Re: logging out a ssh-user
Hi, Matt Zimmerman wrote:
I have done this as well, as I want these bugs out of my face because the
are already fixed. 'pending' is my standard make it go away because it
has already been dealt with tag.
OK, but IMHO it's a good idea to get bugfixes out to the users reasonably
fast so that they can check if the bug really is fixed. To that end, if
you really have dealt with the bug, why not upload the package?
--
Matthias Urlichs | {M:U} IT Design @ m-u-it.de | [EMAIL PROTECTED]
Disclaimer: The quote was selected randomly. Really. | http://smurf.noris.de
--
Understanding is always the understanding of a smaller problem
in relation to a bigger problem.
-- P.D. Ouspensky
Re: logging out a ssh-user
Matthias Urlichs (2003-07-29 10:06:54 +0200) : OK, but IMHO it's a good idea to get bugfixes out to the users reasonably fast so that they can check if the bug really is fixed. To that end, if you really have dealt with the bug, why not upload the package? In my particular case (gforge), I'll have to hack around the no-binary-in-diff limitation of dpkg-source. I work in the same repository as upstream, and some images were changed. I suppose I'll have to start working on a branch to be protected from such things, but before I do that (totally unrelated) thing I can't upload a fixed package even though the bugs are fixed in the CVS. Roland. -- Roland Mas A man walks into a bar. Bang.
Re: logging out a ssh-user
Hi, Roland Mas wrote:
In my particular case (gforge), I'll have to hack around the
no-binary-in-diff limitation of dpkg-source. I work in the same
repository as upstream, and some images were changed.
Ugly. The best idea I have about that is to affix a .0.1 to the upstream
version number and to upload a new .orig.tar.gz. (Assuming that upstream
won't do a new release soon.)
--
Matthias Urlichs | {M:U} IT Design @ m-u-it.de | [EMAIL PROTECTED]
Disclaimer: The quote was selected randomly. Really. | http://smurf.noris.de
--
This neurotic pursuit of sanity is driving us all crazy.
-- Solomon Short
Re: logging out a ssh-user
On Tue, Jul 29, 2003 at 10:06:54AM +0200, Matthias Urlichs wrote: Hi, Matt Zimmerman wrote: I have done this as well, as I want these bugs out of my face because the are already fixed. 'pending' is my standard make it go away because it has already been dealt with tag. OK, but IMHO it's a good idea to get bugfixes out to the users reasonably fast so that they can check if the bug really is fixed. To that end, if you really have dealt with the bug, why not upload the package? Upstream CVS isn't always releasable immediately. I know I've dealt with #168442/#177539 in upstream CVS, for instance. However, that repository also happens to contain random other stuff which hasn't stabilized yet, and I don't think trying to backport a complete reorganization of how man handles locale encodings is a terribly stable thing to do. Thus, I want to express the fact that I've dealt with the bug for the sake of my own organization without necessarily promising to upload Real Soon Now. (Certainly I should do more work to get man-db 2.4.2 out, but to some extent that's a different matter.) Cheers, -- Colin Watson [EMAIL PROTECTED]
Re: logging out a ssh-user
On Tue, Jul 29, 2003 at 10:06:54AM +0200, Matthias Urlichs wrote: I have done this as well, as I want these bugs out of my face because the are already fixed. 'pending' is my standard make it go away because it has already been dealt with tag. OK, but IMHO it's a good idea to get bugfixes out to the users reasonably fast so that they can check if the bug really is fixed. To that end, if you really have dealt with the bug, why not upload the package? Because it is fixed in upstream CVS and I have not merged the patch into the Debian package, or because I have other changes pending which are incomplete. As others have suggested, it might be good to have a separate tag for the former situation. -- - mdz
Re: logging out a ssh-user
Hi, Matt Zimmerman wrote:
Because it is fixed in upstream CVS and I have not merged the patch into
the Debian package,
If it's fixed in the next upstream release I would also set the Upstream
tag.
or because I have other changes pending which are incomplete.
Personally, I deal with that by cvs-or-whatever-ing a new working tree, or
(for more complex changes) there's branching.
