Re: [SOLVED] Re: One-user system.
From: David Wright Date: Sun, 8 May 2022 20:51:45 -0500 > What I didn't understand was why you had to have /root under /home, > and indeed, when you later revealed your partition layout, it looked > even less necessary, because you have /root on a different partition. root@joule:/home/root# df | head -n 7 Filesystem 1K-blocks Used Available Use% Mounted on udev 18429840 1842984 0% /dev tmpfs 374804 820373984 1% /run /dev/sda16202944 5427212439656 93% / tmpfs18740040 1874004 0% /dev/shm tmpfs 51204 5116 1% /run/lock /dev/sda4 25719004 12836372 11550820 53% /home /dev/sda1 lacks space for a working directory. /dev/sda4 has sufficient space. Regards, ... P.L. -- mobile: +1 778 951 5147 VoIP: +1 604 670 0140 48.7693 N 123.3053 W
Re: [SOLVED] Re: One-user system.
On Wed 11 May 2022 at 23:31:41 (-0700), Marc Shapiro wrote: > > On 5/6/22 19:16, John Hasler wrote: > > James H. H. Lampert writes: > > > I started with a TRS-80 Model I myself (and with high school > > > programming classes on an IBM 370/135 at the District Office, with > > > terminals connected over a pair of multiplexed phone lines [and a > > > maximum terminal speed of 300 Baud]). > > Punch cards and an IBM 1620 at university. The first computer I owned I > > built using a Z80 SBC demo board. Cassette tape mass storage, modified > > Selectric printer, OCLC crt terminal, homebrew OS. > > I starting in college with punch cards an IBM 360 I too started by learning Fortran on an IBM 360/44. We collected all our punched cards and lineprinter paper and sold it to subsidise the Christmas booze. We even kept the useless chad. Our jobs were run at the end of the working day because we were only borrowing the time from Theoretical Astronomy. It sat in its own detached building. We punched the JCL on special coloured cards. I think this was because the punch was unspooled, so if your program failed to compile, the operators needed to be able to see the end of your data cards, to clear them out of the stack of jobs, so that the next could run. When we moved to using the university's 370/165, which had a self-serve high-speed card reader, we had people searching for the coloured cards because they thought the reader wouldn't read JCL from ordinary ones! (The card reader was spooled with HASP, so it always gobbled up all your cards—until they started to get dog-eared.) > and a PDP 11/15 that > actually let me sit at a terminal. After I graduated I got a TRS 80 > Model III (Z80) with cassette tape for mass storage and 16K of RAM. I was fortunate in never using 8-bit micros at all. The first 16-bit I played with (not mine) was the Naked Mini/LSI, but most of my work was with the HP9845. It was far too expensive to own one; I recall the maintanance contract on it was £1000 per year in the early 80s, which would be more than £4000 today. Cheers, David.
Re: [SOLVED] Re: One-user system.
On 5/6/22 19:16, John Hasler wrote: James H. H. Lampert writes: I started with a TRS-80 Model I myself (and with high school programming classes on an IBM 370/135 at the District Office, with terminals connected over a pair of multiplexed phone lines [and a maximum terminal speed of 300 Baud]). Punch cards and an IBM 1620 at university. The first computer I owned I built using a Z80 SBC demo board. Cassette tape mass storage, modified Selectric printer, OCLC crt terminal, homebrew OS. I starting in college with punch cards an IBM 360 and a PDP 11/15 that actually let me sit at a terminal. After I graduated I got a TRS 80 Model III (Z80) with cassette tape for mass storage and 16K of RAM. Marc
Re: [SOLVED] Re: One-user system.
On Fri 06 May 2022 at 09:24:35 (-0700), pe...@easthope.ca wrote: > From: David Wright > Date: Wed, 2 Feb 2022 11:08:28 -0600 > > I can't understand this. I'm not sure why you quoted this after three months without any indication of its referent. What I didn't understand was why you had to have /root under /home, and indeed, when you later revealed your partition layout, it looked even less necessary, because you have /root on a different partition. > In a freshly installed Debian, /etc/passwd sets the home directory for > root at /root. Here /etc/passwd sets the home directory for root at > /home/root. No problem observed. I wouldn't expect one. There are a whole variety of home directories specified in /etc/passwd. > > You may hit snags. Some programs might refuse to run, or do > > strange things because they're written to distinguish between > > root and an ordinary user. > > > > But hey, it could be quite exciting, like carrying a cocked > > revolver tucked into your waistband. One casual typo, one > > misplaced space, and you can blow away a whole disk. > > Working routinely for about 93 days and I no longer bother to keep > fingers crossed. If reinstallation becomes necessary, tough luck. > Just another chore. I don't think the number of days has that much influence on whether you'll get bitten, as the probability distribution is quite likely to be memoryless. Unless, of course, you're noticing some of your near-misses, and are becoming adept at avoiding or working around them. > What I'm doing is similar to using DOS years ago; although DOS > predates experience of most people reading now. If login is used > properly, root shouldn't be more vulnerable than any other account. That's right, and any old rogue TSR could crash the system, or any old virus take it over. I ran DOS 3, 5 and 6.22 systems that were very reliable, but only by restricting in the extreme what I ran on them. But that doesn't inject any truth into your second statement, and saying to use login "properly" just begs the question. > You're welcome to probe my system. If you find a vulnerability, a > post will help or amuse more than me. No thanks, that just makes me an agent of reckless acts. > > ... Puppy ... > > Incidentally, OpenBox is here with minimal graphics displayed. > Most programs start from a terminal. Puppy is a nice system but > the graphical interface is more than I want. (I didn't express a view on Puppy itself, only two passing references to others' writing about it. My view on the second was "so what".) > > ISTR earlier posts where you've run up against permission problems, > > but IMHO just running as perpetual root is not a sensible answer. > > For years my data was on an SD card reformatted to ext3. When > switching to a new SD about a month ago, I decided to leave the > factory installed FAT file system. No problems. The FAT file system > lacks permissions as in ext. > > Motivation to leave FAT: authorities claim the factory format is > optimized. Did you leave out "not"? From which half of the sentence? Unless you're running your system from a FAT filesystem, I'm not sure I see a connection between this and solving your earlier permissions problems (which I admit I barely recollect). Cheers, David.
