Re: arm people distributing images with user 1000 already allocated, please stop that

[emetib]

> > [use sudo]
> >
> > > The last time I tried that, some years ago, it demanded the old
> > > passwd first. I think that was about Red Hat 7.1's day. I'd been
> > > using it since 1998 and 5.0.
> > >
> > > > i hope that this helps some for future reference.
> > >
> > > If no pw is needed, great.
> >
> > `passwd` invoked as the root user does not require you to provide the
> > current password. You can set the password for any user, including the
> > default user of root. So you would need to invoke 'sudo passwd' to
> > change/set the root password without being prompted for the existing
> > one.
> 
> That policy has been changed then. Its been quite some time, possibly a 
> decade or more since I have attempted that procedure. The last time I 
> tried that, I was asked for the old password, and having forgotten it, 
> was refused. I wound up taking that drive to another machine and 
> removing the root pw in both passwd and shadow files.  Then I could set 
> a new one and did when the drive was re-installed in the machine it ran.
> 
> Cheers, Gene Heskett

i believe that gene is correct on this.

checking with a couple of virtual machines that i have, have found that just 
with the 'sudo shutdown -r now' command the passwd changes.

debian testing -- asks for the user's passwd
centos7 -- asks for the user's passwd
mageia -- asks for user's passwd
opensuse leap -- asks for root's passwd

personally i think that every distro should ask for a root passwd and one 
username upon installation.  from there the sysadmin can assign people what 
privileges by putting them in whatever group, and then assign that group in 
/etc/sudoers.

Re: arm people distributing images with user 1000 already allocated, please stop that

[Gene Heskett]

On Friday 02 December 2016 06:16:31 Jonathan Dowland wrote:

> On Thu, Dec 01, 2016 at 06:06:34PM -0500, Gene Heskett wrote:
> > On Thursday 01 December 2016 15:30:12 emetib wrote:
>
> [use sudo]
>
> > The last time I tried that, some years ago, it demanded the old
> > passwd first. I think that was about Red Hat 7.1's day. I'd been
> > using it since 1998 and 5.0.
> >
> > > i hope that this helps some for future reference.
> >
> > If no pw is needed, great.
>
> `passwd` invoked as the root user does not require you to provide the
> current password. You can set the password for any user, including the
> default user of root. So you would need to invoke 'sudo passwd' to
> change/set the root password without being prompted for the existing
> one.

That policy has been changed then. Its been quite some time, possibly a 
decade or more since I have attempted that procedure. The last time I 
tried that, I was asked for the old password, and having forgotten it, 
was refused. I wound up taking that drive to another machine and 
removing the root pw in both passwd and shadow files.  Then I could set 
a new one and did when the drive was re-installed in the machine it ran.

Cheers, Gene Heskett
-- 
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
Genes Web page 

Re: arm people distributing images with user 1000 already allocated, please stop that

[Gene Heskett]

On Friday 02 December 2016 06:14:34 Jonathan Dowland wrote:

> From what I recall, raspbian's default user is in the sudoers file by
> default too.

Of course it is, Jonathon, but I am the user that counts, and adding me 
to the sudoers and the sudo group still does not get me rights to run 
any graphical package manager safe to use, like synaptic, because 
something, I believe to be in polkit1 overrides the sudo and asks for 
the unk root pw. My grepping thru that area of /etc has not found te 
responsible file however.  I have fixed that by mounting the card on 
this machine and nuking the root pw'd x, than back into the pi and 
setting a new pw that I know.  But while I have 18 years of putzing with 
linux, I most assuredly would not recommend that exotic a fix to be done 
by a windows escapee.

The paranoia exhibited by such actions indicates an excess of holier then 
thou attitudes and needs to be called out as totally un-acceptable to 
the savvy user who is convinced the machine is his, and wants to make it 
do as he pleases.  IMO that level of paranoia has no place in the open 
source arena.  So I'm up on my high horse calling the vendors doing that 
out. These people are, IMNSHO, giving debian a bad user experience that 
does not have to be, and that should not be laid on your doorstep, but 
theirs.

I should clarify that I've had no such problems with your own 
distributions running on x86 hardware, but all of my machinery running 
machines are still on wheezy, as is this one just to be 100% compatible, 
and will continue to be until such time as the security updates cease. 
It Just Works. Converting to jessie is a pretty long step, and with the 
non-stability of systemd tossed in, which has the possibility of 
wrecking a part you've already sunk a thou$and in time and materials 
into while completeing it this far, litterally on the final finish cut 
to final micron accurate size, is subject to us finding a fix BEFORE we 
start making the next copy. That WILL be done even if we have to build 
our own kernels as we've been doing for 15+ years now. However, applying 
the rtai patch kit to get the IRQ response times this software needs, 
has gotten progressively more difficult. To have kernel 4.4.34-v7+ #930 
SMP run it on the arm was a very pleasant surprise as the later x86 
kernels have worse and worse latency.

I'll get me coat now, I've said my piece.

Cheers, Gene Heskett
-- 
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
Genes Web page 

Re: arm people distributing images with user 1000 already allocated, please stop that

[Jonathan Dowland]

On Thu, Dec 01, 2016 at 06:06:34PM -0500, Gene Heskett wrote:
> On Thursday 01 December 2016 15:30:12 emetib wrote:
[use sudo]
> The last time I tried that, some years ago, it demanded the old passwd 
> first. I think that was about Red Hat 7.1's day. I'd been using it since 
> 1998 and 5.0.
> 
> > i hope that this helps some for future reference.
> If no pw is needed, great.

`passwd` invoked as the root user does not require you to provide the current
password. You can set the password for any user, including the default user of
root. So you would need to invoke 'sudo passwd' to change/set the root password
without being prompted for the existing one.


signature.asc
Description: Digital signature

Re: arm people distributing images with user 1000 already allocated, please stop that

[Jonathan Dowland]

From what I recall, raspbian's default user is in the sudoers file by default 
too.


-- 
Jonathan Dowland
Please do not CC me, I am subscribed to the list.


signature.asc
Description: Digital signature

Re: arm people distributing images with user 1000 already allocated, please stop that

[Gene Heskett]

On Thursday 01 December 2016 15:30:12 emetib wrote:

> gene i can understand your pain.  one of the reasons that i don't
> necessarily like sudo systems.
>
> one of the first things that i do when i have a sudo system, ubuntu,
> lmde, raspbian, is to 'sudo su' and then 'passwd' to actually set a
> root password.
>
> i have found that this has remedied the situation that you have
> described here.  with doing the above you wouldn't have to mount the
> sd somewhere else, you just make a new password for root.

The last time I tried that, some years ago, it demanded the old passwd 
first. I think that was about Red Hat 7.1's day. I'd been using it since 
1998 and 5.0.

> i hope that this helps some for future reference.
If no pw is needed, great.
> take care
> em

Well, I am behind a dd-wrt install, which has not been penetrated in over 
a decade of using it. I am the only user unless the Mrs wants to sit 
down and answer an email from her niece in noo yauwk.

That doesn't happen too often as she is getting awful close to dragging 
an oxygen bottle around, COPD, and because computer keyboards scare her 
with all those strange keys and a mouse may as well be a roulette wheel.  
So I'm it. She doesn't even have an account on this box.  So it doesn't 
bither me a bot that the root pw is a linefeed on that little SBC. If 
somehow, someone does root it, I'll always have lst night's amanda 
backup of it. Gotta run, I'm cooking.

Cheers, Gene Heskett
-- 
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
Genes Web page 

Re: arm people distributing images with user 1000 already allocated, please stop that

[emetib]

gene i can understand your pain.  one of the reasons that i don't necessarily 
like sudo systems.

one of the first things that i do when i have a sudo system, ubuntu, lmde, 
raspbian, is to 'sudo su' and then 'passwd' to actually set a root password.

i have found that this has remedied the situation that you have described here. 
 with doing the above you wouldn't have to mount the sd somewhere else, you 
just make a new password for root.

i hope that this helps some for future reference.

take care
em

Re: arm people distributing images with user 1000 already allocated, please stop that

[Joe]

On Thu, 1 Dec 2016 14:17:52 -0500
Gene Heskett  wrote:


> Only then could I load up the software I needed to do the job I
> bought 3 of these SBC's to do.  Not even the first user can "sudo apt
> install" anything that is not in the supplied repo list. So even he
> cannot actually put a raspberry pi 3b to work doing much but browsing
> the web or doing email.  

Don't forget that most of the midget computers are ARM-based, that the
ARM architecture bears no resemblance to that of the i386/amd64, and
that porting software isn't generally just a matter of setting a few
compiler switches. Many ARMs don't have a numeric coprocessor, the
original ARM2 being contemporary with the *real* i386, which needed an
i387.

The result is that ARM software lags behind that for the popular PC
architectures, and that there are many fewer packages in the ARM
repositories than for the traditional architectures.

-- 
Joe

Re: arm people distributing images with user 1000 already allocated, please stop that

[Gene Heskett]

On Thursday 01 December 2016 12:58:59 Alexandre GRIVEAUX wrote:

> Le 01/12/2016 à 18:45, Gene Heskett a écrit :
> > Greetings;
>
> Hello,
>
> > The arm folks, like unbuntu and raspian, are distribution for
> > installation usually on an micro-sd card, install images with the
> > first user pre-configured.  He is in the sudoers file, but the
> > ability to install other software to actually DO something is
> > restricted to a root pw only, and that is unknown/unpublished.
>
> You talk about HAL ?
No. from raspian, the first user is raspi, root is something else I've 
already forgotten.

The distribution I actually installed was the full jessie, which appears 
to be a fully rebuilt, made into an iso then compressed with pk7z and 
downloadable as the 7z file, updated frequently.  And this image has a 
first user=1000, named pi and already sudo configured, but only halfway. 
No gui based real package managers can be used by user pi because 
something in the /etc/pam tree insists on a root pw to run it.  And that 
pw is unknown so the only thing I could do was edit the passwd file by 
mounting the sd card on another machine and remove the root pw entirely.

Only then could I load up the software I needed to do the job I bought 3 
of these SBC's to do.  Not even the first user can "sudo apt install" 
anything that is not in the supplied repo list. So even he cannot 
actually put a raspberry pi 3b to work doing much but browsing the web 
or doing email.  I have a 1500 lb lathe, made in about 1950, which I 
have rebuilt where needed, and modified with more accurate ball screws 
to run, and as it turned out, there is not a fast way to forward the x 
stuff to another sbc. But once I got a good install, it turns out the 
raspi has more than enough power to do the job. I am getting screen 
updates at about 20 a second, quite adequate for this use.

> > I just spent 2 days (and I still have one more item to fix, probably
> > no biggie, but it won't let ME run raspi.config, has a hissy because
> > it can't even find pi's home directory)  with the sd card mounted
> > intermittently in a reader, removing the user pi from the
> > debian-jessie-full image, making it so that I was user 1000 and
> > COULD install what I needed onto an raspberry pi 3b. That SW was
> > linuxcnc, last nights bleeding edge version, supplied in a deb from
> > the buildbot.linuxcnc.org. I expected the raspi to have problems
> > with that SW because of its heavy, and time critical IRQ response
> > requirements. But not a single instance of an out of range delay was
> > recorded while it ran a virtual lathe to make half a dozen chess
> > pawns on that lathe.  So we have a new, in-expensive machine
> > controller lashup.
> >
> > This existing situation is very discouraging to potential new users
> > who expect to be able to do these things from his own account.  And
> > finds out quickly that there are many things that even user 1000
> > still cannot do on the raspi, or an odroid64-c2, an even more
> > powerfull SBC thats still stuck in kernel 3.14 days. And that
> > kernel, while running on it, has NO support for its 4 gpu's, nor
> > working support for spi, which would appear to be the future
> > interface to a machine controller of choice as it gives 72 gpio
> > lines, quite some number of which can become useful functions like a
> > PWM generator to control things that need an analog voltage control,
> > or a stepper motor pulse generator, even a quadrature encoder
> > receiver capable of tracking spindle position to a 1.5 degree
> > accuracy at 12,000 rpms in the encoder I've built.  All that in an
> > fpga card that sells for $53 and can be field re-programmed with one
> > of many supplied fpga bit files.
>
> If the maker of the board and/or SoC doesn't help the board can be
> forever on old kernel with unknown source.

Lets just say that while their forums are helpfull, they've also been 
drinking the koolaid and don't seem to want to understand questions 
about this. Replies always just change the subject.

> > Thats the bragging. But the pre-allocation of user 1000 in the
> > distributed image, instead of that being part of the normal first
> > login procedure is a PAIN IN THE A$$ to fix so that the first user
> > can actually install what he needs to get his job done while logging
> > in as himself, using his normal pw.
> >
> > Please exert what ever influence you may have to make the first user
> > a first login function again for the arm distributions that port
> > your
>
> Like you write it's distributed image he as nothing to do with the
> source, the distro maker choose to use that, you should talk to them.

I have tried thru their forums and have been either ignored, or the 
content of the replies wasn't at all about what I was asking for help 
with.  Hence my plea to you, the source of the code that is being built 
for the raspi's.

> > source.
> >
> > Thank you Debian for a great, stable (I'm still on wheezy with this
> > old, 

Re: arm people distributing images with user 1000 already allocated, please stop that

[Alexandre GRIVEAUX]

Le 01/12/2016 à 18:45, Gene Heskett a écrit :
> Greetings;
Hello,
>
> The arm folks, like unbuntu and raspian, are distribution for 
> installation usually on an micro-sd card, install images with the first 
> user pre-configured.  He is in the sudoers file, but the ability to 
> install other software to actually DO something is restricted to a root 
> pw only, and that is unknown/unpublished.
You talk about HAL ?
>
> I just spent 2 days (and I still have one more item to fix, probably no 
> biggie, but it won't let ME run raspi.config, has a hissy because it 
> can't even find pi's home directory)  with the sd card mounted 
> intermittently in a reader, removing the user pi from the 
> debian-jessie-full image, making it so that I was user 1000 and COULD 
> install what I needed onto an raspberry pi 3b. That SW was linuxcnc, 
> last nights bleeding edge version, supplied in a deb from the 
> buildbot.linuxcnc.org. I expected the raspi to have problems with that 
> SW because of its heavy, and time critical IRQ response requirements. 
> But not a single instance of an out of range delay was recorded while it 
> ran a virtual lathe to make half a dozen chess pawns on that lathe.  So 
> we have a new, in-expensive machine controller lashup.
>
> This existing situation is very discouraging to potential new users who 
> expect to be able to do these things from his own account.  And finds 
> out quickly that there are many things that even user 1000 still cannot 
> do on the raspi, or an odroid64-c2, an even more powerfull SBC thats 
> still stuck in kernel 3.14 days. And that kernel, while running on it, 
> has NO support for its 4 gpu's, nor working support for spi, which would 
> appear to be the future interface to a machine controller of choice as 
> it gives 72 gpio lines, quite some number of which can become useful 
> functions like a PWM generator to control things that need an analog 
> voltage control, or a stepper motor pulse generator, even a quadrature 
> encoder receiver capable of tracking spindle position to a 1.5 degree 
> accuracy at 12,000 rpms in the encoder I've built.  All that in an fpga 
> card that sells for $53 and can be field re-programmed with one of many 
> supplied fpga bit files.
If the maker of the board and/or SoC doesn't help the board can be
forever on old kernel with unknown source.
>
> Thats the bragging. But the pre-allocation of user 1000 in the 
> distributed image, instead of that being part of the normal first login 
> procedure is a PAIN IN THE A$$ to fix so that the first user can 
> actually install what he needs to get his job done while logging in as 
> himself, using his normal pw.
>
> Please exert what ever influence you may have to make the first user a 
> first login function again for the arm distributions that port your 
Like you write it's distributed image he as nothing to do with the
source, the distro maker choose to use that, you should talk to them.
> source.
>
> Thank you Debian for a great, stable (I'm still on wheezy with this old, 
> slow, Phenom powered machine) os.  Its a place of familiarity that Just 
> Works(TM) if one doesn't want to be a lab rat.
>
> Cheers, Gene Heskett
Thanks.