How to give a user superuser rights

[HANNES1985]

Hi

I'm using windows xp sp2 and WinSCP to browse files on the ebox system, every time I need to change something (like uploading web pages)I need to use putty !

Ive tried to set permissions to my WinSCP but it doesn't change a thing

when I log into ebox using putty and use the sudo command ebox asks me for the password again and this is what I'm stuck with by using the same password as i use to log in I can change stuff!

Is there a way to give the user I'm currently using superuser rights

[muppetgeoff]

Hi,

http://winscp.net/eng/docs/faq_su

Kind regards,

Geoff

[wise_crypt]

Hi

I'm using windows xp sp2 and WinSCP to browse files on the ebox system, every time I need to change something (like uploading web pages)I need to use putty !

Ive tried to set permissions to my WinSCP but it doesn't change a thing

when I log into ebox using putty and use the sudo command ebox asks me for the password again and this is what I'm stuck with by using the same password as i use to log in I can change stuff!

Is there a way to give the user I'm currently using superuser rights

just 'sudo -i' you will get # cheers

[HANNES1985]

just 'sudo -i' you will get # cheers

Works in putty but does not work in WinCSP What I was looking for is a way to add just 'sudo -i' and your password to the command terminal in WinCSP?

[dlbm]

Hi Hannes,

If you're problem is as you stated: "when I log into ebox using putty and use the sudo command ebox asks me for the password again and this is what I'm stuck with by using the same password as i use to log in I can change stuff!"

Perhaps you could try editing the sudoers file "vim /etc/sudoers" and adding the NOPASSWD option to you'r user (add it if its not in there), so it wont ask you for a password anymore, only to log in via ssh of course.. (No comments about security, its all up to you.. oh and you need ROOT permission to edit this file)

Info about the howto edit the sudoers file:

https://help.ubuntu.com/community/Sudoers

Hope this helps,
DLBM

[HANNES1985]

Thank you I will try this and see if it allows me to transfer files using WinCSP

as for security I can always deny external connections to my server using ssh and tftp that way no one except for my internal networks can access my server even there I can change the firewall so only my ip can use ssh because my pc is always on no one will be able to enter so thank you very much its highly appreciated

[cheesyking]

You should probably consider reading up on unix file permissions so you don't have to keep sudoing.

EG, for website files you could change their group ownership and permissions so your normal user account could read and write to them without the need to sudo at all while still leaving the webserver user able to read and (where appropriate) write to them too.

Depending on how complex you need to make things you can also install Access Control Lists (which is actually quite simple)

EDIT:
For security reasons you wouldn't want to do this sort of thing for program and settings files that relate to ebox itself or any of the software that ebox relies on but this is what you should be doing for data files like website pages etc

[HANNES1985]

You see now I am actually getting the reply I wanted Thank you a lot didn't even think about doing that

[cheesyking]

NP man!

You might want to look at the sgid bit on directories (lots of good pages are found by google) This allows you to specify that all files created in a directory inherit the group of that directory.

The tricky bit is getting new files created by one user writeable for another. (though this probably isn't needed for a website since most sites either don't require write access at all or only require it on a couple of directories that you can set once and forget about)

EG
You have a page that uploads pictures into /images. Any photos uploaded through the page will only be writeable by the webserver so you wouldn't be able to scp in and delete them. Also if you scped a new photo into /images then the webserver wouldn't be able to delete it.

This is where you need ACLs and of course google can find plenty of pages on setting up ubuntu with ACLs 

You might also consider creating a user specifically for this task. Have a look at RSSH, it allows you to create users who can only login through ssh and perform a few specific tasks (scp, sftp, cvs, svn, rsync or rdist) that you can choose any or all of.

[HANNES1985]

Okay regarding this matter:

Ive been playing around in my windows server (xp pc with WAMP installed and redirection using the php.ini is easy so Can i direct my Apache server to a local user in ebox and the Apache httpd.conf?   

[cheesyking]

Can i direct my Apache server to a local user in ebox and the Apache httpd.conf?   

I'm sure you could (though technically you'd want to edit ebox's template file in /lib/share/ebox/stubs/ IIRC) BUT I don't think I'd want to mess around with apache like that, I'm pretty sure it would break loads of stuff and be a security nightmare. (there are some very good reasons why webservers don't get normal shell accounts!)

If we're specifically talking about files for a website then this is what I'd do:

• chown -R myuser /web/root
• chgrp -R webservergroup /web/root
• chmod -R 755 /web/root
• chmod g+s /web/root

this changes all files to be owned by you
changes the group of all files to give the webserver access
makes sure you have read/write access to all files while giving apache read only access
sets the group sticky bit on the site directory so new files you add have you as the owner but apache's group

If there are any specific folders you need to allow apache to write in chmod -R 775 them (use -R in case there are already some files in them). Any new files created by the webserver will be read only to you.

If that is a problem then ignore all this and install ACLs (apt-get install acl); append the acl option to your data partition on the server; reboot and start setting them up.

The two main commands are getfacl and setfacl.