Allow normal user to run "ip link set"

Similar Messages

• Allow normal user to start/stop Tomcat

  Hi,
  Recently I deployed a web app at client's pc running on WinXP SP2. However, I'm not allowed admin rights to that local machine. Is there a way to allow normal user ( like my case) to start/stop Apache Tomcat services without requesting my client to log in as admin to perform this simple task?
  Thanks.
  Z

  salafrance wrote:A simple way would be to write a small C program to run systemctl setuid root.
  So perhaps like this?
  #include <stdlib.h>
  #include <unistd.h>
  int main(void)
  execl("/usr/bin/systemctl", "systemctl", "start", "calibre", NULL);
  return(EXIT_SUCCESS);
  compiled it, then "chown root:root test", "chmod u+s test" and it worked.
  But is this safe? I have absolutely no knowledge about potential security issues...
  I also have thought about periodically restarting calibre, but on the Raspberry Pi, with it's slow ARM, the start takes ages and the processor is completely busy with that task for some minutes.
  And that's the reason why I also want to avoid starting an entire second systemd session... Or is this not that resource intensive?

• How can I allow normal user change their LDAP password?

  I use Solaris10 + Sun Directory server 5.2SP6 + Samba, how can allow normal user change the password themselves?
  Thanks.

  Depends on application you are using. I use ColdFusion and here is how I allow users to change their passwords
                      <cfldap action="Modify"
                           dn="uid=#form.UserLogin#,ou=your_ou,dc=example,dc=com"
                           attributes="userpassword=#FORM.newPassword#"
                           server="#servername#"
                           Port="#portnumber"
                           username="uid=#form.UserLogin#,ou=your_ou,dc=example,dc=com"
                           password="#form.userpassword#">

• Allowing "Reader Users" to Save MULTIPLE Unique Sets of Forms Data for One Form

  I own Acrobat Pro X. I use it to create many documents in my law practice. I need to deliver a contract form to a client that the client will use again and again and again... The client only owns Acrobat Reader. I need this to be like a "template" in Microsoft Word. The client needs to be able to fill-in the fillable fields on the document that I have created, then print and save it (e.g. as "Jones.pdf"), then fill it with new data and print and save it again (e.g. as "Smith.pdf"). This process may need to be repeated hundreds or thousands of times. Sometimes the client will need to reopen a document (data set) that was previously saved and printed and see it as it was last printed (so, to load "Jones.pdf" and see it as it was created). Sometimes the client will need to send a "filled" PDF to one of his customers, where the client's customer can print the document, but not change any of the fields (much less the body of the document, of course). So to sum up:
  * Attorney creates contract with fillable fields in Acrobat Pro X and sends to client;
  * Client uses PDF created by attorney to create, print and save an infinite number of unique 'data sets' for the document, any of which can be opened and printed at any time; and
  * Client sends locked-down, un-changeable PDF to Client's customer for customer to print, but not change.
  All of this needs to be able to happen without the Client ever buying Acrobat. Is this possible? I'm aware of File > Save As > Reader Extended PDF > Enable Additional Features, but I cannot figure out if this will work, since I don't use Reader on my pc.
  Surely this scenario is faced by document creators often. However, I tried and failed to find a set of search terms which would reveal discussion threads that were relevant to this query.

  I apologize for being unclear. I'll try to clarify the facts.
  1. I have written a custom subcontract agreement for one client. This is the only client that I will ever give this particularl document/subcontract. My client will *never* send the data or the document back to me. Once I turn over this document to my client, it is from my perspective, a one-time, one-way transaction.
  2. My client
  Will be the only person who will ever put data in the fields (using Acrobat Reader);
  Will create hundreds or thousands of unique subcontracts using the document that I have created, but the only difference between each will be the data that my client has put in the fields;
  Needs to be able save each unique set of data as a unique pdf (jones_1.pdf; smith_2.pdf; etc.);
  Needs to be able to email the completed document to his customer in a way that his customer cannot modify the document, but can view it, print it, sign the paper printout and snail-mail it back.
  3. My client's customer
  Should be able to view and print, but be unable to change anything in the document;
  Will not need to sign the document electronically (there will be no digital signatures)
  Users of Microsoft Word are familiar with the concempt of templates. When you create a new document based on a template, the content and formatting can be changed in each new iteration made from the template, but the original template is not changed. I could give my client the subcontract as a Word template, but his staff could easily or accidentally change important language that I don't want them to be able to change. For the client's own protection, I want the client only to be able to change data in the fields that I've designated. This sort of scheme is impossible using a Word document or template. I hope it's possible with a PDF.