You're free to work the way you work best, of course. For me, however, a
new bug tag for long-term-pending would feel like a cheap excuse for not
being organized enough to keep my bugfixes straightened out. (Umm, I think
I need to emphasize that this is me personally, and not to be construed as
a put-down on anybody. OK?)
--
Matthias Urlichs | {M:U} IT Design @ m-u-it.de | [EMAIL PROTECTED]
Disclaimer: The quote was selected randomly. Really. | http://smurf.noris.de
--
Today is the first day of the rest of the mess.
Re: logging out a ssh-user
On Tue, Jul 29, 2003 at 02:47:38PM +0200, Matthias Urlichs wrote: Hi, Matt Zimmerman wrote: Because it is fixed in upstream CVS and I have not merged the patch into the Debian package, If it's fixed in the next upstream release I would also set the Upstream tag. The upstream tag is abused enough (especially by bug submitters) that it is practically useless at this point. or because I have other changes pending which are incomplete. Personally, I deal with that by cvs-or-whatever-ing a new working tree, or (for more complex changes) there's branching. If I am in the process of completing some medium-to-large-scale restructuring or something in my working directory, and someone reports a bug with severity = normal, I just merge in the fix and don't waste time with multiple trees or anything else. I would only bother with that sort of thing for an important bug. Branching, especially, is overkill for nearly all situations, and a maintenance headache. -- - mdz
Re: logging out a ssh-user
On Tue, Jul 29, 2003 at 02:47:38PM +0200, Matthias Urlichs wrote: Hi, Matt Zimmerman wrote: Because it is fixed in upstream CVS and I have not merged the patch into the Debian package, If it's fixed in the next upstream release I would also set the Upstream tag. The upstream tag doesn't help with filtering out uninteresting bugs from the default bug list. Marking things as forwarded does but that doesn't help with the filtering and would be a pretty gross thing to do for bugs that are pending. -- You grabbed my hand and we fell into it, like a daydream - or a fever.
Re: logging out a ssh-user
On Tue, Jul 29, 2003 at 02:47:38PM +0200, Matthias Urlichs wrote: Hi, Matt Zimmerman wrote: or because I have other changes pending which are incomplete. Personally, I deal with that by cvs-or-whatever-ing a new working tree, or (for more complex changes) there's branching. That really isn't always feasible, honestly ... in my experience, some changes are too complex to be worth backporting. It's fine for simple fixes but that doesn't cover everything. -- Colin Watson [EMAIL PROTECTED]
Re: logging out a ssh-user
On Tue, Jul 29, 2003 at 02:52:19PM +0100, Mark Brown wrote: On Tue, Jul 29, 2003 at 02:47:38PM +0200, Matthias Urlichs wrote: Hi, Matt Zimmerman wrote: Because it is fixed in upstream CVS and I have not merged the patch into the Debian package, If it's fixed in the next upstream release I would also set the Upstream tag. The upstream tag doesn't help with filtering out uninteresting bugs from the default bug list. Add 'exclude=upstream' to the URL? -- Colin Watson [EMAIL PROTECTED]
Re: logging out a ssh-user
On Tue, Jul 29, 2003 at 03:05:12PM +0100, Colin Watson wrote: On Tue, Jul 29, 2003 at 02:52:19PM +0100, Mark Brown wrote: The upstream tag doesn't help with filtering out uninteresting bugs from the default bug list. Add 'exclude=upstream' to the URL? Not really. The reason it doesn't help is that the semantics of the upstream tag aren't those that are needed for filtering out bugs that have been dealt with (which is the kind of uninteresting we're talking about here). Bugs that are worth looking at could obviously be tagged as upstream. Similarly, non-upstream bugs might be fixed in development packaging but not uploaded for whatever reason. Besides, that doesn't help the default bug list :) . -- You grabbed my hand and we fell into it, like a daydream - or a fever.
