Re: [Emc-users] fail2ban default setup gotcha
Le 25/12/2011 23:28, Jon Elson a écrit : Linux distros. Ctrl/Alt/F7 goes back to the Xwindows screen if it is working. or ctrl/alt/F8 sometimes, e.g. if for some reason *dm crashed and respawned. Ctrl/Alt/backspace kills Xwindows. not anymore on *buntu distros. If you want it, you need to re-activate it on the Xorg.conf file. -- Write once. Port to many. Get the SDK and tools to simplify cross-platform app development. Create new or port existing apps to sell to consumers worldwide. Explore the Intel AppUpSM program developer opportunity. appdeveloper.intel.com/join http://p.sf.net/sfu/intel-appdev ___ Emc-users mailing list Emc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/emc-users
Re: [Emc-users] fail2ban default setup gotcha
On 12/24/2011 3:32 PM, Jon Elson wrote: gene heskett wrote: And sudo quits working, so you can't fix anything else. You actually can, but you have to get down to hacker level. You can get into grub, show the default boot command, and add the option to go to single-user boot mode. When Linux comes up, you are the super-user, period. Here a link with some pictures: http://www.cyberciti.biz/faq/grub-boot-into-single-user-mode/ I've had to do stuff like this a few times when the boot record got messed up or something. Jon Anybody remember the Alt-somethingorother key combo to bring up the running of the startup scripts rather than the Ubuntu splash screen during boot? I thought I had it saved away somewhere but I'll be durned if I can find it. That's helpful if you are having issues with a process on startup or a hang during the boot. Mark -- Write once. Port to many. Get the SDK and tools to simplify cross-platform app development. Create new or port existing apps to sell to consumers worldwide. Explore the Intel AppUpSM program developer opportunity. appdeveloper.intel.com/join http://p.sf.net/sfu/intel-appdev ___ Emc-users mailing list Emc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/emc-users
Re: [Emc-users] fail2ban default setup gotcha
esc and the splash-screen goes away alt+F6 for dmesg output Am Sonntag, 25. Dezember 2011 schrieb Mark Wendt (Contractor): On 12/24/2011 3:32 PM, Jon Elson wrote: gene heskett wrote: And sudo quits working, so you can't fix anything else. You actually can, but you have to get down to hacker level. You can get into grub, show the default boot command, and add the option to go to single-user boot mode. When Linux comes up, you are the super-user, period. Here a link with some pictures: http://www.cyberciti.biz/faq/grub-boot-into-single-user-mode/ I've had to do stuff like this a few times when the boot record got messed up or something. Jon Anybody remember the Alt-somethingorother key combo to bring up the running of the startup scripts rather than the Ubuntu splash screen during boot? I thought I had it saved away somewhere but I'll be durned if I can find it. That's helpful if you are having issues with a process on startup or a hang during the boot. Mark --- --- Write once. Port to many. Get the SDK and tools to simplify cross-platform app development. Create new or port existing apps to sell to consumers worldwide. Explore the Intel AppUpSM program developer opportunity. appdeveloper.intel.com/join http://p.sf.net/sfu/intel-appdev ___ Emc-users mailing list Emc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/emc-users -- Mag. Dr. Nikolaus Klepp Einnehmerstraße 14 A-4810 Gmunden Tel.: +43 650 82 11 724 email: off...@klepp.biz dr.kl...@gmx.at -- Write once. Port to many. Get the SDK and tools to simplify cross-platform app development. Create new or port existing apps to sell to consumers worldwide. Explore the Intel AppUpSM program developer opportunity. appdeveloper.intel.com/join http://p.sf.net/sfu/intel-appdev ___ Emc-users mailing list Emc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/emc-users
Re: [Emc-users] fail2ban default setup gotcha
On Sunday, December 25, 2011 09:21:09 AM Mark Wendt (Contractor) did opine: On 12/24/2011 3:32 PM, Jon Elson wrote: gene heskett wrote: And sudo quits working, so you can't fix anything else. You actually can, but you have to get down to hacker level. You can get into grub, show the default boot command, and add the option to go to single-user boot mode. When Linux comes up, you are the super-user, period. Here a link with some pictures: http://www.cyberciti.biz/faq/grub-boot-into-single-user-mode/ I've had to do stuff like this a few times when the boot record got messed up or something. Jon Anybody remember the Alt-somethingorother key combo to bring up the running of the startup scripts rather than the Ubuntu splash screen during boot? I thought I had it saved away somewhere but I'll be durned if I can find it. That's helpful if you are having issues with a process on startup or a hang during the boot. Mark Vendors tend to move that around, here its the esc key, but flaky, sometime you have to tap it more than once. Or you can usually edit the grub kernel line and add nosplash. I usually do that with a sudo -i, vim /boot/grub/menu.lst (or whatever its called on your version, could be grub.conf too, depends on the vendor) Some vendors also have a softlinked copy of it in the /etc directory too. -- Write once. Port to many. Get the SDK and tools to simplify cross-platform app development. Create new or port existing apps to sell to consumers worldwide. Explore the Intel AppUpSM program developer opportunity. appdeveloper.intel.com/join http://p.sf.net/sfu/intel-appdev ___ Emc-users mailing list Emc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/emc-users Cheers, Gene -- There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order. -Ed Howdershelt (Author) My web page: http://coyoteden.dyndns-free.com:85/gene For God's sake, stop researching for a while and begin to think! -- Write once. Port to many. Get the SDK and tools to simplify cross-platform app development. Create new or port existing apps to sell to consumers worldwide. Explore the Intel AppUpSM program developer opportunity. appdeveloper.intel.com/join http://p.sf.net/sfu/intel-appdev ___ Emc-users mailing list Emc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/emc-users
Re: [Emc-users] fail2ban default setup gotcha
On 12/25/2011 9:35 AM, gene heskett wrote: Anybody remember the Alt-somethingorother key combo to bring up the running of the startup scripts rather than the Ubuntu splash screen during boot? I thought I had it saved away somewhere but I'll be durned if I can find it. That's helpful if you are having issues with a process on startup or a hang during the boot. Mark Vendors tend to move that around, here its the esc key, but flaky, sometime you have to tap it more than once. Or you can usually edit the grub kernel line and add nosplash. I usually do that with a sudo -i, vim /boot/grub/menu.lst (or whatever its called on your version, could be grub.conf too, depends on the vendor) Some vendors also have a softlinked copy of it in the /etc directory too. Thanks! Mark -- Write once. Port to many. Get the SDK and tools to simplify cross-platform app development. Create new or port existing apps to sell to consumers worldwide. Explore the Intel AppUpSM program developer opportunity. appdeveloper.intel.com/join http://p.sf.net/sfu/intel-appdev ___ Emc-users mailing list Emc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/emc-users
Re: [Emc-users] fail2ban default setup gotcha
Thanks! Mark On 12/25/2011 8:08 AM, Mag. Dr. Nikolaus Klepp wrote: esc and the splash-screen goes away alt+F6 for dmesg output Am Sonntag, 25. Dezember 2011 schrieb Mark Wendt (Contractor): On 12/24/2011 3:32 PM, Jon Elson wrote: gene heskett wrote: And sudo quits working, so you can't fix anything else. You actually can, but you have to get down to hacker level. You can get into grub, show the default boot command, and add the option to go to single-user boot mode. When Linux comes up, you are the super-user, period. Here a link with some pictures: http://www.cyberciti.biz/faq/grub-boot-into-single-user-mode/ I've had to do stuff like this a few times when the boot record got messed up or something. Jon Anybody remember the Alt-somethingorother key combo to bring up the running of the startup scripts rather than the Ubuntu splash screen during boot? I thought I had it saved away somewhere but I'll be durned if I can find it. That's helpful if you are having issues with a process on startup or a hang during the boot. Mark --- --- Write once. Port to many. Get the SDK and tools to simplify cross-platform app development. Create new or port existing apps to sell to consumers worldwide. Explore the Intel AppUpSM program developer opportunity. appdeveloper.intel.com/join http://p.sf.net/sfu/intel-appdev ___ Emc-users mailing list Emc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/emc-users -- Write once. Port to many. Get the SDK and tools to simplify cross-platform app development. Create new or port existing apps to sell to consumers worldwide. Explore the Intel AppUpSM program developer opportunity. appdeveloper.intel.com/join http://p.sf.net/sfu/intel-appdev ___ Emc-users mailing list Emc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/emc-users
Re: [Emc-users] fail2ban default setup gotcha
On Sunday, December 25, 2011 11:51:20 AM Mark Wendt (Contractor) did opine: On 12/25/2011 9:35 AM, gene heskett wrote: Anybody remember the Alt-somethingorother key combo to bring up the running of the startup scripts rather than the Ubuntu splash screen during boot? I thought I had it saved away somewhere but I'll be durned if I can find it. That's helpful if you are having issues with a process on startup or a hang during the boot. Mark Vendors tend to move that around, here its the esc key, but flaky, sometime you have to tap it more than once. Or you can usually edit the grub kernel line and add nosplash. I usually do that with a sudo -i, vim /boot/grub/menu.lst (or whatever its called on your version, could be grub.conf too, depends on the vendor) Some vendors also have a softlinked copy of it in the /etc directory too. Thanks! Mark NP Mark, Merry Christmas! Cheers, Gene -- There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order. -Ed Howdershelt (Author) My web page: http://coyoteden.dyndns-free.com:85/gene Some of them want to use you, Some of them want to be used by you, ...Everybody's looking for something. -- Eurythmics -- Write once. Port to many. Get the SDK and tools to simplify cross-platform app development. Create new or port existing apps to sell to consumers worldwide. Explore the Intel AppUpSM program developer opportunity. appdeveloper.intel.com/join http://p.sf.net/sfu/intel-appdev ___ Emc-users mailing list Emc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/emc-users
Re: [Emc-users] fail2ban default setup gotcha
