Greetings;
Out of curiosity, I tried to run ksysv from the tde menu. Can't. If insists on a root pw that does not exist on this debian wheezy install. A sudo -i in a konsole for me, and it runs just fine.
This really ought to be fixed. No biggie for me, but...
Cheers, Gene Heskett
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
On 12/17/2015 03:06 PM, Gene Heskett wrote:
Greetings;
Out of curiosity, I tried to run ksysv from the tde menu. Can't. If insists on a root pw that does not exist on this debian wheezy install. A sudo -i in a konsole for me, and it runs just fine.
This really ought to be fixed. No biggie for me, but...
Cheers, Gene Heskett
No issues here (Debian/Stretch) with ksysv. Just typed in the root password and it worked flawlessly. The fact that ksysv requires root password is not surprising since you are playing with the system config. Cheers Michele
On Saturday 19 December 2015 01:52:46 Michele Calgaro wrote:
On 12/17/2015 03:06 PM, Gene Heskett wrote:
Greetings;
Out of curiosity, I tried to run ksysv from the tde menu. Can't. If insists on a root pw that does not exist on this debian wheezy install. A sudo -i in a konsole for me, and it runs just fine.
This really ought to be fixed. No biggie for me, but...
Cheers, Gene Heskett
No issues here (Debian/Stretch) with ksysv. Just typed in the root password and it worked flawlessly. The fact that ksysv requires root password is not surprising since you are playing with the system config. Cheers Michele
You missed the point, it demands a root pw, that on this wheezy system, does not exist, so it cannot be launched from the menu entry by any pw entered. The pw used for doing a sudo is not accepted. That was my point.
Don't put it in the menu's at all if the user cannot use his sudo to get the root rights it needs.
I am used to defeating petty attempts to mold linux networking to someones idea of consistency, but which is an abject failure where one's home network, all behind a good router, is all based on the common to all machines /etc/hosts file, with a locally carved in granite hostname per machine. Turning network-mangler loose in that environment is a no networking disaster, so the first thing you have to do on the install reboot, is sudo -i, make the entry's for that machine in /etc/network/interfaces, chmod +i that file, then nuke the link and make a real /etc/resolv.conf, and chmod +i that. If udev hasn't played with things and moved eth0 to something else, thats it. Your networking Just Works(TM) Then at your leasure you can uninstall network-mangler. No use of its burning cpu cycles trying to tear down what you just made immutible.
Network-mangler might be of use in the situation where the machine is connected directly to the access modem. Thats for folks who do not understand the need for an isolating, natting, 20 hungry pit-bull guard dogs for a firewall, router. Without that, a windows box is owned 30 seconds after the cat5 is plugged in. The linux box is at risk but its lower. I haven't worried about that since I discovered dd-wrt, which can be reflashed into the better routers. To me, its a transparent gateway to the net. To the net, if no port forwarding is being done, its a cable with an address with nothing on the other end of it.
To unsubscribe, e-mail: trinity-users-unsubscribe@lists.pearsoncomputing.net For additional commands, e-mail: trinity-users-help@lists.pearsoncomputing.net Read list messages on the web archive: http://trinity-users.pearsoncomputing.net/ Please remember not to top-post: http://trinity.pearsoncomputing.net/mailing_lists/#top-posting
Cheers, Gene Heskett
Hi Gene!
Where's the problem of giving root a password?
nik
Am Samstag, 19. Dezember 2015 schrieb Gene Heskett:
On Saturday 19 December 2015 01:52:46 Michele Calgaro wrote:
On 12/17/2015 03:06 PM, Gene Heskett wrote:
Greetings;
Out of curiosity, I tried to run ksysv from the tde menu. Can't. If insists on a root pw that does not exist on this debian wheezy install. A sudo -i in a konsole for me, and it runs just fine.
This really ought to be fixed. No biggie for me, but...
Cheers, Gene Heskett
No issues here (Debian/Stretch) with ksysv. Just typed in the root password and it worked flawlessly. The fact that ksysv requires root password is not surprising since you are playing with the system config. Cheers Michele
You missed the point, it demands a root pw, that on this wheezy system, does not exist, so it cannot be launched from the menu entry by any pw entered. The pw used for doing a sudo is not accepted. That was my point.
Don't put it in the menu's at all if the user cannot use his sudo to get the root rights it needs.
I am used to defeating petty attempts to mold linux networking to someones idea of consistency, but which is an abject failure where one's home network, all behind a good router, is all based on the common to all machines /etc/hosts file, with a locally carved in granite hostname per machine. Turning network-mangler loose in that environment is a no networking disaster, so the first thing you have to do on the install reboot, is sudo -i, make the entry's for that machine in /etc/network/interfaces, chmod +i that file, then nuke the link and make a real /etc/resolv.conf, and chmod +i that. If udev hasn't played with things and moved eth0 to something else, thats it. Your networking Just Works(TM) Then at your leasure you can uninstall network-mangler. No use of its burning cpu cycles trying to tear down what you just made immutible.
Network-mangler might be of use in the situation where the machine is connected directly to the access modem. Thats for folks who do not understand the need for an isolating, natting, 20 hungry pit-bull guard dogs for a firewall, router. Without that, a windows box is owned 30 seconds after the cat5 is plugged in. The linux box is at risk but its lower. I haven't worried about that since I discovered dd-wrt, which can be reflashed into the better routers. To me, its a transparent gateway to the net. To the net, if no port forwarding is being done, its a cable with an address with nothing on the other end of it.
To unsubscribe, e-mail: trinity-users-unsubscribe@lists.pearsoncomputing.net For additional commands, e-mail: trinity-users-help@lists.pearsoncomputing.net Read list messages on the web archive: http://trinity-users.pearsoncomputing.net/ Please remember not to top-post: http://trinity.pearsoncomputing.net/mailing_lists/#top-posting
Cheers, Gene Heskett
On Saturday 19 December 2015 02:42:50 Dr. Nikolaus Klepp wrote:
Hi Gene!
Where's the problem of giving root a password?
nik
The last time I did that, somewhere along about the time of fedora 2, it destroyed sudo, and I then rebooted single and nuked it, expecting sudo to come back, but it didn't so reinstall time. I was sick of being Red Hat's lab rat always suffering from some redhat experiment you couldn't get fixed, so I used my lappy to pull and burn the cd and bailed to mandrake, then pclos for a while, but it wasn't at all compatible with linuxcnc, so I finally went with wheezy for transparent compatibility. In that regard it has been truly excellent since the latest LCNC is wheezy based.
