine, and am trying to run the createdb 'test' command in the Terminal. I am on my normal user account. When trying to create the database, I am asked for a password twice, then I get the error message createdb: error: could not connect to database template1: FATAL: password authentication failed for user "sethmarks". Does this mean I entered the incorrect password or that I do not have permission to create databases under this user? I am getting confused and frustrated by this and would like to know what is going on. I am entering the password I use for the OS user I am currently logged into.
I am able to create a database when I do sudo su - postgres and then create it when I am doing it under the Postgres user, but that is not going to work with my program. Can anybody help me figure this out?
I included a picture of the terminal to show the process and what happens when attempting to create a new db. Thank you very much.
It depends on the privileges that have been granted to your user account and which privileges have been granted to PUBLIC.
You can query some privileges with psql \du meta command for the current user.
In your case you need at least to run as superuser:
grant connect on database template1 to sethmarks;
I don't exactly why password is requested twice: this is not caused by wrong password: I have the same behaviour but I need to give the database user password not the OS user password.
In my situation, I first need to connect to a UserA then su - UserB in order to have access my files. But when I'm trying to connect with the extension it didn't recognize the server version.
Host some_name
User userA
HostName xxx.xxx.xxx.xxx
RemoteCommand "su - userB"
RequestTTY yes
I got the following error message: unreachable or not Linux x86_64. (Cannot execute command-line and remote command.)
I'm also struggling to solve the same problem. I've tried a bunch of different stuff to try and auth as user b before vscode connects to userAs remote connection server, such as:
adding various additional parameters to my ssh config, authing as userB as above,
adding a similar su userB command to userA's bashrc file on the remote server,
same for bash_profile.
... all to no avail. In all cases, whatever I do, the vscode remote session will be instantiated under the under-privileged user a account, with the remote server launched in user a's user directory. If I auth through a standard terminal app, things work as expected and the su userB command triggers immediately after userA login. If I open a vscode terminal session in the same workspace (i.e. hit the plus sign in the same window as the ssh tunnelling session) and auth as userB, this also works but the session authed as userA persists unchanged.
I have a job which tries to access data from a remote server. I have created linked server which is connected successfully. When I try to access tables by directly running the query it works fine. But when I run same query via job it throws an error "login failed for user".
Job is assigned owner 'sa' and running with ssis proxy with sysadmin and public roles. In security tab of linked server properties I have no mappings and "be made using the login's current security context" selected.
I am not sure how should I correct it. If I should add mappings then what should be mapped? Please help me as I already spend whole day exploring possible options but couldn't find anything useful.
It does not matter who is the owner of package. Only the user under whom the packet is launched is important.
If this user is Windows (Windows domen) user, read this link.
If your user is sql-user, check it password and permissions on linked server.
If all from previous step are correct, try to add this user to mapping with checked Impersonate checkbox.
I create a service which is defined to Log On as Administrator.
This service performs system("net use Z: \... /user:user password") and completes successfully.
If I (as Administrator) run "net use" I see Z: indeed added, but with status - unavailable.
I tried adding ImpersonateLoggedOnUser to the service, but that didn't help.
OS: Win XP
What am I missing?
ImpersonateLoggedOnUser doesn't impersonate the logon session from the user token, just the security context. CreateProcessAsUser, however, should be able to create a new process in the logon session associated with the specified user token.
Note that calling LogonUser to get a user token for CreateProcessAsUser won't work, because this token won't be in the same logon session as the logged-on user. You have to find one of the user's processes and duplicate its token.
Logon sessions are not well documented, but all you really need to know that each time a user is authenticated a distinct logon session is created, and that each such logon session has a distinct set of network drive mappings. Logon sessions are not the same as terminal services sessions.
In Windows Vista and above, two logon sessions are created when an administrative user logs in, one associated with the restricted token and one associated with the elevated token.
You can look up the logon session associated with a token using the GetTokenInformation function with the TokenStatistics option. The logon session is identified by the AuthenticationId LUID.
To make this work, your service would need to first figure out when a user has logged in, wait for a process associated with the new session to start, make sure it's not an elevated process, then duplicate the access token.
Instead, your best option is going to be to split the application into two components. One component will run as the user (you would probably launch this automatically using the Run key) and be responsible for mapping the network drive. It can contact the service to obtain any information it needs, either via a named pipe or a registry key.
Windows logs on Administrator and uses the logon token to start the service. If you logon interactively Windows creates a logon token for you. The two tokens are not related to each other. Mapped devices are mapped for one session/logon token, therefore if the service maps a device you do not see it in your logon session.