Re: logging out a ssh-user
On Tue, Jul 29, 2003 at 04:14:19PM +0100, Mark Brown wrote: On Tue, Jul 29, 2003 at 03:05:12PM +0100, Colin Watson wrote: On Tue, Jul 29, 2003 at 02:52:19PM +0100, Mark Brown wrote: The upstream tag doesn't help with filtering out uninteresting bugs from the default bug list. Add 'exclude=upstream' to the URL? Not really. The reason it doesn't help is that the semantics of the upstream tag aren't those that are needed for filtering out bugs that have been dealt with (which is the kind of uninteresting we're talking about here). Yeah, I know, but let's pretend I mean 'fixed-upstream' or some yet-to-be-added tag. Besides, that doesn't help the default bug list :) . I'm not *overly* bothered about that, to be honest ... Cheers, -- Colin Watson [EMAIL PROTECTED]
Re: logging out a ssh-user
On Tue, Jul 29, 2003 at 11:35:01AM +0200, Matthias Urlichs wrote: In my particular case (gforge), I'll have to hack around the no-binary-in-diff limitation of dpkg-source. I work in the same repository as upstream, and some images were changed. Ugly. The best idea I have about that is to affix a .0.1 to the upstream version number and to upload a new .orig.tar.gz. With a very large upstream .orig.tar.gz I would not be very popular with everyone if I did this for openoffice every time :) I added support in the dbs for openoffice to uudecode a patch file with the extension .uu before applying it. I talked to Jeff Bailey at debconf about supporting this in cdbs too. (Bug #202389) Chris pgpDAvHf3vxCQ.pgp Description: PGP signature
Re: logging out a ssh-user
On Tue, Jul 29, 2003 at 05:02:53PM +0100, Colin Watson wrote: Yeah, I know, but let's pretend I mean 'fixed-upstream' or some yet-to-be-added tag. What, you mean like the way the pending tag often seems to get used :) . Besides, that doesn't help the default bug list :) . I'm not *overly* bothered about that, to be honest ... Is there an interface for configuring the sorting order the BTS uses when displaying results? -- You grabbed my hand and we fell into it, like a daydream - or a fever.
Re: logging out a ssh-user
On Sun, Jul 27, 2003 at 04:44:44PM +0100, Colin Watson wrote: On Sun, Jul 27, 2003 at 04:45:33PM +0200, Matthias Urlichs wrote: It's also tagged pending since May... Matthew, do you need a co-maintainer for ssh? Matthew's *got* a co-maintainer for ssh, as a cursory check of the changelog would have revealed. Hello. ISTR that I tagged that bug pending because it was fixed in upstream CVS and that was a handy way to separate it out. I suppose I shouldn't do that really. I have done this as well, as I want these bugs out of my face because the are already fixed. 'pending' is my standard make it go away because it has already been dealt with tag. Maybe we need a new tag? -- - mdz
Re: logging out a ssh-user
this question really belongs on debian-user, not on debian-devel.
On Sat, Jul 26, 2003 at 07:55:28PM +0200, Dennis Stampfer wrote:
I have to log out a user who is logged in via ssh. The information that he
is not allowed to login comes from the utmp-file like the pid to kill.
if he's not allowed to login, then why not set his shell to /bin/false?
If he's logged in via telnet, I can do the job by killing that pid. That
does not work with ssh: For some reason, all what I get out of utmp is the
pid of the listening sshd which I can't kill if I don't want to disable
ssh-logins.
that would be because you're killing the wrong sshd PID.
I solved it by adding 2 to that pid to reach the child-ssh, checking if it is
sshd and owned by the user who is to be logged out. If that all is ok, I
kill that pid.
run ps and grep for the tty that he's logged in on. e.g. if he's on pts/3:
# ps aux | grep pts/3$
cas 7002 0.0 0.7 6352 1920 ?S17:00 0:00 sshd: [EMAIL
PROTECTED]/3
then kill it:
# kill -1 7002
or in one line:
# ps aux | grep pts/3$ | awk '{print $2}' | xargs kill -1
alternatively, apt-get install slay and run slay USERNAME.
craig
Re: logging out a ssh-user
* Dennis Stampfer [EMAIL PROTECTED] wrote: I have to log out a user who is logged in via ssh. , | % apt-cache show slay | [...] | Description: kills all of the user's processes | Slay provides you with a way to quickly get rid of all | processes selected user owns. Very useful if you want | to harm somebody. `
Re: logging out a ssh-user
Hi, Dennis Stampfer wrote:
If he's logged in via telnet, I can do the job by killing that pid. That
does not work with ssh: For some reason, all what I get out of utmp is
the pid of the listening sshd which I can't kill if I don't want to
disable ssh-logins.