Thank deity I had already setup a decent backup (amanda), so the transistions between distro's, while not painless, has not cost me a lot of data in the long view.
However, since they want sudo to be used, leaving root passwordless, I am not fussy as long as it works. But I am not going to set a root PW if its going to screw up the rest of the stuff that expects sudo to work.
Am Samstag, 19. Dezember 2015 schrieb Gene Heskett:
On Saturday 19 December 2015 01:52:46 Michele Calgaro wrote:
On 12/17/2015 03:06 PM, Gene Heskett wrote:
Greetings;
Out of curiosity, I tried to run ksysv from the tde menu. Can't. If insists on a root pw that does not exist on this debian wheezy install. A sudo -i in a konsole for me, and it runs just fine.
This really ought to be fixed. No biggie for me, but...
Cheers, Gene Heskett
No issues here (Debian/Stretch) with ksysv. Just typed in the root password and it worked flawlessly. The fact that ksysv requires root password is not surprising since you are playing with the system config. Cheers Michele
You missed the point, it demands a root pw, that on this wheezy system, does not exist, so it cannot be launched from the menu entry by any pw entered. The pw used for doing a sudo is not accepted. That was my point.
Don't put it in the menu's at all if the user cannot use his sudo to get the root rights it needs.
I am used to defeating petty attempts to mold linux networking to someones idea of consistency, but which is an abject failure where one's home network, all behind a good router, is all based on the common to all machines /etc/hosts file, with a locally carved in granite hostname per machine. Turning network-mangler loose in that environment is a no networking disaster, so the first thing you have to do on the install reboot, is sudo -i, make the entry's for that machine in /etc/network/interfaces, chmod +i that file, then nuke the link and make a real /etc/resolv.conf, and chmod +i that. If udev hasn't played with things and moved eth0 to something else, thats it. Your networking Just Works(TM) Then at your leasure you can uninstall network-mangler. No use of its burning cpu cycles trying to tear down what you just made immutible.
Network-mangler might be of use in the situation where the machine is connected directly to the access modem. Thats for folks who do not understand the need for an isolating, natting, 20 hungry pit-bull guard dogs for a firewall, router. Without that, a windows box is owned 30 seconds after the cat5 is plugged in. The linux box is at risk but its lower. I haven't worried about that since I discovered dd-wrt, which can be reflashed into the better routers. To me, its a transparent gateway to the net. To the net, if no port forwarding is being done, its a cable with an address with nothing on the other end of it.
--- To unsubscribe, e-mail: trinity-users-unsubscribe@lists.pearsoncomputing.net For additional commands, e-mail: trinity-users-help@lists.pearsoncomputing.net Read list messages on the web archive: http://trinity-users.pearsoncomputing.net/ Please remember not to top-post: http://trinity.pearsoncomputing.net/mailing_lists/#top-posting
Cheers, Gene Heskett
Cheers, Gene Heskett
Am Samstag, 19. Dezember 2015 schrieb Gene Heskett:
On Saturday 19 December 2015 02:42:50 Dr. Nikolaus Klepp wrote:
Hi Gene!
Where's the problem of giving root a password?
nik
The last time I did that, somewhere along about the time of fedora 2, it destroyed sudo, and I then rebooted single and nuked it, expecting sudo to come back, but it didn't so reinstall time. I was sick of being Red Hat's lab rat always suffering from some redhat experiment you couldn't get fixed, so I used my lappy to pull and burn the cd and bailed to mandrake, then pclos for a while, but it wasn't at all compatible with linuxcnc, so I finally went with wheezy for transparent compatibility. In that regard it has been truly excellent since the latest LCNC is wheezy based.
Thank deity I had already setup a decent backup (amanda), so the transistions between distro's, while not painless, has not cost me a lot of data in the long view.
However, since they want sudo to be used, leaving root passwordless, I am not fussy as long as it works. But I am not going to set a root PW if its going to screw up the rest of the stuff that expects sudo to work.
Hi Gene!
There are no side effects in setting a root password. In fact, there is already a root password, but it's useless for the user.
If you want to try:
$ sudo bash # cp /etc/shadow /root/ # passwd
If you have sideffects using sudo, you can always do:
$ su # cp /root/shadow /etc/
Nik
Am Samstag, 19. Dezember 2015 schrieb Gene Heskett:
On Saturday 19 December 2015 01:52:46 Michele Calgaro wrote:
On 12/17/2015 03:06 PM, Gene Heskett wrote:
Greetings;
Out of curiosity, I tried to run ksysv from the tde menu. Can't. If insists on a root pw that does not exist on this debian wheezy install. A sudo -i in a konsole for me, and it runs just fine.
This really ought to be fixed. No biggie for me, but...
Cheers, Gene Heskett
No issues here (Debian/Stretch) with ksysv. Just typed in the root password and it worked flawlessly. The fact that ksysv requires root password is not surprising since you are playing with the system config. Cheers Michele
You missed the point, it demands a root pw, that on this wheezy system, does not exist, so it cannot be launched from the menu entry by any pw entered. The pw used for doing a sudo is not accepted. That was my point.
Don't put it in the menu's at all if the user cannot use his sudo to get the root rights it needs.
I am used to defeating petty attempts to mold linux networking to someones idea of consistency, but which is an abject failure where one's home network, all behind a good router, is all based on the common to all machines /etc/hosts file, with a locally carved in granite hostname per machine. Turning network-mangler loose in that environment is a no networking disaster, so the first thing you have to do on the install reboot, is sudo -i, make the entry's for that machine in /etc/network/interfaces, chmod +i that file, then nuke the link and make a real /etc/resolv.conf, and chmod +i that. If udev hasn't played with things and moved eth0 to something else, thats it. Your networking Just Works(TM) Then at your leasure you can uninstall network-mangler. No use of its burning cpu cycles trying to tear down what you just made immutible.
Network-mangler might be of use in the situation where the machine is connected directly to the access modem. Thats for folks who do not understand the need for an isolating, natting, 20 hungry pit-bull guard dogs for a firewall, router. Without that, a windows box is owned 30 seconds after the cat5 is plugged in. The linux box is at risk but its lower. I haven't worried about that since I discovered dd-wrt, which can be reflashed into the better routers. To me, its a transparent gateway to the net. To the net, if no port forwarding is being done, its a cable with an address with nothing on the other end of it.