On 12/25/2011 11:51 AM, gene heskett wrote: On Sunday, December 25, 2011 11:51:20 AM Mark Wendt (Contractor) did opine: On 12/25/2011 9:35 AM, gene heskett wrote: Anybody remember the Alt-somethingorother key combo to bring up the running of the startup scripts rather than the Ubuntu splash screen during boot? I thought I had it saved away somewhere but I'll be durned if I can find it. That's helpful if you are having issues with a process on startup or a hang during the boot. Mark Vendors tend to move that around, here its the esc key, but flaky, sometime you have to tap it more than once. Or you can usually edit the grub kernel line and add nosplash. I usually do that with a sudo -i, vim /boot/grub/menu.lst (or whatever its called on your version, could be grub.conf too, depends on the vendor) Some vendors also have a softlinked copy of it in the /etc directory too. Thanks! Mark NP Mark, Merry Christmas! Cheers, Gene And a very Merry Christmas to you and your lovely wife Gene! Mark -- Write once. Port to many. Get the SDK and tools to simplify cross-platform app development. Create new or port existing apps to sell to consumers worldwide. Explore the Intel AppUpSM program developer opportunity. appdeveloper.intel.com/join http://p.sf.net/sfu/intel-appdev ___ Emc-users mailing list Emc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/emc-users
Re: [Emc-users] fail2ban default setup gotcha
Mark Wendt (Contractor) wrote: Anybody remember the Alt-somethingorother key combo to bring up the running of the startup scripts rather than the Ubuntu splash screen during boot? I thought I had it saved away somewhere but I'll be durned if I can find it. That's helpful if you are having issues with a process on startup or a hang during the boot. Ctrl/Alt/F1 goes to the boot-time startup screen, F2-F4 do alternate TTY consoles on most Linux distros. Ctrl/Alt/F7 goes back to the Xwindows screen if it is working. Ctrl/Alt/backspace kills Xwindows. Jon -- Write once. Port to many. Get the SDK and tools to simplify cross-platform app development. Create new or port existing apps to sell to consumers worldwide. Explore the Intel AppUpSM program developer opportunity. appdeveloper.intel.com/join http://p.sf.net/sfu/intel-appdev ___ Emc-users mailing list Emc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/emc-users
Re: [Emc-users] fail2ban default setup gotcha
On 12/23/2011 2:47 PM, gene heskett wrote: I sounded like a good idea, but: [gene@coyote ~]$ ssh shop gene@shop's password: Linux shop 2.6.32-122-rtai #rtai SMP Tue Jul 27 12:44:07 CDT 2010 i686 GNU/Linux Ubuntu 10.04.3 LTS Welcome to Ubuntu! * Documentation: https://help.ubuntu.com/ 11 packages can be updated. 6 updates are security updates. Last login: Thu Dec 22 09:38:52 2011 from coyote.coyote.den gene@shop:~$ sudo useradd -u 500 gene [sudo] password for gene: useradd: user 'gene' already exists So there isn't an obvious way to make the user numbers match between the *buntu's and the rest of the world. The last time I tried that, I wound up re-installing to fix it. Cheers, Gene Gene, What about good old vi, or gedit on the /etc/passwd and /etc/group files, changing the uid and gid to what ever you need, then doing a chown -R gene:gene on /home/gene No need to reinstall. Just a little careful editing is all you need. Mark -- Write once. Port to many. Get the SDK and tools to simplify cross-platform app development. Create new or port existing apps to sell to consumers worldwide. Explore the Intel AppUpSM program developer opportunity. appdeveloper.intel.com/join http://p.sf.net/sfu/intel-appdev ___ Emc-users mailing list Emc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/emc-users
Re: [Emc-users] fail2ban default setup gotcha
On 12/23/2011 6:18 PM, gene heskett wrote: On Friday, December 23, 2011 06:11:28 PM Mark Cason did opine: On 12/23/2011 01:47 PM, gene heskett wrote: Last login: Thu Dec 22 09:38:52 2011 from coyote.coyote.den gene@shop:~$ sudo useradd -u 500 gene to modify a user, you must use usermod: sudo usermod -u 500 gene I haven't used usermod in a lng time, so I don't know if you need to change user, and group, for all of the files you own. sudo chown -R gene.gene /home/gene That has been done long ago Mark. The problem is that on pclos (this box) gene is the first user, with a userid of 500. On ubuntu, gene is also the first user 1000, so when user 500 tries to copy a file to /home/user=1000 on ubuntu, its 100% no permissions. Now if the copy utilities used the username, and it was the same $name on both machines, there is no clash. Cheers, Gene Change the user gene on the ubuntu machine to a uid:gid of 500:500. Mark -- Write once. Port to many. Get the SDK and tools to simplify cross-platform app development. Create new or port existing apps to sell to consumers worldwide. Explore the Intel AppUpSM program developer opportunity. appdeveloper.intel.com/join http://p.sf.net/sfu/intel-appdev ___ Emc-users mailing list Emc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/emc-users
Re: [Emc-users] fail2ban default setup gotcha
Le 23/12/2011 23:35, Mark Cason a écrit : On 12/23/2011 01:47 PM, gene heskett wrote: Last login: Thu Dec 22 09:38:52 2011 from coyote.coyote.den gene@shop:~$ sudo useradd -u 500 gene to modify a user, you must use usermod: sudo usermod -u 500 gene I haven't used usermod in a lng time, so I don't know if you need to change user, and group, for all of the files you own. sudo chown -R gene.gene /home/gene yes, you need to. And this will work, I've ever done this long time ago. But to be sure there will not occurs any problem using sudo while doing theses manipulations, I suggest you create a root password first : sudo passwd root then su, or better log off (ctrl-d) then log in as root and then, logged as root, you do all the user modification stuff. -- Write once. Port to many. Get the SDK and tools to simplify cross-platform app development. Create new or port existing apps to sell to consumers worldwide. Explore the Intel AppUpSM program developer opportunity. appdeveloper.intel.com/join http://p.sf.net/sfu/intel-appdev ___ Emc-users mailing list Emc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/emc-users
Re: [Emc-users] fail2ban default setup gotcha
On Saturday, December 24, 2011 09:00:31 AM Mark Wendt (Contractor) did opine: On 12/23/2011 2:47 PM, gene heskett wrote: I sounded like a good idea, but: [gene@coyote ~]$ ssh shop gene@shop's password: Linux shop 2.6.32-122-rtai #rtai SMP Tue Jul 27 12:44:07 CDT 2010 i686 GNU/Linux Ubuntu 10.04.3 LTS Welcome to Ubuntu! * Documentation: https://help.ubuntu.com/ 11 packages can be updated. 6 updates are security updates. Last login: Thu Dec 22 09:38:52 2011 from coyote.coyote.den gene@shop:~$ sudo useradd -u 500 gene [sudo] password for gene: useradd: user 'gene' already exists So there isn't an obvious way to make the user numbers match between the *buntu's and the rest of the world. The last time I tried that, I wound up re-installing to fix it. Cheers, Gene Gene, What about good old vi, or gedit on the /etc/passwd and /etc/group files, changing the uid and gid to what ever you need, then doing a chown -R gene:gene on /home/gene No need to reinstall. Just a little careful editing is all you need. Mark I did something like that, including the chown -R back on 8.04 and had to reinstall. Among other things, sudo quit working so I couldn't fix the rest of the perms problems that created. Cheers, Gene -- There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order. -Ed Howdershelt (Author) My web page: http://coyoteden.dyndns-free.com:85/gene (null cookie; hope that's ok) -- Write once. Port to many. Get the SDK and tools to simplify cross-platform app development. Create new or port existing apps to sell to consumers worldwide. Explore the Intel AppUpSM program developer opportunity. appdeveloper.intel.com/join http://p.sf.net/sfu/intel-appdev ___ Emc-users mailing list Emc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/emc-users
Re: [Emc-users] fail2ban default setup gotcha
On Sat, 24 Dec 2011 09:05:57 -0500 gene heskett ghesk...@wdtv.com wrote: And sudo quits working, so you can't fix anything else. Even if sudo, su and direct root login stop working, you can still fix it by directly booting into a shell with init=/bin/bash rw And if that also fails (because you configured grub to skip the boot menu or something), you can still mount the rootfs from a live-CD distro and change things there. -- Greetings, Michael. -- Write once. Port to many. Get the SDK and tools to simplify cross-platform app development. Create new or port existing apps to sell to consumers worldwide. Explore the Intel AppUpSM program developer opportunity. appdeveloper.intel.com/join http://p.sf.net/sfu/intel-appdev ___ Emc-users mailing list Emc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/emc-users
Re: [Emc-users] fail2ban default setup gotcha
Le 24/12/2011 15:04, gene heskett a écrit : On Saturday, December 24, 2011 09:00:31 AM Mark Wendt (Contractor) did opine: On 12/23/2011 2:47 PM, gene heskett wrote: I sounded like a good idea, but: [gene@coyote ~]$ ssh shop gene@shop's password: Linux shop 2.6.32-122-rtai #rtai SMP Tue Jul 27 12:44:07 CDT 2010 i686 GNU/Linux Ubuntu 10.04.3 LTS Welcome to Ubuntu! * Documentation: https://help.ubuntu.com/ 11 packages can be updated. 6 updates are security updates. Last login: Thu Dec 22 09:38:52 2011 from coyote.coyote.den gene@shop:~$ sudo useradd -u 500 gene [sudo] password for gene: useradd: user 'gene' already exists So there isn't an obvious way to make the user numbers match between the *buntu's and the rest of the world. The last time I tried that, I wound up re-installing to fix it. Cheers, Gene Gene, What about good old vi, or gedit on the /etc/passwd and /etc/group files, changing the uid and gid to what ever you need, then doing a chown -R gene:gene on /home/gene No need to reinstall. Just a little careful editing is all you need. Mark I did something like that, including the chown -R back on 8.04 and had to reinstall. Among other things, sudo quit working so I couldn't fix the rest of the perms problems that created. Cheers, Gene yeah sudo quit working due to permission problems during the operation. This is why you need to create a root password first, and login as root to make the user modification. sudo password root then you log off the graphical interface switch to terminal (ctrl-F1) login as root make the modifications go back to the graphical login (ctrl-F7 or F8) then login as your normal user, and that's all. -- Write once. Port to many. Get the SDK and tools to simplify cross-platform app development. Create new or port existing apps to sell to consumers worldwide. Explore the Intel AppUpSM program developer opportunity. appdeveloper.intel.com/join http://p.sf.net/sfu/intel-appdev ___ Emc-users mailing list Emc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/emc-users
Re: [Emc-users] fail2ban default setup gotcha
