Run shell script as root user (without sudo) using setuid

In the most Linux distributions, setuid doesn’t work on shell scripts because of the security issues associated with it.

But you can use the setuid on binary files and from there you can execute the shell script as root user. And the following steps will help you to do that.

1) Copy the following C program to a file named “runasroot.c” and this program simply runs a script which is passed as command-line argument.

#include <stdio.h>
#include <stdlib.h>

int main(int argc, char *argv[]) {                                              
  if (argc != 2) {                                                              
    printf("Usage: %s /path/to/script\n", argv[0]);                             
    printf("Note: '/path/to/script' can be either relative or absolute path.\nE\
xamples:\n%s ./build.sh \n%s /tmp/test.sh\n", argv[0], argv[0]);                
  } else {                                                                      
    printf("Running the script '%s' as root user...\n", argv[1]);               
    setuid(0);                                                                  
    system(argv[1]);                                                            
  }                                                                             
   return 0;                                                                    
}

2) Compile it.

gcc runasroot.c -o runasroot

3) Change the ownership of the compiled executable binary to root

sudo chown root:root runasroot

4) Change the permissions on the binary file with setuid flag

sudo chmod 4755 runasroot

5) Run the script using the executable binary file

./runasroot script.sh

Examples :

./runasroot ./build.sh 
./runasroot /tmp/test.sh

You can even copy this ‘runasroot’ executable file to your home bin directory (i.e., in ‘/home/user/bin‘) so that you can use it anywhere in your scripts. And you can use the ‘runasroot‘ command (without any password prompt) instead ofsudo‘ in your commands. If you want to pass parameters to the commands, you should use single/double quotes to surround it.

runasroot 'fdisk -l'

instead of

sudo fdisk -l

Warning: Make sure you don’t place this script in any common directory (like /usr/bin or /opt) in a multi-user environments.

How to fix the wireless network issues in Fedora?

Issue 1 : NetworkManager asks password each time (even password is saved) when you connect to enterprise wireless network.

Does you fedora (NetworkManager) asks the password each time even when you saved it? I’m also faced it with my ThinkPad Edge (Fedora 20) and found a workaround to fix it.

Continue reading “How to fix the wireless network issues in Fedora?”

[Nexus 7] AOSP ROM – Jelly Bean 4.2.2 with franco kernel

I built a AOSP ROM based on latest version of pure Android open source project (AOSP JB 4.2.2). And I replaced the default kernel with franco kernel (r47) which is known for its performance.

Warning : Built for Nexus 7 wifi only model (grouper).

Features: Pure Android Experience + Better performance with franco kernel + Stable

Refer franco.Kernel (r47) features : http://forum.xda-developers.com/show…63&postcount=1

Download Link :

AOSP 4.2.2 ROM : https://dl.dropbox.com/u/29388500/AO…ramsrib-v2.zip

GAPPS : http://goo.im/gapps/gapps-jb-20130301-signed.zip

Instructions :
* Backup first.
* Flash this AOSP 4.2.2 ROM.
* Flash Google apps. (It is not optional anymore!)
* Do ‘Wipe data/factory reset’ in recovery.
* Reboot & enjoy.

Every custom modification to devices have risks. Flash this at your own risk!

Screenshots :

About Android
Default Home Screen
Default Apps
Home Screen

 

 

 

 

 

 

 

For more details, checkout my actual thread at XDA developers :
http://forum.xda-developers.com/showpost.php?p=38739972&postcount=1

Optimize Fedora Booting Process

When I’m checking the performance of my fedora, I found that my fedora takes 36 seconds to boot completely which is double the value of expected (15s) boot-up time. I decided to optimize my fedora boot process to achieve the standard boot-up time.

* Install the ‘systemd-analyze’ package :
$ yum install systemd-analyze

* Check the total boot time :
$ systemd-analyze time | tee total-boot-time.log

Output should look like :
Startup finished in 3167ms (kernel) + 4318ms (initramfs) + 29511ms (userspace) = 36998ms

* Kernel took 3 secs
* RAM Disk took 4 secs
* Userspace programs took nearly 30 secs

We can optimize the userspace programs first.
Note : ‘tee’ command prints & copies the output to a file (for comparison purpose).

* Check the detailed boot time :
$ systemd-analyze blame | tee detailed-boot-time.log

Output should look like :
10583ms udev-settle.service
4762ms fedora-loadmodules.service
3857ms NetworkManager.service
3300ms avahi-daemon.service
2794ms systemd-binfmt.service
2571ms fedora-storage-init.service
1942ms media.mount
1922ms systemd-vconsole-setup.service
1911ms sys-kernel-debug.mount
1894ms dev-hugepages.mount
1863ms fedora-storage-init-late.service
1862ms dev-mqueue.mount
1657ms fedora-readonly.service
1643ms mdmonitor-takeover.service
1587ms udev-trigger.service
1580ms home.mount
1534ms udev.service
.....

To plot these output to a graph :

$ systemd-analyze plot > boot-graph.png

fedora-boot-up-time-graph-before-change
Fedora boot-up time graph

* Find the failed boot process & fix it :
$ systemctl --failed

Output should look like :
UNIT LOAD ACTIVE SUB JOB DESCRIPTION
systemd-tmpfiles-clean.service loaded failed failed Cleanup of Temporary Directories
systemd-tmpfiles-setup.service loaded failed failed Recreate Volatile Files and Directories
tcsd.service loaded failed failed LSB: Init script for TCSD
vmware.service loaded failed failed SYSV: This service starts and stops VMware services

To fix these failed services, check the status of each one which gives the reason for the failure.

For example :
$ systemctl status systemd-tmpfiles-clean.service
systemd-tmpfiles-clean.service - Cleanup of Temporary Directories
Loaded: loaded (/usr/lib/systemd/system/systemd-tmpfiles-clean.service; static)
Active: failed (Result: exit-code) since Mon, 22 Oct 2012 12:33:18 +0530; 57min ago
Docs: man:tmpfiles.d(5)
Main PID: 2745 (code=exited, status=1/FAILURE)
CGroup: name=systemd:/system/systemd-tmpfiles-clean.service

Oct 22 12:33:18 fedora systemd-tmpfiles[2745]: [/etc/tmpfiles.d/jetty.conf:1] Unknown user 'jetty'.
Oct 22 12:33:18 fedora systemd-tmpfiles[2745]: stat(/run/user/sriram/gvfs) failed: Permission denied

$ [[email protected] ~]$ sudo /usr/bin/systemd-tmpfiles --create --remove
[/etc/tmpfiles.d/jetty.conf:1] Unknown user 'jetty'.

Then, I reinstalled the jetty package which fixed ‘jetty’ user issue.

* Disable the unnecessary services (including non-native services) :

$ systemctl disable mdmonitor.service mdmonitor-takeover.service fcoe.service lldpad.service vmware.service iscsid.service iscsi.service tcsd.service livesys.service livesys-late.service lvm2-monitor.service spice-vdagentd.service

mdmonitor & mdmonitor-takeover – service for RAID devices
fcoe & lldpad – Fiber Channel Over Ethernet service
iscsi & iscsid – service for iSCSI devices
tcsd – Trusted Computing Service
livesys & livesys-late -service for live CD

Again I removed few more services
$ systemctl disable jetty.service sendmail.service ip6tables.service vmware-USBArbitrator.service

* Check the performance again by doing step 2 & 3. :

After these above steps, improved the performance in userspace by 6 secs.
>> Startup finished in 3164ms (kernel) + 4571ms (initramfs) + 22200ms (userspace) = 29937ms

But my expectation was, kernel : 3secs, initramfs : 3secs, userspace programs : 15 secs

If you are not using LVM, RAID or Multipath, then disable the udev-settle, fedora-storage-init, fedora-storage-init-late & fedora-wait-storage services.
$ systemctl mask fedora-wait-storage.service fedora-storage-init-late.service fedora-storage-init.service udev-settle.service
$ systemctl disable plymouth-start.service avahi-daemon.service

Remove abrt completely
$ yum remove abrt*

Advanced Optimization : Skipping RAM disk
Kernel can boot directly from an ext4 partition without initramfs.
Comment the initrd line and add these parameter ‘root=/dev/sda3 rootfstype=ext4’ to your kernel
linux /boot/vmlinuz-3.6.2-4.fc17.i686.PAE root=/dev/sda3 rootfstype=ext4 libahci.ignore_sss=1 raid=noautodetect ro rd.luks=0 rd.lvm=0 rd.md=0 rd.dm=0 KEYTABLE=us SYSFONT=latarcyrheb-sun16 LANG=en_US.UTF-8
#initrd /boot/initramfs-3.6.2-4.fc17.i686.PAE.img

>> Startup finished in 4389ms (kernel) + 22460ms (userspace) = 26850ms

So, Boot-up time reduced upto 10 secs.

Fedora Boot-up time graph after optimization
Fedora Boot-up time graph after optimization

* More Aggressive Optimization :
1) Disable SELinux and auditing services
2) Mask fedora-autoswap.service fedora-configure.service fedora-loadmodules.service fedora-readonly.service
3) Don’t use debug kernels
4) Don’t use LVM

Installing and Configuring Squid Proxy Cache Server

Squid is a proxy caching server. You can use squid in effective way, so that you can control the internet access over your network.

In Fedora, you can install the squid proxy cache server by just typing the following command, its available in the fedora main repo itself.

$ sudo yum install squid

Before starting the squid server you need to configure it with the help of this configuration file in ‘/etc/squid/squid.conf’.

In this scenario, I have a proxy server running in background which will respond to specific ip’s (LAN) and forward to a defined gateway. Using the gateway, all the hosts from my all LAN can reach internet.

What my system (proxy server) has to do is, to listen in a specified port ‘3128’ and forward the requests to the gateway.

My Gateway : 10.2.4.85
My IP Address : 192.168.1.4

Add the following things to that ‘squid.conf’ :
>>
acl localnet src 192.168.1.0/24
http_access allow localnet
http_port 3128
<>
acl RestrictedSites dstdomain “/etc/squid/restricted_sites”
http_access deny RestrictedSites
<<

#cat /etc/squid/restricted_sites
facebook.com
orkut.com
twitter.com
youtube.com

Conflicts in Shared Library

If you are migrated from 32 bit OS (Linux) to 64 bit OS, you may faced some problems with shared libraries. Most of the open source applications are developed in 32 bit OS and ported to 64 bit OS.

More of the people having wrong thought about the use of 64 bit OS. We don’t need 64 bit programs to run on 64 bit OS. Then, you can why we are facing many issues regarding 64 bit shared libraries. This is because of the incompatible use of shared libraries.

That means, you have 32 bit library which depends on 64 bit libraries. This will cause problems.

Recently i faced this issue in fedora 64 bit os, i solved this by installing all required 32 bit shared libraries.

For example : I have libstdc++.i386 and libstdc++.x86_64 shared libraries.
This doesn’t cause any issues. If you are facing any issues or conflicts means, that shared library is not strictly followed the standards of the shared libraries.