When There is No Root User

  • You have a software rollout for <PRODUCT>, which must be installed as UID <PRODUCT>.
  • Sudo says you aren’t cleared to run any command as <PRODUCT UID> on the target host.
  • The admins are all out sick.
  • The developer is on vacation.
  • The target host is going live for <PRODUCT> in 30 minutes
    ready-or-not.

NO FEAR…

… if you have sudo chmod privileges and know something neat about SSH user keys.

  •  
    1. Create an SSH key on your local box if you don’t have one already.
    2. Connect to the target box, and cd to ~product.
    3. If ~product/.ssh exists, change permissions on it to allow you to read and write. Otherwise, create ~product/.ssh
    4. Now cd .ssh and chmod authorized_keys (YMMV) to o+w.
    5. Append your public key to the authorized_keys file.
    6. Restore permissions on authorized_keys
    7. Go up to ~product and restore permissions on .ssh
    8. From your local box: ssh  <PRODUCT>@target_host

    • If you reset permissions correctly, you have just connected directly as the target product ID.

    Admins: please remember this is why sudo su can be a bad thing. Want to find these people?

Advertisement
This entry was written by lmb, posted on 07172009 at 21:22, filed under ssh, unix and tagged , , , , . Bookmark the permalink. Follow any comments here with the RSS feed for this post. Post a comment or leave a trackback: Trackback URL.

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Cancel

Connecting to %s

Follow

Get every new post delivered to your Inbox.