Re: [SOLVED] Re: One-user system.
On Saturday, 7 May 2022 21:41:33 EDT 황병희 wrote: > Charlie Gibbs writes: > > (... thanks ...) > > If Microsoft disappeared in its entirety, I'd buy a case of > > champagne and invite my friends over for a _major_ celebration. > > ... > > That's a great idea! > > > I'm 71, and started my programming career in 1970, five > > years before Microsoft existed. The machine at my first > > job had a whopping 16K of memory. We were a service > > bureau, running things like payroll and accounts > > receivable for companies all over town who couldn't > > afford a computer of their own (i.e. most of them). > > > > So when someone tells me how many gigabytes of memory > > I'd need to do a job, I take it with a _very_ large > > grain of salt. So do I. My first programming project in late '79 was an aid to an automatic station break machine at the tv station where I was then the ACE, back in the days when sony 3/4" u-matic tape machines were state of the art. With a quest super elf rca 1802 powered board with an s-100 backplane bus, with a $400 4k of static ram memory add-on and interfacing I built on s-100 vector boards including a 103 line tall 8.8 character generator, it ran a u-matic machine to find the first frame of video to be aired of a finished commercial, backed the tape up 12 seconds, ran it fwd and started recording a new digital count down leader from 9.9 down to 2.0 seconds, inserting an audio tone at the 5 second point for half a second which was the automatic station breaks synch tone, then put a second beep on the 2nd audio channel 5 seconds before the end of that commercial to start the next machine if there was one. If not it flashed a station id for half a second before switching back to the network. All this on less than 4k of self modifying code. And it was so stable it was used many times daily for 17 years, when the station burnt to the ground and had to start over. I still have a paper copy of that program along with an audio cart with several copies on it in a bag on the top shelf above my chair. Now I'm 87, 20 some years retired, and playing with 4 cnc metalworking machines I've rebuilt, and 3d printers in my dotage. And have managed to make the reaper blink first several times. > > We, the unwilling, led by the unknowing, are doing the > > impossible for the ungrateful. We have done so much, > > for so long, with so little, we are now qualified > > to do anything with nothing.” > > > > -- Konstantin Josef Jireček > > Thanks! > > Sincerely, Linux fan Byung-Hee > > -- > ^고맙습니다 _布德天下_ 감사합니다_^))// > > . Cheers, Gene Heskett. -- "There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order." -Ed Howdershelt (Author, 1940) If we desire respect for the law, we must first make the law respectable. - Louis D. Brandeis
Re: [SOLVED] Re: One-user system.
Charlie Gibbs writes: > (... thanks ...) > If Microsoft disappeared in its entirety, I'd buy a case of > champagne and invite my friends over for a _major_ celebration. > ... That's a great idea! > I'm 71, and started my programming career in 1970, five > years before Microsoft existed. The machine at my first > job had a whopping 16K of memory. We were a service > bureau, running things like payroll and accounts > receivable for companies all over town who couldn't > afford a computer of their own (i.e. most of them). > > So when someone tells me how many gigabytes of memory > I'd need to do a job, I take it with a _very_ large > grain of salt. > > We, the unwilling, led by the unknowing, are doing the > impossible for the ungrateful. We have done so much, > for so long, with so little, we are now qualified > to do anything with nothing.” > -- Konstantin Josef Jireček > Thanks! Sincerely, Linux fan Byung-Hee -- ^고맙습니다 _布德天下_ 감사합니다_^))//
Re: [SOLVED] Re: One-user system.
On Fri, 06 May 2022 19:30:01 +0200 gene heskett wrote: > On Friday, 6 May 2022 13:11:13 EDT Greg Wooledge wrote: > >> On Fri, May 06, 2022 at 09:24:35AM -0700, pe...@easthope.ca wrote: >> >>> What I'm doing is similar to using DOS years ago; although DOS >>> predates experience of most people reading now. >> >> I think you're vastly underestimating the average age of subscribers >> on this list. > > I think he might be too Greg. I'm 87, and largely bypassed > dos on my way to linux in the 90's. We've come a long way, > and if dos disappeared yesterday, I'd have bought a 6 pack > for a mini-celebration last night. We're still trying to > put up with its lack of features other filesystems have > given us since. If Microsoft disappeared in its entirety, I'd buy a case of champagne and invite my friends over for a _major_ celebration. I've spent far too much of my career working around their poor design decisions and outright bugs. I'm 71, and started my programming career in 1970, five years before Microsoft existed. The machine at my first job had a whopping 16K of memory. We were a service bureau, running things like payroll and accounts receivable for companies all over town who couldn't afford a computer of their own (i.e. most of them). So when someone tells me how many gigabytes of memory I'd need to do a job, I take it with a _very_ large grain of salt. We, the unwilling, led by the unknowing, are doing the impossible for the ungrateful. We have done so much, for so long, with so little, we are now qualified to do anything with nothing.” -- Konstantin Josef Jireček -- /~\ Charlie Gibbs | They don't understand Microsoft \ /| has stolen their car and parked X I'm really at ac.dekanfrus | a taxi in their driveway. / \ if you read it the right way. |-- Mayayana
Re: [SOLVED] Re: One-user system.
James H. H. Lampert writes: > I started with a TRS-80 Model I myself (and with high school > programming classes on an IBM 370/135 at the District Office, with > terminals connected over a pair of multiplexed phone lines [and a > maximum terminal speed of 300 Baud]). Punch cards and an IBM 1620 at university. The first computer I owned I built using a Z80 SBC demo board. Cassette tape mass storage, modified Selectric printer, OCLC crt terminal, homebrew OS. -- John Hasler j...@sugarbit.com Elmwood, WI USA
Re: [SOLVED] Re: One-user system.
On 5/6/22 1:11 PM, Charles Curley wrote: Maybe, maybe not. I got started with a KIM-I: 6502 running at 1 MHz, just over 1 kilobyte of RAM. Six seven segment displays and a hex keyboard for data entry. I still have one. I remember *reading about* the KIM-I (and the Altair, and a few others) in electronics magazines; I started with a TRS-80 Model I myself (and with high school programming classes on an IBM 370/135 at the District Office, with terminals connected over a pair of multiplexed phone lines [and a maximum terminal speed of 300 Baud]). -- JHHL
Re: [SOLVED] Re: One-user system.
On Fri, 06 May 2022 09:24:35 -0700 pe...@easthope.ca wrote: > although DOS > predates experience of most people reading now. Maybe, maybe not. I got started with a KIM-I: 6502 running at 1 MHz, just over 1 kilobyte of RAM. Six seven segment displays and a hex keyboard for data entry. I still have one. See what you did: you started a nostalgia oneUpManship storm. -- Does anybody read signatures any more? https://charlescurley.com https://charlescurley.com/blog/
Re: [SOLVED] Re: One-user system.
Thomas Schmitt wrote on 5/6/22 13:24: Hi, Greg Wooledge wrote: I think you're vastly underestimating the average age of subscribers on this list. Huh ? ... What ? ... Age ? ... Whom do you call old ? I am 83. First desktop was an IBM PC running IBM DOS Version 1, I think. Also saw my first virus on that machine! Those were not "the good old days"! Cheers, Dennis
Re: [SOLVED] Re: One-user system.
On Fri, May 06, 2022 at 08:24:49PM +0200, Thomas Schmitt wrote: > Hi, > > Greg Wooledge wrote: > > I think you're vastly underestimating the average age of subscribers on > > this list. > > Huh ? ... What ? ... Age ? ... Whom do you call old ? I never used the word "old". > Since most of the posters here are of over average age we should immediately > drop the whole concept in order to avoid a severe mathematical paradox. I'm fairly sure that most of the *regular* posters here (the ones who actually answer questions) are above the average age of Linux users as a whole. I feel like I'm one of the younger regulars, at merely 52. For subscribers as a whole including lurkers... well, maybe I'd better not try to guess. Insufficient data. And yes, I definitely remember DOS.
Re: [SOLVED] Re: One-user system.
Le 06/05/2022 à 20:24, Thomas Schmitt a écrit : Hi, Greg Wooledge wrote: I think you're vastly underestimating the average age of subscribers on this list. Huh ? ... What ? ... Age ? ... Whom do you call old ? VIC-20 users don't get old. Since most of the posters here are of over average age we should immediately drop the whole concept in order to avoid a severe mathematical paradox. Have a nice day :) Thomas I my head I am still 13, the age when I discovered the C64...
Re: [SOLVED] Re: One-user system.
Hi, Greg Wooledge wrote: > I think you're vastly underestimating the average age of subscribers on > this list. Huh ? ... What ? ... Age ? ... Whom do you call old ? VIC-20 users don't get old. Since most of the posters here are of over average age we should immediately drop the whole concept in order to avoid a severe mathematical paradox. Have a nice day :) Thomas
Re: [OT] Re: One-user system.
Eike Lantzsch ZP6CGE (12022-05-06): > > I think you're vastly underestimating the average age of subscribers > > on this list. > yeah, I started with CP/M on Z80 You need to be very old to have used these machines indeed, but probably not old enough to change the average age of a list with thousands of subscribers all by yourself. :-Þ Regards, -- Nicolas George signature.asc Description: PGP signature
Re: [SOLVED] Re: One-user system.
On Freitag, 6. Mai 2022 13:11:13 -04 Greg Wooledge wrote: > On Fri, May 06, 2022 at 09:24:35AM -0700, pe...@easthope.ca wrote: > > What I'm doing is similar to using DOS years ago; although DOS > > predates experience of most people reading now. > > I think you're vastly underestimating the average age of subscribers > on this list. yeah, I started with CP/M on Z80 First touch on a "computer" -keyboard was on a WANG 600 series ... -- Eike Lantzsch ZP6CGE
Re: [SOLVED] Re: One-user system.
On Friday, 6 May 2022 13:11:13 EDT Greg Wooledge wrote: > On Fri, May 06, 2022 at 09:24:35AM -0700, pe...@easthope.ca wrote: > > What I'm doing is similar to using DOS years ago; although DOS > > predates experience of most people reading now. > > I think you're vastly underestimating the average age of subscribers on > this list. > > . I think he might be too Greg. I'm 87, and largely bypassed dos on my way to linux in the 90's. We've come a long way, and if dos disappeared yesterday, I'd have bought a 6 pack for a mini-celebration last night. We're still trying to put up with its lack of features other filesystems have given us since. Cheers, Gene Heskett. -- "There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order." -Ed Howdershelt (Author, 1940) If we desire respect for the law, we must first make the law respectable. - Louis D. Brandeis
Re: [SOLVED] Re: One-user system.
On Fri, May 06, 2022 at 09:24:35AM -0700, pe...@easthope.ca wrote: > What I'm doing is similar to using DOS years ago; although DOS > predates experience of most people reading now. I think you're vastly underestimating the average age of subscribers on this list.
[SOLVED] Re: One-user system.
From: David Wright Date: Wed, 2 Feb 2022 11:08:28 -0600 > I can't understand this. In a freshly installed Debian, /etc/passwd sets the home directory for root at /root. Here /etc/passwd sets the home directory for root at /home/root. No problem observed. > You may hit snags. Some programs might refuse to run, or do > strange things because they're written to distinguish between > root and an ordinary user. > > But hey, it could be quite exciting, like carrying a cocked > revolver tucked into your waistband. One casual typo, one > misplaced space, and you can blow away a whole disk. Working routinely for about 93 days and I no longer bother to keep fingers crossed. If reinstallation becomes necessary, tough luck. Just another chore. What I'm doing is similar to using DOS years ago; although DOS predates experience of most people reading now. If login is used properly, root shouldn't be more vulnerable than any other account. You're welcome to probe my system. If you find a vulnerability, a post will help or amuse more than me. > ... Puppy ... Incidentally, OpenBox is here with minimal graphics displayed. Most programs start from a terminal. Puppy is a nice system but the graphical interface is more than I want. > ISTR earlier posts where you've run up against permission problems, > but IMHO just running as perpetual root is not a sensible answer. For years my data was on an SD card reformatted to ext3. When switching to a new SD about a month ago, I decided to leave the factory installed FAT file system. No problems. The FAT file system lacks permissions as in ext. Motivation to leave FAT: authorities claim the factory format is optimized. Regards, ... P. -- mobile: +1 778 951 5147 VoIP: +1 604 670 0140 48.7693 N 123.3053 W
Re: One-user system. Was "One user system."
On 2022-02-11 19:10, Andrei POPESCU wrote: On Jo, 10 feb 22, 11:11:01, rhkra...@gmail.com wrote: On Wednesday, February 09, 2022 06:08:16 AM Andrei POPESCU wrote: > I've switched to using sudo because it encourages me to use root only > when strictly required. That's a good idea, but I'll mention what I do -- I may have started before sudo existed (or, at least, before I knew about it). I use kde and keep several konsole (terminals) open, at on one, I open it as root and set the background to be a different color than the non-root konsole (a shade of yello). (Once you pick a color for the background (or any of variety of other user preferences), you can save those so, for example, every time I open a konsole as root, it gets those preferences. I did use to have a root window constantly open and "Ctrl-a r" is still opening a 'sudo -i' window in tmux. The trouble with that is that I would tend to use the root console for non-root things. Besides, it's annoying to 'cd' in the non-root terminal in some deep directory structure only to find out you need root permissions to do what you actually needed to do when you got there. I've su'ed first before diving into the file system if I thought I was going to edit something as root but now I think should "echo $PWD" when there. copy that, "su -" and "cd paste". mick -- Key ID4BFEBB31
Re: One-user system. Was "One user system."
On Thu 10 Feb 2022 at 20:26:57 (+), Joe wrote:
> On Thu, 10 Feb 2022 11:11:01 -0500 rhkra...@gmail.com wrote:
> > On Wednesday, February 09, 2022 06:08:16 AM Andrei POPESCU wrote:
> > > I've switched to using sudo because it encourages me to use root
> > > only when strictly required.
> >
> > That's a good idea, but I'll mention what I do -- I may have started
> > before sudo existed (or, at least, before I knew about it).
> >
> > I use kde and keep several konsole (terminals) open, at on one, I
> > open it as root and set the background to be a different color than
> > the non-root konsole (a shade of yello).
> >
> > (Once you pick a color for the background (or any of variety of other
> > user preferences), you can save those so, for example, every time I
> > open a konsole as root, it gets those preferences.
> >
>
> Just an additional note if you use mc: you can change the colours of the
> mc window and save the changes, but when you close mc the previous
> config file will overwrite the new one. What you have to do is to save
> the config, then rename it from outside mc with mc still running. Close
> mc, rename the new config file back to the original name, then it will
> be used next time you start mc.
>
> A bit of a faff, which is why I don't change things often. But my
> server is console-only, and I found mc to be an excellent file manager
> and simple text editor for it. I also have different background colours
> depending on whether it is opened with sudo or not.
Why not just set these five file permissions to readonly?
.config/mc/{ini,panels.ini} .cache/mc/Tree{,.tmp} .local/share/mc/history
The last might need to be owned by root (for normal users), or
chattr +i if you run mc as root. (I don't.)
> Yes, it's a dangerous beast as root, but what are you doing on a server
> if not admin work (carefully)?
Cheers,
David.
Re: One-user system. Was "One user system."
On Jo, 10 feb 22, 11:11:01, rhkra...@gmail.com wrote: > On Wednesday, February 09, 2022 06:08:16 AM Andrei POPESCU wrote: > > I've switched to using sudo because it encourages me to use root only > > when strictly required. > > That's a good idea, but I'll mention what I do -- I may have started before > sudo existed (or, at least, before I knew about it). > > I use kde and keep several konsole (terminals) open, at on one, I open it as > root and set the background to be a different color than the non-root konsole > (a shade of yello). > > (Once you pick a color for the background (or any of variety of other user > preferences), you can save those so, for example, every time I open a konsole > as root, it gets those preferences. I did use to have a root window constantly open and "Ctrl-a r" is still opening a 'sudo -i' window in tmux. The trouble with that is that I would tend to use the root console for non-root things. Besides, it's annoying to 'cd' in the non-root terminal in some deep directory structure only to find out you need root permissions to do what you actually needed to do when you got there. With sudo I'm incentivized to use non-root as much as possible, even if only because I'm too lazy to switch terminals or type 4 letters and a space ;) Kind regards, Andrei -- http://wiki.debian.org/FAQsFromDebianUser signature.asc Description: PGP signature
Re: addendum, Re: One-user system.
On Fri, 11 Feb 2022 07:36:10 -0500 Greg Wooledge wrote: > That makes me curious about what has been done to your system, which > is clearly behaving differently from mine. "su" with no arguments > preserves the environment, but "su -" establishes a new environment > and launches a login shell. The XAUTHORITY variable should be lost, > but perhaps something in your shell profile(s) is recreating it. Indeed. In my /etc/bash.bashrc, I have: # Allow su to use the display, i.e. whitelist the relevant variables. alias su="su --whitelist-environment=DISPLAY,XAUTHORITY" We had a discussion on this list after I had problems with su and running X clients after moving from Buster to Bullseye. The alias above came out of that discussion. -- Does anybody read signatures any more? https://charlescurley.com https://charlescurley.com/blog/
Re: addendum, Re: One-user system.
Greg Wooledge wrote: > On Thu, Feb 10, 2022 at 06:37:04PM -0800, pe...@easthope.ca wrote: > > root@joule:~# su peter > > peter@joule:~$ firefox-esr --display=:0 > > Invalid MIT-MAGIC-COOKIE-1 keyUnable to init server: Could not connect: > > Connection refused > > Error: cannot open display: :0 > > > > peter, logged in directly, can run firefox. > > root, logged in directly, can run firefox. > > The above is from a security mechanism in firefox? > > No, you simply haven't provided enough credentials to the X server. > It's the X server who's rejecting connections from "peter", because > "peter" has not presented the correct MIT-MAGIC-COOKIE (auth token). A different solution, with less security, especially on multi-user system might be: enable access for a specific user by "xhost". In your case, do before "su peter", as user root: xhost +si:localuser:peter This prevents the X server security mechanism, which Greg explains. Beaware, it's more dangerous, opening it X this way. Best regards, Klaus. -- Klaus Singvogel GnuPG-Key-ID: 1024R/5068792D 1994-06-27
Re: addendum, Re: One-user system.
On Fri, Feb 11, 2022 at 07:36:10AM -0500, Greg Wooledge wrote: > On Thu, Feb 10, 2022 at 09:48:40PM -0700, Charles Curley wrote: [...] > > So I expect that something has already done the export for me, and it > > is unnecessary. > > unicorn:~$ echo "$XAUTHORITY" > /home/greg/.Xauthority > unicorn:~$ su > Password: > root@unicorn:/home/greg# echo "$XAUTHORITY" > /home/greg/.Xauthority > root@unicorn:/home/greg# > exit > unicorn:~$ su - > Password: > root@unicorn:~# echo "$XAUTHORITY" > > root@unicorn:~# > logout > > That makes me curious about what has been done to your system, which > is clearly behaving differently from mine. "su" with no arguments > preserves the environment, but "su -" establishes a new environment > and launches a login shell. The XAUTHORITY variable should be lost, > but perhaps something in your shell profile(s) is recreating it. I'd look in the general direction of pam_env and its corresponding config file /etc/security/pam_env.conf Cheers -- t signature.asc Description: PGP signature
Re: addendum, Re: One-user system.
On Thu, Feb 10, 2022 at 09:48:40PM -0700, Charles Curley wrote: > Interesting. I routinely log in as my non-root user, charles, and then > 'su -', which gets me a root shell. I can then run X programs just > fine. So your comment above got me curious. > > charles@jhegaala:~/Desktop$ su - > Password: > > Today is Sweetmorn, the 41st of Chaos, 3188. Lies and slander, sire! > root@jhegaala:~# echo $XAUTHORITY > /home/charles/.Xauthority > root@jhegaala:~# > > So I expect that something has already done the export for me, and it > is unnecessary. unicorn:~$ echo "$XAUTHORITY" /home/greg/.Xauthority unicorn:~$ su Password: root@unicorn:/home/greg# echo "$XAUTHORITY" /home/greg/.Xauthority root@unicorn:/home/greg# exit unicorn:~$ su - Password: root@unicorn:~# echo "$XAUTHORITY" root@unicorn:~# logout That makes me curious about what has been done to your system, which is clearly behaving differently from mine. "su" with no arguments preserves the environment, but "su -" establishes a new environment and launches a login shell. The XAUTHORITY variable should be lost, but perhaps something in your shell profile(s) is recreating it.
Re: addendum, Re: One-user system.
On Thu, 10 Feb 2022 22:27:22 -0500 Greg Wooledge wrote: > In the more usual scenario, you have started X as peter, and then used > su to become root. It is precisely at this point where the X auth > token has become lost, as it's in the home directory of peter, not > the home directory of root. If peter's home directory is on a local > file system, then root can probably read it. In that case, you can > simply do: > > export XAUTHORITY=/home/peter/.Xauthority Interesting. I routinely log in as my non-root user, charles, and then 'su -', which gets me a root shell. I can then run X programs just fine. So your comment above got me curious. charles@jhegaala:~/Desktop$ su - Password: Today is Sweetmorn, the 41st of Chaos, 3188. Lies and slander, sire! root@jhegaala:~# echo $XAUTHORITY /home/charles/.Xauthority root@jhegaala:~# So I expect that something has already done the export for me, and it is unnecessary. -- Does anybody read signatures any more? https://charlescurley.com https://charlescurley.com/blog/
Re: addendum, Re: One-user system.
On Thu, Feb 10, 2022 at 06:37:04PM -0800, pe...@easthope.ca wrote: > root@joule:~# su peter > peter@joule:~$ firefox-esr --display=:0 > Invalid MIT-MAGIC-COOKIE-1 keyUnable to init server: Could not connect: > Connection refused > Error: cannot open display: :0 > > peter, logged in directly, can run firefox. > root, logged in directly, can run firefox. > The above is from a security mechanism in firefox? No, you simply haven't provided enough credentials to the X server. It's the X server who's rejecting connections from "peter", because "peter" has not presented the correct MIT-MAGIC-COOKIE (auth token). In all honesty, if you have started X as root, my advice at this point would be to get the HELL out of that X session. Do not try to proceed. Nothing good can result. In the more usual scenario, you have started X as peter, and then used su to become root. It is precisely at this point where the X auth token has become lost, as it's in the home directory of peter, not the home directory of root. If peter's home directory is on a local file system, then root can probably read it. In that case, you can simply do: export XAUTHORITY=/home/peter/.Xauthority And then the su session running as root will be able to authenticate to peter's X server/session in order to run X clients. (This doesn't mean you should run firefox as root, though. It just means you *can*. You have the literal authority to do so. It's still a stupidly bad idea.)
addendum, Re: One-user system.
From: David Wright Date: Wed, 2 Feb 2022 11:08:28 -0600 Message-Id: > You may hit snags. Some programs might refuse to run, or do > strange things because they're written to distinguish between > root and an ordinary user. After 5+ days, hit one snag. root@joule:~# su peter peter@joule:~$ firefox-esr --display=:0 Invalid MIT-MAGIC-COOKIE-1 keyUnable to init server: Could not connect: Connection refused Error: cannot open display: :0 peter, logged in directly, can run firefox. root, logged in directly, can run firefox. The above is from a security mechanism in firefox? > Rather than link /root to /home/root probably better to edit > /etc/passwd to have root homed at /home/root. Works. From: pe...@easthope.ca Date: Fri, 04 Feb 2022 21:41:24 -0800 > Rather than reinvent the wheel, I should use a product of extensive > development. > http://wikka.puppylinux.com/DebianDog > https://github.com/DebianDog/ Nicely polished systems. Most variants have graphics I don't need. DebianDog has "Porteus booting", another layer of complexity. For now will stick to plain Debian and log in as root unless my ordinary account is needed. Links to downloads, in case someone wants to try DebianDog. https://debiandog.github.io/doglinux/ Installation instructions here. https://debiandog.github.io/MakeLive/isodata/Examples-boot-codes.txt Regards,... P. -- mobile: +1 778 951 5147 VoIP: +1 604 670 0140 48.7693 N 123.3053 W
Re: One-user system. Was "One user system."
On Thu, 10 Feb 2022 11:11:01 -0500 rhkra...@gmail.com wrote: > On Wednesday, February 09, 2022 06:08:16 AM Andrei POPESCU wrote: > > I've switched to using sudo because it encourages me to use root > > only when strictly required. > > That's a good idea, but I'll mention what I do -- I may have started > before sudo existed (or, at least, before I knew about it). > > I use kde and keep several konsole (terminals) open, at on one, I > open it as root and set the background to be a different color than > the non-root konsole (a shade of yello). > > (Once you pick a color for the background (or any of variety of other > user preferences), you can save those so, for example, every time I > open a konsole as root, it gets those preferences. > Just an additional note if you use mc: you can change the colours of the mc window and save the changes, but when you close mc the previous config file will overwrite the new one. What you have to do is to save the config, then rename it from outside mc with mc still running. Close mc, rename the new config file back to the original name, then it will be used next time you start mc. A bit of a faff, which is why I don't change things often. But my server is console-only, and I found mc to be an excellent file manager and simple text editor for it. I also have different background colours depending on whether it is opened with sudo or not. Yes, it's a dangerous beast as root, but what are you doing on a server if not admin work (carefully)? -- Joe
Re: One-user system. Was "One user system."
On Wednesday, February 09, 2022 06:08:16 AM Andrei POPESCU wrote: > I've switched to using sudo because it encourages me to use root only > when strictly required. That's a good idea, but I'll mention what I do -- I may have started before sudo existed (or, at least, before I knew about it). I use kde and keep several konsole (terminals) open, at on one, I open it as root and set the background to be a different color than the non-root konsole (a shade of yello). (Once you pick a color for the background (or any of variety of other user preferences), you can save those so, for example, every time I open a konsole as root, it gets those preferences.
Re: One-user system. Was "One user system."
On Vi, 04 feb 22, 10:34:38, pe...@easthope.ca wrote:
>
> root@joule:/root# df | grep sd
> /dev/sda27159288 6635136140768 98% /
> /dev/sda4 131124764 12951820 111512132 11% /home
> /dev/sdb13658244 2026200 1446196 59% /home/root/MY
>
> Note that / is 98% full whereas /home is 11% full. The intention in
> moving the root home directory from / to /home is just to have space
> for my data.
It's unclear what you mean by "data" here, but typically the things that
are expected to reside in a (super)user's home directory are mostly
small, i.e. dotfiles and the likes.
Everything else can just be stored elsewhere, no need to relocate the
home directory itself.
> Yes, 98% needs attention.
>
> Rather than link /root to /home/root probably better to edit
> /etc/passwd to have root homed at /home/root. Can try that.
>
> > You may hit snags. Some programs might refuse to run, or do
> > strange things because they're written to distinguish between
> > root and an ordinary user.
>
> Used it since yesterday with no significant problem.
It wouldn't surprise me to find out some application is explicitly hard
coding '/root' as the home directory for the root user, regardless of
what is specified in /etc/passwd.
> > But hey, it could be quite exciting, like carrying a cocked
> > revolver tucked into your waistband. One casual typo, one
> > misplaced space, and you can blow away a whole disk.
>
> I view this as an experiment. If I destroy the system, I reinstall.
> The debian installer is moderately easy to use. =8~)
>
> Also I have the spare machine ready to go as described in the smartd
> thread.
>
> Did you use DOS decades ago? Have you clobbered a DOS system?
More than once :)
I've switched to using sudo because it encourages me to use root only
when strictly required.
Many admin tools work fine without root permissions when used only to
retrieve information (e.g. 'apt', 'systemctl') as opposed to do changes
to the system. It might help to add your user to group 'adm'
('journalctl') or add [/usr]/sbin to your $PATH ('zpool', 'zfs').
If something really needs root (e.g. 'dmesg') it's just a simple Ctrl-a
and type 'sudo', especially if sudo is configured to allow
that specific command without providing a password ;)
Kind regards,
Andrei
--
http://wiki.debian.org/FAQsFromDebianUser
signature.asc
Description: PGP signature
Re: One-user system.
On Fri 04 Feb 2022 at 21:41:24 (-0800), pe...@easthope.ca wrote: > From: David Wright > Date: Wed, 2 Feb 2022 11:08:28 -0600 > > But hey, it could be quite exciting, like carrying a cocked > > revolver tucked into your waistband. One casual typo, one > > misplaced space, and you can blow away a whole disk. > > System destruction is exasperating. Lapse in security is another > risk; possibly more serious. My knowledge is meagre and this was > helpful. > > The Illusion of Privacy/Security using ANY Web-browser > https://forum.puppylinux.com/viewtopic.php?t=1583 I didn't get far down the first page, and certainly not through all 53 posts, before reaching: "Think a different Operating System provides any greater security? privacy? because under it you run as a User with limited privileges? Well, I booted into Linux Mint Ulyana. Iron web-browser required that I provide a password to run it. But once it was running, Atttachments>Add gave me access to my mounted hard-drive.. And worse than under Puppies, Linux Mint Ulyana would automatically mount partitions which weren't already mounted. :shock:" There's no explanation of what "password" was given, so any conclusions are moot. But if the article is supposed to blow a hole in Puppy's securtiy model, well, so what. And then I read the fourth post, which seemed to be using umask and chmod to configure what Debian gives you already. > Mitigation of risk. > https://wikka.puppylinux.com/spot I don't know what "spot" and "fido" are all about, unless to recreate the conventional concept of Ordinary Users. > Rather than reinvent the wheel, I should use a product of extensive > development. > http://wikka.puppylinux.com/DebianDog > https://github.com/DebianDog/ That depends on whether you trust the system's developers. My trust in Debian has been forged through 25 years of use, and by reading technical reviews over the years by others. Cheers, David.