--- To unsubscribe, e-mail: trinity-users-unsubscribe@lists.pearsoncomputing.net For additional commands, e-mail: trinity-users-help@lists.pearsoncomputing.net Read list messages on the web archive: http://trinity-users.pearsoncomputing.net/ Please remember not to top-post: http://trinity.pearsoncomputing.net/mailing_lists/#top-posting
Cheers, Gene Heskett
Cheers, Gene Heskett
On Saturday 19 December 2015 03:33:17 Dr. Nikolaus Klepp wrote:
Am Samstag, 19. Dezember 2015 schrieb Gene Heskett:
On Saturday 19 December 2015 02:42:50 Dr. Nikolaus Klepp wrote:
Hi Gene!
Where's the problem of giving root a password?
nik
The last time I did that, somewhere along about the time of fedora 2, it destroyed sudo, and I then rebooted single and nuked it, expecting sudo to come back, but it didn't so reinstall time. I was sick of being Red Hat's lab rat always suffering from some redhat experiment you couldn't get fixed, so I used my lappy to pull and burn the cd and bailed to mandrake, then pclos for a while, but it wasn't at all compatible with linuxcnc, so I finally went with wheezy for transparent compatibility. In that regard it has been truly excellent since the latest LCNC is wheezy based.
Thank deity I had already setup a decent backup (amanda), so the transistions between distro's, while not painless, has not cost me a lot of data in the long view.
However, since they want sudo to be used, leaving root passwordless, I am not fussy as long as it works. But I am not going to set a root PW if its going to screw up the rest of the stuff that expects sudo to work.
Hi Gene!
There are no side effects in setting a root password. In fact, there is already a root password, but it's useless for the user.
If you want to try:
$ sudo bash # cp /etc/shadow /root/ # passwd
Which from a very dim recall at this late date, is not how I did it before. And this time it appears to be working well, no surprises.
Now I just have to remember to try the root pw if mine doesn't work. Both are long enough that typu's can be a problem. But roots is like 16 characters longer. As it should be.
Thanks Nik.
If you have sideffects using sudo, you can always do:
$ su # cp /root/shadow /etc/
Nik
Am Samstag, 19. Dezember 2015 schrieb Gene Heskett:
On Saturday 19 December 2015 01:52:46 Michele Calgaro wrote:
On 12/17/2015 03:06 PM, Gene Heskett wrote:
Greetings;
Out of curiosity, I tried to run ksysv from the tde menu. Can't. If insists on a root pw that does not exist on this debian wheezy install. A sudo -i in a konsole for me, and it runs just fine.
This really ought to be fixed. No biggie for me, but...
Cheers, Gene Heskett
No issues here (Debian/Stretch) with ksysv. Just typed in the root password and it worked flawlessly. The fact that ksysv requires root password is not surprising since you are playing with the system config. Cheers Michele
You missed the point, it demands a root pw, that on this wheezy system, does not exist, so it cannot be launched from the menu entry by any pw entered. The pw used for doing a sudo is not accepted. That was my point.
Don't put it in the menu's at all if the user cannot use his sudo to get the root rights it needs.
I am used to defeating petty attempts to mold linux networking to someones idea of consistency, but which is an abject failure where one's home network, all behind a good router, is all based on the common to all machines /etc/hosts file, with a locally carved in granite hostname per machine. Turning network-mangler loose in that environment is a no networking disaster, so the first thing you have to do on the install reboot, is sudo -i, make the entry's for that machine in /etc/network/interfaces, chmod +i that file, then nuke the link and make a real /etc/resolv.conf, and chmod +i that. If udev hasn't played with things and moved eth0 to something else, thats it. Your networking Just Works(TM) Then at your leasure you can uninstall network-mangler. No use of its burning cpu cycles trying to tear down what you just made immutible.
Network-mangler might be of use in the situation where the machine is connected directly to the access modem. Thats for folks who do not understand the need for an isolating, natting, 20 hungry pit-bull guard dogs for a firewall, router. Without that, a windows box is owned 30 seconds after the cat5 is plugged in. The linux box is at risk but its lower. I haven't worried about that since I discovered dd-wrt, which can be reflashed into the better routers. To me, its a transparent gateway to the net. To the net, if no port forwarding is being done, its a cable with an address with nothing on the other end of it.
---- --- To unsubscribe, e-mail: trinity-users-unsubscribe@lists.pearsoncomputing.net For additional commands, e-mail: trinity-users-help@lists.pearsoncomputing.net Read list messages on the web archive: http://trinity-users.pearsoncomputing.net/ Please remember not to top-post: http://trinity.pearsoncomputing.net/mailing_lists/#top-posting
Cheers, Gene Heskett
Cheers, Gene Heskett
Cheers, Gene Heskett
Hi Gene
You missed the point, it demands a root pw, that on this wheezy system, does not exist, so it cannot be launched from the menu entry by any pw entered. The pw used for doing a sudo is not accepted. That was my point.
Don't put it in the menu's at all if the user cannot use his sudo to get the root rights it needs.
what happens, if you do - if you are allowed to start su from sudo:
xhost + # to allow other users to access the xserver sudo su # to become root without a password export DISPLAY=:0 # set the DISPLAY variable to access the xserver ksysv # start the wanted program
If this works, you can use the program without a password.
HTH Rolf
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
On 2015/12/19 11:21 AM, Rolf Schmidt wrote:
You missed the point, it demands a root pw, that on this wheezy system,
does not exist, so it cannot be launched from the menu entry by any pw entered. The pw used for doing a sudo is not accepted. That was my point.
Again, I see nothing wrong on a general basis. If you are root (yes, not recommended I know) there is no problem to run ksysv at all. If you are a standard user, you type in the root password and everything works.
If your setup does not use a root password or you do not have access to such password, you have the choice to edit the menu and remove the ksysv entry.
IMHO, the menu entry is fine as it is now since it will work as expected for the majority of the users. Unconventional setups will need special handling for this type of problem. Just my 2 cents Cheers Michele
On Saturday 19 December 2015 08:12:09 Michele Calgaro wrote:
On 2015/12/19 11:21 AM, Rolf Schmidt wrote:
You missed the point, it demands a root pw, that on this wheezy system,
does not exist, so it cannot be launched from the menu entry by any pw entered. The pw used for doing a sudo is not accepted. That was my point.
