I have an application built in C# .dotnet 6 on macos.
I want the application to be able to seamlessly update itself.
It's downloads the latest pkg and my problem is how I run it.
I want to start this process using "sudo installer -pkg /tmp/mypackage.pkg -target /" but sudo ask for password on the standard input.
How can I start a process with escalated privileges where the user permissions are asked first through something like:
You can use AppleScript to create a graphical authentication prompt:
#!/bin/sh
osascript -e "do shell script \"$*\" with administrator privileges"
Other methods: Is there any graphical "sudo" for Mac OS X?
You could try the option -S of sudo for accepting the password from standard input. After use echo password and | to pass the password to the command:
echo myPassword | sudo -S installer -pkg /tmp/mypackage.pkg -target
Related
I am referencing this article on Microsoft's documentation:
https://learn.microsoft.com/en-us/aspnet/core/host-and-deploy/linux-apache?view=aspnetcore-3.1
Has anyone tried to accomplish these steps in Docker container?
I have been at this for a couple of days and I can't get the kestrel-helloapp.service file to start my application automatically when I run the container.
After running the container I am able to manually go into it and start my application with dotnet WebApplication3.dll.
I am under the impression that this should happen automatically after enabling the service file.
The only way I am able to get it to work is by adding this to the Dockerfile:
ENTRYPOINT ["dotnet" ,"WebApplication3.dll"]
But when I do this it causes the Apache server to not start up automatically.
Here is my Dockerfile:
FROM centos:7
# install sudo and dotnet sdk
RUN yum install sudo -y
RUN sudo rpm -Uvh https://packages.microsoft.com/config/centos/7/packages-microsoft-prod.rpm
RUN yum install epel-release -y
RUN yum install dnf -y
RUN sudo dnf install dotnet-sdk-3.1 -y
# copy app files over
COPY ["./publish/", "/var/www/helloapp/publish/"]
# install apache and enable it
RUN sudo yum -y install httpd mod_ssl
RUN systemctl enable httpd.service
RUN yum install initscripts -y
RUN sudo service httpd configtest
# copy and enable service file
COPY ["./kestrel-helloapp.service", "/etc/systemd/system/"]
RUN sudo systemctl enable kestrel-helloapp.service
# start apache
CMD ["-D", "FOREGROUND"]
ENTRYPOINT ["/usr/sbin/httpd"]
EXPOSE 80
docker run command:
docker run -v "C:\Users\Nick\source\repos\docker-testing\version1\helloapp.conf:/etc/httpd/conf.d/helloapp.conf" -e "ASPNETCORE_URLS=http://+:8080" -p 80:80 -p 8080:8080 -t version1
helloapp.conf file:
<VirtualHost *:*>
RequestHeader set "X-Forwarded-Proto" expr="http"
</VirtualHost>
<VirtualHost *:8080>
ProxyPreserveHost On
ProxyPass / http://127.0.0.1:5000/
ProxyPassReverse / http://127.0.0.1:5000/
ServerName www.example.com
ServerAlias *.example.com
ErrorLog /var/log/httpd/helloapp-error.log
CustomLog /var/log/httpd/helloapp-access.log common
</VirtualHost>
kesterl-helloapp.service file:
[Unit]
Description=Example .NET Web MVC App running on CentOS 7
[Service]
WorkingDirectory=/var/www/helloapp/publish
ExecStart=/usr/local/bin/dotnet /var/www/helloapp/publish/WebApplication3.dll
Restart=always
# Restart service after 10 seconds if the dotnet service crashes:
RestartSec=10
KillSignal=SIGINT
SyslogIdentifier=dotnet-example
User=apache
Environment=ASPNETCORE_ENVIRONMENT=Production
[Install]
WantedBy=multi-user.target
I know the configuration is correct because everything works fine when I start the application manually. The service file just seems to be not starting the application on boot.
Any help would be greatly appreciated. Thanks!
I've run into a similar problem (just with an ubuntu base image). The problem that you are likely experiencing is related to the fact that there is one process launched from the docker container on entry point and that is not the system daemon (init, systemd, not sure which one centos is using). As a result, your services are actually not started as you described, because they would be launched on system run level change, by that exact same system daemon.
In my opinion, not launching the system daemon is a good thing as you want to minimize services running inside of your container.