Wrong, actually. ssh forks twice before spawning a shell (I don't know
why); the child puts its PID into utmp, and the grandchild controls the
communication and spawns the login shell.
ssh should probably enter the grandchild's PID. This might be a bug in ssh.
--
Matthias Urlichs | {M:U} IT Design @ m-u-it.de | [EMAIL PROTECTED]
Disclaimer: The quote was selected randomly. Really. | http://smurf.noris.de
--
boss, n:
According to the Oxford English Dictionary, in the Middle Ages the
words boss and botch were largely synonymous, except that boss,
in addition to meaning a supervisor of workers also meant an
ornamental stud.
Re: logging out a ssh-user
On Sun, Jul 27, 2003 at 09:47:29AM +0200, Norbert Tretkowski wrote: * Dennis Stampfer [EMAIL PROTECTED] wrote: I have to log out a user who is logged in via ssh. , | % apt-cache show slay Sure, but I can't fix a bug by saying use slay instead of this package... ;) Dennis
Re: logging out a ssh-user
On Sun, Jul 27, 2003 at 10:30:07AM +0200, Matthias Urlichs wrote: Wrong, actually. ssh forks twice before spawning a shell (I don't know why); I think it is related to the priveledge separation code. Greetings Bernd -- (OO) -- [EMAIL PROTECTED] -- ( .. ) [EMAIL PROTECTED],linux.de,debian.org} http://home.pages.de/~eckes/ o--o *plush* 2048/93600EFD [EMAIL PROTECTED] +497257930613 BE5-RIPE (OO) When cryptography is outlawed, bayl bhgynjf jvyy unir cevinpl!
Re: logging out a ssh-user
Hi, Bernd Eckenfels wrote:
On Sun, Jul 27, 2003 at 10:30:07AM +0200, Matthias Urlichs wrote:
Wrong, actually. ssh forks twice before spawning a shell (I don't know
why);
I think it is related to the priveledge separation code.
Probably. It's still a bug. #164797, actually, which is a _bit_ hard to
find among the 200 open bugs ssh has. :-/
Also at http://bugzilla.mindrot.org/show_bug.cgi?id=560 (which seems to be
unreachable at the moment).
It's also tagged pending since May... Matthew, do you need a
co-maintainer for ssh?
--
Matthias Urlichs | {M:U} IT Design @ m-u-it.de | [EMAIL PROTECTED]
Disclaimer: The quote was selected randomly. Really. | http://smurf.noris.de
--
love, n.:
When it's growing, you don't mind watering it with a few tears.
Re: logging out a ssh-user
On Sun, Jul 27, 2003 at 04:45:33PM +0200, Matthias Urlichs wrote: It's also tagged pending since May... Matthew, do you need a co-maintainer for ssh? Matthew's *got* a co-maintainer for ssh, as a cursory check of the changelog would have revealed. Hello. ISTR that I tagged that bug pending because it was fixed in upstream CVS and that was a handy way to separate it out. I suppose I shouldn't do that really. -- Colin Watson [EMAIL PROTECTED]
Re: logging out a ssh-user
On Sun, Jul 27, 2003 at 04:45:33PM +0200, Matthias Urlichs wrote: Hi, Bernd Eckenfels wrote: On Sun, Jul 27, 2003 at 10:30:07AM +0200, Matthias Urlichs wrote: Wrong, actually. ssh forks twice before spawning a shell (I don't know why); I think it is related to the priveledge separation code. Probably. It's still a bug. #164797, actually, which is a _bit_ hard to find among the 200 open bugs ssh has. :-/ Fixed in openssh 1:3.6.1p2-4, making its way through incoming now. -- Colin Watson [EMAIL PROTECTED]
Re: logging out a ssh-user
Hi, Colin Watson wrote:
Matthew's *got* a co-maintainer for ssh, as a cursory check of the
changelog would have revealed. Hello.
I checked the bug page, which says the maintainer is Matthew.
I'll remember to also check the changelog next time, thanks. (Seriously.)
Anyway, if you think it's OK to have 80 open bugs on one package (not
counting minor+wishlist) ... well, personally I wouldn't want that, but
it's your package and it seems to work reasonably well otherwise, so I
guess I'll shut up now.
ISTR that I tagged that bug pending because it was fixed in upstream CVS
and that was a handy way to separate it out. I suppose I shouldn't do
that really.
I wouldn't have said anything if the bug had noted that. In that case I
don't have a problem with a multi-week pending status.
--
Matthias Urlichs | {M:U} IT Design @ m-u-it.de | [EMAIL PROTECTED]
Disclaimer: The quote was selected randomly. Really. | http://smurf.noris.de
--
I think I'll make SCRAMBLED EGGS!! They're each in LITTLE SHELLS...
-- Zippy the Pinhead
Re: logging out a ssh-user
On Sun, Jul 27, 2003 at 08:00:05PM +0200, Matthias Urlichs wrote: Hi, Colin Watson wrote: Matthew's *got* a co-maintainer for ssh, as a cursory check of the changelog would have revealed. Hello. I checked the bug page, which says the maintainer is Matthew. Unfortunately the BTS isn't really in a position to know about Uploaders: fields at the moment. If you follow the link to the PTS you'll see a Co-Maintainers entry, though. I'll remember to also check the changelog next time, thanks. (Seriously.) Anyway, if you think it's OK to have 80 open bugs on one package (not counting minor+wishlist) ... well, personally I wouldn't want that, but it's your package and it seems to work reasonably well otherwise, so I guess I'll shut up now. I certainly don't like having that many open bugs, but since the package is being actively uploaded it would probably be more helpful if you could help triage them rather than asking about the package's maintenance ... Darren Tucker (part of OpenSSH upstream) is doing that and it's very useful. Also, openssh is one of those packages that tends to attract a lot of upstream bugs which aren't realistically fixable in Debian as well as bugs that basically can't or won't be fixed, and it's inherently rather complex too. Still, the overall bug count was more like 280 this time last year. ISTR that I tagged that bug pending because it was fixed in upstream CVS and that was a handy way to separate it out. I suppose I shouldn't do that really. I wouldn't have said anything if the bug had noted that. Darren said that it was fixed upstream in http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=164797msg=13, although I admit I wasn't very clear about why I tagged it pending. I think we probably need a 'fixed-upstream' tag or similar now that pending is more explicitly reserved for upload will happen soon. Cheers, -- Colin Watson [EMAIL PROTECTED]
Re: logging out a ssh-user
On Sun, Jul 27, 2003 at 07:45:47PM +0100, Colin Watson wrote: I admit I wasn't very clear about why I tagged it pending. I think we probably need a 'fixed-upstream' tag or similar now that pending is more explicitly reserved for upload will happen soon. I second that. Michael -- The discussion did NOT turn to a flameware, mostly because french-speaking people are really polite people, as you probably know if you have ever driven in the Paris area.. :-) -- Christian Perrier
logging out a ssh-user
Hi! I have to log out a user who is logged in via ssh. The information that he is not allowed to login comes from the utmp-file like the pid to kill. If he's logged in via telnet, I can do the job by killing that pid. That does not work with ssh: For some reason, all what I get out of utmp is the pid of the listening sshd which I can't kill if I don't want to disable ssh-logins. I solved it by adding 2 to that pid to reach the child-ssh, checking if it is sshd and owned by the user who is to be logged out. If that all is ok, I kill that pid. Well, it works, but is that reliable and secure? Will this also work after the maximum of PID is reached? The package I am talking about is timeoutd. (No bug for that) Dennis
Re: logging out a ssh-user
On Saturday 26 July 2003 19:55, Dennis Stampfer wrote: I have to log out a user who is logged in via ssh. The information that he is not allowed to login comes from the utmp-file like the pid to kill. Not sure if that helps, but 'slay' might be the proper tool for it. Uli
