Friday, June 12, 2009
Thursday, June 11, 2009
SUDO Setup Procedures and Run any root commands through Browser with htpass authentication
Hi all,
Please follow the procedures to setup sudo script to execute any command over browser or http protocol.
1) Login as root user
2) Execute in command prompt visudo
3) It will open a config file. In that we need to add the following lines
Cmnd_Alias RUNALL = /home/murugesan/run.sh
murugesan ALL= NOPASSWD:RUNALL
4) Now login as "murugesan" user
5) create a script in the path "/home/murugesan/run.sh" with following contents
#!/bin/bash
$1
6) Execute in command prompt sudo /home/admin/run.sh "/sbin/fdisk -l"
It may ask password. Give root password. second time it should not ask password.
7) After successful execution of any root command without password
8) Now login as root user
9) Open /etc/httpd/conf/httpd.conf file
10) Modify following lines
User apache => User murugesan
Group apache => Group murugesan
11) execute service httpd restart
12) Now create "/var/www/cgi-bin/run.cgi" file with following contents
#!/usr/bin/perl
use CGI;
my $cgi = new CGI;
print $cgi->header();
my $cmd=$cgi->param('cmd');
print "
13)Open your browser and paste it
http:///cgi-bin/run.cgi?cmd=/sbin/ifconfig
Please follow the procedures to setup sudo script to execute any command over browser or http protocol.
1) Login as root user
2) Execute in command prompt visudo
3) It will open a config file. In that we need to add the following lines
Cmnd_Alias RUNALL = /home/murugesan/run.sh
murugesan ALL= NOPASSWD:RUNALL
4) Now login as "murugesan" user
5) create a script in the path "/home/murugesan/run.sh" with following contents
#!/bin/bash
$1
6) Execute in command prompt sudo /home/admin/run.sh "/sbin/fdisk -l"
It may ask password. Give root password. second time it should not ask password.
7) After successful execution of any root command without password
8) Now login as root user
9) Open /etc/httpd/conf/httpd.conf file
10) Modify following lines
User apache => User murugesan
Group apache => Group murugesan
11) execute service httpd restart
12) Now create "/var/www/cgi-bin/run.cgi" file with following contents
#!/usr/bin/perl
use CGI;
my $cgi = new CGI;
print $cgi->header();
my $cmd=$cgi->param('cmd');
print "
";
print `/home/admin/run.sh \"$cmd\"`;
print "
13)Open your browser and paste it
http://
14)Modifying parameter cmd=/sbin/ifconfig you can exeute any root command.
15) Now you have to enable htpass access permission using apache configuration file otherwise this will become security issue.
15) Now you have to enable htpass access permission using apache configuration file otherwise this will become security issue.
Subscribe to:
Comments (Atom)