Re: sudoers question

[Lee]

On 5/12/23, DdB  wrote:
> Am 13.05.2023 um 00:03 schrieb Lee:
>> On 5/12/23, Stefan Monnier  wrote:
 Or configure sudo to disable tty_tickets, so that the timeout (10
 minutes by default IIRC) applies to all terminals.
>>>
>>> `sudo bash` anyone?
>>
>> me!  me!  but I also have
> (...)
>> %adm  ALL = (root) NOPASSWD: ADM_COMMANDS
>
> Of course, there are ways to allow any/all sudo commands without
> password. And i also have to cast a warning here:
>
> The kind of mistakes, any user (including yourself) can initiate, grows
> considerably, if he can use any commands without even thinking.

In general, yes, but how much trouble can
  /usr/bin/dmesg,
  /usr/bin/apt list
  /usr/bin/apt update
  /usr/sbin/checkrestart
  /usr/sbin/needrestart
cause?

OTOH, I like the idea of logging in as root to do admin stuff.  But
that seems to be frowned on now.. I don't  know why :(   .. unless
logging?  'sudo bash' or logging in as root doesn't leave an audit
trail of commands you've done

> To my eye, as there is a huge responsability involved with using
> elevated powers, i would not want "my little brother" to accidentally
> sit in front of my computer while just trying commands at a console,
> that he may have heard of somewhere.

I gave login credentials to a 4 yr old :)  I was a bit apprehensive
when he started mashing the keyboard but I'd already tried to find all
the world-writeable files on the machine so I wasn't all _that_
worried.  I'm more concerned that I did the search wrong & missed some
thing than I am of getting a "rm -fr /" from random keyboard mashing.

> Even worse: When i found out, how to prevent sudo from asking a pwd, i
> in fact did cause a couple of bad mistakes, that the system would
> otherwise have prevented from happening (including making it
> unbootable). And it took my quite some time in order to get used to some
> kind of a routine, that keps me from having to reinstall everything from
> scratch after each mishap.
>
> So, after some time, i have become way more cautious at allowing too
> many powers to myself without thinking. And especially the OP did reveal
> some contradictory habits:
> He was asking, how to allow any sudo command without being asked for a
> password ( which means: without being controlled by the system ). On one
> hand, this could make sense under certain premises.
> OTOH, he was failing to display any kind of responsible attitude for the
> job (like as if reading logfiles was hs only interest ...).
>
> Just simply asking for help in this regard let me wonder, as i had been
> able to find out all this without even knowing about his group,
> including the relevance of sudoedit in this regard (which no one even
> mentioned).
>
> You can't have your cake and eat it too!
>
> If we (as a community) would support such a behavior, wouldn't we be
> responsible for the effecs, this entails

No.

> Would you hand out a loaded weapon to a child? (I certainly did not.)

Maybe I have?   But this is a personal/household machine so if files
get deleted I'll get to find out if my backup/restore process works as
well as I hope it does :)

At work, downtime is expensive, so I do tend to lock things down at
work.  At home I'm a lot more casual.

Regards
Lee

Re: sudoers question

[DdB]

Am 13.05.2023 um 00:03 schrieb Lee:
> On 5/12/23, Stefan Monnier  wrote:
>>> Or configure sudo to disable tty_tickets, so that the timeout (10
>>> minutes by default IIRC) applies to all terminals.
>>
>> `sudo bash` anyone?
> 
> me!  me!  but I also have
(...)
> %adm  ALL = (root) NOPASSWD: ADM_COMMANDS

Of course, there are ways to allow any/all sudo commands without
password. And i also have to cast a warning here:

The kind of mistakes, any user (including yourself) can initiate, grows
considerably, if he can use any commands without even thinking.

To my eye, as there is a huge responsability involved with using
elevated powers, i would not want "my little brother" to accidentally
sit in front of my computer while just trying commands at a console,
that he may have heard of somewhere.

Even worse: When i found out, how to prevent sudo from asking a pwd, i
in fact did cause a couple of bad mistakes, that the system would
otherwise have prevented from happening (including making it
unbootable). And it took my quite some time in order to get used to some
kind of a routine, that keps me from having to reinstall everything from
scratch after each mishap.

So, after some time, i have become way more cautious at allowing too
many powers to myself without thinking. And especially the OP did reveal
some contradictory habits:
He was asking, how to allow any sudo command without being asked for a
password ( which means: without being controlled by the system ). On one
hand, this could make sense under certain premises.
OTOH, he was failing to display any kind of responsible attitude for the
job (like as if reading logfiles was hs only interest ...).

Just simply asking for help in this regard let me wonder, as i had been
able to find out all this without even knowing about his group,
including the relevance of sudoedit in this regard (which no one even
mentioned).

You can't have your cake and eat it too!

If we (as a community) would support such a behavior, wouldn't we be
responsible for the effecs, this entails?
Would you hand out a loaded weapon to a child? (I certainly did not.)

just saying ...
good luck
DdB

Re: OT Que programa para Debian abre un fichero con extensión cbr (SOLUCIONADO)

[Abogado]

El 7/5/23 a las 1:17, José Manuel (Abogado) escribió:

Hola
Tengo unos ficheros de tebeos (comix) con extensión cbr y quisiera 
poder abrirlos para ver su contenido. Pregunto al foro por si alguno 
me puede indicar un programa que los abra en Debian. Gracias de antemano



Hola

Gracias a todos los que me contestaron por su estimable ayuda. Con 
vuestra información conseguí instalar mcomix, configurar okular para 
poder visualizar los tebeos (comix), etc.



--
Un saludo,
José Manuel
Gran Canaria/España

Si vas a escribir.. piensa en esto:
no digas nada que no sea mas precioso que el silencio!!!

Re: OT Que programa para Debian abre un fichero con extensión cbr (Agradecimientos)

[Abogado]

El 11/5/23 a las 23:47, JavierDebian escribió:



El 11/5/23 a las 12:06, José Manuel (Abogado) escribió:



El 10/5/23 a las 23:42, JavierDebian escribió:



El 10/5/23 a las 15:24, José Manuel (Abogado) escribió:

El 2023-05-09 09:48, José Manuel escribió:





Los siguientes paquetes tienen dependencias incumplidas:
python3-gi-cairo : Depende: python3-gi (= 3.38.0-2) pero 
3.42.1-1+b1 va a ser instalado
   Depende: python3 (< 3.10) pero 3.10.5-3 va a 
ser instalado
E: No se pudieron corregir los problemas, usted ha retenido 
paquetes rotos.


:/$ sudo apt -f install
Leyendo lista de paquetes... Hecho
Creando árbol de dependencias... Hecho
Leyendo la información de estado... Hecho
0 actualizados, 0 nuevos se instalarán, 0 para eliminar y 4 no 
actualizados.


:/$



# apt purge *python*
# apt autorermove --purge

y con ello quitas TODO python que pueda estar generando problemas.

Toma nota de qué otras cosas pueden desinstalarse y que te interese 
mantener, para luego, volver a instalarlas.


Luego, instala mcomix.

Luego, vuelves a instalar los programas que pueden haberse 
desinstalado.



Me llama MUCHÍSIMO la atención que teniendo un Debian "bulleyes" 
tengas esos problema con un programa tan simple como mcomix.
Como que me huele que has instalado Python de www.python.org o de 
algún repositorio ppa raro de *buntu, y tienes un "FrankenDebian" en 
tus manos.

O tienen los "backports" con prioridad alta.


Esta parte no me cierra:
python3-gi-cairo : Depende: python3-gi (= 3.38.0-2) pero 3.42.1-1+b1 
va a ser instalado
   Depende: python3 (< 3.10) pero 3.10.5-3 va a ser 
instalado


Si te fijas en las dependencias de mcomix 
https://packages.debian.org/bullseye/mcomix, verás que depende de 
python3-gi (= 3.38.0-2), pero por alguna razón tienes un repositorio 
smartd

apuntando a 3.42.1-1+b1.
Creería que tienes habilitados los "backports" en 
/etc/apt/preferences con una prioridad más alta que los archivos 
normales.