On the other hand, you might actually want multiple services inside of the container. An actual solution to your problem is to write an entry point shell script and launch the services that you want to run in parallel of your main application. In my case, I wanted a customized Jenkins image, which has an entry point of /usr/local/bin/jenkins.sh. You can find this in the Dockerfile of the base image that you are using.
I've replaced the original entry point:
ENTRYPOINT ["/bin/tini", "--", "/usr/local/bin/jenkins.sh"]
with:
ENTRYPOINT ["/bin/tini", "--", "/docker-entrypoint.sh"]
Where the content of /docker-entrypoint.sh is:
#! /bin/bash
/usr/bin/cron & # This is the additional service I wanted in the background
/usr/local/bin/jenkins.sh
So I run this command on Linux from user account named 'x':
sudo dotnet App.dll
And App.dll does:
File.WriteAllText("App.txt", "Text");
This file is not write accessible to 'x' or normal users. It's owned by root. How can I write it so it's not a root user file but while running from sudo? I know I can grant access/ownership to a username to the file, but what do I do if I don't know the username's name is 'x'?
I have very little knowledge of Linux. I'm just writing a simple tool that configures some files. It needs to write some root-owned files but also some user-owned files.
I'm not even sure my question makes sense. I want to write a file without the (locked) icon overlay from sudo app execution.
After more furious googling I found that I can get the User's that invoked sudo UID and GID by running:
env | grep SUDO
or via C#:
var groupId = int.Parse(Environment.GetEnvironmentVariable("SUDO_GID"));
var userId = int.Parse(Environment.GetEnvironmentVariable("SUDO_UID"));
var user = Environment.GetEnvironmentVariable("SUDO_USER");
So I can execute:
chgrp GID File.txt
chown UID File.txt
or Process.Start using /bin/bash -c "command":
var command1 = $"chgrp {groupId} Test.txt";
var command2 = $"chown {userId} Test.txt";
to give the file to the User that launched sudo dotnet App.dll.
I'm trying to update an app remotely. All devices are rooted.
Due to the nature of the apps and devices, there are no users, the devices monitor a range of sensors and send the info back to a server from key locations.
I know that
"pm install -r app.apk\n"
will install a downloaded apk.
But how would I get it to run without a user.
Once this command executes the app stops and all it's services stop aswell.
So is there a command to install + run ?
am start -n com.package.name/com.package.name.ActivityName
does not get executed and wont start the services because this code is not reached after the install command
edit:
this is the code once the apk is downloaded
dataOutputStream.WriteBytes("mount -o rw,remount -t /system\n");
dataOutputStream.Flush();
dataOutputStream.WriteBytes("chmod -R 777 "+localPath+"\n");
dataOutputStream.Flush();
dataOutputStream.WriteBytes("mount -o ro,remount -t /system\n");
dataOutputStream.Flush();
dataOutputStream.WriteBytes("pm install -r "+localPath+"\n");
dataOutputStream.Flush();
//The code below is not reached because the install kills the app
dataOutputStream.WriteBytes("am start -n com.company.remote/com.company.remote.RebootServices\n");
dataOutputStream.Flush();
Whenever you install an app through Android Studio, it installs your app and launches it immediately afterwards. By looking into the commands it executes, I have found the following line, it might help you:
adb shell am start -n "com.package.name/com.package.name.ActivityName" -a android.intent.action.MAIN -c android.intent.category.LAUNCHER
Notice the intent filter flags: -a for "action" and -c for "category" as defined in manifest. If you have an intent filter, you can use those too.
EDIT: After reading the comment of SushiHangover, this is indeed a duplicate of this question: https://stackoverflow.com/a/4567928/3673616
According to the answer from there, instead of am start[...] you need to use adb shell am start[...]
Publishing ASP.NET MVC 4 application to IIS 8 on my machine giving the following error :
This access control list is not in canonical form and therefore cannot be modified.
I am under Windows 10 and using VS 2013 Ultimate.
I installed web deploy 3.5 from web platform installer 5, and I made sure that the services are working
Solution 1
I was able to solve this problem in the following way
Go to IIS
Right click on the website that you are publishing to and select Edit Permissions
Click the Security tab.
Click on Edit button
A Message box will appear which tell that the Permission was not correctly ordered.
Click Reorder on that message box.