• Allow a windows non-administrator user to run cmd.exe as administrator without sharing administrator password with the user

  I have standalone Windows 2003 and 2008 Oracle database servers (they are not in a Windows domain environment ). The Oracle DBAs can perform all their routine activities from command line with administrator privileges. For this i've to either share administrator
  user password with the Oracle DBAs or add their windows login user to Administrators group. If i can give the DBA user permission to run windows command prompt without sharing administrator password, i can give them non-administrator login access to Windows
  2003/2008 server. Normally when a non administrator user would try to run a program as administrator on Windows 2008, the user is prompted to input administrator username/password. Is it possible to give non-admin user access to run a program/application (cmd.exe
  in this case) on Windows 2003/2008 without sharing administrator credentials with them?

  With the OTORISER application I developed, normal users can run applications with admin privilege …  
  Otoriser is totally free ! Applications, mmc consoles, control panel cpl files can be run under admin and system context with Otoriser. Let’s say you donot want your users to be admin in their machines, but want them to run some applications with admin rights.
  If this is the case then you are on the right blog.
  There are two components for Otoriser. Management and client components. There are no complex implementation and no frustrating steps to be performed. Within 10 minutes you can start testing the results
  After you download the setup files, install client components in the client by running it directly (or any deployment method you have), it will take about 5 seconds to install it. Then, let’s say you want your user to change system properties of the machine.
  With the tool provided in Admin package produce the hash of system.cpl file and enter that hash into the group policy (details are provided in documentation). When policies are applied for that user then he or she can run that control panel applet under admin
  context but donot forget that the user is still an ordinary user.
  download link :
  http://burakuysaler.wordpress.com/2013/02/21/with-the-otoriser-application-that-i-developed-normal-users-can-run-applications-with-admin-priviledges

• Shutdown by normal user

  what permission should i give to a normal user to be able to shutdown?

  AFAIK, there's no group for shutdown and poweroff commands. Your best bet is to set up sudo to allow the user to run the command without a password.
  http://wiki.archlinux.org/index.php/Sudo
  Once you've done that you can shut down with sudo <command>.  You can then use an alias in your .bashrc to make shutdown point to the sudo command:
  alias poweroff='sudo poweroff'
  etc
  Dusty

• [Solved] nm-applet does not display in normal user's panel

  I installed Arch Linux yesterday. Today, I am trying to get some of the refinements working. I installed OpenBox as a standalone window manager. I got several things working exactly the way I wanted as root, such as networkmanager, nm-applet, and pypanel. When I startx as root, the nm-applet is properly displayed in the pypanel.
  Then I discovered that I could not run an X application as the normal user without first running "xhost +" as root. At this point, it dawned on me that I am not supposed to run startx as root, but as the normal user. Duh!
  So, I thought I set up everything the same way for the normal user. When I startx as the normal user, OpenBox runs, nm-applet runs, and pypanel runs, but pypanel does not display the nm-applet icon. I can now run my X application as the normal user, so that is good.
  My .config/openbox/autostart file is exactly the same for root and my normal user:
  (sleep 3 && pypanel) &
  (sleep 3 && /usr/bin/nm-applet --sm-disable) &
  nm-applet was started by this code, because ps -ef shows it running and owned by the normal user:
  [tim@(none) ~]$ ps -ef|grep nm-applet
  tim 2311 2306 0 15:27 tty1 00:00:00 /usr/bin/nm-applet --sm-disable
  tim 2332 2327 0 15:27 pts/0 00:00:00 grep nm-applet
  [tim@(none) ~]$ ps -ef|grep networkmanager
  root 497 476 0 14:14 ? 00:00:00 /sbin/dhcpcd -B -K -L -G -c /usr/lib/networkmanager/nm-dhcp-client.action eth0
  root 869 476 0 14:30 ? 00:00:00 /sbin/dhcpcd -B -K -L -G -c /usr/lib/networkmanager/nm-dhcp-client.action ra0
  tim 2345 2327 0 15:27 pts/0 00:00:00 grep networkmanager
  Why does pypanel display the nm-applet icon for root but not for the normal user?
  Tim (newbie to Arch but previously ran ArchBang for six months)
  Last edited by ratcheer (2012-05-02 22:34:30)