Again, I see nothing wrong on a general basis. If you are root (yes, not recommended I know) there is no problem to run ksysv at all. If you are a standard user, you type in the root password and everything works.
If your setup does not use a root password or you do not have access to such password, you have the choice to edit the menu and remove the ksysv entry.
debian wheezy has never had a root passwd known to the user. Unless they follow Nik's proceedure to reset it. It does exist, but is not known to the first user, so there rather effectively is not one as far as that first user who has sudo rights is concerned.
IMHO, the menu entry is fine as it is now since it will work as expected for the majority of the users.
Your idea of the word majority is miss-applied in the modern linux world. Root password usage is pretty well deprecated by most distro's today, using sudo instead, even in wheezy which is considered elderly these days.
Unconventional setups will need special handling for this type of problem. Just my 2 cents Cheers Michele
To unsubscribe, e-mail: trinity-users-unsubscribe@lists.pearsoncomputing.net For additional commands, e-mail: trinity-users-help@lists.pearsoncomputing.net Read list messages on the web archive: http://trinity-users.pearsoncomputing.net/ Please remember not to top-post: http://trinity.pearsoncomputing.net/mailing_lists/#top-posting
Cheers, Gene Heskett
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
On 12/19/2015 02:55 PM, Gene Heskett wrote:
Your idea of the word majority is miss-applied in the modern linux world. Root password usage is pretty well deprecated by most distro's today, using sudo instead, even in wheezy which is considered elderly these days.
You are probably right on this, I agree. Now I see the point you were trying to make. I will discuss with Slavek, see what he thinks too. Cheers Michele
On Saturday 19 December 2015 10:16:51 Michele Calgaro wrote:
On 12/19/2015 02:55 PM, Gene Heskett wrote:
Your idea of the word majority is miss-applied in the modern linux world. Root password usage is pretty well deprecated by most distro's today, using sudo instead, even in wheezy which is considered elderly these days.
You are probably right on this, I agree. Now I see the point you were trying to make. I will discuss with Slavek, see what he thinks too. Cheers Michele
Thank you, Michele
Cheers, Gene Heskett
On Saturday 19 December 2015 10:16:51 Michele Calgaro wrote:
On 12/19/2015 02:55 PM, Gene Heskett wrote:
Your idea of the word majority is miss-applied in the modern linux world. Root password usage is pretty well deprecated by most distro's today, using sudo instead, even in wheezy which is considered elderly these days.
You are probably right on this, I agree. Now I see the point you were trying to make. I will discuss with Slavek, see what he thinks too. Cheers Michele
I should also add that synaptic is in this same boat, and that until I discovered synaptic-pkexec from a cli, which uses sudo to get its rights, I was locked out of using the best package manager ever. update-manager is nice, and it runs well with a sudo, but it cannot add a new package one might need. adept, with its fugly ncurses gui that is so easily destroyed, could probably be used by someone familiar with the ncurses idiosynchrocies I suppose, but ncurses has had 20 years to grow a screen refresh and hasn't done it yet. mc, if ncurses grew a screen refresh would be hands down the best file manager ever. krusader looks nice, but is impotent. As it is, the only way to refresh mc is to quit it and restart it.
That leaves synaptic as a universal package manager, which because of its x integration cannot be run as root (can't access the display as root) but sudo the pkexec wrapper and its beautifull. And I just edited the menu item so it can be run from the menu. Except it doesn't run at all now, and logs no errors. But it still works from the cli. Take out the single quotes the editor so helpfully added, and it runs, but takes the newly added root pw. Can we get any more confused? Doubtful.
There are no doubt several other "system set it once and forget it" things, but those are a few of the things that bug me weekly if not more often.
Thanks Michele
Cheers, Gene Heskett
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
I should also add that synaptic is in this same boat, and that until I discovered synaptic-pkexec from a cli, which uses sudo to get its rights, I was locked out of using the best package manager ever.
Gene, although which one is the best package manager is quite subjective (for example aptitude is my favorite), I have discussed with Slavek about the sudo-TDE MEnu issue. Can you file a bug report in bugszilla about this problem? Make sure to add bug 2540 to the "Blocks" field so that the new bug is added to the r14.0.3 bug list.
Thanks Michele
On Saturday 19 December 2015 12:19:25 Michele Calgaro wrote:
I should also add that synaptic is in this same boat, and that until I discovered synaptic-pkexec from a cli, which uses sudo to get its rights, I was locked out of using the best package manager ever.
Gene, although which one is the best package manager is quite subjective (for example aptitude is my favorite), I have discussed with Slavek about the sudo-TDE MEnu issue. Can you file a bug report in bugszilla about this problem? Make sure to add bug 2540 to the "Blocks" field so that the new bug is added to the r14.0.3 bug list.
Thanks Michele
ISTR I did register there at some point a month+ back up the log. But I don't recall the username or pw. I asked it to send me a pw reset, but it went to the pw reset screen, where its still sitting, and I have not received the reset message in something like 10 minutes, eg 3 fetchmail cycles.
Next?
Thanks Michele
Cheers, Gene Heskett
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
On 12/19/2015 11:29 PM, Gene Heskett wrote:
ISTR I did register there at some point a month+ back up the log. But I don't recall the username or pw. I asked it to send me a pw reset, but it went to the pw reset screen, where its still sitting, and I have not received the reset message in something like 10 minutes, eg 3 fetchmail cycles.
Next?
Thanks Michele
Cheers, Gene Heskett
For the records, I filed bug 2563 for this problem. The comment is the same you put in bug 2540 ;-) Cheers Michele
On Saturday 19 December 2015 13:55:41 Gene Heskett wrote:
On Saturday 19 December 2015 08:12:09 Michele Calgaro wrote:
On 2015/12/19 11:21 AM, Rolf Schmidt wrote:
You missed the point, it demands a root pw, that on this wheezy system,
does not exist, so it cannot be launched from the menu entry by any pw entered. The pw used for doing a sudo is not accepted. That was my point.
Again, I see nothing wrong on a general basis. If you are root (yes, not recommended I know) there is no problem to run ksysv at all. If you are a standard user, you type in the root password and everything works.