Te recomiendo:
1 - Purgar python.
2 - Asegurarte de no tener algún repositorio estrambótico activado.
3 - Configurar las preferencias de "apt pinning" en forma correcta.

Saludos.

JAP


Holasmartd

Gracias Javier por contestar y por la información.

Revisando el sources.list si tengo habilitado los backports , ya que 
soy fotógrafo aficionado y proceso mis fotografías con Darktable y 
GIMP. En stable es una versión antigua y para poner la más reciente 
debo ir o a backports o testing.

Debian en estos programas esta muy retrasada.

En el fichero preferences tengo esto:
Package: *
Pin: release a=stable
Pin-Priority: 900

Package: *
Pin: release a=testing
Pin-Priority: 600

En la carpeta preferences.d esta vacía.

Con respecto a python, no sé que ficheros que tengo tengo que 
mantener si realizó un -purge





Voy a tratar de ser escueto y claro.
Veo tu archivo "preferences"

Tu problema con mcomix-stable es que depende de paquetes de python de 
stable.


Tenés dos opciones: pasar todo a stable o instalar mcomix de testing.

La segunda es la más rápida:

# apt install mcomix -t testing


La primera, es más engorrosa, pero sería lo que yo haría, y es lo que 
ya te comenté de purgar python instalado desde los backports o 
testing; el apt-pinning es lindo en teoría. Mezclar ramas SIEMPRE trae 
problemas.
Mezclar con testing tiene problemitas, mezclar con sid es para 
jugar a hacer desastres.



Prueba con la siguiente instrucción

# apt list --installed | grep testing

para ver qué tienes instalado de testing dentro de stable, y si te 
conviene mantenerlo en esa rama.


Personalmente, desde 2005 hasta 2012, usaba testing, pues en ese 
tiempo era muy diferente lo que había en una rama y en la otra.

Desde el 2013 a hoy, uso stable.
Y sobre todo desde 2019, en que el sistema tiene un RAID-5 montado, no 
quiero sorpresas.


Si tanto necesitas los backports, arma el sistema competo en testing, 
pero atiénete a las consecuencias.


JAP


Hola Javier

Gracias por la ayuda

--
Un saludo,
José Manuel
Gran Canaria/España

Si vas a escribir.. piensa en esto:
no digas nada que no sea mas precioso que el silencio!!!

Re: sudoers question

[Lee]

On 5/12/23, Stefan Monnier  wrote:
>> Or configure sudo to disable tty_tickets, so that the timeout (10
>> minutes by default IIRC) applies to all terminals.
>
> `sudo bash` anyone?

me!  me!  but I also have
# cat /etc/sudoers.d/adm-grp-privs
# members of adm can run certain commands as root without supplying
# a password
#   Andrei POPESCU  Sun, Dec 5, 2021 at 10:46 AM
#   To: debian-user@lists.debian.org
#   Re: Don't try this at home kids

Cmnd_AliasADM_COMMANDS = /usr/bin/dmesg, \
 /usr/bin/apt list, \
 /usr/bin/apt update, \
 /usr/sbin/checkrestart, \
 /usr/sbin/needrestart, \
 /usr/sbin/reboot

%adm  ALL = (root) NOPASSWD: ADM_COMMANDS

Regards
Lee

Re: :Re: repeat of previous question thathasgoneunansweredseveraltimes.

[Vincent Lefevre]

On 2023-05-12 12:08:33 -0400, gene heskett wrote:
> On 5/12/23 07:41, Vincent Lefevre wrote:
> > On 2023-05-12 06:23:56 -0400, gene heskett wrote:
> > > I'm confused. There is not anything wrong with this machine as a Server.
> > > ALL of this muttering and bitching has been because bookworm clients did 
> > > NOT
> > > work. buster clients work great.
> > > 
> > > How many times do I have to say it is/was a CLIENT problem that only 
> > > exists
> > > for BOOKWORM clients.  The elephant in the room that most have ignored.
> > 
> > But you said that the problem was "solved" by modifying a setting
> > corresponding to the Listen directives (in /etc/cups/cupsd.conf).
> > These directives concern the *server* only.
> > 
> Oh, then how does one tell the CLIENT to even use the SERVER?

I'm not sure what you mean by "use". In the past, I had the following
lines in the /etc/cups/client.conf file of the machine at my lab:

ServerName liqqs.lip.ens-lyon.fr:443
Encryption Required
ValidateCerts Yes

The first line is to tell which server to use, and the other lines
for security. This way of doing means that everything is configured
on the server.

This has been deprecated at my lab, and now, the printers need to be
configured directly on the client side. In case you want something
like that, AFAIK, there are 2 solutions:

Manual: something like
  lpadmin -p  -v  [ -E ] -m everywhere -L 

Automatic with the cups-browsed package:

Description: OpenPrinting CUPS Filters - cups-browsed
 This package provides cups-browsed, a daemon which browses the Bonjour
 broadcasts of shared remote CUPS printers and makes the printers
 available locally, replacing the CUPS broadcasting/browsing which was
 dropped in CUPS 1.6.x. This way the old behavior of having the remote
 printers available automatically is now re-implemented with Bonjour.

(However, it appears that because of that, on my laptop, I now have
dozens of ghost printers, and this is annoying.)

> It is 100% a "cannot assign requested address error" on the bpi51 as logged
> in/var/log/cups/error_log:
> 
> E [12/May/2023:10:32:20 -0500] Unable to open listen socket for address
> 192.168.71.3:631 - Cannot assign requested address.
> E [12/May/2023:10:34:45 -0500] Unable to open listen socket for address
> [v1.::1]:631 - Cannot assign requested address.

I suppose that this is because you already have a server that is
already running and listening on these ports. Or you started the
server too soon after the old one terminated.

> Where its getting the ipv6 addy is a mystery

::1 is the IPv6 loopback. Perhaps listening on it is the default
(this makes sense), and perhaps even if it isn't setup (as this
is unusual).

-- 
Vincent Lefèvre  - Web: 
100% accessible validated (X)HTML - Blog: 
Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)

Re: Re : Re: Bookworm ou pas ?

[Bureau LxVx]

Merci pour ces "détails" de la syntaxe.

Mon install étant "propre" (sur nouveau disque) je n'aurai pas de 
résidus de la config antérieure :-D.


De mémoire, je crois "à vérifier" ... que les les backports 
"n'arriveront " qu’après la sortie officielle.



Le 12/05/2023 à 12:46, benoit a écrit :
Le vendredi 12 mai 2023 à 12:27, Bureau LxVx 
 a écrit :



super ! Merci à chacun pour sa réponse "rassurante" ;-)

Autre question : qu'en sera-t-il du sources.list quand la Deb 12 sera 
devenue officielle ?
Quelle modif à faire pour être sûre que le sources.list corresponde 
bien à la stable ?


Du coup, "la liste, corrigez moi si je me trompe, je vais le faire 
aussi" la syntaxe du /etc/apt/sources.list


#deb https://deb.debian.org/debian/ bookworm main contrib
#deb https://deb.debian.org/debian/ bookworm-updates main contrib
#deb http://security.debian.org/debian-security/ bookworm-security 
main contrib


C'est en commentaire, car, comme dit précédemment sur la liste, j'ai 
eu des soucis (qui je crois son liés à mon install/config actuel de 
stable). mais je vais essayer une nouvelle install plutôt qu'une mise 
à jour.


--
Benoit

Re: Bookworm ou pas ?

[Bureau LxVx]

Merci de cette réponse qui rappelle à la prudence selon l'usage de la 
machine qui ne sera pas un serveur.


Quant aux sauvegardes, je les pratique très régulièrement et sur 
plusieurs supports avec FreeFile Sync en Gui (libre et très performant)


Belle soirée.

Sylvie

Le 12/05/2023 à 11:53, Basile Starynkevitch a écrit :



On 5/12/23 11:42, Bureau LxVx wrote:

Bonjour,

Je dois changer mon ssd qui devient "trop étroit" au niveau /

La Debian 12 arrive très prochainement. Habituellement, j'attends 
quelques mois avant de migrer (install propre).