  I have now switched to tint2 from pypanel, anyway. It is much cleaner and easier to use. At least in my opinion.
  Tim
  Last edited by ratcheer (2012-05-03 02:31:59)

• IE report access to normal user (SCCM 2012 R2)

  Hello All
  Trying to wrap my head around allowing "normal user" to view/run reports via internet explorer http://servername/Reports
  I created a new group called SCCMReportViewers in AD and added one user to that group, then I went to SCCM 2012 and created a new security role by coping existing one called read-only analyst and called it reporting user. On that new role I changed all permissions
  to run reports and nothing else. Then I added that new AD group under Administrative Users on SCCM 2012 server with security role that I made in previous step (reporting user)
  When I try to access http://someserver/Reports I get logon window and after I log on as "normal user" I do not see any reports at all. I even added sccmreportviewers group permission directly on one of reports with permission to run reports and
  browse but that didn't get me any closer to solution. Mind you admin users on sccm 2012 can see all reports and run them with out problems.
  PS
  SQL2012 server is running on another server then sccm 2012 and reporting service is installed on SQL2012 server

  Hello All
  Trying to wrap my head around allowing "normal user" to view/run reports via internet explorer http://servername/Reports
  I created a new group called SCCMReportViewers in AD and added one user to that group, then I went to SCCM 2012 and created a new security role by coping existing one called read-only analyst and called it reporting user. On that new role
  I changed all permissions to run reports and nothing else. Then I added that new AD group under Administrative Users on SCCM 2012 server with security role that I made in previous step (reporting user)
  When I try to access http://someserver/Reports I get logon window and after I log on as "normal user" I do not see any reports at all.
  The SSRS reports will not be displayed within the list of available reports if the logged-on-user doesn't have the role/permissions within ConfigMgr to access the data needed to create the report. (well, that how it is for us, and that seems to be fairly
  logical to me)
  e.g. If the user doesn't have the role/permissions to the status messaging data, that user will not see any status message reports available to choose from. (after all, what value is there in allowing somebody to run a report that will never return any result
  rows...)
  Don
  (Please take a moment to "Vote as Helpful" and/or "Mark as Answer", where applicable.
  This helps the community, keeps the forums tidy, and recognises useful contributions. Thanks!)

• "ip link set wlp3s0 up" doesn't turn on wifi adapter

  So I'm installing Arch on a MacBook Pro 8,2, and I've managed to wrangle EFI into booting everything just fine for me, and I'm trying to get wifi working.
  I got the firmware and drivers installed for the Broadcom 43xx chip, and am loading the correct kernel modules.
  So if I run
  # ip link list
  I get the following output (trimmed to relevant entry for brevity):
  3: wlp3s0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc mq state DOWN mode DEFAULT qlen 1000
  link/ether b8:8d:12:2b:ee:76 brd ff:ff:ff:ff:ff:ff
  If I then run
  # ip link set wlp3s0 up
  and then ip link list again I get the following output:
  3: wlp3s0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc mq state DOWN mode DEFAULT qlen 1000
  link/ether b8:8d:12:2b:ee:76 brd ff:ff:ff:ff:ff:ff
  As you can see the wifi adapter isn't going up at all.
  The relevant output from dmesg appears to be:
  [ 150.794688] IPv6: ADDRCONF(NETDEV_UP): wlp3s0: link is not ready