If your setup does not use a root password or you do not have access to such password, you have the choice to edit the menu and remove the ksysv entry.
debian wheezy has never had a root passwd known to the user.
Rubbish! Rubbish! Rubbish! Debian has always had a root password. If you haven't got one it is because you aren't using a Wheezy but a CNC or soethnig one. Debian _has_ started giving the option at install tine of not having one if you don't want one instead of imposing one on you, but basically Wheezy has a root password.
Unless they follow Nik's proceedure to reset it. It does exist, but is not known to the first user, so there rather effectively is not one as far as that first user who has sudo rights is concerned.
Rubbish again.
IMHO, the menu entry is fine as it is now since it will work as expected for the majority of the users.
Your idea of the word majority is miss-applied in the modern linux world. Root password usage is pretty well deprecated by most distro's today,
You are using Debian. It is not deprecated. IMHO this no root password business is part of the creeping Ubuntuisation.
using sudo instead, even in wheezy
Sorry, Gene, but rubbish!
which is considered elderly these days.
Unconventional setups will need special handling for this type of problem. Just my 2 cents
Quite Michele. The Debian/TDE combination norm for a setup is to have a root password. It is not as though those who insist on being different cannot sort it out easily, as you have Gene. But you could always have used Ubuntu, which does have sudo for the first user by default. <shudder>
Lisi.
Am Samstag, 19. Dezember 2015 schrieb Lisi Reisz:
On Saturday 19 December 2015 13:55:41 Gene Heskett wrote:
On Saturday 19 December 2015 08:12:09 Michele Calgaro wrote:
On 2015/12/19 11:21 AM, Rolf Schmidt wrote:
You missed the point, it demands a root pw, that on this wheezy system,
does not exist, so it cannot be launched from the menu entry by any pw entered. The pw used for doing a sudo is not accepted. That was my point.
Again, I see nothing wrong on a general basis. If you are root (yes, not recommended I know) there is no problem to run ksysv at all. If you are a standard user, you type in the root password and everything works.
If your setup does not use a root password or you do not have access to such password, you have the choice to edit the menu and remove the ksysv entry.
debian wheezy has never had a root passwd known to the user.
Rubbish! Rubbish! Rubbish! Debian has always had a root password. If you haven't got one it is because you aren't using a Wheezy but a CNC or soethnig one. Debian _has_ started giving the option at install tine of not having one if you don't want one instead of imposing one on you, but basically Wheezy has a root password.
Unless they follow Nik's proceedure to reset it. It does exist, but is not known to the first user, so there rather effectively is not one as far as that first user who has sudo rights is concerned.
Rubbish again.
IMHO, the menu entry is fine as it is now since it will work as expected for the majority of the users.
Your idea of the word majority is miss-applied in the modern linux world. Root password usage is pretty well deprecated by most distro's today,
You are using Debian. It is not deprecated. IMHO this no root password business is part of the creeping Ubuntuisation.
using sudo instead, even in wheezy
Sorry, Gene, but rubbish!
which is considered elderly these days.
Unconventional setups will need special handling for this type of problem. Just my 2 cents
Quite Michele. The Debian/TDE combination norm for a setup is to have a root password. It is not as though those who insist on being different cannot sort it out easily, as you have Gene. But you could always have used Ubuntu, which does have sudo for the first user by default. <shudder>
Lisi.
Hi Lisi!
Genes problem is indeed a problem of the linuxcnc live cd, which was formerly based on ubuntu but is now on wheezy. Somebody on the assembly line liked sudo better than su, which is quite funny. Now when Gene uses the linuxcnc livesystem (or that installed on a disk) he ends up with wheezy+ubuntu "make it esy"-stuff aka xfcs/sudo/systemd etc, which makes things qute interesting when you leave the red flaged paths. On the other hand, you can install linuxcnc on top of wheezy without that clutter, but you'll need to know where to go :-)
Nik
On Sunday 20 December 2015 07:54:59 Dr. Nikolaus Klepp wrote:
Am Samstag, 19. Dezember 2015 schrieb Lisi Reisz:
On Saturday 19 December 2015 13:55:41 Gene Heskett wrote:
On Saturday 19 December 2015 08:12:09 Michele Calgaro wrote:
On 2015/12/19 11:21 AM, Rolf Schmidt wrote:
You missed the point, it demands a root pw, that on this wheezy system,
does not exist, so it cannot be launched from the menu entry by any pw entered. The pw used for doing a sudo is not accepted. That was my point.
Again, I see nothing wrong on a general basis. If you are root (yes, not recommended I know) there is no problem to run ksysv at all. If you are a standard user, you type in the root password and everything works.
If your setup does not use a root password or you do not have access to such password, you have the choice to edit the menu and remove the ksysv entry.
debian wheezy has never had a root passwd known to the user.
Rubbish! Rubbish! Rubbish! Debian has always had a root password. If you haven't got one it is because you aren't using a Wheezy but a CNC or soethnig one. Debian _has_ started giving the option at install tine of not having one if you don't want one instead of imposing one on you, but basically Wheezy has a root password.
Unless they follow Nik's proceedure to reset it. It does exist, but is not known to the first user, so there rather effectively is not one as far as that first user who has sudo rights is concerned.
Rubbish again.
IMHO, the menu entry is fine as it is now since it will work as expected for the majority of the users.
Your idea of the word majority is miss-applied in the modern linux world. Root password usage is pretty well deprecated by most distro's today,
You are using Debian. It is not deprecated. IMHO this no root password business is part of the creeping Ubuntuisation.
using sudo instead, even in wheezy
Sorry, Gene, but rubbish!
which is considered elderly these days.
Unconventional setups will need special handling for this type of problem. Just my 2 cents
Quite Michele. The Debian/TDE combination norm for a setup is to have a root password. It is not as though those who insist on being different cannot sort it out easily, as you have Gene. But you could always have used Ubuntu, which does have sudo for the first user by default.
<shudder>
Lisi.
Hi Lisi!
Genes problem is indeed a problem of the linuxcnc live cd, which was formerly based on ubuntu but is now on wheezy. Somebody on the assembly line liked sudo better than su, which is quite funny. Now when Gene uses the linuxcnc livesystem (or that installed on a disk) he ends up with wheezy+ubuntu "make it esy"-stuff aka xfcs/sudo/systemd etc, which makes things qute interesting when you leave the red flaged paths. On the other hand, you can install linuxcnc on top of wheezy without that clutter, but you'll need to know where to go :-)
Nik
Thanks, Nik!