Solution 2
Open the Command prompt (CMD) and execute the following two statements
icacls.exe C:\inetpub\wwwroot /verify /T /C /L /Q
icacls.exe C:\inetpub\wwwroot /reset /T /C /L /Q
note : Maybe you will want to open the CMD with Administrator privilege (Maybe I am not sure)
Cheers
You can run the following command to fix it
command prompt
icacls.exe C:\inetpub\wwwroot\<VIRTUAL DIRECTORY> /verify /T /C /L /Q
// If any entries are reported as being not in canonical order then run:
icacls.exe C:\inetpub\wwwroot\<VIRTUAL DIRECTORY> /reset /T /C /L /Q
Source
powershell
$path = C:\inetpub\wwwroot\<VIRTUAL DIRECTORY>
$acl = Get-Acl $path
Set-Acl $path $acl
Source
You can prevent this problem by modifying your Visual Studio package generation parameters: In the PropertyGroup section of your pubxml file, add
<IncludeSetACLProviderOnDestination>False</IncludeSetACLProviderOnDestination>
I've need to add a function to my C# WPF application to fix up certain registry entries.
This would be done by calling regsvr32.exe /s mylib.dll. Now, this should be easy to do from what I see using the runas verb with a new Process object. (My dll does require admin rights due to some registry keys it writes to.)
But the problem is there are multiple DLLs, thus multiple invocations of regsvr32.exe, and it is not possible to put all the registrations into a single .dll. But were I to just runas multiple times, the user would get as many UAC dialogs as I start it... and I don't want that.
I want just a single dialog, and I really really want to avoid having a mystery extra fixer.exe file to have to do the launching instead. Now, I only know Windows Security stuff on a really basic level, but shouldn't it be possible to get an 'admin' token somehow (which gets me the UAC dialog) and use that to launch the different processes?
You can just use command line arguments, and shell to your own .exe running that process as an admin. When your application loads, check for those command line arguments...If they are there, register all of your dlls, then exit.
Or, you could write a batch file that registers all of the dlls, and shell to that with admin rights.
The issue here is security. You have three options:
Create a service account and run the application with service account privileges.
Prep the target machines that the application will run on with some sort of install package.
Use powershell to invoke regsvr32.exe with admin rights ->
function Run-Elevated ($scriptblock)
{
# TODO: make -NoExit a parameter
# TODO: just open PS (no -Command parameter) if $sb -eq ''
$sh = new-object -com 'Shell.Application'
$sh.ShellExecute('powershell', "-NoExit -Command $sb", '', 'runas')
}
I would opt for option 2, as registering dll's are more than an installation step. The registering of the dll crosses the boundary of the account privileges needed to run the main application. If your app is running on a domain environment an MSI could be rolled out to prep each machine?
If you want only one single UAC prompt, there is already an answer at Stackoverflow, look here.
This script elevates itself once, and you can execute a sequence of commands which all need elevated rights, so you don't get multiple UAC prompts anymore.
In your case, this means you can just append the invokations of
regsvr32.exe /s mylib1.dll
regsvr32.exe /s mylib2.dll
regsvr32.exe /s mylib3.dll
at the end of the script mentioned above, i.e.
:::::::::::::::::::::::::::::::::::::::::
:: Automatically check & get admin rights
:::::::::::::::::::::::::::::::::::::::::
#echo off
CLS
ECHO.
ECHO =============================
ECHO Running Admin shell
ECHO =============================
:checkPrivileges
NET FILE 1>NUL 2>NUL
if '%errorlevel%' == '0' ( goto gotPrivileges ) else ( goto getPrivileges )
:getPrivileges
if '%1'=='ELEV' (shift & goto gotPrivileges)
ECHO.
ECHO **************************************
ECHO Invoking UAC for Privilege Escalation
ECHO **************************************
setlocal DisableDelayedExpansion
set "batchPath=%~0"
setlocal EnableDelayedExpansion
ECHO Set UAC = CreateObject^("Shell.Application"^) > "%temp%\OEgetPrivileges.vbs"
ECHO UAC.ShellExecute "!batchPath!", "ELEV", "", "runas", 1 >> "%temp%\OEgetPrivileges.vbs"
"%temp%\OEgetPrivileges.vbs"
exit /B
:gotPrivileges
::::::::::::::::::::::::::::
:START
::::::::::::::::::::::::::::
setlocal & pushd .
REM The following code will cause Windows UAC to prompt only once
regsvr32.exe /s mylib1.dll
regsvr32.exe /s mylib2.dll
regsvr32.exe /s mylib3.dll
and the UAC dialog will only appear once.