Search This Blog

2015-10-20

using setuid bit properly

http://unix.stackexchange.com/questions/166817/using-the-setuid-bit-properly

... or simpler...

@ http://serverfault.com/questions/397969/how-can-i-use-setuid-on-a-shell-script-to-run-as-a-non-root-user

You can configure sudo to allow people to run a command as a specific no root user too e.g. in sudoers:

user1   (ALL) = (appuser) /path/to/yourapp

would allow the user user1 to run your app as appuser with:

sudo -u appuser /path/to/yourapp


Similarly:

%somegroup    (ALL) = (appuser) /path/to/yourapp

in sudoers would allow the users in the group somegroup to run you app as appuser with:

sudo -u appuser /path/to/yourapp

http://askubuntu.com/questions/39281/how-to-run-an-application-using-sudo-without-a-password

YOURNAME ALL = NOPASSWD: /path/to/yourapp


2015-10-19

deny / allow hosts

http://www.linuxquestions.org/questions/linux-newbie-8/how-to-configure-ssh-to-allow-or-deny-specify-host-ip-address-610246/

/etc/hosts.deny is checked before /etc/hosts.allow, so you can go

* hosts.deny
ALL : ALL

first, we block everything from everyone,

* hosts.allow
ALL : localhost
sshd: 192.168.0.22
proftpd: 192.168.0.22

which means only 192.168.0.22 on your local network
can access ssh or the proftp server on that machine.