  02:00.0 Ethernet controller [0200]: Broadcom Corporation NetXtreme BCM57765 Gigabit Ethernet PCIe [14e4:16b4] (rev 10)
  Subsystem: Broadcom Corporation NetXtreme BCM57765 Gigabit Ethernet PCIe [14e4:16b4]
  Flags: bus master, fast devsel, latency 0, IRQ 16
  Memory at a0400000 (64-bit, prefetchable) [size=64K]
  Memory at a0410000 (64-bit, prefetchable) [size=64K]
  Capabilities: [48] Power Management version 3
  Capabilities: [58] MSI: Enable- Count=1/8 Maskable- 64bit+
  Capabilities: [a0] MSI-X: Enable+ Count=6 Masked-
  Capabilities: [ac] Express Endpoint, MSI 00
  Capabilities: [100] Advanced Error Reporting
  Capabilities: [13c] Device Serial Number 00-00-3c-07-54-32-ac-6e
  Capabilities: [150] Power Budgeting <?>
  Capabilities: [160] Virtual Channel
  Kernel driver in use: tg3
  Kernel modules: tg3
  02:00.1 SD Host controller [0805]: Broadcom Corporation NetXtreme BCM57765 Memory Card Reader [14e4:16bc] (rev 10) (prog-if 01)
  Subsystem: Broadcom Corporation Device [14e4:0000]
  Flags: bus master, fast devsel, latency 0, IRQ 17
  Memory at a0420000 (64-bit, prefetchable) [size=64K]
  Capabilities: [48] Power Management version 3
  Capabilities: [58] MSI: Enable- Count=1/1 Maskable- 64bit+
  Capabilities: [ac] Express Endpoint, MSI 00
  Capabilities: [100] Advanced Error Reporting
  Capabilities: [150] Power Budgeting <?>
  Capabilities: [160] Virtual Channel
  Kernel driver in use: sdhci-pci
  Kernel modules: sdhci_pci
  03:00.0 Network controller [0280]: Broadcom Corporation BCM4331 802.11a/b/g/n [14e4:4331] (rev 02)
  Subsystem: Broadcom Corporation BCM4331 802.11a/b/g/n [14e4:4331]
  Flags: bus master, fast devsel, latency 0, IRQ 17
  Memory at a0600000 (64-bit, non-prefetchable) [size=16K]
  Capabilities: [40] Power Management version 3
  Capabilities: [58] Vendor Specific Information: Len=78 <?>
  Capabilities: [48] MSI: Enable- Count=1/1 Maskable- 64bit+
  Capabilities: [d0] Express Endpoint, MSI 00
  Capabilities: [100] Advanced Error Reporting
  Capabilities: [13c] Virtual Channel
  Capabilities: [160] Device Serial Number 00-00-00-ff-ff-00-00-00
  Capabilities: [16c] Power Budgeting <?>
  Kernel driver in use: bcma-pci-bridge
  Kernel modules: bcma

• How to allow normal/regular users to view a report

  I have been compiling reports in MS SQL 2012 Reporting Services.  the URLs is
  http://test_report:80/reports. I have no problem with viewing the reports because I am an admin but normal users are getting access denied.  this is how I assign permission to user.  Open Reporting Services
  Config Mnger --> Connect --> Click on Report Mnger URL --> click on
  http://test_report:80/reports --> Open a another folder called Reports.  In this "Reports" it has many reports.  --> Click on Folder Settings --> Click on Security --> Click on "New Role Assignment"  -->
  In "Group or user name" text box, I entered user network computer login name, such as: domain_name\bambi --> Ensure "Browser" is checked --> Ok.  I send this weblink to users but they cannot open it because of either access denied
  or not have permission. 
  http://myservername/Reports/Pages/Report.aspx?ItemPath=%2fCorp_Reports%2fReportOfTimeInLieu.  I am unsure why users cannot view my reports.  Please let me know if I had missed any step(s).  I use the Report Builders in Reporting Services
  Config Mnger to compile reports.  Regards,

  so this web link will lead me to Home page:
  http://myservername/Reports/Pages/Folder.aspx.
  at the home page I have folder called Reports: 
  http://myservername/Reports/Pages/Folder.aspx?ItemPath=%2fReports&ViewMode=List
  inside  Reports folder, I have multiple reports, ie: 
  http://myservername/Reports/Pages/Report.aspx?ItemPath=%2fReports%2fReportOfTimeInLieu,
  http://myservername/Reports/Pages/Report.aspx?ItemPath=%2fReports%2fReportOfVacationTime,
  http://myservername/Reports/Pages/Report.aspx?ItemPath=%2fReports%2fReportOfSickDays,
  http://myservername/Reports/Pages/Report.aspx?ItemPath=%2fReports%2fReportOfConferenceDays
  On Home page I click on Folder Settings --> Security --> New Role Assignment --> Group or User name: domainname\bambi --> Role = Browser
  On Home page I click on Site Settings --> Security --> New Role Assignment -> Group or User name: domainname\bambi --> Role = System User
  On Home page I open Reports folder --> Site Settings --> Security --> new Role Assignment --> Group or User name: domainname\bambi --> Role = System User
  Is this how I enable user bambi to 1) enable to open Reports folder and also browse for reports in Reports folder  2) enable user bambi to execute all reports in Reports folder.
  Problem:  user bambi was able to open Reports folder and see all reports saved in it; however, bambi gets a blank page upon selecting a report and open/run it.  bambi should see company logo and report name.  It was a blank white page.
  What did I do incorrectly?
  Thanks,

• How to set "Allow external users who accept sharing invitations and sign in as authenticated users" programmatically?

  Sharepoint 2013 online/office 365.
  I am creating site collection programmatically using sharepoint Auto hosted app.
  Now i want to set "Allow external users who accept sharing invitations and sign in as authenticated users" programmatically after site collection creation.
  Is it possible through code? If yes please let me know how to do it?
  Najitha Sidhik

  For SharePoint 2013 Online, check below links:
  http://office.microsoft.com/en-us/office365-sharepoint-online-small-business-help/manage-sharing-with-external-users-HA102849862.aspx
  http://office.microsoft.com/en-us/office365-sharepoint-online-enterprise-help/manage-external-sharing-for-your-sharepoint-online-environment-HA102849864.aspx
  https://www.nothingbutsharepoint.com/sites/eusp/Pages/SharePoint-Online-2013-Sharing-with-External-Users.aspx
  http://blogs.office.com/2013/11/21/sharepoint-online-improves-external-sharing/
  Please ensure that you mark a question as Answered once you receive a satisfactory response.

• How can IT departments set up basic users to run Captivate with Administrator privileges?

  As we all know, on WinVista and Win7 or later systems Adobe Captivate must be launched with Run As Administrator privileges in order to function correctly and not crash.  But the problem here is that in many corporate environments general users are not allowed to have Administrator access to their own work PCs.  This presents something of a dilemma for IT departments with Adobe Captivate users.
  Some time ago on this forum one of the Adobe technical staff chimed in on a thread about the Run As Administrator command and explained the technical steps required to set up a Group Policy in WinVista/Win7 that would allow a basic user to always launch Captivate with the necessary admin privileges even though they did NOT have Administrator access to any other app on their PC. 
  I have searched in vain to find that particular thread and post, so I've started this thread in the hope that someone at Adobe can again chime in to detail the necessary steps again.
  So is there anyone there that can help out?

  DOH! my bad.....I/we run WinXP at present and no UAC.
  However, all may not be lost, try some of these options as posted on teh MS Technet forums....An admin person may need t do this first to enable this for that user...
  Apologies for misundeerstand situation. ;-( hate it when that happens!
  Try these two options:
  Using Compatibility Mode
  NOTE: This will allow you to always have the program run as an administrator when you open it.
  1. Right click on the program shortcut or program .exe file, then click on Properties, and on the Compatibility tab. (See screenshots below)
  NOTE: If you are doing this while logged on as a standard user instead of an administrator, then you will need to also click on the Change settings for all users button and type in the administrator's password.
  http://www.sevenforums.com/attachments/tutorials/12832d1243933304-run-administrator-compat ibility_mode1.jpghttp://www.sevenforums.com/attachments/tutorials/12832d1243933304-run-administrator-compat ibility_mode1.jpghttp://www.sevenforums.com/attachments/tutorials/12832d1243933304-run-administrator-compat ibility_mode1.jpgUAC, then click on Yes to apply permission to allow the program to run with full permission as an administrator.
  2. To Always Run this Program as an Administrator
  A) Check the Run this program as an administrator box, and click on OK. (See screenshots above)
  3. To Not Always Run this Program as an Administrator
  A) Uncheck the Run this program as an administrator box, and click on OK. (See screenshots below step 1)
  4. Open the program.
  5. If prompted by
  NOTE: If you are doing this is while logged in as standard user instead of an administrator, then you will need to provide the administrator's password before the program will run as administrator.
  Using Advanced Properties
  NOTE: This will allow you to always have the program run as an administrator when you open it.
  1. Right click on the shortcut of the program, then click on Properties.
  2. Click on the Shortcut tab for a program shortcut, then cllick on the Advanced button. (See screenshot below)
  http://www.sevenforums.com/attachments/tutorials/12834d1243933304-run-administrator-advanc ed_properties1a.jpghttp://www.sevenforums.com/attachments/tutorials/12834d1243933304-run-administrator-advanc ed_properties1a.jpghttp://www.sevenforums.com/attachments/tutorials/12834d1243933304-run-administrator-advanc ed_properties1a.jpghttp://www.sevenforums.com/attachments/tutorials/12836d1243933304-run-administrator-advanc ed_properties2.jpghttp://www.sevenforums.com/attachments/tutorials/12836d1243933304-run-administrator-advanc ed_properties2.jpghttp://www.sevenforums.com/attachments/tutorials/12836d1243933304-run-administrator-advanc ed_properties2.jpgUAC, then click on Yes to apply permission to allow the program to run with full permission as an Administrator.
  3. To Always Run this Program as an Administrator
  A) Check the Run as administrator box, and click on OK. (See screenshot below)
  4. To Not Always Run this Program as an Administrator
  A) Uncheck the Run as administrator box, and click on OK. (See screenshot above)
  5. Click on OK. (See screenshot below step 2)
  6. Open the program.
  7. If prompted by
  NOTE: If you are doing this is while logged in as standard user instead of an administrator, then you will need to provide the administrator's password before the program will run as administrator