Si j'installe cette testing avant sa sortie officielle, quels risques 
"majeurs" ?


Sylvie



Aucun risque sérieux, sauf si l'ordinateur en question est un serveur 
pour des applications critiques.


Dans ce dernier cas, vous suivez forcément des normes lourdes (ISO9001 
et ISO27001) qui vous obligent à des procédures et des approbations 
tierces, et donc devraient vous convrir.



N'oubliez pas qu'un disque SSD (quel que soit le système 
d'exploitation) peut tomber en panne. Donc il vous faut sauvegarder 
les données importantes (je suggère une sauvegarde par crontab et 
rsync distant du /etc/ et du /home)



Librement


--
Basile Starynkevitch
(only mine opinions / les opinions sont miennes uniquement)
92340 Bourg-la-Reine, France
web page: starynkevitch.net/Basile/

Re: SOLVED:Re: repeat of previous question thathasgoneunansweredseveraltimes.

[gene heskett]

On 5/12/23 14:45, Brian wrote:

On Fri 12 May 2023 at 06:23:56 -0400, gene heskett wrote:

[...]


I'm confused. There is not anything wrong with this machine as a Server.
ALL of this muttering and bitching has been because bookworm clients did NOT
work. buster clients work great.


"work(s)" is such vague term. I guess working and non-working are references
to

  > All of my bullseye machines are locked out, printer screen at
  > localhost:631 is empty, and no printers can be found and added


How many times do I have to say it is/was a CLIENT problem that only exists
for BOOKWORM clients.  The elephant in the room that most have ignored.


THe issue has been fully dealt with. In short:

   No local printers leads to an empty localhost:631 and 'lpstat -t'.

THere isn't any issue whatsoever. You seem very reluctant to incorporate this
basic fact into your thinking. THe room is empty.

May we have 'lpstat -t' from a buster machine that is not bpi54?


This is buster, running a milling machine in the garage

gene@GO704:~$ lpstat -t
scheduler is running
no system default destination
device for Brother_HL_L2320D_series_coyote: 
implicitclass://Brother_HL_L2320D_series_coyote/

device for Brother_MFC_J6920DW: ipp://BRN30055C8A2DC8.local:631/ipp/print
device for Brother_MFC_J6920DW_coyote: 
implicitclass://Brother_MFC_J6920DW_coyote/

device for HLL2320D_coyote: implicitclass://HLL2320D_coyote/
device for MFCJ6920DW_tray_2_coyote: ///dev/null
Brother_HL_L2320D_series_coyote accepting requests since Fri 12 May 2023 
12:00:02 AM EDT

Brother_MFC_J6920DW accepting requests since Fri 12 May 2023 12:00:02 AM EDT
Brother_MFC_J6920DW_coyote accepting requests since Fri 12 May 2023 
12:00:02 AM EDT

HLL2320D_coyote accepting requests since Fri 12 May 2023 12:00:02 AM EDT
MFCJ6920DW_tray_2_coyote not accepting requests since Wed 03 May 2023 
12:00:02 AM EDT -

reason unknown
printer Brother_HL_L2320D_series_coyote is idle.  enabled since Fri 12 
May 2023 12:00:02 AM EDT
printer Brother_MFC_J6920DW is idle.  enabled since Fri 12 May 2023 
12:00:02 AM EDT
printer Brother_MFC_J6920DW_coyote is idle.  enabled since Fri 12 May 
2023 12:00:02 AM EDT
printer HLL2320D_coyote is idle.  enabled since Fri 12 May 2023 12:00:02 
AM EDT
printer MFCJ6920DW_tray_2_coyote disabled since Wed 03 May 2023 12:00:02 
AM EDT -

reason unknown

this is another gantry style machine:
gene@sixty40:~$ lpstat -t
scheduler is running
no system default destination
device for Brother_HL_L2320D_series_coyote: ///dev/null
device for Brother_MFC_J6920DW: ipp://BRN30055C8A2DC8.local:631/ipp/print
device for Brother_MFC_J6920DW_coyote: ///dev/null
Brother_HL_L2320D_series_coyote not accepting requests since Sun 23 Apr 
2023 12:00:03 AM EDT -

reason unknown
Brother_MFC_J6920DW accepting requests since Fri 12 May 2023 12:00:14 AM EDT
Brother_MFC_J6920DW_coyote not accepting requests since Thu 20 Apr 2023 
12:00:03 AM EDT -

reason unknown
printer Brother_HL_L2320D_series_coyote disabled since Sun 23 Apr 2023 
12:00:03 AM EDT -

reason unknown
printer Brother_MFC_J6920DW is idle.  enabled since Fri 12 May 2023 
12:00:14 AM EDT
printer Brother_MFC_J6920DW_coyote disabled since Thu 20 Apr 2023 
12:00:03 AM EDT -

reason unknown

and this is an rpi4b running a 1500 lb lathe:
pi@rpi4:~ $ lpstat -t
scheduler is running
no system default destination
device for Brother_HL-L2320D_series: 
usb://Brother/HL-L2320D%20series?serial=U63877H0N346913
device for Brother_MFC-J6920DW_photo: 
usb://Brother/MFC-J6920DW?serial=BROG5F229909

device for MFCJ6920DW: usb://Brother/MFC-J6920DW?serial=BROG5F229909
Brother_HL-L2320D_series accepting requests since Tue 09 May 2023 
05:23:01 PM EDT
Brother_MFC-J6920DW_photo accepting requests since Thu 30 Mar 2023 
09:16:43 AM EDT

MFCJ6920DW accepting requests since Sun 26 Mar 2023 03:30:13 PM EDT
printer Brother_HL-L2320D_series is idle.  enabled since Tue 09 May 2023 
05:23:01 PM EDT
printer Brother_MFC-J6920DW_photo is idle.  enabled since Thu 30 Mar 
2023 09:16:43 AM EDT

printer MFCJ6920DW is idle.  enabled since Sun 26 Mar 2023 03:30:13 PM EDT

there is a 2nd smaller lathe in a shed in the upper rear corner of the 
place that has been kept uptodate but is in the middle of a hardware 
update for linuxcnc, and its a suprise:


gene@TLM:~$ lpstat -t
scheduler is not running
no system default destination
lpstat: Bad file descriptor
lpstat: Bad file descriptor
lpstat: Bad file descriptor
lpstat: Bad file descriptor
lpstat: Bad file descriptor

but cups is not installed, its missing from .etc/init.d, rebooting 
didn't change.

machine updates and cups and friends installed:
gene@TLM:~$ lpstat -t
scheduler is running
no system default destination
device for Brother_HL_L2320D_series_coyote: 
implicitclass://Brother_HL_L2320D_series_coyote/

device for Brother_MFC_J6920DW: ipp://BRN30055C8A2DC8.local:631/ipp/print
device for Brother_MFC_J6920DW_coyote: 

Re: Liste

[Jean-François Bachelet]

Sincères condoléances.

jeff

Le 12/05/2023 à 10:50, r.briquet a écrit :





Envoyé depuis mon appareil Galaxy
Merci de retirer Jacques Briquet de votre liste qui malheureusement 
est décédé

Re: EPSON ET M 1120 new printer: If You can read this, you are using the wrong driver

[chris]

SUCCESS

On Fri, May 12, 2023, 1:41 PM Schwibinger Michael  wrote:

>
> Good afternoon
>
> I ll give the paper to a friend.
> He is owning a scanner.
> He ll scan it and I ll send it to the group.
>
> Thank You for help.
>
> Regards
> Sophie
> Thank You
>
>
> --
> *Von:* Greg Wooledge 
> *Gesendet:* Sonntag, 7. Mai 2023 12:51
> *An:* debian-user@lists.debian.org 
> *Betreff:* Re: EPSON ET M 1120 new printer: If You can read this, you are
> using the wrong driver
>
> On Sun, May 07, 2023 at 09:26:33AM +, Schwibinger Michael wrote:
> > There are some other messages from the printer.
> >
> > Are they important?
>
> How on earth would we know whether the messages are important without
> seeing them?
>
> This is why nobody is offering you any more help.  You are presenting
> yourself as either a troll, or as someone who is so fundamentally
> incompetent that helping you is impossible.
>
> Do you want my advice?  Go find a local Linux users group, and ask them
> what kind of printers they're using.  Then buy one of THOSE printers,
> and have the Linux users group help you set it up.
>
>

AW: EPSON ET M 1120 new printer: If You can read this, you are using the wrong driver

[Schwibinger Michael]

Good afternoon

I ll give the paper to a friend.
He is owning a scanner.
He ll scan it and I ll send it to the group.