Lisi
Il 20/12/2015 08:54, Dr. Nikolaus Klepp ha scritto:
Genes problem is indeed a problem of the linuxcnc live cd
We can all agree that Gene is got a problem, and that it would be nice to find a solution for his problem.
But as his problem arises from a quite unsafe setting with sudo stuff of his ubuntuish CNC, I wouldn't like is that, in order to solve Gene's problem, something is done which might impair safety for everybody else, as Michele's answer might imply.
Giuliano
On Sunday 20 December 2015 10:57:42 Giuliano Colla wrote:
Il 20/12/2015 08:54, Dr. Nikolaus Klepp ha scritto:
Genes problem is indeed a problem of the linuxcnc live cd
We can all agree that Gene is got a problem, and that it would be nice to find a solution for his problem.
But as his problem arises from a quite unsafe setting with sudo stuff of his ubuntuish CNC, I wouldn't like is that, in order to solve Gene's problem, something is done which might impair safety for everybody else, as Michele's answer might imply.
I was thinking exactly the same, Guiliano, and was going to write saying so. Making access as easy as that is an accident waiting to happen. I want things that are system related locked up behind root, and would be very sad to see this changed in Debian/TDE. This very issue is one of my reasons for not liking Ubuntu.
And Gene has got, and has applied, a solution to his problem. He just objected to having to find it.
Lisi
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
On 12/20/2015 11:57 AM, Giuliano Colla wrote:
We can all agree that Gene is got a problem, and that it would be nice to find a solution for his problem.
But as his problem arises from a quite unsafe setting with sudo stuff of his ubuntuish CNC, I wouldn't like is that, in order to solve Gene's problem, something is done which might impair safety for everybody else, as Michele's answer might imply.
Correct. The idea is to explore a way to give the user a choice between typing the root password or run a program with something similar to sudo (tdesudo??). The solution should be such that by default the root password is required, but for those users who prefer (or have to) use sudo, an additional package should be available to overcome the "type the root password" problem.
Cheers Michele
On Sunday 20 December 2015 07:16:57 Michele Calgaro wrote:
On 12/20/2015 11:57 AM, Giuliano Colla wrote:
We can all agree that Gene is got a problem, and that it would be nice to find a solution for his problem.
But as his problem arises from a quite unsafe setting with sudo stuff of his ubuntuish CNC, I wouldn't like is that, in order to solve Gene's problem, something is done which might impair safety for everybody else, as Michele's answer might imply.
Correct. The idea is to explore a way to give the user a choice between typing the root password or run a program with something similar to sudo (tdesudo??). The solution should be such that by default the root password is required, but for those users who prefer (or have to) use sudo, an additional package should be available to overcome the "type the root password" problem.
Cheers Michele
IMO a separate package should not be needed. To that end, if the package asks for a pw, and gets the 1st users pw as a response, it should be happy and run. There is little or no difference between root and 1st user as 1st user is generally the one who originally setup the system and should know it well.
I was not aware, until this discussion, that debian did setup a root passwd, I had assumed that the buntu's inherited the sudo requirement from debian. I've one other machine that is running a 14.04 lubuntu LTS, my lappy, and you have my curiosity piqued now, so its booting. That takes a while as it seems to be convinced it must do an fsck everytime it boots, on a 100 gig drive. And that transition to sudo for everything is complete, there is not a passwd hash in the /etc/shadow file for root.
It probably needs an update session so we'll see what synaptic wants to install. 4 new packages, 52 to be upgraded. It was last done a couple weeks ago, so the packagers have been busy. Updates I see include bind9 and grub plus a grocery list of other stuff. A new kernel too IIRC.
So I am learning a bit, and now don't feel so crippled at having to use a root pw for some stuff. It was actually expected if it was pure debian.
Cheers, Gene Heskett
On Sunday 20 December 2015 15:12:17 Gene Heskett wrote:
IMO a separate package should not be needed. To that end, if the package asks for a pw, and gets the 1st users pw as a response, it should be happy and run. There is little or no difference between root and 1st user as 1st user is generally the one who originally setup the system and should know it well.
That is what Ubuntu users think, Gene. But Ubuntu is available, as is TDE for Ubuntu..
I was not aware, until this discussion, that debian did setup a root passwd, I had assumed that the buntu's inherited the sudo requirement from debian.
No, it created it and the infection is spreading into Debian, on the whole from Ubuntu users who switch. (Like you.)
I've one other machine that is running a 14.04 lubuntu LTS, my lappy, and you have my curiosity piqued now, so its booting. That takes a while as it seems to be convinced it must do an fsck everytime it boots, on a 100 gig drive. And that transition to sudo for everything is complete, there is not a passwd hash in the /etc/shadow file for root.
It probably needs an update session so we'll see what synaptic wants to install. 4 new packages, 52 to be upgraded. It was last done a couple weeks ago, so the packagers have been busy. Updates I see include bind9 and grub plus a grocery list of other stuff. A new kernel too IIRC.
So I am learning a bit, and now don't feel so crippled at having to use a root pw for some stuff. It was actually expected if it was pure debian.
Quite!! And some of us really want it. ;-)
Lisi
On Sunday 20 December 2015 10:49:56 Lisi Reisz wrote:
On Sunday 20 December 2015 15:12:17 Gene Heskett wrote:
IMO a separate package should not be needed. To that end, if the package asks for a pw, and gets the 1st users pw as a response, it should be happy and run. There is little or no difference between root and 1st user as 1st user is generally the one who originally setup the system and should know it well.
That is what Ubuntu users think, Gene. But Ubuntu is available, as is TDE for Ubuntu..
I was not aware, until this discussion, that debian did setup a root passwd, I had assumed that the buntu's inherited the sudo requirement from debian.
No, it created it and the infection is spreading into Debian, on the whole from Ubuntu users who switch. (Like you.)
I've one other machine that is running a 14.04 lubuntu LTS, my lappy, and you have my curiosity piqued now, so its booting. That takes a while as it seems to be convinced it must do an fsck everytime it boots, on a 100 gig drive. And that transition to sudo for everything is complete, there is not a passwd hash in the /etc/shadow file for root.
It probably needs an update session so we'll see what synaptic wants to install. 4 new packages, 52 to be upgraded. It was last done a couple weeks ago, so the packagers have been busy. Updates I see include bind9 and grub plus a grocery list of other stuff. A new kernel too IIRC.
So I am learning a bit, and now don't feel so crippled at having to use a root pw for some stuff. It was actually expected if it was pure debian.
Quite!! And some of us really want it. ;-)
Lisi
TBT Lisi, it has been handy here, even if I too failed to grok the reason for it years ago when the *buntu's first started it. Like most, if I set a root pw, it is going to be a considerably longer, mixed case and alphanumeric string I can remember. Let them spend a few hundred years using a dictionary attack at 10x/second being the operative theory... That MIGHT get them thru the router, but then they have to get to the machines.
Cheers, Gene Heskett
On Sunday 20 December 2015 16:13:57 Gene Heskett wrote:
Like most, if I set a root pw, it is going to be a considerably longer, mixed case and alphanumeric string I can remember.
I don't get this. Yes, I have a strong root password. But my user has no access. Your user can use his password. Do:
$ sudo -s enter user's password
and have full root privileges. Why does root's password need to be stronger, since the user has full root privileges???
Lisi
On Sunday 20 December 2015 12:27:48 Lisi Reisz wrote:
On Sunday 20 December 2015 16:13:57 Gene Heskett wrote:
Like most, if I set a root pw, it is going to be a considerably longer, mixed case and alphanumeric string I can remember.
I don't get this. Yes, I have a strong root password. But my user has no access. Your user can use his password. Do:
$ sudo -s enter user's password
and have full root privileges. Why does root's password need to be stronger, since the user has full root privileges???
Lisi
Good question Lisi, one I've yet to hear a good explanation for from the bunto folks, and I did ask a couple times in the past. Should I make the pw I use just as obtuse & long?
Cheers, Gene Heskett
On Sunday 20 December 2015 19:28:42 Gene Heskett wrote:
On Sunday 20 December 2015 12:27:48 Lisi Reisz wrote:
On Sunday 20 December 2015 16:13:57 Gene Heskett wrote:
Like most, if I set a root pw, it is going to be a considerably longer, mixed case and alphanumeric string I can remember.
I don't get this. Yes, I have a strong root password. But my user has no access. Your user can use his password. Do:
$ sudo -s enter user's password
and have full root privileges. Why does root's password need to be stronger, since the user has full root privileges???
Lisi
Good question Lisi, one I've yet to hear a good explanation for from the bunto folks, and I did ask a couple times in the past. Should I make the pw I use just as obtuse & long?
Yes!!!
Lisi
On Sunday 20 December 2015 22.19:06 Lisi Reisz wrote:
Why does root's password need to be stronger, since the user has full root privileges???
Lisi
Good question Lisi, one I've yet to hear a good explanation for from the bunto folks, and I did ask a couple times in the past. Should I make the pw I use just as obtuse & long?
Yes!!!
Lisi
While this has nothing to do with TDE, that is my main reason for sticking to the "old" user/root system. Windows users mostly don't use a superuser (although they could) because it's "complicated". Mac users "have no root", but that means that if they use an easy password (I should not say, but I can't move my wife from 654321 ...), anyone having access to their computer can turn root on and lock them out.
Same with Linux: if I can easily guess someone's user password and he has sudo rights, then sudo passwd root and sudo passwd <user>: I'm the boos and he's out.
So, as long as sudo users don't use strong password (and most I know _don't_ ), a separate root password is more secure.
Thierry
On Sunday 20 December 2015 21:32:41 Thierry de Coulon wrote:
So, as long as sudo users don't use strong password (and most I know _don't_ ), a separate root password is more secure.
I'm equally worried about the things that sudo users can and do do to themselves because it is so easy!
Lisi
Am Montag, 21. Dezember 2015 schrieb Lisi Reisz:
On Sunday 20 December 2015 21:32:41 Thierry de Coulon wrote:
So, as long as sudo users don't use strong password (and most I know _don't_ ), a separate root password is more secure.
I'm equally worried about the things that sudo users can and do do to themselves because it is so easy!
Lisi
If user can do "sudo bash" - which he can in most cases - then the whole "security improvement by sudo" is pure illusion.
Nik
On Sunday 20 December 2015 21:32:41 Thierry de Coulon wrote:
if I can easily guess someone's user password and he has sudo rights, then sudo passwd root and sudo passwd <user>: I'm the boos and he's out.
(Sorry, misquoted last time.)
I'm equally worried about the things that sudo users can and do do to themselves because it is so easy!
Lisi
So, as long as sudo users don't use strong password (and most I know _don't_ ), a separate root password is more secure.
On Sun, Dec 20, 2015 at 02:28:42PM -0500, Gene Heskett wrote:
Good question Lisi, one I've yet to hear a good explanation for from the bunto folks, and I did ask a couple times in the past. Should I make the pw I use just as obtuse & long?
That depends on what sort of threats you may face.
If you have unrestricted sudo rights, then access to your account is just as good as access to root. Possibly even more so, since your account might have access to resources on other machines that root doesn't.
Or an attacker might use an unpatched exploit to steal root access, even without sudo rights. But even without root access, access to your account alone may be valuable to the attacker.
If the attacker thinks of you as just another machine on the Internet, then they can still use your machine to (say) store files, launch attacks on others, maliciously delete or encrypt files (ransomware), send spam, go through your address books and emails looking for other accounts to attack, steal unencrypted passwords from your web browser and get access to your on-line banking, social media and "cloud"-based systems. From which they can steal your money, send spam, or launch attacks on others -- emailed malware is *much* more effective when it comes from a person you trust.
If they are specifically targetting *you*, or somebody you know, they can invade your privacy, stalk you or your friends/family, perform industrial espionage, or frame you for possession of illegal material such as child pornography or terrorist-related material. Root access not required.
Consider that attacks are not necessarily over the internet. Are you living alone, or sharing a flat with four total strangers? Do you take your computer into the shop to get repairs done? How well do you trust them?
On Sun, 20 Dec 2015 10:12:17 -0500 Gene Heskett gheskett@shentel.net wrote:
To that end, if the package asks for a pw, and gets the 1st users pw as a response, it should be happy and run. There is little or no difference between root and 1st user as 1st user is generally the one who originally setup the system and should know it well.