• How do you allow all normal users to use the IOSsimulator in Xcode without placing them in the _developer group?

  Ever since we've updated Xcode at my place of work normal users have been unable to run their applications in Xcodes iOS simulator because they're prompted with a "Developer Tools Access needs to take control of another process for debugging to continue. Type the name and password of a user in "Developer Tools" group to allow this". I work in an ever expanding office with over 200 employees so adding them all to the _developer group will just be far to time consuming. Is there a way to give normal users permissions to run the IOS simulator?
  Here is the message I would like for normal users to bypass.

  ....I don't see a way around it - either they're in a permissioned group with an applicable login or they're not, right?

• Running sbin commands as normal user

  Here's the problem: I would like to run rc.d to start/restart/stop daemons as a normal user.
  I ran into two possible workarounds:
  1. Sudoers file
  I've setup sudoers file to not ask for the password with:
  myuser ALL = NOPASSWD: /sbin/rc.d
  That of course still force me to write sudo before rc.d to start/restart/stop a daemon. Next step could be to create an alias like alias rc.d='sudo rc.d'.
  2. Permissions
  Another way would be to change the permissions of the command so It can be ran by "all" or a specific group.
  Maybe I'm just crazy, but all these workarounds look a bit "dirty" to me, so I was wondering if someone else knows a different approach to this issue :).

  SS4 wrote:
  pablox wrote:
  Btw, I just found that even when sudo -l shows me:
  User myuser may run the following commands on this host:
      (root) NOPASSWD: ALL
      (ALL) ALL
  It still asks for my password when I ran an app through sudo, any clue of what would be happening?
  That's just saying that you're allowed to use sudo, not that you can use it without a password.
  For example when I run sudo -l
  User me may run the following commands on this host:
  (ALL) ALL
  (ALL) ALL
  (root) NOPASSWD: /usr/bin/pacman, (root) /usr/bin/pacdiffviewer, (root) /usr/bin/make, (root) /sbin/shutdown, (root) /usr/sbin/hddtemp, (root) /usr/bin/pacman-color, (root) /usr/sbin/pm-suspend
  From my limited understanding (root) means that I become root user
  AFAIK our configurations are almost the same, except from the fact that I have configured it to supposedly not ask for the password for every command and in your case of the commands listed there.
  If you ran pacman with sudo, it asks your password?

• HT2688 Working on a single computer with multiple users, I have set things up to allow each user to view and listen to the others' music libraries under the "Shared Library" function.  Can you then connect an iPod touch and copy music from a shared librar

  Working on a single computer with multiple users, I have set things up to allow each user to view and listen to the others' music libraries under the "Shared Library" function.  Can you then connect an iPod touch and copy music from a shared library?

  Was your wife logged into the libray at the time you tried to log in? I have had a similar problem and it was because another user was logged into the library when I attempted to. I got the permission denied banner.