Anno domini 2020 Sat, 29 Aug 04:24:07 -0700 William Morder via trinity-users scripsit:
[... sniped a lot of text ...] On Saturday 29 August 2020 04:04:55 Dr. Nikolaus Klepp wrote:
What I have not understood yet: you can get root access from terminal with "su" or you have to use "sudo bash" ?
Thanks, Nik! I'm glad somebody is willing to explain this to me like I am a child. I probably ought to have got this years and years ago, but since I don't need it so much in a group setting, or office, I could put it off.
Some of this discussion has been superseded by another email, as they crossed paths.
However, in answer to this point: When I open a terminal, type "sudo su", I can enter my password, and then I am root. I can do whatever I want to my system, no matter how ill-conceived and dangerous. However, I cannot use it to launch gui programs, only to run some root commands, such as when I want to run pkill to kill several processes all at once, because they relate to something else that is running away.
Ok. To run programs as root on X11 you need to transfer X credentials to root. This can be done by hand (eek!) or just use "sux". That package was was kicked on debian in ~ 2014 by applying greater wisdom. Still in the source tree here https://sources.debian.org/src/sux/ - but better get the original from here http://fgouget.free.fr/sux/sux-readme.shtml - I've found it to be a very valuable piece of software.
"sudo su" should do the same as "sudo bash". "su" should work on a clean install, but it will refuse to work if you have no password set for root. so the first thing on ubuntu is to do a "sudo passwd" :) Anyway, "sudo" asks for your password, "su" for the root password.
When I am done, I type exit, or I can even kill su processes, rather than waiting for permissions to expire.
But when I (was) try(ing) to run a gui program (for example, gufw), I would be asked for my password, then told that it was incorrect. I have set my system not to allow root logins. There is no separate admin apart from the present author, although I cannot just do anything; I still must enter my password to become su.
However, without having installed quite all the trinity-sudo packages, I was denied root permissions, except in the shell, by running "sudo su".
Sorry for the tedious details, but I do want to get to the bottom of this issue, even though it may be self-inflicted.
There are no tedious details. If things are unclear they must be addressed - and everybody is free to ignore or give input at any time. Nowadays with that windows nomenclatura mixed in ... well, some days ago there was athread on "how to all a file or folder or directory thingie" on devuan :)
Nik
Bill
Anyway, so now, suddenly, I am asked for the root password in order to run gufw and other such stuff. But when I enter my password, I get a message that the password is incorrect. This happened before, long ago, when I first switched from (k)ubuntu to debian; debian seems to have a stricter default policy, which is probably a good thing, and I probably ought to get the hang of this thing, right?
So I need an easier solution than whatever this is that I am doing (or not doing). I have been combing through my Linux pocket guide and Linux in a Nutshell and Linux Bible, etc., but they all say the same thing, and none of them work.
#2 - I still want a graphical firewall that runs like the old Firestarter; gufw isn't quite what I want, or maybe I just haven't yet configured it properly.
didn't know Firestarter, but it loks nice for a firewall. I have to admit I don't like linux firewall (I prefer the BSD way). Anyway, I use "ufw" - it has a nice GUI, depending on your text editor :)
What I want is not just a GUI, but instead, one that displays *active connections* as they appear and disappear, and allows changing rules on the fly. Is there such a thing?
"fierwall-applet" could be what you want, but it drags in a hole bunch of things.
Will check it out, thanks.
Running it in a terminal would suit me just fine, so long as it is a dynamic display of active connections as they occur. Also an easier way to edit iptables. (I read that there is some new "thing" to replace iptables, meaning that ufw and gufw and their kin will all become obsolete very soon, apparently being phased out, and I had a hard time downloading them.)
Another possible fix would be: to pass my firestarter rules (based on iptables) along to ufw/gufw.
gufw? a gui for ufw? Abomoination! That could definitly be done. Are you in for a bit of shell black magic?
I am always prepared for some black magic. That is why I keep my *Linux in a Nutshell* grimoire always close to hand. Oh, and salt, burning sulfur, candles and incense, and some cats.
I used to keep goats and chickens, but nowadays my landlord is always complaining.
Seriously, whatever you can recommend to get me back "in control" of the Mother Ship.
Thanks a bunch!
But anyway, what I want is to see my active connections. (See enclosed screenshot.)
Any help or comments or suggestions are appreciated. If not, at least a good joke.
Windows guys suggest to run a firewall in amazon cloud and send all your network through it. I still have not figured out if tis is a bad joke or that they actully do, but I have the strong feeling this is a seriouse advise (there are commertial offers for this kind of stuff).
It sounds like these kids forget everything about security, privacy, whenever somebody says the word "cloud" -- then it's all okay.
Bill
P.S. The worst insult is, just before my upgrade, I had got my Jessie system fine-tuned to near-perfection, and was feeling rather smug and virtually bulletproof. On the bright side: Beowulf/Buster does seem to run better, overall, except for when I can't get it to DO WHAT I WANT.
:-\
See screenshot for firewall example.
To unsubscribe, e-mail: trinity-users-unsubscribe@lists.pearsoncomputing.net For additional commands, e-mail: trinity-users-help@lists.pearsoncomputing.net Read list messages on the web archive: http://trinity-users.pearsoncomputing.net/ Please remember not to top-post: http://trinity.pearsoncomputing.net/mailing_lists/#top-posting
To unsubscribe, e-mail: trinity-users-unsubscribe@lists.pearsoncomputing.net For additional commands, e-mail: trinity-users-help@lists.pearsoncomputing.net Read list messages on the web archive: http://trinity-users.pearsoncomputing.net/ Please remember not to top-post: http://trinity.pearsoncomputing.net/mailing_lists/#top-posting