Don't assume that all systems are single-user desktops. Your suggested setup isn't sufficient, for instance, to handle a multi-user system that's just gotten a new administrator, as might happen in a corporate environment. Once the old admin's account is scrubbed, the original "first user" isn't there anymore, so where should the rights end up? The next user added probably wasn't the new admin, and the new admin shouldn't have to use someone else's login name.
TDE shouldn't allow behaviour that sudo doesn't (assuming that sudo is even present on the system--it's quite possible to use su only and never install sudo!), which seems to be what you're advocating here. It does have to be able to be able to authenticate via sudo with user passwords if the system accepts that behaviour in other contexts.
Regardless, I expect Michele et al. will do The Right Thing.
E. Liddell
On Sunday 20 December 2015 17:32:41 E. Liddell wrote:
To that end, if the package asks for a pw, and gets the 1st users pw as a response, it should be happy and run. There is little or no difference between root and 1st user as 1st user is generally the one who originally setup the system and should know it well.
Don't assume that all systems are single-user desktops.
And don't assume, as you clearly do, that the "first user" is the one who set up the system. This can get very confusing where one is administering someone else's machine. At least, I tend to end up very confused.
Just as you are used to Ubuntu-think, I am used to Debian think. First user is just the user you set up first - after root. ;-)
TDE shouldn't allow behaviour that sudo doesn't (assuming that sudo is even present on the system--it's quite possible to use su only and never install sudo!), which seems to be what you're advocating here. It does have to be able to be able to authenticate via sudo with user passwords if the system accepts that behaviour in other contexts.
The problem is that Gene's system is a mish-mash, with sudo a left-over from Ubuntu; and most of those of us who are using pure Debian don't want this behaviour. Michele's suggested compromise, of being able to add an extra package if you want it, appears to be a good one.
Lisi
On Sunday 20 December 2015 12:32:41 E. Liddell wrote:
On Sun, 20 Dec 2015 10:12:17 -0500
Gene Heskett gheskett@shentel.net wrote:
To that end, if the package asks for a pw, and gets the 1st users pw as a response, it should be happy and run. There is little or no difference between root and 1st user as 1st user is generally the one who originally setup the system and should know it well.
Don't assume that all systems are single-user desktops.
Here, that is precisely the case. Any other "users" are there only to separate rights, like nut and amanda.
Your suggested setup isn't sufficient, for instance, to handle a multi-user system that's just gotten a new administrator, as might happen in a corporate environment. Once the old admin's account is scrubbed, the original "first user" isn't there anymore, so where should the rights end up? The next user added probably wasn't the new admin, and the new admin shouldn't have to use someone else's login name.
Violent agreement there.
OTOH, other than rebooting single and having the new admin set both his pw, and roots, and change the username in the /etc/sudoers file if it exists, should not be locked out. The machine may have valuable data on it that would be lost if a re-install was forced. OTOH, if the new admin doesn't know how to do the above, he is not qualified to admin any *nix machine. If they need the data bad enough, they WILL find an admin that is capable of installing himself.
TDE shouldn't allow behaviour that sudo doesn't (assuming that sudo is even present on the system--it's quite possible to use su only and never install sudo!), which seems to be what you're advocating here. It does have to be able to be able to authenticate via sudo with user passwords if the system accepts that behaviour in other contexts.
Regardless, I expect Michele et al. will do The Right Thing.
E. Liddell
No arguements there as the Right Thing must include the multiuser scenario, which doesn't exist in terms of live users here. Thats my problem, not yours. All I want is consistency in applying the must use root rules. Since this is obviously a mixed system, its something I'll have to put up with in the grand scheme of things.
To unsubscribe, e-mail: trinity-users-unsubscribe@lists.pearsoncomputing.net For additional commands, e-mail: trinity-users-help@lists.pearsoncomputing.net Read list messages on the web archive: http://trinity-users.pearsoncomputing.net/ Please remember not to top-post: http://trinity.pearsoncomputing.net/mailing_lists/#top-posting
Cheers, Gene Heskett
Il 19/12/2015 14:55, Gene Heskett ha scritto:
Your idea of the word majority is miss-applied in the modern linux world. Root password usage is pretty well deprecated by most distro's today, using sudo instead, even in wheezy which is considered elderly these days.
The method suggested by Rolf Schmidt to overcome your problem demonstrates that it's something as unsafe as can be imagined. Anybody can get root privileges without a password.
Letting any user do anything just by typing sudo before a command is a rather peculiar way of implementing security, be it the old Wheezy, or the newer Ubuntu (and its siblings).
Just my 2 c.
Giuliano
On Saturday 19 December 2015 19:45:14 Giuliano Colla wrote:
Letting any user do anything just by typing sudo before a command is a rather peculiar way of implementing security, be it the old Wheezy, or the newer Ubuntu (and its siblings).
Hear, hear. I know someone who upgraded to the next version of Ubuntu from an LTS version,*by* *mistake*. Thereby kyboshing her most necessary piece of professional software.
There are indeed some convincing arguments for having sudo, with limited privileges, available in a multi user environment, but in a single user environment, where that single user has full root privileges available as sudo, it is a disaster waiting to happen.."Most people", when asked to input their password do so automatically without thinking. If asked for root's password, they do at least have to think.
Lisi
On Saturday 19 December 2015 05:21:42 Rolf Schmidt wrote:
Hi Gene
You missed the point, it demands a root pw, that on this wheezy system, does not exist, so it cannot be launched from the menu entry by any pw entered. The pw used for doing a sudo is not accepted. That was my point.
Don't put it in the menu's at all if the user cannot use his sudo to get the root rights it needs.
what happens, if you do - if you are allowed to start su from sudo:
xhost + # to allow other users to access the xserver sudo su # to become root without a password export DISPLAY=:0 # set the DISPLAY variable to access the xserver ksysv # start the wanted program
If this works, you can use the program without a password.
HTH Rolf
Would that not be considered a security hole you could drive a 65 foot refer with 88,000 lbs of swinging beef thru, on a cooked spaghetti WV/USA road? (its the only kind of roads we have here in West Virginia)
It sure would to me. But folks call me paranoid too.
Cheers, Gene Heskett
-
Dr. Nikolaus Klepp -
E. Liddell -
Gene Heskett -
Giuliano Colla -
Lisi Reisz -
Michele Calgaro -
Rolf Schmidt -
Steven D'Aprano -
Thierry de Coulon