[SOLVED] Re: One-user system.
From: David Wright Date: Wed, 2 Feb 2022 11:08:28 -0600 > But hey, it could be quite exciting, like carrying a cocked > revolver tucked into your waistband. One casual typo, one > misplaced space, and you can blow away a whole disk. System destruction is exasperating. Lapse in security is another risk; possibly more serious. My knowledge is meagre and this was helpful. The Illusion of Privacy/Security using ANY Web-browser https://forum.puppylinux.com/viewtopic.php?t=1583 Mitigation of risk. https://wikka.puppylinux.com/spot Rather than reinvent the wheel, I should use a product of extensive development. http://wikka.puppylinux.com/DebianDog https://github.com/DebianDog/ Regards, ... P. -- mobile: +1 778 951 5147 VoIP: +1 604 670 0140 48.7693 N 123.3053 W
Re: One-user system. Was "One user system."
"One-user" is probably the correct grammar. David, From: David Wright Date: Wed, 2 Feb 2022 11:08:28 -0600 > And it's been designed with that in mind. Debian hasn't. I wondered whether others had worked out a recipe for single-user. In fact, yes, there's DebianDog. References 7 and 8 here. https://en.wikipedia.org/wiki/Light-weight_Linux_distribution > I can't understand this. If you carry out your intention, then > /home becomes just another top-level directory like /media. > You don't need to put /root into it just to make a point. You > can use it for just your data files, and not your dotfiles â > particularly if /home is on a separate partition. I don't understand either. We're "at crossed purposes"? root@joule:/root# df | grep sd /dev/sda27159288 6635136140768 98% / /dev/sda4 131124764 12951820 111512132 11% /home /dev/sdb13658244 2026200 1446196 59% /home/root/MY Note that / is 98% full whereas /home is 11% full. The intention in moving the root home directory from / to /home is just to have space for my data. Yes, 98% needs attention. Rather than link /root to /home/root probably better to edit /etc/passwd to have root homed at /home/root. Can try that. > You may hit snags. Some programs might refuse to run, or do > strange things because they're written to distinguish between > root and an ordinary user. Used it since yesterday with no significant problem. > But hey, it could be quite exciting, like carrying a cocked > revolver tucked into your waistband. One casual typo, one > misplaced space, and you can blow away a whole disk. I view this as an experiment. If I destroy the system, I reinstall. The debian installer is moderately easy to use. =8~) Also I have the spare machine ready to go as described in the smartd thread. Did you use DOS decades ago? Have you clobbered a DOS system? If interested, try DebianDog or Puppy or my simpistic approach. > Not really â except perhaps on Puppy where it's been seen as > controversial, and hence discussed. Discussion here. https://wikka.puppylinux.com/spot Note priviledge and and security aspects. > ISTR earlier posts where you've run up against permission problems, ... Not my motivation. This computer isn't a mainframe system with multiple users. I'm just exploring simplifications. Thanks for the feedback,... P. -- mobile: +1 778 951 5147 VoIP: +1 604 670 0140 48.7693 N 123.3053 W
Re: One user system.
From: john doe Date: Wed, 2 Feb 2022 08:04:28 +0100 > I must say, I concur with others in this thread on not removing a single > non-root user. Right oh; I don't aim to remove my original ordinary user account. > If you do not want the regular user, you can simply lock/disable it. Or just ignore it unless a requirement surfaces. Thx, ... P. -- mobile: +1 778 951 5147 VoIP: +1 604 670 0140 48.7693 N 123.3053 W
Re: One user system.
On Tue 01 Feb 2022 at 11:47:35 (-0800), pe...@easthope.ca wrote: > From: john doe > Date: Tue, 1 Feb 2022 19:29:02 +0100 > > If my understanding is correct, you will need to use 'sudo'. > > Thanks. Still a multi-user system. > > Whereas puppy linux has one user, root. And it's been designed with that in mind. Debian hasn't. > To make debian one-user I think of > > mkdir /home/root ; cp -r /root/* /home/root ; rm -r /root ; ln -s /home/root > /root > cp /home/root I can't understand this. If you carry out your intention, then /home becomes just another top-level directory like /media. You don't need to put /root into it just to make a point. You can use it for just your data files, and not your dotfiles — particularly if /home is on a separate partition. > Then proceed as root rather than me. You may hit snags. Some programs might refuse to run, or do strange things because they're written to distinguish between root and an ordinary user. But hey, it could be quite exciting, like carrying a cocked revolver tucked into your waistband. One casual typo, one misplaced space, and you can blow away a whole disk. > Googling "linux one account" returned https://login.ubuntu.com/ and > other pages not relevant to the concept. Odd that the topic doesn't > get more attention. Not really — except perhaps on Puppy where it's been seen as controversial, and hence discussed. ISTR earlier posts where you've run up against permission problems, but IMHO just running as perpetual root is not a sensible answer. Cheers, David.
Re: One user system.
On 2/1/2022 8:47 PM, pe...@easthope.ca wrote: From: john doe Date: Tue, 1 Feb 2022 19:29:02 +0100 If my understanding is correct, you will need to use 'sudo'. Thanks. Still a multi-user system. If you do not want the regular user, you can simply lock/disable it. This way you can use root to your liking (remotely or locally) and forget about other user(s). I must say, I concur with others in this thread on not removing a single non-root user. -- John Doe
Re: One user system.
On 2022-02-01 20:01, Nate Bargmann wrote: I must be the odd one out as I interpreted the OP as having set a root password but now wanting to remove it so as to have just the main user set to do root's work and that root can no longer log in directly. I hope the OP can clarify! I guess that would be: sudo passwd -d to delete the password or: sudo passwd -l to lock the paassword (this can be undone later with sudo passwd -u) Bijan
Re: One user system.
* On 2022 01 Feb 14:09 -0600, Bijan Soleymani wrote: > On 2022-02-01 14:47, pe...@easthope.ca wrote: > > Thanks. Still a multi-user system. > > > > Whereas puppy linux has one user, root. > > > > To make debian one-user I think of > ... > > > > Then proceed as root rather than me. > > Oh! Is your goal to only have root? I assumed you wanted to login as root, > but didn't configure a password for root at setup. I must be the odd one out as I interpreted the OP as having set a root password but now wanting to remove it so as to have just the main user set to do root's work and that root can no longer log in directly. I hope the OP can clarify! - Nate -- "The optimist proclaims that we live in the best of all possible worlds. The pessimist fears this is true." Web: https://www.n0nb.us Projects: https://github.com/N0NB GPG fingerprint: 82D6 4F6B 0E67 CD41 F689 BBA6 FB2C 5130 D55A 8819 signature.asc Description: PGP signature
Re: One user system.
On Tue, 1 Feb 2022 15:08:44 -0500 Bijan Soleymani wrote: > I can't think of a case where you'd want to remove all non root users > though... The only use case I can think of is if you want all the security of Windows 95. Don't do this. There are excellent reasons to separate system administration from day-to-day stuff. -- Does anybody read signatures any more? https://charlescurley.com https://charlescurley.com/blog/
Re: One user system.
On Tue 01 Feb 2022 at 15:08:44 -0500, Bijan Soleymani wrote: > On 2022-02-01 14:47, pe...@easthope.ca wrote: > > Thanks. Still a multi-user system. > > > > Whereas puppy linux has one user, root. > > > > To make debian one-user I think of > ... > > > > Then proceed as root rather than me. > > Oh! Is your goal to only have root? I assumed you wanted to login as root, > but didn't configure a password for root at setup. > > As far as I know there's no option in the standard install to not create a > user account and only create a root account. Depends on what you mean by "standard". From user-setup-udeb_1.88_all.udeb. Template: passwd/make-user Type: boolean Default: true Description: Create a normal user account now? It's a bad idea to use the root account for normal day-to-day activities, such as the reading of electronic mail, because even a small mistake can result in disaster. You should create a normal user account to use for those day-to-day tasks. The OP's requirements are very nurky. Whatever he wants can be done from the installer. -- Brian.
Re: One user system.
On 2022-02-01 14:47, pe...@easthope.ca wrote: Thanks. Still a multi-user system. Whereas puppy linux has one user, root. To make debian one-user I think of ... Then proceed as root rather than me. Oh! Is your goal to only have root? I assumed you wanted to login as root, but didn't configure a password for root at setup. As far as I know there's no option in the standard install to not create a user account and only create a root account. But assuming you have a root password set just remove non-root users: deluser username Just keep in mind stuff like ssh isn't configured to let root log in by default. (Important in case you're doing this remotely and won't be able to login again, without changing the default settings). I can't think of a case where you'd want to remove all non root users though... Bijan
Re: One user system.
On Tue, Feb 01, 2022 at 11:47:35AM -0800, pe...@easthope.ca wrote: > From: john doe > Date: Tue, 1 Feb 2022 19:29:02 +0100 > > If my understanding is correct, you will need to use 'sudo'. > > Thanks. Still a multi-user system. > > Whereas puppy linux has one user, root. > > To make debian one-user I think of > > mkdir /home/root ; cp -r /root/* /home/root ; rm -r /root ; ln -s /home/root > /root > cp /home/root > > Then proceed as root rather than me. > > Googling "linux one account" returned https://login.ubuntu.com/ and > other pages not relevant to the concept. Odd that the topic doesn't > get more attention. > > Thx,... P. > > > -- > mobile: +1 778 951 5147 > VoIP: +1 604 670 0140 >48.7693 N 123.3053 W > Hi, That seems like a very bad idea for security to encourage _everything_ to be done as root and some desktop environments would complain The Ubuntu and others model of creating one user and giving that user sudo powers means only one user on the system. Every Unix system is inherently multi-user/multi role, I think. All the very best, as ever, Andy Cater
Re: One user system.
From: john doe Date: Tue, 1 Feb 2022 19:29:02 +0100 > If my understanding is correct, you will need to use 'sudo'. Thanks. Still a multi-user system. Whereas puppy linux has one user, root. To make debian one-user I think of mkdir /home/root ; cp -r /root/* /home/root ; rm -r /root ; ln -s /home/root /root cp /home/root Then proceed as root rather than me. Googling "linux one account" returned https://login.ubuntu.com/ and other pages not relevant to the concept. Odd that the topic doesn't get more attention. Thx,... P. -- mobile: +1 778 951 5147 VoIP: +1 604 670 0140 48.7693 N 123.3053 W
Re: One user system.
On Tue, Feb 01, 2022 at 10:11:25AM -0800, pe...@easthope.ca wrote: > Hi, > > https://wiki.debian.org/Root states, > > "At installation time, you are asked whether you want to use the root account > or not. > ... > If not, no root account is enabled and the password of the first user created > will be used for administration tasks." This is an unfortunate way of expressing it. The root user exists, of course. It just has no password, so login as root is not possible. As Bijan noted in this thread, you only have to issue `passwd' as root to "fix" that, i.e. `sudo passwd' will do. Cheers -- t signature.asc Description: PGP signature
Re: One user system.
On 2022-02-01 13:29, john doe wrote: If my understanding is correct, you will need to use 'sudo'. Yes. sudo passwd Should allow you so set a password for root. It will ask for your password first (if you haven't run sudo recently), and then new password for root and confirmation of that password. Bijan
Re: One user system.
On 2/1/2022 7:11 PM, pe...@easthope.ca wrote: Hi, https://wiki.debian.org/Root states, "At installation time, you are asked whether you want to use the root account or not. ... If not, no root account is enabled and the password of the first user created will be used for administration tasks." Are instructions to configure that post installation available online? Tips? If my understanding is correct, you will need to use 'sudo'. -- John Doe
