I am trying to write a tiny script to change permissions for a specific folder for the logged in users on macbooks. None of these users have admin rights so I have to do run it remotely as root through our MDM.
I am not sure I am getting the syntax right. Can someone help me with this?
#!/bin/sh
# Get current logged in user
TargetUser=$(echo "show State:/Users/ConsoleUser" | \
scutil | awk '/Name :/ && ! /loginwindow/ { print $3 }')
# Update permissions for target user
chown -R "${TargetUser}" /usr/local/bin
chmod g+w /usr/local/bin
Related
I am attempting questions from a textbook to brush up on my linux skills.
The question is :
Using /etc/passwd, extract the user and home directory fields for all users on your Kali
machine for which the shell is set to /bin/false. Make sure you use a Bash one-liner to print
the output to the screen. The output should look similar to Listing 53 below:
kali#kali:~$ YOUR COMMAND HERE...
The user mysql home directory is /nonexistent
The user Debian-snmp home directory is /var/lib/snmp
The user speech-dispatcher home directory is /var/run/speech-dispatcher
The user Debian-gdm home directory is /var/lib/gdm3
Listing 53 - Home directories for users with /bin/false shells
This is my current progress:
┌──(root💀kali)-[/home/kali]
└─# cat /etc/passwd | cut -f 1 -d ":" | grep -v '/bin/false' | awk '{print "The user " $0;}'
Output:
The user root
The user daemon
The user games
The user mail
I can't find a way to pipe/chain commands such that i can add "home directory" at the back to format my output. Can anyone help?
You're discarding all the other fields of the file when you do cut -f 1 -d :.
There's no need to use cut, you can tell awk to use : as the field delimiter with the -F option.
You also don't need grep, since awk can do pattern matching. You also have that check backwards -- you're removing /bin/false instead of matching it.
awk -F: '$NF == "/bin/false" { printf("The user %s home directory is %s\n", $1, $6)}' /etc/passwd
Sample output:
The user bin home directory is /bin
The user daemon home directory is /sbin
The user adm home directory is /var/adm
The user lp home directory is /var/spool/lpd
The user news home directory is /var/spool/news
The user uucp home directory is /var/spool/uucp
The user portage home directory is /var/lib/portage/home
The user nobody home directory is /var/empty
The user systemd-journal-remote home directory is /dev/null
The user systemd-coredump home directory is /dev/null
The user systemd-network home directory is /dev/null
The user systemd-resolve home directory is /dev/null
The user systemd-timesync home directory is /dev/null
The user messagebus home directory is /dev/null
The user sshd home directory is /var/empty
The user polkitd home directory is /var/lib/polkit-1
The user u_app1 home directory is /srv/app/app1
The user nagios home directory is /dev/null
The user icinga home directory is /var/lib/icinga2
The user systemd-oom home directory is /dev/null
I have a minor complex command using a pipe
python3 wlan.py -p taken | awk '{$10 = sprintf( "%.1f", $10 / 60); print $4 $6 $8 $10 ",min"}' | awk '{gsub(/,/," ");print}' >> /tmp/missed.log
and I get a permission error if this command is executed from a program but not from the command line (sudo). So, obviously there is an issue with the rights of the program. I have set the rights of python and awk to 777 to no avail. But the main question is: What are the rights of the >> command and how can I change them?
the error message is "writing missed.log - permission denied".
File access in a Unix-like environment is tied to who you are, not what programs you run.* When you run sudo python3 ..., you are changing who you are to a more privileged user for the duration of the python3 command. Once Python stops running, you are back to your normal self. Imagine that sudo is Clark Kent taking off his glasses and putting on his cape. Once the badguys have been defeated, Superman goes back to an ordinary Joe.
Your error message indicates your normal user account does not have the necessary permissions to access / and /tmp, and to write /tmp/missed.log. The permissions on wlan.py and /usr/bin/python3 aren't the issue here. I can think of four options (best to worst):
Put the output file somewhere other than in /tmp. You should always be able to write your home directory, so you should be able to run without sudo, with > ~/missed.log instead of > /tmp/missed.log.
When you run your pipeline "from a program," as you said, just include the sudo as if you were running it from the command line. That way you get consistent results.
Add yourself to the group owning /tmp. Do stat -c '%G' /tmp. That will tell you which group owns /tmp. Then, if that group is not root, do usermod -a -G <that group name> <your username>.
Change the permissions on /tmp. This is the bludgeon: possible, but not recommended. sudo rm -f /tmp/missed.log and sudo chmod o+rwx /tmp should make it work, but may open other vulnerabilities you don't want.
* Ignoring setuid, which doesn't seem to be the case here.
I execute the script below as root within MAC OS X terminal. The piped command runs successfully, but the script fails at the chown command with the following error:
chown: Domain Users: illegal group name
Why?
See script below:
#!/bin/bash
echo Enter username
read Name
echo Enter number
read NUM
sudo -s "(cd /Users/$NAME && tar c .) | (cd /Users/$NUM && tar xf -)"
sudo chown -R $NUM:"Domain Users" /Users/$NUM
sudo chmod g+rwx /Users/$NUM
"Domain Users" is an Active Directory group, hence one must be connected to the domain in order to CHOWN against a specified user within this group and take ownership of the resources specified. I was working remotely this day and was not connected via our VPN, hence not connected to our domain and thus unable to CHOWN against this Active Directory group "Domain Users".
Your reading the variables wrong:
should look like this:
...
read NAME
....
read NUM
I'm trying to do p4 sync -f on an ubuntu Vagrant box, but that just gives me a stream of "open for write: [filename]: Permission denied". If I do sudo p4 sync -f, I immediately get the error "User root doesn't exist." How should I go about debugging this? This problem does not exist when I use sudo with other commands.
Do:
sudo p4 -u YOURUSERNAME sync -f
so that the Perforce command is executing under your Perforce user name rather than "root".
Alternatively:
set P4USER in your environment explicitly
chown/chmod the files so you can write to them without sudo
create (and give permission to) a Perforce user named "root"
i installed joomla2.5 and see this error in all administrator pages even login page!
JFolder::create: Could not create directory
i did every solution i found like changing the tmp and logs path to '/logs' or './logs/' but not worked.
folders permission is 755.
any one can help me ?
The 755 permission gives the group/others the read and execute permissions in the directory.
This means, that non-group members cannot create new directories.
Make sure that the owner of the directory is the user that the server is running as.
To figure out which user that is, you can use:
$ echo $(ps axho user,comm|grep -E "httpd|apache"|uniq|grep -v "root"|awk 'END {if ($1) print $1}')
And if does not provide the desired result, simply explore the output of:
$ ps aux | grep -E "httpd|apache" | grep -v -E "root|grep"
You can find which group it belongs to by using:
$ groups [userName]
Next, change the owner of the joomla folder. I am using www-data as an example:
# chown -R www-data:www-data path/to/your/joomla/root/dir
PS,
lines preceded by $ can be executed by a normal user, lines preceded by # require root privilege - you can use sudo or your favorite method.
Change the below variable to in your configuration file(configuration.php) as shown.
public $log_path = '/logs';
public $tmp_path = '/tmp';
Also make sure that these folder has the folder permission 755.
Read more
JFolder::create: Could not create directory - Joomla