Thank You for help.

Regards
Sophie
Thank You



Von: Greg Wooledge 
Gesendet: Sonntag, 7. Mai 2023 12:51
An: debian-user@lists.debian.org 
Betreff: Re: EPSON ET M 1120 new printer: If You can read this, you are using 
the wrong driver

On Sun, May 07, 2023 at 09:26:33AM +, Schwibinger Michael wrote:
> There are some other messages from the printer.
>
> Are they important?

How on earth would we know whether the messages are important without
seeing them?

This is why nobody is offering you any more help.  You are presenting
yourself as either a troll, or as someone who is so fundamentally
incompetent that helping you is impossible.

Do you want my advice?  Go find a local Linux users group, and ask them
what kind of printers they're using.  Then buy one of THOSE printers,
and have the Linux users group help you set it up.

Re: Debian Linux 11 erro

[Andre AE]

Parecem dois problemas separados:

1. Tela preta / sem interface gráfica após instalação. Isso ocorre com algumas 
placas mais antigas. Eu sei, porque ocorre muito comigo (Nvidia). Pesquise na 
internet sobre como informar "nomodeset" no GRUB. Isso _provavelmente_ vai te 
dar acesso a interface gráfica, ainda que em baixa resolução, e daí veja se 
instalação de drivers non-free resolvem o seu problema de vídeo.

2. O erro de arquivo não encontrado e não ser possível travar. Pode ser 
relacionado ao seu problema, pode não ser. Pode ser um erro só (não dá para 
travar em pasta ou arquivo inexistente). Mas uma coisa que você pode ver é 
logar em um terminal normal (Ctrl+Alt+F1 ou F2), e pesquisar no seu computador 
(com os comandos cd e ls) se a pasta existe.

Execute o seguinte comando, para ver se a pasta existe no seu computador, e com 
qual conteúdo:

ls -lha /var/lib/dpkg

Se não existir a pasta, é possível criar usando como base o modelo de uma 
pessoa que tenha... Mas isso provavelmente não é causa principal do problema de 
falta de tela após a instalação.

André

Re: [1/2HS] Serveur Debian Postfix+Dovecot en mode Docker

[ajh-valmer]

On Friday 12 May 2023 15:28:27 Fab wrote:
> Si tu utilises docker-compose, il faut bien veiller à indiquer les 
> réseaux que ton container postfix+dovecot doit attaquer dans le 
> paragraphe "networks:"
 
Je n'utilises pas "docker-compose" mais "docker-file".

> Pour mon info, tu utilises une BdD pour quoi faire ? :

Pour stocker tous les mails du domaine concerné.
(sinon ça marche pas du tout).

Re: SOLVED:Re: repeat of previous question thathasgoneunansweredseveraltimes.

[gene heskett]

On 5/12/23 07:49, Vincent Lefevre wrote:

nmap -p 631 localhost


had to install 5 pkgs to get it, but:
gene@bpi51:~/src/cups-master$ nmap -p 631 localhost
Starting Nmap 7.80 ( https://nmap.org ) at 2023-05-12 11:10 -05
Nmap scan report for localhost (127.0.0.1)
Host is up (0.00030s latency).

PORTSTATE SERVICE
631/tcp open  ipp

Nmap done: 1 IP address (1 host up) scanned in 0.12 seconds
gene@bpi51:~/src/cups-master$ nmap -p 631 192.168.nn.y
Starting Nmap 7.80 ( https://nmap.org ) at 2023-05-12 11:11 -05
Nmap scan report for coyote.coyote.den (192.168.nn.y)
Host is up (0.00073s latency).

PORTSTATE SERVICE
631/tcp open  ipp

Nmap done: 1 IP address (1 host up) scanned in 0.13 seconds
ditto for machines name, so the host file is working.

Next?

Cheers, Geneh Heskett.
--
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author, 1940)
If we desire respect for the law, we must first make the law respectable.
 - Louis D. Brandeis
Genes Web page 

Re: sudoers question

[Curt]

On 2023-05-12, Tom Reed  wrote:
>> Tom Reed (12023-05-12):
>>> otherwise every time i have to input password for sudo.
>>
>> Yes, that is the point.
>>
>> If “every time” is a lot for you, maybe your use habits need to be
>> reviewed.
>>
>
> that's normal. for example, I have to check every kind of logs (mail,
> webserver, systems etc). They require sudo then.
>
> regards
>
>

Certain people here who don't use sudo on single human user systems used
to say they'd keep a root terminal open at all times (with some kind of
cautionary reddish prompt to remind them of the inherent power) for
convenient switching to administrative work.

That's if you have no cat or child or other malicious creature in the
vicinity, of course.

:Re: repeat of previous question thathasgoneunansweredseveraltimes.

[gene heskett]

On 5/12/23 07:41, Vincent Lefevre wrote:

On 2023-05-12 06:23:56 -0400, gene heskett wrote:

I'm confused. There is not anything wrong with this machine as a Server.
ALL of this muttering and bitching has been because bookworm clients did NOT
work. buster clients work great.

How many times do I have to say it is/was a CLIENT problem that only exists
for BOOKWORM clients.  The elephant in the room that most have ignored.


But you said that the problem was "solved" by modifying a setting
corresponding to the Listen directives (in /etc/cups/cupsd.conf).
These directives concern the *server* only.

Oh, then how does one tell the CLIENT to even use the SERVER? That 
statement, added to a created CLIENT.CONF, is not sufficient, Been tried 
many times. It does log a lack of auth, also reported here. Is that the 
real problem? The lack of any tracing info in the log, even at debug2 
level reporting is a huge hindrance to intelligent trouble shooting.



I suspect that your problem was solved for another reason (e.g.
something else occurred on the network in the mean time, or some
config was reloaded at the right time, possibly as a consequence
of your testing). Or perhaps it is not solved at all and could
reappear in the future (that's why it would be interesting to
know the real cause of the problem).


copied new cup-master.zip to the bpi51
unpacked it to cups-master in ~/gene/src
./configure --with-tls=no, no show-stoppers.
make no-show stoppers
make test, failed for 2 functions
the report said at one place it got 34 errors but only expected 33
I didn't install

Back to the apple version installed, what fixed the bpi54 ddoes not fix 
the bpi51, so Vincent was right to be concerned


It is 100% a "cannot assign requested address error" on the bpi51 as 
logged in/var/log/cups/error_log:


E [12/May/2023:10:32:20 -0500] Unable to open listen socket for address 
192.168.71.3:631 - Cannot assign requested address.
E [12/May/2023:10:34:45 -0500] Unable to open listen socket for address 
[v1.::1]:631 - Cannot assign requested address.


Where its getting the ipv6 addy is a mystery

ip a:
gene@bpi51:~/src/cups-master$ ip a
1: lo:  mtu 65536 qdisc noqueue state UNKNOWN 
group default qlen 1000

link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
   valid_lft forever preferred_lft forever
2: eth0:  mtu 1500 qdisc mq state UP 
group default qlen 1000
link/ether ae:c8:46:2e:6b:6b brd ff:ff:ff:ff:ff:ff permaddr 
da:0e:c7:cf:52:52

inet 192.168.nn.y/24 brd 192.168.nn.255 scope global noprefixroute eth0
   valid_lft forever preferred_lft forever

ip r:
gene@bpi51:~/src/cups-master$ ip r
default via 192.168.nn.y dev eth0 proto static metric 100
169.254.0.0/16 dev eth0 scope link metric 1000
192.168.nn.y/24 dev eth0 proto kernel scope link src 192.168.nn.y metric 
100


So, how can we proceed?

Cheers, Gene Heskett.
--
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author, 1940)
If we desire respect for the law, we must first make the law respectable.
 - Louis D. Brandeis
Genes Web page 

Re: sudoers question

[tomas]

On Fri, May 12, 2023 at 05:46:21PM +0200, Michel Verdier wrote:
> Le 12 mai 2023 Stefan Monnier a écrit :
> 
> >> Or configure sudo to disable tty_tickets, so that the timeout (10
> >> minutes by default IIRC) applies to all terminals.
> >
> > `sudo bash` anyone?
> 
> also quicker done with
> su -

But not the same.

Cheers
-- 
t


signature.asc
Description: PGP signature

Re: sudoers question

[Michel Verdier]

Le 12 mai 2023 Stefan Monnier a écrit :

>> Or configure sudo to disable tty_tickets, so that the timeout (10
>> minutes by default IIRC) applies to all terminals.
>
> `sudo bash` anyone?

also quicker done with
su -

Re: sudoers question

[Max Nikulin]

On 12/05/2023 21:00, Byung-Hee HWANG (황병희) wrote:

On Fri, 2023-05-12 at 08:25 -0400, Stefan Monnier wrote:


`sudo bash` anyone?


AMAZING! Thanks for tip, Stefan ^^^


Isn't it a way to get e.g. ~/.bash_history owned by root?

sudo -i

should be better

Re: sudoers question

[황병희]

Hi Stefan,

On Fri, 2023-05-12 at 08:25 -0400, Stefan Monnier wrote:
> > Or configure sudo to disable tty_tickets, so that the timeout (10
> > minutes by default IIRC) applies to all terminals.
> 
> `sudo bash` anyone?
> 

AMAZING! Thanks for tip, Stefan ^^^


Sincerely, Byung-Hee

-- 
^고맙습니다 _布德天下_ 감사합니다_^))//

Re: [1/2HS] Serveur Debian Postfix + Dovecot en mode Docker

[Fab]

hello,

Si tu utilises docker-compose, il faut bien veiller à indiquer les 
réseaux que ton container postfix+dovecot doit attaquer dans le 
paragraphe "networks:"


Pour mon info, tu utilises une BdD pour quoi faire ?

Mes 2 cts,

f.



Le 12/05/2023 à 15:07, ajh-valmer a écrit :

Bonjour,

J'ai migré un serveur sous Debian dont tous les services marchaient
parfaitement, vers un autre serveur chez OVH.
J'ai voulu moderniser, en mettant les bases de données dans un container,
et Postfix + Dovecot dans un 2ème container.
Et là, le serveur de messagerie ne fonctionne plus du tout, POP et SMTP.
Le fichier de log indique "Dovecot : acces denied".
Peut-être qu'un membre de la liste a une meilleure connaissance et expérience
que moi et pourrait m'aider.

Merci d'avance d'une aide, d'une piste de dépannage.
Bonne journée,
A. Valmer

[1/2HS] Serveur Debian Postfix + Dovecot en mode Docker

[ajh-valmer]

Bonjour,

J'ai migré un serveur sous Debian dont tous les services marchaient 
parfaitement, vers un autre serveur chez OVH.
J'ai voulu moderniser, en mettant les bases de données dans un container, 
et Postfix + Dovecot dans un 2ème container.
Et là, le serveur de messagerie ne fonctionne plus du tout, POP et SMTP.
Le fichier de log indique "Dovecot : acces denied".
Peut-être qu'un membre de la liste a une meilleure connaissance et expérience
que moi et pourrait m'aider.

Merci d'avance d'une aide, d'une piste de dépannage.
Bonne journée,
A. Valmer

Re: Installation de Bookworm

[didier gaumet]

Le 12/05/2023 à 12:58, benoit a écrit :

Bonjour à toutes et tous,

Est-il préférable de télécharger et utiliser l'image
[ISO] 
	debian-testing-amd64-netinst.iso 


Ou la stable et passer en testing dès que l'installation de base est 
terminée ?


« La manière la plus fiable pour installer « testing » à partir de rien 
est de réaliser une installation minimale avec l'installateur de « 
stable », puis de mettre à niveau vers « testing » à partir de « stable 
» (voir plus bas). »

Cf.
https://wiki.debian.org/fr/DebianTesting 



Ca me paraît étrange comme recommandation...

--
Benoit

Envoyé avec la messagerie sécurisée Proton Mail. 


en fait ça te paraît étrange en ce moment parce que Testing aujourd'hui 
est en hard freeze et proche de la date de publication de la prochaine 
version, donc l'installateur de Testing doit fonctionner 
quasi-parfaitement (je suppose) et les paquets disponibles dans les 
dépôts de Testing doivent être nombreux et de qualité.


Mais projette-toi dans deux mois, Testing représentera les efforts pour 
construire une Debian 13 vagissante, plein de paquets manqueront en 
testing, et les paquets présents dans Testing comporteront sûrement plus 
de bugs car ils seront dans une phase de translation ordinaire depuis 
Unstable, pas dans une phase de recette de la future Stable et de chasse 
aux bugs comme actuellement.


Donc installer Testing à partir de Stable permet de partir d'une base 
connue et fonctionnelle. Alors qu'à certains moments des paquets 
essentiels de Testing (dans l'installateur lui-même ou dans les dépôts) 
seront complètement en vrac, inexploitables (exemple l'installateur se 
plante dès le lancement).


C'est un peu le même phénomène avec Unstable: si tu l'installes 
aujourd'hui, vu que grosso-modo elle représente un instantané de la 
future Stable (Bookworm), tu vas te dire"finalement on fait tout un plat 
mais Unstable(Sid) ça marche bien et c'est facile à gérer).
Et dès le 10 juin, si tu n'est pas discipliné et précautionneux, tu vas 
comprendre ta douleur ;-)
parce qu'aujourd'hui Unstable c'est presque Stable prochaine génération, 
bien rôdé, donc une distrib' classique, alors qu'après le 10 juin ça 
redevient une distribution de test de type rolling release.

Re: ssh-keygen as a regular user

[Eduardo M KALINOWSKI]

On 12/05/2023 09:36, Vincent Lefevre wrote:

On 2023-05-12 18:23:41 +0800, jeremy ardley wrote:

cd

mkdir .ssh

chmod 700 .ssh

ssh-keygen


Is there any reason why ssh-keygen doesn't create a .ssh directory
(with the right permissions) if it doesn't exist yet?


It does, and even let's you know it did:

$ ssh-keygen 
  Generating public/private 
rsa key pair.

Enter file in which to save the key (/home/ekalin/.ssh/id_rsa):
Created directory '/home/ekalin/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /home/ekalin/.ssh/id_rsa
Your public key has been saved in /home/ekalin/.ssh/id_rsa.pub
...

--
 no BSD fans ?
 Elric: it's hard to be a gamer and a bsd fan :p

Eduardo M KALINOWSKI
edua...@kalinowski.com.br

Re: ssh-keygen as a regular user

[Vincent Lefevre]

On 2023-05-12 18:23:41 +0800, jeremy ardley wrote:
> cd
> 
> mkdir .ssh
> 
> chmod 700 .ssh
> 
> ssh-keygen

Is there any reason why ssh-keygen doesn't create a .ssh directory
(with the right permissions) if it doesn't exist yet?

-- 
Vincent Lefèvre  - Web: 
100% accessible validated (X)HTML - Blog: 
Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)

Re: sudoers question

[Michel Verdier]

Le 12 mai 2023 Tom Reed a écrit :

> that's normal. for example, I have to check every kind of logs (mail,
> webserver, systems etc). They require sudo then.

Logs are with adm gid, so just add your user to the group adm to be able
to consult logs.

Re: Bookworm ou pas ?

[didier gaumet]

Le 12/05/2023 à 12:27, Bureau LxVx a écrit :
[...]
Autre question : qu'en sera-t-il du sources.list quand la  Deb 12 sera 
devenue officielle ?
Quelle modif à faire pour être sûre que le sources.list corresponde bien 
à la stable ?


Benoit et Charles t'ont déjà répondu: simplement mentionner bookworm.

par contre je te réponds pour expliciter vu qu'apparemment tu souhaites 
suivre stable:


 en fait supposons que tu mentionnes "stable" dans ton sources.list,
1) aujourd'hui Bullseye est la version stable
2) le 10 juin (normalement) Bookworm devient la version stable, Bullyeye 
devient la version oldstable
3) Si à partir de cette date, soit tu fais un apt upgrade, soit 
unattended-upgrades (ou un truc du même genre) est installé et configuré 
(a priori c'est comme ça par défaut depuis Debian 9), tu vas te 
retrouver avec une distribution bancale, du Bookworm incomplet avec des 
bouts de Bullseye
4) parce qu'une mise à jour majeure (exemple Debian Bullseye vers 
Bookworm) se fait en plusieurs étapes précises et est initiée 
manuellement, pas automatiquement.
cf 
https://www.debian.org/releases/bookworm/amd64/release-notes/ch-upgrading.fr.html

Re: sudoers question

[Nicolas George]

Stefan Monnier (12023-05-12):
> `sudo bash` anyone?

Why not “sudo start-gnome” or logging as root on the display manager
while you are at it?

Regards,

-- 
  Nicolas George

Re: sudoers question

[Stefan Monnier]

> Or configure sudo to disable tty_tickets, so that the timeout (10
> minutes by default IIRC) applies to all terminals.

`sudo bash` anyone?


Stefan

Re: sudoers question

[Nicolas George]

Greg Wooledge (12023-05-12):
> If you're launching a terminal, running a single sudo command, closing
> the terminal, opening a new terminal, etc. ... then perhaps you should
> stop doing that.  Leave your terminal open, at least until you're done
> with whatever administrative task you're doing.

Or configure sudo to disable tty_tickets, so that the timeout (10
minutes by default IIRC) applies to all terminals.

Regards,

-- 
  Nicolas George

Re: sudoers question

[Greg Wooledge]

On Fri, May 12, 2023 at 08:13:31PM +0800, Tom Reed wrote:
> that's normal. for example, I have to check every kind of logs (mail,
> webserver, systems etc). They require sudo then.

If you check the logs all at once, as part of a daily routine, then you
only have to type the password one time, at the beginning of your
log-checking session.  The second, third, fourth, etc. sudo commands
will all use the cached credentials that you supplied the first time.

You might also consider adding "tom" to the "adm" group, so that "tom"
can read most of the system log files without needing sudo.

Re: sudoers question

[Andrew M.A. Cater]

On Fri, May 12, 2023 at 07:27:25PM +0800, Tom Reed wrote:
> Hello
> 
> what's the right way to add an user to run sudo without password?
> I have to edit /etc/sudoers by manual. But I don't think it's a grace way.
> 
> Thanks.
> Tom
>

As others have said: sudo is *designed* this way - you have to prove your
 identity once and then you get some time in the session before you would
have to reinput a password.

If you don't appreciate why this is important, I would respectfully suggest
that you go and read up on computer security.

It is also worth reading up on restrictions on commands and forced commands:
you can create a group such that users can only perform one command. For
example, backupusers as a group and then configure sudo to *only* allow
the members of that group to use a backup command.

Hope this helps,

Andy Cater

Re: sudoers question

[Nicolas George]

Tom Reed (12023-05-12):
> that's normal. for example, I have to check every kind of logs (mail,
> webserver, systems etc). They require sudo then.

No they do not. You just have to adjust files permissions if they are
not correct by default, which they usually are.

My crystal ball tells me you neglected to add yourself to the adm group.

Regards,

-- 
  Nicolas George

Re: sudoers question

[Greg Wooledge]

On Fri, May 12, 2023 at 08:03:00PM +0800, Tom Reed wrote:
> for a common account, such as tom, a nopasswd sudo also makes sense?
> otherwise every time i have to input password for sudo.

Within a given terminal session, you only have to enter your passwors
once.  This will allow passwordless sudo on that terminal for the next
15 minutes (by default).

If you're launching a terminal, running a single sudo command, closing
the terminal, opening a new terminal, etc. ... then perhaps you should
stop doing that.  Leave your terminal open, at least until you're done
with whatever administrative task you're doing.

Re: sudoers question

[Tom Reed]

> Tom Reed (12023-05-12):
>> otherwise every time i have to input password for sudo.
>
> Yes, that is the point.
>
> If “every time” is a lot for you, maybe your use habits need to be
> reviewed.
>

that's normal. for example, I have to check every kind of logs (mail,
webserver, systems etc). They require sudo then.

regards

Re: sudoers question

[Nicolas George]

Tom Reed (12023-05-12):
> otherwise every time i have to input password for sudo.

Yes, that is the point.

If “every time” is a lot for you, maybe your use habits need to be
reviewed.

Regards,

-- 
   Nicolas George

Re: Re : Re: Bookworm ou pas ?

[Charles Plessy]

Le Fri, May 12, 2023 at 10:46:00AM +, benoit a écrit :
> > Autre question : qu'en sera-t-il du sources.list quand la Deb 12 sera 
> > devenue officielle ?
> > Quelle modif à faire pour être sûre que le sources.list corresponde bien à 
> > la stable ?
> 
> Du coup, "la liste, corrigez moi si je me trompe, je vais le faire aussi" la 
> syntaxe du /etc/apt/sources.list
> 
> #deb https://deb.debian.org/debian/ bookworm main contrib
> #deb https://deb.debian.org/debian/ bookworm-updates main contrib#deb 
> http://security.debian.org/debian-security/ bookworm-security main contrib

Attention à ne pas oublier la nouvelle section non-free-firmware qui
contient entre autre des mises à jour des microcodes des processeurs
Intel et AMD.

https://www.debian.org/releases/bookworm/amd64/release-notes/ch-information.fr.html#non-free-split

Bon week-end,

Charles

-- 
Charles Plessy Nagahama, Yomitan, Okinawa, Japan
Debian Med packaging team http://www.debian.org/devel/debian-med
Tooting from home  https://framapiaf.org/@charles_plessy
- You  do not have  my permission  to use  this email  to train  an AI -

Re: sudoers question

[Tom Reed]

> On Fri, May 12, 2023 at 07:27:25PM +0800, Tom Reed wrote:
>> what's the right way to add an user to run sudo without password?
>> I have to edit /etc/sudoers by manual. But I don't think it's a grace
>> way.
>
> *Without password*??  Yes, that will require a manual edit.
>
> There is no "graceful way" to grant that power to users, because that's
> an obscene amount of power without a check.  Usually one would only
> do this for a non-interactive account (some sort of service/daemon
> account that does an automated backup, or something of that nature).
>
>

Hello Greg,

for a common account, such as tom, a nopasswd sudo also makes sense?
otherwise every time i have to input password for sudo.

Thanks

Re: sudoers question

[Greg Wooledge]

On Fri, May 12, 2023 at 07:27:25PM +0800, Tom Reed wrote:
> what's the right way to add an user to run sudo without password?
> I have to edit /etc/sudoers by manual. But I don't think it's a grace way.

*Without password*??  Yes, that will require a manual edit.

There is no "graceful way" to grant that power to users, because that's
an obscene amount of power without a check.  Usually one would only
do this for a non-interactive account (some sort of service/daemon
account that does an automated backup, or something of that nature).

Re: SOLVED:Re: repeat of previous question that hasgoneunansweredseveraltimes.

[Vincent Lefevre]

On 2023-05-12 06:26:00 -0400, gene heskett wrote:
> I'm not able to test that on the bpi's, telnet is not installed.

You can try with nmap:

$ nmap -p 631 localhost
$ nmap -p 631 

PORTSTATE SERVICE
631/tcp open  ipp

means that you can connect.

PORTSTATE  SERVICE
631/tcp closed ipp

means that you can't.

-- 
Vincent Lefèvre  - Web: 
100% accessible validated (X)HTML - Blog: 
Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)

Re: SOLVED:Re: repeat of previous question that hasgoneunansweredseveraltimes.

[Vincent Lefevre]

On 2023-05-12 06:23:56 -0400, gene heskett wrote:
> I'm confused. There is not anything wrong with this machine as a Server.
> ALL of this muttering and bitching has been because bookworm clients did NOT
> work. buster clients work great.
> 
> How many times do I have to say it is/was a CLIENT problem that only exists
> for BOOKWORM clients.  The elephant in the room that most have ignored.

But you said that the problem was "solved" by modifying a setting
corresponding to the Listen directives (in /etc/cups/cupsd.conf).
These directives concern the *server* only.

I suspect that your problem was solved for another reason (e.g.
something else occurred on the network in the mean time, or some
config was reloaded at the right time, possibly as a consequence
of your testing). Or perhaps it is not solved at all and could
reappear in the future (that's why it would be interesting to
know the real cause of the problem).

-- 
Vincent Lefèvre  - Web: 
100% accessible validated (X)HTML - Blog: 
Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)

sudoers question

[Tom Reed]

Hello

what's the right way to add an user to run sudo without password?
I have to edit /etc/sudoers by manual. But I don't think it's a grace way.

Thanks.
Tom

Re: SOLVED:Re: repeat of previous question that hasgoneunansweredseveraltimes.

[Greg Wooledge]

On Fri, May 12, 2023 at 06:26:00AM -0400, gene heskett wrote:
> On 5/12/23 05:18, Vincent Lefevre wrote:
> > Fine. And you can try the same thing from a different machine on
> > the network, replacing "localhost" by the IP address of the server,
> > e.g. from another machine on my network:
> > 
> > $ telnet 192.168.1.3 631
> > Trying 192.168.1.3...
> > telnet: Unable to connect to remote host: Connection refused
> > 
> I'm not able to test that on the bpi's, telnet is not installed.

Then install it, or use an EQUIVALENT command.

Installation de Bookworm

[benoit]

Bonjour à toutes et tous,

Est-il préférable de télécharger et utiliser l'image
[[ISO]](https://cdimage.debian.org/cdimage/weekly-builds/amd64/iso-cd/debian-testing-amd64-netinst.iso)
 
[debian-testing-amd64-netinst.iso](https://cdimage.debian.org/cdimage/weekly-builds/amd64/iso-cd/debian-testing-amd64-netinst.iso)Ou
 la stable et passer en testing dès que l'installation de base est terminée ?

« La manière la plus fiable pour installer « testing » à partir de rien est de 
réaliser une installation minimale avec l'installateur de « stable », puis de 
mettre à niveau vers « testing » à partir de « stable » (voir plus bas). »
Cf.
https://wiki.debian.org/fr/DebianTesting

Ca me paraît étrange comme recommandation...

--
Benoit

Envoyé avec la messagerie sécurisée [Proton Mail.](https://proton.me/)

Re : Re: Bookworm ou pas ?

[benoit]

Le vendredi 12 mai 2023 à 12:27, Bureau LxVx  a 
écrit :

> super ! Merci à chacun pour sa réponse "rassurante" ;-)
>
> Autre question : qu'en sera-t-il du sources.list quand la Deb 12 sera devenue 
> officielle ?
> Quelle modif à faire pour être sûre que le sources.list corresponde bien à la 
> stable ?

Du coup, "la liste, corrigez moi si je me trompe, je vais le faire aussi" la 
syntaxe du /etc/apt/sources.list

#deb https://deb.debian.org/debian/ bookworm main contrib
#deb https://deb.debian.org/debian/ bookworm-updates main contrib#deb 
http://security.debian.org/debian-security/ bookworm-security main contrib

C'est en commentaire, car, comme dit précédemment sur la liste, j'ai eu des 
soucis (qui je crois son liés à mon install/config actuel de stable). mais je 
vais essayer une nouvelle install plutôt qu'une mise à jour.

--
Benoit

Re: Liste

[ajh-valmer]

On Friday 12 May 2023 10:50:42 r.briquet wrote:
> Envoyé depuis mon appareil Galaxy Merci de retirer 
> Jacques Briquet de votre liste qui malheureusement est décédé  

Madame, Monsieur,

Les membres de la liste GNU/Debian sont solidaires
autour d'une bonne cause.
Je présente mes condoléances à sa famille et lui souhaite bon courage.
Bien à vous,
André Valmer

Re : Re: Bookworm ou pas ?

[benoit]

Envoyé avec la messagerie sécurisée [Proton Mail.](https://proton.me/)

--- Original Message ---
Le vendredi 12 mai 2023 à 12:27, Bureau LxVx  a 
écrit :

> Autre question : qu'en sera-t-il du sources.list quand la Deb 12 sera devenue 
> officielle ?
> Quelle modif à faire pour être sûre que le sources.list corresponde bien à la 
> stable ?

Je crois "à vérifier" , qu'il est souhaitable, dans ce cas, de ne pas indiquer 
"testing", mais "bookworm".

Re: Bookworm ou pas ?

[Bureau LxVx]

super ! Merci à chacun pour sa réponse "rassurante" ;-)

Autre question : qu'en sera-t-il du sources.list quand la  Deb 12 sera 
devenue officielle ?
Quelle modif à faire pour être sûre que le sources.list corresponde bien 
à la stable ?


Merci d'avance :-D

Sylvie

Le 12/05/2023 à 11:53, Pierre-Elliott Bécue a écrit :

Bureau LxVx  wrote on 12/05/2023 at 11:42:24+0200:


Bonjour,

Je dois changer mon ssd qui devient "trop étroit" au niveau /

La Debian 12 arrive très prochainement. Habituellement, j'attends
quelques mois avant de migrer (install propre).

Si j'installe cette testing avant sa sortie officielle, quels risques
"majeurs" ?

Merci de vos avis.

Bien librement,

Hello,

On est en "hard freeze", ce qui signifie que très peu de paquets vont
bouger. Les risques encourus sont minimum par rapport à une stable.

Bien à toi,

Re: SOLVED:Re: repeat of previous question that hasgoneunansweredseveraltimes.

[gene heskett]

On 5/12/23 05:18, Vincent Lefevre wrote:

On 2023-05-11 21:34:11 -0400, gene heskett wrote:

On 5/11/23 19:41, Vincent Lefevre wrote:

On 2023-05-11 18:24:39 -0400, Greg Wooledge wrote:

My questions would be:

1) Can you put *both* Listen lines in, to keep loopback working?


The cupsd.conf(5) man page says: "Multiple Listen directives can be
provided to listen on multiple addresses."


My results seem to indicate otherwise.


I don't think that you even showed anything. The only test you
should do about that is to try to connect to the port, e.g. with
telnet (or nmap can probably tell you). If the connection isn't
immediately refused, then the Listen directive is OK.

For instance:

zira:~> telnet localhost 631
Trying ::1...
flushoutput character is 'off'.
Connected to localhost.
Escape character is '^]'.

Fine. And you can try the same thing from a different machine on
the network, replacing "localhost" by the IP address of the server,
e.g. from another machine on my network:

$ telnet 192.168.1.3 631
Trying 192.168.1.3...
telnet: Unable to connect to remote host: Connection refused


I'm not able to test that on the bpi's, telnet is not installed.

because my CUPS server just has

Listen localhost:631
Listen /var/run/cups/cups.sock

If the connection is accepted with telnet by using multiple Listen
directives, then the Listen configuration is correct. If you can
see any other issue related to the printers, then the problem is
due to something else.



Cheers, Gene Heskett.
--
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author, 1940)
If we desire respect for the law, we must first make the law respectable.
 - Louis D. Brandeis
Genes Web page 

Re: SOLVED:Re: repeat of previous question that hasgoneunansweredseveraltimes.

[gene heskett]

On 5/12/23 05:18, Vincent Lefevre wrote:

On 2023-05-11 21:34:11 -0400, gene heskett wrote:

On 5/11/23 19:41, Vincent Lefevre wrote:

On 2023-05-11 18:24:39 -0400, Greg Wooledge wrote:

My questions would be:

1) Can you put *both* Listen lines in, to keep loopback working?


The cupsd.conf(5) man page says: "Multiple Listen directives can be
provided to listen on multiple addresses."


My results seem to indicate otherwise.


I don't think that you even showed anything. The only test you
should do about that is to try to connect to the port, e.g. with
telnet (or nmap can probably tell you). If the connection isn't
immediately refused, then the Listen directive is OK.

For instance:

zira:~> telnet localhost 631
Trying ::1...
flushoutput character is 'off'.
Connected to localhost.
Escape character is '^]'.

Fine. And you can try the same thing from a different machine on
the network, replacing "localhost" by the IP address of the server,
e.g. from another machine on my network:

$ telnet 192.168.1.3 631
Trying 192.168.1.3...
telnet: Unable to connect to remote host: Connection refused

because my CUPS server just has

Listen localhost:631
Listen /var/run/cups/cups.sock

If the connection is accepted with telnet by using multiple Listen
directives, then the Listen configuration is correct. If you can
see any other issue related to the printers, then the problem is
due to something else.


I'm confused. There is not anything wrong with this machine as a Server.
ALL of this muttering and bitching has been because bookworm clients did 
NOT work. buster clients work great.


How many times do I have to say it is/was a CLIENT problem that only 
exists for BOOKWORM clients.  The elephant in the room that most have 
ignored.


What I have done, on the BOOKWORM CLIENT works, but we still don't have 
a clue why that is so.


That said i've dl'd the src from cups, which is broken by not being in a 
state that will even autogen.  So I dl'd the obviously much later 
src.zip from Mikes new openprinting site. The zip is about 250% the size 
of the apple tar.gz. Its complete and only needs one argument to 
configure, with-tls=no. Then it builds and passes a make test, but I've 
not installed it on this machine.


The debian code appears to be the Apple src.
What I intend to do is move the openprinting version 2.4.5 to one of the 
bpi's, see if it will build there, and install it on the bpi to see if 
that works. But I'm just one, and there is only so much I can do in a day.


Cheers, Gene Heskett.
--
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author, 1940)
If we desire respect for the law, we must first make the law respectable.
 - Louis D. Brandeis
Genes Web page 

Re: ssh-keygen as a regular user

[jeremy ardley]

On 12/5/23 13:50, Jeremy Ardley wrote:

ode[



ssh-keygen usually works better than ssh-keygem

try

cd

mkdir .ssh

ssh-keygen


I now remember some ssh functions check file and directory permissions 
and will fail if not correct


Improved procedure:

cd

mkdir .ssh

chmod 700 .ssh

ssh-keygen

Re: Bookworm ou pas ?

[Basile Starynkevitch]

On 5/12/23 11:42, Bureau LxVx wrote:

Bonjour,

Je dois changer mon ssd qui devient "trop étroit" au niveau /

La Debian 12 arrive très prochainement. Habituellement, j'attends 
quelques mois avant de migrer (install propre).


Si j'installe cette testing avant sa sortie officielle, quels risques 
"majeurs" ?


Sylvie



Aucun risque sérieux, sauf si l'ordinateur en question est un serveur 
pour des applications critiques.


Dans ce dernier cas, vous suivez forcément des normes lourdes (ISO9001 
et ISO27001) qui vous obligent à des procédures et des approbations 
tierces, et donc devraient vous convrir.



N'oubliez pas qu'un disque SSD (quel que soit le système d'exploitation) 
peut tomber en panne. Donc il vous faut sauvegarder les données 
importantes (je suggère une sauvegarde par crontab et rsync distant du 
/etc/ et du /home)



Librement


--
Basile Starynkevitch
(only mine opinions / les opinions sont miennes uniquement)
92340 Bourg-la-Reine, France
web page: starynkevitch.net/Basile/

Re: Bookworm ou pas ?

[Pierre-Elliott Bécue]

Bureau LxVx  wrote on 12/05/2023 at 11:42:24+0200:

> Bonjour,
>
> Je dois changer mon ssd qui devient "trop étroit" au niveau / 
>
> La Debian 12 arrive très prochainement. Habituellement, j'attends
> quelques mois avant de migrer (install propre).
>
> Si j'installe cette testing avant sa sortie officielle, quels risques
> "majeurs" ?
>
> Merci de vos avis.
>
> Bien librement,

Hello,

On est en "hard freeze", ce qui signifie que très peu de paquets vont
bouger. Les risques encourus sont minimum par rapport à une stable.

Bien à toi,
-- 
PEB


signature.asc
Description: PGP signature

Re: Bookworm ou pas ?

[NoSpam]

Bonjour,

je tourne depuis 6 mois avec une Debian 12, de plus sur Macbook M1 
(arm), c'est stable.


Le 12/05/2023 à 11:42, Bureau LxVx a écrit :

Bonjour,

Je dois changer mon ssd qui devient "trop étroit" au niveau /

La Debian 12 arrive très prochainement. Habituellement, j'attends 
quelques mois avant de migrer (install propre).


Si j'installe cette testing avant sa sortie officielle, quels risques 
"majeurs" ?


Merci de vos avis.

Bien librement,

Sylvie

Bookworm ou pas ?

[Bureau LxVx]

Bonjour,

Je dois changer mon ssd qui devient "trop étroit" au niveau /

La Debian 12 arrive très prochainement. Habituellement, j'attends 
quelques mois avant de migrer (install propre).


Si j'installe cette testing avant sa sortie officielle, quels risques 
"majeurs" ?


Merci de vos avis.

Bien librement,

Sylvie

Re: SOLVED:Re: repeat of previous question that has goneunansweredseveraltimes.

[Vincent Lefevre]

On 2023-05-11 21:34:11 -0400, gene heskett wrote:
> On 5/11/23 19:41, Vincent Lefevre wrote:
> > On 2023-05-11 18:24:39 -0400, Greg Wooledge wrote:
> > > My questions would be:
> > > 
> > > 1) Can you put *both* Listen lines in, to keep loopback working?
> > 
> > The cupsd.conf(5) man page says: "Multiple Listen directives can be
> > provided to listen on multiple addresses."
> > 
> My results seem to indicate otherwise.

I don't think that you even showed anything. The only test you
should do about that is to try to connect to the port, e.g. with
telnet (or nmap can probably tell you). If the connection isn't
immediately refused, then the Listen directive is OK.

For instance:

zira:~> telnet localhost 631
Trying ::1...
flushoutput character is 'off'.
Connected to localhost.
Escape character is '^]'.

Fine. And you can try the same thing from a different machine on
the network, replacing "localhost" by the IP address of the server,
e.g. from another machine on my network:

$ telnet 192.168.1.3 631
Trying 192.168.1.3...
telnet: Unable to connect to remote host: Connection refused

because my CUPS server just has

Listen localhost:631
Listen /var/run/cups/cups.sock

If the connection is accepted with telnet by using multiple Listen
directives, then the Listen configuration is correct. If you can
see any other issue related to the printers, then the problem is
due to something else.

-- 
Vincent Lefèvre  - Web: 
100% accessible validated (X)HTML - Blog: 
Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)

Liste

[r.briquet]

Envoyé depuis mon appareil GalaxyMerci de retirer Jacques Briquet de votre 
liste qui malheureusement est décédé 

Re: No hay espacio en que unidad

[Camaleón]

El 2023-05-11 a las 16:59 -0500, judedi sago escribió:

> Buenas Tardes/noches/días...
> Instalando un paquetico me salieron estos mensajes:
> W: Possible missing firmware /lib/firmware/amdgpu/navy_flounder_dmcub.bin for 
> module amdgpu

(...)

Para este mensaje de aviso (sobre el problema con el espacio en disco 
ya te ha respondido hubble), ejecuta como root:

dmesg | grep -i -e amd -e bin

Y manda la salida.

Saludos,

-- 
Camaleón