On Saturday, December 24, 2011 12:14:41 PM yann jautard did opine: Le 24/12/2011 15:04, gene heskett a écrit : On Saturday, December 24, 2011 09:00:31 AM Mark Wendt (Contractor) did opine: On 12/23/2011 2:47 PM, gene heskett wrote: I sounded like a good idea, but: [gene@coyote ~]$ ssh shop gene@shop's password: Linux shop 2.6.32-122-rtai #rtai SMP Tue Jul 27 12:44:07 CDT 2010 i686 GNU/Linux Ubuntu 10.04.3 LTS Welcome to Ubuntu! * Documentation: https://help.ubuntu.com/ 11 packages can be updated. 6 updates are security updates. Last login: Thu Dec 22 09:38:52 2011 from coyote.coyote.den gene@shop:~$ sudo useradd -u 500 gene [sudo] password for gene: useradd: user 'gene' already exists So there isn't an obvious way to make the user numbers match between the *buntu's and the rest of the world. The last time I tried that, I wound up re-installing to fix it. Cheers, Gene Gene, What about good old vi, or gedit on the /etc/passwd and /etc/group files, changing the uid and gid to what ever you need, then doing a chown -R gene:gene on /home/gene No need to reinstall. Just a little careful editing is all you need. Mark I did something like that, including the chown -R back on 8.04 and had to reinstall. Among other things, sudo quit working so I couldn't fix the rest of the perms problems that created. Cheers, Gene yeah sudo quit working due to permission problems during the operation. This is why you need to create a root password first, and login as root to make the user modification. sudo password root then you log off the graphical interface switch to terminal (ctrl-F1) login as root make the modifications go back to the graphical login (ctrl-F7 or F8) then login as your normal user, and that's all. That is, IIRC, what I did to an older 6.06 LTS install. Things worked passably well, but somehow the root passwords presence messed up sudo, it wouldn't take either pw, so that I had to constantly su - to do things that scripts use su for. So I tried to remove the root pw, then that blew everything up and I had to re-install. AFAIAC, the buntu's do that to be a PITA, thinking it might add to the many layers of security. Perhaps it does, to an ex winders user, but I am used to machinery that only I have access to, and which do exactly as I tell them too, even if its wrong. :) Cheers, Gene -- There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order. -Ed Howdershelt (Author) My web page: http://coyoteden.dyndns-free.com:85/gene Children begin by loving their parents. After a time they judge them. Rarely, if ever, do they forgive them. - Oscar Wilde -- Write once. Port to many. Get the SDK and tools to simplify cross-platform app development. Create new or port existing apps to sell to consumers worldwide. Explore the Intel AppUpSM program developer opportunity. appdeveloper.intel.com/join http://p.sf.net/sfu/intel-appdev ___ Emc-users mailing list Emc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/emc-users
Re: [Emc-users] fail2ban default setup gotcha
On 12/24/2011 9:04 AM, gene heskett wrote: On Saturday, December 24, 2011 09:00:31 AM Mark Wendt (Contractor) did opine: On 12/23/2011 2:47 PM, gene heskett wrote: I sounded like a good idea, but: [gene@coyote ~]$ ssh shop gene@shop's password: Linux shop 2.6.32-122-rtai #rtai SMP Tue Jul 27 12:44:07 CDT 2010 i686 GNU/Linux Ubuntu 10.04.3 LTS Welcome to Ubuntu! * Documentation: https://help.ubuntu.com/ 11 packages can be updated. 6 updates are security updates. Last login: Thu Dec 22 09:38:52 2011 from coyote.coyote.den gene@shop:~$ sudo useradd -u 500 gene [sudo] password for gene: useradd: user 'gene' already exists So there isn't an obvious way to make the user numbers match between the *buntu's and the rest of the world. The last time I tried that, I wound up re-installing to fix it. Cheers, Gene Gene, What about good old vi, or gedit on the /etc/passwd and /etc/group files, changing the uid and gid to what ever you need, then doing a chown -R gene:gene on /home/gene No need to reinstall. Just a little careful editing is all you need. Mark I did something like that, including the chown -R back on 8.04 and had to reinstall. Among other things, sudo quit working so I couldn't fix the rest of the perms problems that created. Cheers, Gene Something else must have happened when you did that, such as a typo in either the group or passwd file. I've done that thousands of times on Unix/Linux machines, and as long as you keep the passwd and group files error free, it shouldn't cause a problem. Sounds like the GID instead of the gene was used to add your working group to the sudo wheel group or whatever was used. Another good reason to have the root account accessible. One of the first things I do on any Unix/Linux machine that chooses to try to keep me out of the root account is gain access to said root account. sudo passwd root takes care of that for me. Having to re-install a complete OS is just nuts when something like that happens. Mark -- Write once. Port to many. Get the SDK and tools to simplify cross-platform app development. Create new or port existing apps to sell to consumers worldwide. Explore the Intel AppUpSM program developer opportunity. appdeveloper.intel.com/join http://p.sf.net/sfu/intel-appdev ___ Emc-users mailing list Emc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/emc-users
Re: [Emc-users] fail2ban default setup gotcha
On 12/24/2011 12:22 PM, gene heskett wrote: On Saturday, December 24, 2011 12:14:41 PM yann jautard did opine: Le 24/12/2011 15:04, gene heskett a écrit : On Saturday, December 24, 2011 09:00:31 AM Mark Wendt (Contractor) did opine: On 12/23/2011 2:47 PM, gene heskett wrote: I sounded like a good idea, but: [gene@coyote ~]$ ssh shop gene@shop's password: Linux shop 2.6.32-122-rtai #rtai SMP Tue Jul 27 12:44:07 CDT 2010 i686 GNU/Linux Ubuntu 10.04.3 LTS Welcome to Ubuntu! * Documentation: https://help.ubuntu.com/ 11 packages can be updated. 6 updates are security updates. Last login: Thu Dec 22 09:38:52 2011 from coyote.coyote.den gene@shop:~$ sudo useradd -u 500 gene [sudo] password for gene: useradd: user 'gene' already exists So there isn't an obvious way to make the user numbers match between the *buntu's and the rest of the world. The last time I tried that, I wound up re-installing to fix it. Cheers, Gene Gene, What about good old vi, or gedit on the /etc/passwd and /etc/group files, changing the uid and gid to what ever you need, then doing a chown -R gene:gene on /home/gene No need to reinstall. Just a little careful editing is all you need. Mark I did something like that, including the chown -R back on 8.04 and had to reinstall. Among other things, sudo quit working so I couldn't fix the rest of the perms problems that created. Cheers, Gene yeah sudo quit working due to permission problems during the operation. This is why you need to create a root password first, and login as root to make the user modification. sudo password root then you log off the graphical interface switch to terminal (ctrl-F1) login as root make the modifications go back to the graphical login (ctrl-F7 or F8) then login as your normal user, and that's all. That is, IIRC, what I did to an older 6.06 LTS install. Things worked passably well, but somehow the root passwords presence messed up sudo, it wouldn't take either pw, so that I had to constantly su - to do things that scripts use su for. So I tried to remove the root pw, then that blew everything up and I had to re-install. AFAIAC, the buntu's do that to be a PITA, thinking it might add to the many layers of security. Perhaps it does, to an ex winders user, but I am used to machinery that only I have access to, and which do exactly as I tell them too, even if its wrong. :) Cheers, Gene Gene, That sounds like syntax problems in the passwd, group or shadow file. The root account's password has nothing to do with the operation of sudo. sudo uses either a set uid, or set gid process to gain the elevated privileges to do it's work. It doesn't access the root account at all. Realize there's a difference between a simple su and su -. An su will bring you up to superuser, however it uses the rc scripts in the account you are su'ing from to set the environment. An su - brings you up to superuser, but it does so using the rc scripts in the root account to set the environment. Unless you have a reason to use the regular user account's rc scripts, I'd recommend to always use su - when you are doing real superuser work. Mark -- Write once. Port to many. Get the SDK and tools to simplify cross-platform app development. Create new or port existing apps to sell to consumers worldwide. Explore the Intel AppUpSM program developer opportunity. appdeveloper.intel.com/join http://p.sf.net/sfu/intel-appdev ___ Emc-users mailing list Emc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/emc-users
Re: [Emc-users] fail2ban default setup gotcha
On Saturday, December 24, 2011 12:45:10 PM Mark Wendt (Contractor) did opine: On 12/24/2011 9:04 AM, gene heskett wrote: On Saturday, December 24, 2011 09:00:31 AM Mark Wendt (Contractor) did opine: On 12/23/2011 2:47 PM, gene heskett wrote: I sounded like a good idea, but: [gene@coyote ~]$ ssh shop gene@shop's password: Linux shop 2.6.32-122-rtai #rtai SMP Tue Jul 27 12:44:07 CDT 2010 i686 GNU/Linux Ubuntu 10.04.3 LTS Welcome to Ubuntu! * Documentation: https://help.ubuntu.com/ 11 packages can be updated. 6 updates are security updates. Last login: Thu Dec 22 09:38:52 2011 from coyote.coyote.den gene@shop:~$ sudo useradd -u 500 gene [sudo] password for gene: useradd: user 'gene' already exists So there isn't an obvious way to make the user numbers match between the *buntu's and the rest of the world. The last time I tried that, I wound up re-installing to fix it. Cheers, Gene Gene, What about good old vi, or gedit on the /etc/passwd and /etc/group files, changing the uid and gid to what ever you need, then doing a chown -R gene:gene on /home/gene No need to reinstall. Just a little careful editing is all you need. Mark I did something like that, including the chown -R back on 8.04 and had to reinstall. Among other things, sudo quit working so I couldn't fix the rest of the perms problems that created. Cheers, Gene Something else must have happened when you did that, such as a typo in either the group or passwd file. I've done that thousands of times on Unix/Linux machines, and as long as you keep the passwd and group files error free, it shouldn't cause a problem. Sounds like the GID instead of the gene was used to add your working group to the sudo wheel group or whatever was used. Another good reason to have the root account accessible. One of the first things I do on any Unix/Linux machine that chooses to try to keep me out of the root account is gain access to said root account. sudo passwd root takes care of that for me. Having to re-install a complete OS is just nuts when something like that happens. Mark I agree 100%, sudo to me was a bad concept from the gitgo, and in fact pclos openly tells you that if you use sudo, you are likely on your own to clean up the mess. If you need root, do the su -. I do use sudo anyway here, and haven't gotten in over my head yet. Note the yet. :) But I am about to bail on pclos, I think in favor of centos-6.2-x64 in a couple weeks, my dvd writer died there are none on the local store shelves around here now, lots of disc's, but no writers. I mean Hello Bentonville, anybody home? Then I find I have to watch newegg, who will use any excuse to 'rescan' your card, so I currently have 2 pending payments visible on my account. Only one had better be paid... Cheers, Gene -- There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order. -Ed Howdershelt (Author) My web page: http://coyoteden.dyndns-free.com:85/gene You're not Dave. Who are you? -- Write once. Port to many. Get the SDK and tools to simplify cross-platform app development. Create new or port existing apps to sell to consumers worldwide. Explore the Intel AppUpSM program developer opportunity. appdeveloper.intel.com/join http://p.sf.net/sfu/intel-appdev ___ Emc-users mailing list Emc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/emc-users
Re: [Emc-users] fail2ban default setup gotcha
On Saturday, December 24, 2011 12:55:49 PM Mark Wendt (Contractor) did opine: On 12/24/2011 9:05 AM, gene heskett wrote: That has been done long ago Mark. The problem is that on pclos (this box) gene is the first user, with a userid of 500. On ubuntu, gene is also the first user 1000, so when user 500 tries to copy a file to /home/user=1000 on ubuntu, its 100% no permissions. Now if the copy utilities used the username, and it was the same $name on both machines, there is no clash. Cheers, Gene Change the user gene on the ubuntu machine to a uid:gid of 500:500. Mark And sudo quits working, so you can't fix anything else. Cheers, Gene No access to the root account? Exactly. Mark Cheers, Gene -- There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order. -Ed Howdershelt (Author) My web page: http://coyoteden.dyndns-free.com:85/gene stab_val(stab)-str_nok = 1;/* what a wonderful hack! */ -- Larry Wall in stab.c from the perl source code -- Write once. Port to many. Get the SDK and tools to simplify cross-platform app development. Create new or port existing apps to sell to consumers worldwide. Explore the Intel AppUpSM program developer opportunity. appdeveloper.intel.com/join http://p.sf.net/sfu/intel-appdev ___ Emc-users mailing list Emc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/emc-users
Re: [Emc-users] fail2ban default setup gotcha
On Saturday, December 24, 2011 12:56:52 PM Mark Wendt (Contractor) did opine: On 12/24/2011 12:22 PM, gene heskett wrote: On Saturday, December 24, 2011 12:14:41 PM yann jautard did opine: Le 24/12/2011 15:04, gene heskett a écrit : On Saturday, December 24, 2011 09:00:31 AM Mark Wendt (Contractor) did opine: On 12/23/2011 2:47 PM, gene heskett wrote: I sounded like a good idea, but: [gene@coyote ~]$ ssh shop gene@shop's password: Linux shop 2.6.32-122-rtai #rtai SMP Tue Jul 27 12:44:07 CDT 2010 i686 GNU/Linux Ubuntu 10.04.3 LTS Welcome to Ubuntu! * Documentation: https://help.ubuntu.com/ 11 packages can be updated. 6 updates are security updates. Last login: Thu Dec 22 09:38:52 2011 from coyote.coyote.den gene@shop:~$ sudo useradd -u 500 gene [sudo] password for gene: useradd: user 'gene' already exists So there isn't an obvious way to make the user numbers match between the *buntu's and the rest of the world. The last time I tried that, I wound up re-installing to fix it. Cheers, Gene Gene, What about good old vi, or gedit on the /etc/passwd and /etc/group files, changing the uid and gid to what ever you need, then doing a chown -R gene:gene on /home/gene No need to reinstall. Just a little careful editing is all you need. Mark I did something like that, including the chown -R back on 8.04 and had to reinstall. Among other things, sudo quit working so I couldn't fix the rest of the perms problems that created. Cheers, Gene yeah sudo quit working due to permission problems during the operation. This is why you need to create a root password first, and login as root to make the user modification. sudo password root then you log off the graphical interface switch to terminal (ctrl-F1) login as root make the modifications go back to the graphical login (ctrl-F7 or F8) then login as your normal user, and that's all. That is, IIRC, what I did to an older 6.06 LTS install. Things worked passably well, but somehow the root passwords presence messed up sudo, it wouldn't take either pw, so that I had to constantly su - to do things that scripts use su for. So I tried to remove the root pw, then that blew everything up and I had to re-install. AFAIAC, the buntu's do that to be a PITA, thinking it might add to the many layers of security. Perhaps it does, to an ex winders user, but I am used to machinery that only I have access to, and which do exactly as I tell them too, even if its wrong. :) Cheers, Gene Gene, That sounds like syntax problems in the passwd, group or shadow file. The root account's password has nothing to do with the operation of sudo. sudo uses either a set uid, or set gid process to gain the elevated privileges to do it's work. It doesn't access the root account at all. Realize there's a difference between a simple su and su -. An su will bring you up to superuser, however it uses the rc scripts in the account you are su'ing from to set the environment. An su - brings you up to superuser, but it does so using the rc scripts in the root account to set the environment. Unless you have a reason to use the regular user account's rc scripts, I'd recommend to always use su - when you are doing real superuser work. Mark I do. But that is so all encompassing on pclos, that all paths then have to be cd'd to from the /root account. Even when using it in a script, a cd to do something in a subdir must be semicolon separated else the effect of the cd expires at the end of the current line of the script, so the operative work command must be cd wherever;exec the subscript in construction. You cannot cd somewhere, and expect that cd to be effective for the next line of the script, it is not. One can script around it, but it took me a half an hour to grasp the concept. It will be interesting to see if centos has a similar restriction. Cheers, Gene -- There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order. -Ed Howdershelt (Author) My web page: http://coyoteden.dyndns-free.com:85/gene stab_val(stab)-str_nok = 1;/* what a wonderful hack! */ -- Larry Wall in stab.c from the perl source code -- Write once. Port to many. Get the SDK and tools to simplify cross-platform app development. Create new or port existing apps to sell to consumers worldwide. Explore the Intel AppUpSM program developer opportunity. appdeveloper.intel.com/join http://p.sf.net/sfu/intel-appdev ___ Emc-users mailing list Emc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/emc-users
Re: [Emc-users] fail2ban default setup gotcha
On 12/24/2011 1:04 PM, gene heskett wrote: On Saturday, December 24, 2011 12:56:52 PM Mark Wendt (Contractor) did opine: On 12/24/2011 12:22 PM, gene heskett wrote: On Saturday, December 24, 2011 12:14:41 PM yann jautard did opine: Le 24/12/2011 15:04, gene heskett a écrit : On Saturday, December 24, 2011 09:00:31 AM Mark Wendt (Contractor) did opine: On 12/23/2011 2:47 PM, gene heskett wrote: I sounded like a good idea, but: [gene@coyote ~]$ ssh shop gene@shop's password: Linux shop 2.6.32-122-rtai #rtai SMP Tue Jul 27 12:44:07 CDT 2010 i686 GNU/Linux Ubuntu 10.04.3 LTS Welcome to Ubuntu! * Documentation: https://help.ubuntu.com/ 11 packages can be updated. 6 updates are security updates. Last login: Thu Dec 22 09:38:52 2011 from coyote.coyote.den gene@shop:~$ sudo useradd -u 500 gene [sudo] password for gene: useradd: user 'gene' already exists So there isn't an obvious way to make the user numbers match between the *buntu's and the rest of the world. The last time I tried that, I wound up re-installing to fix it. Cheers, Gene Gene, What about good old vi, or gedit on the /etc/passwd and /etc/group files, changing the uid and gid to what ever you need, then doing a chown -R gene:gene on /home/gene No need to reinstall. Just a little careful editing is all you need. Mark I did something like that, including the chown -R back on 8.04 and had to reinstall. Among other things, sudo quit working so I couldn't fix the rest of the perms problems that created. Cheers, Gene yeah sudo quit working due to permission problems during the operation. This is why you need to create a root password first, and login as root to make the user modification. sudo password root then you log off the graphical interface switch to terminal (ctrl-F1) login as root make the modifications go back to the graphical login (ctrl-F7 or F8) then login as your normal user, and that's all. That is, IIRC, what I did to an older 6.06 LTS install. Things worked passably well, but somehow the root passwords presence messed up sudo, it wouldn't take either pw, so that I had to constantly su - to do things that scripts use su for. So I tried to remove the root pw, then that blew everything up and I had to re-install. AFAIAC, the buntu's do that to be a PITA, thinking it might add to the many layers of security. Perhaps it does, to an ex winders user, but I am used to machinery that only I have access to, and which do exactly as I tell them too, even if its wrong. :) Cheers, Gene Gene, That sounds like syntax problems in the passwd, group or shadow file. The root account's password has nothing to do with the operation of sudo. sudo uses either a set uid, or set gid process to gain the elevated privileges to do it's work. It doesn't access the root account at all. Realize there's a difference between a simple su and su -. An su will bring you up to superuser, however it uses the rc scripts in the account you are su'ing from to set the environment. An su - brings you up to superuser, but it does so using the rc scripts in the root account to set the environment. Unless you have a reason to use the regular user account's rc scripts, I'd recommend to always use su - when you are doing real superuser work. Mark I do. But that is so all encompassing on pclos, that all paths then have to be cd'd to from the /root account. Even when using it in a script, a cd to do something in a subdir must be semicolon separated else the effect of the cd expires at the end of the current line of the script, so the operative work command must be cd wherever;exec the subscript in construction. You cannot cd somewhere, and expect that cd to be effective for the next line of the script, it is not. One can script around it, but it took me a half an hour to grasp the concept. It will be interesting to see if centos has a similar restriction. Cheers, Gene Or just run the script with the entire path: /run/this/script/in/this/directory/script Mark -- Write once. Port to many. Get the SDK and tools to simplify cross-platform app development. Create new or port existing apps to sell to consumers worldwide. Explore the Intel AppUpSM program developer opportunity. appdeveloper.intel.com/join http://p.sf.net/sfu/intel-appdev ___ Emc-users mailing list Emc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/emc-users
Re: [Emc-users] fail2ban default setup gotcha
On Saturday, December 24, 2011 01:18:41 PM Mark Wendt (Contractor) did opine: [and a lengthy argument snipped] I do. But that is so all encompassing on pclos, that all paths then have to be cd'd to from the /root account. Even when using it in a script, a cd to do something in a subdir must be semicolon separated else the effect of the cd expires at the end of the current line of the script, so the operative work command must be cd wherever;exec the subscript in construction. You cannot cd somewhere, and expect that cd to be effective for the next line of the script, it is not. One can script around it, but it took me a half an hour to grasp the concept. It will be interesting to see if centos has a similar restriction. Cheers, Gene Or just run the script with the entire path: /run/this/script/in/this/directory/script Except in this instance, the complete line of the script is now: su - amanda -c normal two part;command line as its needed for other stuff the script calls to have a valid $PWD environment when it runs. There are no doubt other equally effective methods that one could incorporate into a simple script that I wrote precisely because remembering all the options to ./configure when building amanda is asking the old mans brain for a bit much, and it removed the fat fingered typu's from the error column as an added side benefit. ;-) Since I play the part of the canary in the coal mine for amanda development, knowing I didn't fat finger a build option gives me a lot more confidence that if it upchucks, I have truly found a problem, report it. But this is straying so far off topic I can't see it from here. ;-) I have found a method that while a bit cumbersome, does work, and that is what counts when you press the return key. Now, I've been contemplating the purchase of a bigger lathe, one that I can cnc, and I am torn between taking my chances on ebay for an old Atlas, or a new grizzly 11x26, the real simple one that is currently in the catalog at $1550. It comes with a decent set of chucks tools, and either way, I'd still have to find or make a reversible spindle drive to cnc it. I expect, since that has a 1 hp 1725 rpm motor, that a couple relays or maybe 3 (one to suicide brake the motor speed up the reversal process), that the rest of cnc'ing it is mostly stuff I can make on my mill and some stepper motors that I already have in 262 and 425 oz/in persuasions. Sure, I _could_ do the 7x10, but that thing has so much rubber in its toolpost I should sell it to firestone. The spindle and the tailstock have never aligned right enough to do any great amount of deep boring anyway despite many attempts to adjust it, they simply are not on a common centerline and cannot be adjusted to be. Are there any old Atlases left that don't have a .025 swayback in the ways today? Merry Christmas all. Cheers, Gene -- There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order. -Ed Howdershelt (Author) My web page: http://coyoteden.dyndns-free.com:85/gene Failure is more frequently from want of energy than want of capital. -- Write once. Port to many. Get the SDK and tools to simplify cross-platform app development. Create new or port existing apps to sell to consumers worldwide. Explore the Intel AppUpSM program developer opportunity. appdeveloper.intel.com/join http://p.sf.net/sfu/intel-appdev ___ Emc-users mailing list Emc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/emc-users
Re: [Emc-users] fail2ban default setup gotcha
Le 24/12/2011 19:04, gene heskett a écrit : On Saturday, December 24, 2011 12:56:52 PM Mark Wendt (Contractor) did opine: On 12/24/2011 12:22 PM, gene heskett wrote: On Saturday, December 24, 2011 12:14:41 PM yann jautard did opine: Le 24/12/2011 15:04, gene heskett a écrit : On Saturday, December 24, 2011 09:00:31 AM Mark Wendt (Contractor) did opine: On 12/23/2011 2:47 PM, gene heskett wrote: I sounded like a good idea, but: [gene@coyote ~]$ ssh shop gene@shop's password: Linux shop 2.6.32-122-rtai #rtai SMP Tue Jul 27 12:44:07 CDT 2010 i686 GNU/Linux Ubuntu 10.04.3 LTS Welcome to Ubuntu! * Documentation: https://help.ubuntu.com/ 11 packages can be updated. 6 updates are security updates. Last login: Thu Dec 22 09:38:52 2011 from coyote.coyote.den gene@shop:~$ sudo useradd -u 500 gene [sudo] password for gene: useradd: user 'gene' already exists So there isn't an obvious way to make the user numbers match between the *buntu's and the rest of the world. The last time I tried that, I wound up re-installing to fix it. Cheers, Gene Gene, What about good old vi, or gedit on the /etc/passwd and /etc/group files, changing the uid and gid to what ever you need, then doing a chown -R gene:gene on /home/gene No need to reinstall. Just a little careful editing is all you need. Mark I did something like that, including the chown -R back on 8.04 and had to reinstall. Among other things, sudo quit working so I couldn't fix the rest of the perms problems that created. Cheers, Gene yeah sudo quit working due to permission problems during the operation. This is why you need to create a root password first, and login as root to make the user modification. sudo password root then you log off the graphical interface switch to terminal (ctrl-F1) login as root make the modifications go back to the graphical login (ctrl-F7 or F8) then login as your normal user, and that's all. That is, IIRC, what I did to an older 6.06 LTS install. Things worked passably well, but somehow the root passwords presence messed up sudo, it wouldn't take either pw, so that I had to constantly su - to do things that scripts use su for. So I tried to remove the root pw, then that blew everything up and I had to re-install. AFAIAC, the buntu's do that to be a PITA, thinking it might add to the many layers of security. Perhaps it does, to an ex winders user, but I am used to machinery that only I have access to, and which do exactly as I tell them too, even if its wrong. :) Cheers, Gene Gene, That sounds like syntax problems in the passwd, group or shadow file. The root account's password has nothing to do with the operation of sudo. sudo uses either a set uid, or set gid process to gain the elevated privileges to do it's work. It doesn't access the root account at all. Realize there's a difference between a simple su and su -. An su will bring you up to superuser, however it uses the rc scripts in the account you are su'ing from to set the environment. An su - brings you up to superuser, but it does so using the rc scripts in the root account to set the environment. Unless you have a reason to use the regular user account's rc scripts, I'd recommend to always use su - when you are doing real superuser work. Mark I do. But that is so all encompassing on pclos, that all paths then have to be cd'd to from the /root account. Even when using it in a script, a cd to do something in a subdir must be semicolon separated else the effect of the cd expires at the end of the current line of the script, so the operative work command must be cd wherever;exec the subscript in construction. You cannot cd somewhere, and expect that cd to be effective for the next line of the script, it is not. One can script around it, but it took me a half an hour to grasp the concept. It will be interesting to see if centos has a similar restriction. Cheers, Gene I think here we are talking about another problem. The point is not to use root account to make all your admin stuff (even if it may be a better choice than sudo), but use it only the time needed to change your UID, or other special things like that you might need to do. Gaining acces to real root account by setting a password for it does not mean you cannot continue using sudo for everything you are using it now. And about using su, or su -, I don't think it is a good idea when making a UID change. Because using su, you are still logged in as the user you are changing the UID, and this _will_ bring problems. The initial login process or terminal might crash or something like that. Just log in a real root user on a terminal, without graphical interface, and do the stuff. I have root account acces on my EMC machine as well as the shop file server, and my laptop(wich I'm writing from), the tree of them using ubuntu 9,04 10,10 and 11,04, and I don't experience any issues while
Re: [Emc-users] fail2ban default setup gotcha
On Saturday, December 24, 2011 01:59:00 PM yann jautard did opine: [overdue chomp] I think here we are talking about another problem. The point is not to use root account to make all your admin stuff (even if it may be a better choice than sudo), but use it only the time needed to change your UID, or other special things like that you might need to do. Gaining acces to real root account by setting a password for it does not mean you cannot continue using sudo for everything you are using it now. But, having done that, I did not realize that you also needed to edit the sudoers file to add this new usernum, so once I can closed that root account, I was DOA. Hence the re-install. And about using su, or su -, I don't think it is a good idea when making a UID change. Because using su, you are still logged in as the user you are changing the UID, and this _will_ bring problems. The initial login process or terminal might crash or something like that. Just log in a real root user on a terminal, without graphical interface, and do the stuff. I have root account acces on my EMC machine as well as the shop file server, and my laptop(wich I'm writing from), the tree of them using ubuntu 9,04 10,10 and 11,04, and I don't experience any issues while using sudo. Sure, but its all *buntu. I'm finding that pclos, despite is usability being a huge plus ON THIS MACHINE, doesn't talk to other linuxes all that well. And while I do run 10.04 on that box and a lappy I often use with it, generally speaking ubuntu is so damnedably difficult to configure, and is missing tons of usability features that Just Work(TM) on pclos. For instance, if I want to access one of the other 9 workspaces on this machine, sure, I can find the pager and double click it, or I can leave the mouse pointing at an unused point on this screen just roll the wheel, one screen up or down in the 10 screen count per click of the wheel detent. On buntu, I have to first find the mouse as its up on a shelf due to space limitations at the operators console, then find the pager, click once on it to change the focus and click again on the screen I want to go to, and apparently the limit is 4 screens, which I find somewhat constricting even on a box with far less resources at its disposal than this one. Another thing this usernum difference may be responsible for, I can remember when I could ssh -Y shop and run emc, with motor power off obviously, from this box to preview what the code I had just written might look like in the backtrace. I think the last time I made that work I was running fedora 10 although its possible I made it work for mandriva 2008. It has never worked for pclos because the x server sees a request from an unknown user and bounces it. The ssh session works great for running text based things like vim though. IMO linux is growing up, and its time all distro's started using 1000 as the first usernum, leaving more privileged stuff below 1000. Like that is going to happen on my remaining watch... Merry Christmas folks. Cheers, Gene -- There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order. -Ed Howdershelt (Author) My web page: http://coyoteden.dyndns-free.com:85/gene Hodie natus est radici frater. [ Unto the root is born a brother ] -- Write once. Port to many. Get the SDK and tools to simplify cross-platform app development. Create new or port existing apps to sell to consumers worldwide. Explore the Intel AppUpSM program developer opportunity. appdeveloper.intel.com/join http://p.sf.net/sfu/intel-appdev ___ Emc-users mailing list Emc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/emc-users
Re: [Emc-users] fail2ban default setup gotcha
well, I just see something a lot simpler : when using the users-admin GUI from gnome, you can change the UID... Le 24/12/2011 19:56, yann jautard a écrit : Le 24/12/2011 19:04, gene heskett a écrit : On Saturday, December 24, 2011 12:56:52 PM Mark Wendt (Contractor) did opine: On 12/24/2011 12:22 PM, gene heskett wrote: On Saturday, December 24, 2011 12:14:41 PM yann jautard did opine: Le 24/12/2011 15:04, gene heskett a écrit : On Saturday, December 24, 2011 09:00:31 AM Mark Wendt (Contractor) did opine: On 12/23/2011 2:47 PM, gene heskett wrote: I sounded like a good idea, but: [gene@coyote ~]$ ssh shop gene@shop's password: Linux shop 2.6.32-122-rtai #rtai SMP Tue Jul 27 12:44:07 CDT 2010 i686 GNU/Linux Ubuntu 10.04.3 LTS Welcome to Ubuntu! * Documentation: https://help.ubuntu.com/ 11 packages can be updated. 6 updates are security updates. Last login: Thu Dec 22 09:38:52 2011 from coyote.coyote.den gene@shop:~$ sudo useradd -u 500 gene [sudo] password for gene: useradd: user 'gene' already exists So there isn't an obvious way to make the user numbers match between the *buntu's and the rest of the world. The last time I tried that, I wound up re-installing to fix it. Cheers, Gene Gene, What about good old vi, or gedit on the /etc/passwd and /etc/group files, changing the uid and gid to what ever you need, then doing a chown -R gene:gene on /home/gene No need to reinstall. Just a little careful editing is all you need. Mark I did something like that, including the chown -R back on 8.04 and had to reinstall. Among other things, sudo quit working so I couldn't fix the rest of the perms problems that created. Cheers, Gene yeah sudo quit working due to permission problems during the operation. This is why you need to create a root password first, and login as root to make the user modification. sudo password root then you log off the graphical interface switch to terminal (ctrl-F1) login as root make the modifications go back to the graphical login (ctrl-F7 or F8) then login as your normal user, and that's all. That is, IIRC, what I did to an older 6.06 LTS install. Things worked passably well, but somehow the root passwords presence messed up sudo, it wouldn't take either pw, so that I had to constantly su - to do things that scripts use su for. So I tried to remove the root pw, then that blew everything up and I had to re-install. AFAIAC, the buntu's do that to be a PITA, thinking it might add to the many layers of security. Perhaps it does, to an ex winders user, but I am used to machinery that only I have access to, and which do exactly as I tell them too, even if its wrong. :) Cheers, Gene Gene, That sounds like syntax problems in the passwd, group or shadow file. The root account's password has nothing to do with the operation of sudo. sudo uses either a set uid, or set gid process to gain the elevated privileges to do it's work. It doesn't access the root account at all. Realize there's a difference between a simple su and su -. An su will bring you up to superuser, however it uses the rc scripts in the account you are su'ing from to set the environment. An su - brings you up to superuser, but it does so using the rc scripts in the root account to set the environment. Unless you have a reason to use the regular user account's rc scripts, I'd recommend to always use su - when you are doing real superuser work. Mark I do. But that is so all encompassing on pclos, that all paths then have to be cd'd to from the /root account. Even when using it in a script, a cd to do something in a subdir must be semicolon separated else the effect of the cd expires at the end of the current line of the script, so the operative work command must be cd wherever;exec the subscript in construction. You cannot cd somewhere, and expect that cd to be effective for the next line of the script, it is not. One can script around it, but it took me a half an hour to grasp the concept. It will be interesting to see if centos has a similar restriction. Cheers, Gene I think here we are talking about another problem. The point is not to use root account to make all your admin stuff (even if it may be a better choice than sudo), but use it only the time needed to change your UID, or other special things like that you might need to do. Gaining acces to real root account by setting a password for it does not mean you cannot continue using sudo for everything you are using it now. And about using su, or su -, I don't think it is a good idea when making a UID change. Because using su, you are still logged in as the user you are changing the UID, and this _will_ bring problems. The initial login process or terminal might crash or something like that. Just log in a real root user on a terminal, without graphical interface, and do the stuff. I have root account acces on my EMC machine as
Re: [Emc-users] fail2ban default setup gotcha
Le 24/12/2011 20:18, gene heskett a écrit : On Saturday, December 24, 2011 01:59:00 PM yann jautard did opine: [overdue chomp] I think here we are talking about another problem. The point is not to use root account to make all your admin stuff (even if it may be a better choice than sudo), but use it only the time needed to change your UID, or other special things like that you might need to do. Gaining acces to real root account by setting a password for it does not mean you cannot continue using sudo for everything you are using it now. But, having done that, I did not realize that you also needed to edit the sudoers file to add this new usernum, so once I can closed that root account, I was DOA. Hence the re-install. Strange, I never had to change sudoers after setting a root password. On *buntu system, to use sudo you just need the user be member of groups admin and sudo. For the other features you gotin pclos like rolling the mouse on the desktop to change workspace, you can set up gnome to work like this, or use KDE that is doing this by default. And I have no limitations of workspace number. I currently have only two on the EMC machine (running 9.04) and 6 on my laptop running 11.04 Another approach to make your pclos and ubuntu boxes to talk, you can change your UID to 1000 on the pclos box ? :P -- Write once. Port to many. Get the SDK and tools to simplify cross-platform app development. Create new or port existing apps to sell to consumers worldwide. Explore the Intel AppUpSM program developer opportunity. appdeveloper.intel.com/join http://p.sf.net/sfu/intel-appdev ___ Emc-users mailing list Emc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/emc-users
Re: [Emc-users] fail2ban default setup gotcha
On Saturday, December 24, 2011 02:50:57 PM yann jautard did opine: well, I just see something a lot simpler : when using the users-admin GUI from gnome, you can change the UID... Who is using gnome? I'd pay that nagging nanny to stay in Peoria. :) Cheers, Gene -- There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order. -Ed Howdershelt (Author) My web page: http://coyoteden.dyndns-free.com:85/gene I stayed up all night playing poker with tarot cards. I got a full house and four people died. -- Steven Wright -- Write once. Port to many. Get the SDK and tools to simplify cross-platform app development. Create new or port existing apps to sell to consumers worldwide. Explore the Intel AppUpSM program developer opportunity. appdeveloper.intel.com/join http://p.sf.net/sfu/intel-appdev ___ Emc-users mailing list Emc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/emc-users
Re: [Emc-users] fail2ban default setup gotcha
On Saturday, December 24, 2011 02:57:51 PM yann jautard did opine: Le 24/12/2011 20:18, gene heskett a écrit : On Saturday, December 24, 2011 01:59:00 PM yann jautard did opine: [overdue chomp] I think here we are talking about another problem. The point is not to use root account to make all your admin stuff (even if it may be a better choice than sudo), but use it only the time needed to change your UID, or other special things like that you might need to do. Gaining acces to real root account by setting a password for it does not mean you cannot continue using sudo for everything you are using it now. But, having done that, I did not realize that you also needed to edit the sudoers file to add this new usernum, so once I can closed that root account, I was DOA. Hence the re-install. Strange, I never had to change sudoers after setting a root password. On *buntu system, to use sudo you just need the user be member of groups admin and sudo. For the other features you gotin pclos like rolling the mouse on the desktop to change workspace, you can set up gnome to work like this, or use KDE that is doing this by default. And I have no limitations of workspace number. I currently have only two on the EMC machine (running 9.04) and 6 on my laptop running 11.04 Another approach to make your pclos and ubuntu boxes to talk, you can change your UID to 1000 on the pclos box ? :P I've considered looking at that, but haven't attempted it. Cheers, Gene -- There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order. -Ed Howdershelt (Author) My web page: http://coyoteden.dyndns-free.com:85/gene my terminal is a lethal teaspoon. -- Patricia O Tuama -- Write once. Port to many. Get the SDK and tools to simplify cross-platform app development. Create new or port existing apps to sell to consumers worldwide. Explore the Intel AppUpSM program developer opportunity. appdeveloper.intel.com/join http://p.sf.net/sfu/intel-appdev ___ Emc-users mailing list Emc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/emc-users
Re: [Emc-users] fail2ban default setup gotcha
gene heskett wrote: And sudo quits working, so you can't fix anything else. You actually can, but you have to get down to hacker level. You can get into grub, show the default boot command, and add the option to go to single-user boot mode. When Linux comes up, you are the super-user, period. Here a link with some pictures: http://www.cyberciti.biz/faq/grub-boot-into-single-user-mode/ I've had to do stuff like this a few times when the boot record got messed up or something. Jon -- Write once. Port to many. Get the SDK and tools to simplify cross-platform app development. Create new or port existing apps to sell to consumers worldwide. Explore the Intel AppUpSM program developer opportunity. appdeveloper.intel.com/join http://p.sf.net/sfu/intel-appdev ___ Emc-users mailing list Emc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/emc-users
Re: [Emc-users] fail2ban default setup gotcha
On Saturday, December 24, 2011 03:38:50 PM Jon Elson did opine: gene heskett wrote: And sudo quits working, so you can't fix anything else. You actually can, but you have to get down to hacker level. You can get into grub, show the default boot command, and add the option to go to single-user boot mode. When Linux comes up, you are the super-user, period. Here a link with some pictures: http://www.cyberciti.biz/faq/grub-boot-into-single-user-mode/ I've had to do stuff like this a few times when the boot record got messed up or something. Jon I've had to do that here occasionally, but it seems the track record here is that if I have to do that, the system is probably hosed anyway. In that event, its getting my backups back that is the real problem. And I haven't checked my ability to do that on the shop box recently either. Bad dog, no biscuit. :( Cheers, Gene -- There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order. -Ed Howdershelt (Author) My web page: http://coyoteden.dyndns-free.com:85/gene A friend is a present you give yourself. -- Robert Louis Stevenson -- Write once. Port to many. Get the SDK and tools to simplify cross-platform app development. Create new or port existing apps to sell to consumers worldwide. Explore the Intel AppUpSM program developer opportunity. appdeveloper.intel.com/join http://p.sf.net/sfu/intel-appdev ___ Emc-users mailing list Emc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/emc-users
Re: [Emc-users] fail2ban default setup gotcha
On 12/23/2011 08:08 PM, gene heskett wrote: On Friday, December 23, 2011 10:18:29 PM Jon Elson did opine: gene heskett wrote: That has been done long ago Mark. The problem is that on pclos (this box) gene is the first user, with a userid of 500. On ubuntu, gene is also the first user 1000, so when user 500 tries to copy a file to /home/user=1000 on ubuntu, its 100% no permissions. Now if the copy utilities used the username, and it was the same $name on both machines, there is no clash. Cheers, Gene You should be able to create an alternate user (like gene2) and then create a group that allows access to both the 500 and 1000 users. I may have missed the start of this thread, I'm guessing this is a problem with a NFS file system? Seems like that would be the only time such cross-system IDs would matter. I have the *buntu box mounted at /mnt/shop, a samba share I believe. From mounts output: //shop.coyote.den/shop-slash on /mnt/shop type cifs (rw,mand) What I would like to be able to do, and which requires scp or sftp to do, is fire up mc, send one pane to the *buntu box, the other to wherever I have downloaded an emc useful file to here on this box, and just hit an F5 to copy or an F6 to move it. I fail to see why such a simple operation, where I am the user gene on both machines, has to be such a %$#@()^ pain in the ass. There is a number of ways to fix your problem but the following is likely the easiest way to do it. My setup: kubuntu workstation with openbox virtual machine(s). For test purposes I created a different user in one of VMs and then used the following method: * workstation - install sshfs - create a directory; for example ~/tmp/vm01 - run the following commands: VM=vm11 or you could use IP# 192.168.3.185 USR_REMOTE=rafaelx sshfs $USER@VM:/home/${USR_REMOTE} tmp/vm01 * VM (virtual machine) or other Unix system - enable ssh connection, possibly use auto login with ssh key Now I can copy files or dirs back and forth using cp, rsync, mc or whatever on my workstation side. I tried it both ways and the files changed ownership as expected so that I have right ownership on either side. No need to mess with passwd file or anything else. If you want gui, install krusader which has the same functionality as mc with a lot of excellent candy! krusader (from KDE) is standalone and does not need sshfs I believe. I employ these three methods securely between the systems on LANs and the Internet: Linux, BSD, Solaris. Why can't there be an option in these file management utility's to tell them, not to use the user number for the perms checking, but the user name instead? All this bs would disappear in a puff of invisible smoke instead of all the blue smoke I generate because it takes me 10 minutes to reread the manpages several times, and likely 20 tries to get the proper command line syntax constructed from the totally obtuse man pages of scp and sftp. It's not BS but I agree with what you say about the man pages. Too many man pages suck because they don't give you any examples of how to use the command. Old Unix problem. Still, the way things are is important for security reasons. It keeps improving for the most part but you cannot make too drastic changes as that breaks too many home grown utilities in large installations. What you could do is to setup a user on one system to be in the same group as the user in the other system and/or vice versa. In addition, you would need to change umask (002) to have users create group writable directories and files. Could this be such a matter as security=user in the cifs.conf files on both machines? On checking, that option is set on this box. And now is set on shop.coyote.den too, it was share before on that machine. Why bother with mosquito carrying viruses as it's inherently insecure and messy when you can fly in fortress? While samba can provide ownership change for the files when you copy them between the systems, it's something I will NEVER use between Unix systems when NFS is superior! You can setup automounter which will let you mount directories from any system with NFS. Check /etc/auto.* files. After it's setup, you can use autofs as a regular user, no root intervention needed. For example: in /etc/auto.master enable /net-hosts Sometimes you need to change /etc/auto.net because some implementations were broken in the past. /etc/exports --- file tells what to export. /home/rafaelx 192.168.3.0/24(rw,sync) Put IP# and hostname in /etc/hosts. Restart NFS server daemon after you make changes Use: On workstation ls /net/hostname will give you names of directories exported by hostname. You can then do whatever depending on the permissions. Install autofs on the client side and nfs-kernel-server on the serving side. You could do the same on both sides if you have enough resources and want to play with it. ls /net/vm01 shows what's exported on that
Re: [Emc-users] fail2ban default setup gotcha
On Saturday, December 24, 2011 04:41:00 PM Rafael Skodlar did opine: On 12/23/2011 08:08 PM, gene heskett wrote: On Friday, December 23, 2011 10:18:29 PM Jon Elson did opine: gene heskett wrote: That has been done long ago Mark. The problem is that on pclos (this box) gene is the first user, with a userid of 500. On ubuntu, gene is also the first user 1000, so when user 500 tries to copy a file to /home/user=1000 on ubuntu, its 100% no permissions. Now if the copy utilities used the username, and it was the same $name on both machines, there is no clash. Cheers, Gene You should be able to create an alternate user (like gene2) and then create a group that allows access to both the 500 and 1000 users. I may have missed the start of this thread, I'm guessing this is a problem with a NFS file system? Seems like that would be the only time such cross-system IDs would matter. I have the *buntu box mounted at /mnt/shop, a samba share I believe. From mounts output: //shop.coyote.den/shop-slash on /mnt/shop type cifs (rw,mand) What I would like to be able to do, and which requires scp or sftp to do, is fire up mc, send one pane to the *buntu box, the other to wherever I have downloaded an emc useful file to here on this box, and just hit an F5 to copy or an F6 to move it. I fail to see why such a simple operation, where I am the user gene on both machines, has to be such a %$#@()^ pain in the ass. There is a number of ways to fix your problem but the following is likely the easiest way to do it. My setup: kubuntu workstation with openbox virtual machine(s). For test purposes I created a different user in one of VMs and then used the following method: * workstation - install sshfs - create a directory; for example ~/tmp/vm01 - run the following commands: VM=vm11 or you could use IP# 192.168.3.185 USR_REMOTE=rafaelx sshfs $USER@VM:/home/${USR_REMOTE} tmp/vm01 * VM (virtual machine) or other Unix system - enable ssh connection, possibly use auto login with ssh key Now I can copy files or dirs back and forth using cp, rsync, mc or whatever on my workstation side. I tried it both ways and the files changed ownership as expected so that I have right ownership on either side. No need to mess with passwd file or anything else. If you want gui, install krusader which has the same functionality as mc with a lot of excellent candy! krusader (from KDE) is standalone and does not need sshfs I believe. I employ these three methods securely between the systems on LANs and the Internet: Linux, BSD, Solaris. Why can't there be an option in these file management utility's to tell them, not to use the user number for the perms checking, but the user name instead? All this bs would disappear in a puff of invisible smoke instead of all the blue smoke I generate because it takes me 10 minutes to reread the manpages several times, and likely 20 tries to get the proper command line syntax constructed from the totally obtuse man pages of scp and sftp. It's not BS but I agree with what you say about the man pages. Too many man pages suck because they don't give you any examples of how to use the command. Old Unix problem. Still, the way things are is important for security reasons. It keeps improving for the most part but you cannot make too drastic changes as that breaks too many home grown utilities in large installations. What you could do is to setup a user on one system to be in the same group as the user in the other system and/or vice versa. In addition, you would need to change umask (002) to have users create group writable directories and files. Could this be such a matter as security=user in the cifs.conf files on both machines? On checking, that option is set on this box. And now is set on shop.coyote.den too, it was share before on that machine. Why bother with mosquito carrying viruses as it's inherently insecure and messy when you can fly in fortress? While samba can provide ownership change for the files when you copy them between the systems, it's something I will NEVER use between Unix systems when NFS is superior! You can setup automounter which will let you mount directories from any system with NFS. Check /etc/auto.* files. After it's setup, you can use autofs as a regular user, no root intervention needed. For example: in /etc/auto.master enable /net-hosts Sometimes you need to change /etc/auto.net because some implementations were broken in the past. /etc/exports --- file tells what to export. /home/rafaelx 192.168.3.0/24(rw,sync) Put IP# and hostname in /etc/hosts. Restart NFS server daemon after you make changes None of the files named above exist on this system even though the nfs packages are installed. No packages labeled as autofs are available or installed. So I installed webmin, then let it update itself.
Re: [Emc-users] fail2ban default setup gotcha
Le 22/12/2011 16:33, gene heskett a écrit : Greetings all; First, I guess we start a round of wishing everybody a merry Christmas. Second, the diffs in user number basing between normal systems with the first user at 500, and *buntu system with a first user at 1000 is killing me since all the system utils that one would use for copying a file use the user number not the user name, so despite the fact that I am gene on both systems, I can't access genes stuff on the shop machine. Merry X-mas everybody :) Why not creating you user on the EMC machine using useradd -u your UID on the other machines I just gave a try on my machine, useradd -u 500 essai work nicely :) -- Write once. Port to many. Get the SDK and tools to simplify cross-platform app development. Create new or port existing apps to sell to consumers worldwide. Explore the Intel AppUpSM program developer opportunity. appdeveloper.intel.com/join http://p.sf.net/sfu/intel-appdev ___ Emc-users mailing list Emc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/emc-users
Re: [Emc-users] fail2ban default setup gotcha
On Friday, December 23, 2011 02:44:33 PM yann jautard did opine: Le 22/12/2011 16:33, gene heskett a écrit : Greetings all; First, I guess we start a round of wishing everybody a merry Christmas. Second, the diffs in user number basing between normal systems with the first user at 500, and *buntu system with a first user at 1000 is killing me since all the system utils that one would use for copying a file use the user number not the user name, so despite the fact that I am gene on both systems, I can't access genes stuff on the shop machine. Merry X-mas everybody :) Why not creating you user on the EMC machine using useradd -u your UID on the other machines I just gave a try on my machine, useradd -u 500 essai work nicely :) I sounded like a good idea, but: [gene@coyote ~]$ ssh shop gene@shop's password: Linux shop 2.6.32-122-rtai #rtai SMP Tue Jul 27 12:44:07 CDT 2010 i686 GNU/Linux Ubuntu 10.04.3 LTS Welcome to Ubuntu! * Documentation: https://help.ubuntu.com/ 11 packages can be updated. 6 updates are security updates. Last login: Thu Dec 22 09:38:52 2011 from coyote.coyote.den gene@shop:~$ sudo useradd -u 500 gene [sudo] password for gene: useradd: user 'gene' already exists So there isn't an obvious way to make the user numbers match between the *buntu's and the rest of the world. The last time I tried that, I wound up re-installing to fix it. Cheers, Gene -- There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order. -Ed Howdershelt (Author) My web page: http://coyoteden.dyndns-free.com:85/gene It is exactly because a man cannot do a thing that he is a proper judge of it. -- Oscar Wilde -- Write once. Port to many. Get the SDK and tools to simplify cross-platform app development. Create new or port existing apps to sell to consumers worldwide. Explore the Intel AppUpSM program developer opportunity. appdeveloper.intel.com/join http://p.sf.net/sfu/intel-appdev ___ Emc-users mailing list Emc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/emc-users
Re: [Emc-users] fail2ban default setup gotcha
On 12/23/2011 01:47 PM, gene heskett wrote: Last login: Thu Dec 22 09:38:52 2011 from coyote.coyote.den gene@shop:~$ sudo useradd -u 500 gene to modify a user, you must use usermod: sudo usermod -u 500 gene I haven't used usermod in a lng time, so I don't know if you need to change user, and group, for all of the files you own. sudo chown -R gene.gene /home/gene -- -Mark Ne M'oubliez ---Family Motto Hope for the best, plan for the worst ---Personal Motto -- Write once. Port to many. Get the SDK and tools to simplify cross-platform app development. Create new or port existing apps to sell to consumers worldwide. Explore the Intel AppUpSM program developer opportunity. appdeveloper.intel.com/join http://p.sf.net/sfu/intel-appdev ___ Emc-users mailing list Emc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/emc-users
Re: [Emc-users] fail2ban default setup gotcha
On Friday, December 23, 2011 06:11:28 PM Mark Cason did opine: On 12/23/2011 01:47 PM, gene heskett wrote: Last login: Thu Dec 22 09:38:52 2011 from coyote.coyote.den gene@shop:~$ sudo useradd -u 500 gene to modify a user, you must use usermod: sudo usermod -u 500 gene I haven't used usermod in a lng time, so I don't know if you need to change user, and group, for all of the files you own. sudo chown -R gene.gene /home/gene That has been done long ago Mark. The problem is that on pclos (this box) gene is the first user, with a userid of 500. On ubuntu, gene is also the first user 1000, so when user 500 tries to copy a file to /home/user=1000 on ubuntu, its 100% no permissions. Now if the copy utilities used the username, and it was the same $name on both machines, there is no clash. Cheers, Gene -- There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order. -Ed Howdershelt (Author) My web page: http://coyoteden.dyndns-free.com:85/gene The speed of anything depends on the flow of everything. -- Write once. Port to many. Get the SDK and tools to simplify cross-platform app development. Create new or port existing apps to sell to consumers worldwide. Explore the Intel AppUpSM program developer opportunity. appdeveloper.intel.com/join http://p.sf.net/sfu/intel-appdev ___ Emc-users mailing list Emc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/emc-users
Re: [Emc-users] fail2ban default setup gotcha
gene heskett wrote: That has been done long ago Mark. The problem is that on pclos (this box) gene is the first user, with a userid of 500. On ubuntu, gene is also the first user 1000, so when user 500 tries to copy a file to /home/user=1000 on ubuntu, its 100% no permissions. Now if the copy utilities used the username, and it was the same $name on both machines, there is no clash. Cheers, Gene You should be able to create an alternate user (like gene2) and then create a group that allows access to both the 500 and 1000 users. I may have missed the start of this thread, I'm guessing this is a problem with a NFS file system? Seems like that would be the only time such cross-system IDs would matter. Jon -- Write once. Port to many. Get the SDK and tools to simplify cross-platform app development. Create new or port existing apps to sell to consumers worldwide. Explore the Intel AppUpSM program developer opportunity. appdeveloper.intel.com/join http://p.sf.net/sfu/intel-appdev ___ Emc-users mailing list Emc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/emc-users
Re: [Emc-users] fail2ban default setup gotcha
On 12/23/2011 05:18 PM, gene heskett wrote: On Friday, December 23, 2011 06:11:28 PM Mark Cason did opine: On 12/23/2011 01:47 PM, gene heskett wrote: Last login: Thu Dec 22 09:38:52 2011 from coyote.coyote.den gene@shop:~$ sudo useradd -u 500 gene to modify a user, you must use usermod: sudo usermod -u 500 gene I haven't used usermod in a lng time, so I don't know if you need to change user, and group, for all of the files you own. sudo chown -R gene.gene /home/gene That has been done long ago Mark. The problem is that on pclos (this box) gene is the first user, with a userid of 500. On ubuntu, gene is also the first user 1000, so when user 500 tries to copy a file to /home/user=1000 on ubuntu, its 100% no permissions. Now if the copy utilities used the username, and it was the same $name on both machines, there is no clash. If I'm remembering the LSB correctly, then all programs on a linux box are 'SUPPOSED' to use the group name, instead of the UID/GID, to maintain cross-platform compatability. if the permission of the file is group readable (or read/writable), then it should work correctly. There are several ways to get around the problem, The quick-and-dirty way to fix this is to do a chmod +r 'filename' , and set the read flag for all users. A little more involved way, would be to do a chmod 660 'filename' sudo chown gene.1000 'filename' , in pclos. This will give read/write access to user, and group. Then changes group to 1000, which would be valid on the Ubuntu machine. 640 would probably be more appropriate, if you do not intend to edit on the Ubuntu machine. Copy 'filename' to the Ubuntu machine, and then see what happens. The major downside to each of these workarounds, is that this would have to be done EVERY time you need to copy a file. A simple script could be written to make this easier. The permanent fix, would be to change the UID/GID on the Ubuntu computer, to force it to use 500, instead of 1000. Two ways to do it, are with the usermod command, using -u 500 -g 500 or manually editing the /etc/passwd, and /etc/group files directly: sudo cp /etc/passwd /etc/passwd.orig sudo cp /etc/group /etc/group.orig sudo vim /etc/passwd: gene:x:1000:1000:Your Name,,,:/home/gene:/bin/bash change to gene:x:500:500:Your Name,,,:/home/gene:/bin/bash sudo vim /etc/group: gene:x:1000: change to gene:x:500: Manually editing these files guarantees that you will need to chown your files back to gene.gene. BUT... This is a one time thing, once it's done, it's done. -- -Mark Ne M'oubliez ---Family Motto Hope for the best, plan for the worst ---Personal Motto -- Write once. Port to many. Get the SDK and tools to simplify cross-platform app development. Create new or port existing apps to sell to consumers worldwide. Explore the Intel AppUpSM program developer opportunity. appdeveloper.intel.com/join http://p.sf.net/sfu/intel-appdev ___ Emc-users mailing list Emc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/emc-users
Re: [Emc-users] fail2ban default setup gotcha
On Friday, December 23, 2011 10:18:29 PM Jon Elson did opine: gene heskett wrote: That has been done long ago Mark. The problem is that on pclos (this box) gene is the first user, with a userid of 500. On ubuntu, gene is also the first user 1000, so when user 500 tries to copy a file to /home/user=1000 on ubuntu, its 100% no permissions. Now if the copy utilities used the username, and it was the same $name on both machines, there is no clash. Cheers, Gene You should be able to create an alternate user (like gene2) and then create a group that allows access to both the 500 and 1000 users. I may have missed the start of this thread, I'm guessing this is a problem with a NFS file system? Seems like that would be the only time such cross-system IDs would matter. I have the *buntu box mounted at /mnt/shop, a samba share I believe. From mounts output: //shop.coyote.den/shop-slash on /mnt/shop type cifs (rw,mand) What I would like to be able to do, and which requires scp or sftp to do, is fire up mc, send one pane to the *buntu box, the other to wherever I have downloaded an emc useful file to here on this box, and just hit an F5 to copy or an F6 to move it. I fail to see why such a simple operation, where I am the user gene on both machines, has to be such a %$#@()^ pain in the ass. Why can't there be an option in these file management utility's to tell them, not to use the user number for the perms checking, but the user name instead? All this bs would disappear in a puff of invisible smoke instead of all the blue smoke I generate because it takes me 10 minutes to reread the manpages several times, and likely 20 tries to get the proper command line syntax constructed from the totally obtuse man pages of scp and sftp. Could this be such a matter as security=user in the cifs.conf files on both machines? On checking, that option is set on this box. And now is set on shop.coyote.den too, it was share before on that machine. