[DNG] Fwd: [Bug 225361] Re: .gvfs can't be stat'd by root causing backup tools to fail
This is why I hate Gnome! I'm wondering how they made something that root cannot access. This is not Unix! Originalnachricht Betreff: [Bug 225361] Re: .gvfs can't be stat'd by root causing backup tools to fail Datum: 2018-11-07 20:31 Von: Bug Watch Updater <225...@bugs.launchpad.net> An: j...@fahrner.name Antwort an: Bug 225361 <225...@bugs.launchpad.net> ** Changed in: gvfs (ALT Linux) Status: Confirmed => Expired ** Changed in: gvfs Status: Confirmed => Expired -- You received this bug notification because you are subscribed to the bug report. https://bugs.launchpad.net/bugs/225361 Title: .gvfs can't be stat'd by root causing backup tools to fail Status in gvfs: Expired Status in gvfs package in Ubuntu: Fix Released Status in gvfs package in ALT Linux: Expired Bug description: Problem === For security reasons ( possible DoS ), other users (esp. root) cannot access a fuse filesystem, and not even stat the mountpoint: $ sudo stat .gvfs stat: cannot stat `.gvfs': Permission denied $ sudo ls -la ls: cannot access .gvfs: Permission denied d? ? ? ? ?? .gvfs This means "rsync --one-file-system" (and similar options for find, tar...) cannot know this is a different file system they actually want to exclude, and fail on the permission denied error. Please note that it is GOOD AND CORRECT that root cannot copy the .gvfs directory. The real problem is that the stat fails. Workarounds === * bind-mount the file system you want to backup beforehand (see comment #67) See also === * Excellent description of the problem in bug 227724 * fuse-devel mailing list saying this will all be solved someday using "private namespaces" http://thread.gmane.org/gmane.comp.file-systems.fuse.devel/3497/focus=3502 http://thread.gmane.org/gmane.comp.file-systems.fuse.devel/7169/focus=7236 http://thread.gmane.org/gmane.comp.file-systems.fuse.devel/6197 (no answer at all) * Kernel documentation explaing the DoS http://www.kernel.org/doc/Documentation/filesystems/fuse.txt To manage notifications about this bug go to: https://bugs.launchpad.net/gvfs/+bug/225361/+subscriptions ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Online DNS & Bind Refeences.
Quoting KatolaZ (kato...@freaknet.org): > named-checkconf is only half the story. The other half is > named-checkzone :P Oh, and also: If your zonefiles have $INCLUDE directives and BIND9 is running in a chroot, then named-checkzone will break as it will not understand the referenced file's pathspec as being phrased in the context of the chroot. By contrast, named-checkconf -z -t $CHROOTSPEC does the right thing. That was the specific reason why named-checkzone was useless at my prior firm. We both made extensive use of $INCLUDE and ran BIND9 chrooted. ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Online DNS & Bind Refeences.
Quoting KatolaZ (kato...@freaknet.org): > named-checkconf is only half the story. The other half is > named-checkzone :P IMO, the most useful to say about named-checkzone is that it's redundant to 'named-checkconf -z'. So there, I've covered it. ;-> ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Fwd: [Bug 225361] Re: .gvfs can't be stat'd by root causing backup tools to fail
Quoting J. Fahrner (j...@fahrner.name): > This is why I hate Gnome! > I'm wondering how they made something that root cannot access. This > is not Unix! Isn't this an eyebrow-raising FUSE developer policy, rather than an eyebrow-raising GNOME developer policy? -- Cheers, I could maybe do one pilate. Rick Moen -- Matt Watson (@biorhythmist) r...@linuxmafia.com McQ! (4x80) ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Fwd: [Bug 225361] Re: .gvfs can't be stat'd by root causing backup tools to fail
Am 2018-11-07 21:12, schrieb Rick Moen: Isn't this an eyebrow-raising FUSE developer policy, rather than an eyebrow-raising GNOME developer policy? GVFS stands for GNOME Virtual File System ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] "Sloppy" backports
On Thu, Nov 01, 2018 at 12:15:35AM +0100, Antony Stone wrote: > On Wednesday 31 October 2018 at 23:59:33, taii...@gmx.com wrote: > > > What do they mean by sloppy? > > https://backports.debian.org/Instructions/#index4h2 So the sloppy distributions are not not required to be cleanly upgraded? -- hendrik ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Fwd: [Bug 225361] Re: .gvfs can't be stat'd by root causing backup tools to fail
Quoting J. Fahrner (j...@fahrner.name): > Am 2018-11-07 21:12, schrieb Rick Moen: > >Isn't this an eyebrow-raising FUSE developer policy, rather than an > >eyebrow-raising GNOME developer policy? > > GVFS stands for GNOME Virtual File System I'm completely aware of what GVFS stands for. You seem to be missing the point. The prohibition of access by any user (even root) other than the owning user is imposed by the kernel FUSE layer that GVFS uses, not by GVFS. The point is that all FUSE filesystems (e.g., sshfs) would do the same. It appears that you can change that behaviour (not tested by me) by enabling user_allow_other in /etc/fuse.conf. -- Cheers, "I am a member of a civilization (IAAMOAC). Step back Rick Moenfrom anger. Study how awful our ancestors had it, yet r...@linuxmafia.com they struggled to get you here. Repay them by appreciating McQ! (4x80) the civilization you inherited." -- David Brin ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Devuan on a Purism
On Sun, 4 Nov 2018 08:55:55 +0100 Andreas Messer wrote: > On Sun, Nov 04, 2018 at 12:11:44AM +0100, Adam Borowski wrote: > > It's a _touchscreen_ phone, not a "real" computer. For that you > > want Gemini or GPD Pocket. The input device is not fit for any > > real hacking. You at most connect to it from the outside. > > Well, according to their information it is going to have an USB-C with > HDMI output. So Id expect you'ld be able to connect a standard > monitor and USB Keyboard/Mice. Not that I'd get one (I have too many toys), but the phone+desktop has been a dream for some time now. e.g.: https://www.indiegogo.com/projects/ubuntu-edge Personally I'm holding out for a Pyra. Maybe with a bluetooth headset it would make for a fine phone.. http://pyra-handheld.com/ They'll be putting Debian on it. I expect it'll be straightforward to put Devuan on it, since their previous system (OpenPandora) had people putting Arch and Slackware on it, and there's a good community who'll hack away at interesting problems. ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
[DNG] ..how CEOs & Security Flaws In Your Computer Chip Leaves You Vulnerable...
Hi, ..enjoy: https://www.youtube.com/watch?v=0K6WupUMb-E ..disclaimer: These 2 lawyers discuss the fundamental cause of such tech etc flaws: Human / C-level greed, corporate policy, flawed laws and ditto enforcement. No "tech" symptom band aids here. -- ..med vennlig hilsen = with Kind Regards from Arnt Karlsen ...with a number of polar bear hunters in his ancestry... Scenarios always come in sets of three: best case, worst case, and just in case. ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Fwd: [Bug 225361] Re: .gvfs can't be stat'd by root causing backup tools to fail
On 07/11/2018 22:17, Rick Moen wrote: It appears that you can change that behaviour (not tested by me) by enabling user_allow_other in /etc/fuse.conf. Yes I can confirm this works :) ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Fwd: [Bug 225361] Re: .gvfs can't be stat'd by root causing backup tools to fail
Am 2018-11-07 22:17, schrieb Rick Moen: You seem to be missing the point. The prohibition of access by any user (even root) other than the owning user is imposed by the kernel FUSE layer that GVFS uses, not by GVFS. The point is that all FUSE filesystems (e.g., sshfs) would do the same. I don't think this behaviour is related to FUSE. .gvfs is inaccessible by root even if no FUSE filesystems are mounted. I removed GVFS and now mount usb drives through spacefm (with udevil), no problems there! Jochen ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Fwd: [Bug 225361] Re: .gvfs can't be stat'd by root causing backup tools to fail
Quoting J. Fahrner (j...@fahrner.name): > Am 2018-11-07 22:17, schrieb Rick Moen: > >You seem to be missing the point. The prohibition of access by any > >user (even root) other than the owning user is imposed by the kernel > >FUSE layer that GVFS uses, not by GVFS. The point is that all FUSE > >filesystems (e.g., sshfs) would do the same. > > I don't think this behaviour is related to FUSE. .gvfs is inaccessible > by root even if no FUSE filesystems are mounted. I removed GVFS and > now mount usb drives through spacefm (with udevil), no problems there! All the credible online sources I've seen claims that GVFS is implemented via the FUSE subsystem. E.g.: https://unix.stackexchange.com/questions/77453/why-cannot-find-read-run-user-1000-gvfs-even-though-it-is-running-as-root https://serverfault.com/questions/12162/directory-that-a-user-can-read-but-root-cant https://stackoverflow.com/questions/18307758/linux-skip-root-gvfs-when-executing-df-command-with-non-root-user?rq=1 https://superuser.com/questions/228261/how-to-properly-start-gvfs-without-gnome Also, https://wiki.gnome.org/Projects/gvfs suggests that this is still the case. (I carefully avoid GNOME, so I have no test cases at hand.) -- Cheers, Romana: "I don't think we should interfere." Rick Moen The Doctor: "Interfere?" Of course we should interfere. r...@linuxmafia.com Always do what you're best at, that's what I say." McQ! (4x80) -- Doctor Who, "Nightmare of Eden" ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Online DNS & Bind Refeences.
On Tue, Nov 06, 2018 at 10:25:21PM -0800, Rick Moen wrote: > Quoting terryc (ter...@woa.com.au): > > > 1. What do people recommend as online sources for Bind configuration > > these days. > > Online book _DNS for Rocket Scientists_, > http://www.zytrax.com/books/dns/. > > > 2. what programs do you recommend for checking the configuration files. > > named-checkconf . It comes with BIND9, but many admins are unaware of > it and its essential nature -- that being where the otherwise woefully > lacking linting routines are. named-checkconf is only half the story. The other half is named-checkzone :P HND KatolaZ -- [ ~.,_ Enzo Nicosia aka KatolaZ - Devuan -- Freaknet Medialab ] [ "+. katolaz [at] freaknet.org --- katolaz [at] yahoo.it ] [ @) http://kalos.mine.nu --- Devuan GNU + Linux User ] [ @@) http://maths.qmul.ac.uk/~vnicosia -- GPG: 0B5F062F ] [ (@@@) Twitter: @KatolaZ - skype: katolaz -- github: KatolaZ ] signature.asc Description: PGP signature ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] "Sloppy" backports
I would also like to see sloppy added as the latest ZFS packages are there. Chris On October 31, 2018 2:01:35 AM MDT, Joril wrote: >Hi everyone! > >I've just become aware of the existence of jessie-backports-sloppy :D >It >looks like this distribution is not available on Devuan's repository, >is >this an oversight or by design? > >Thanks for your time! >___ >Dng mailing list >Dng@lists.dyne.org >https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng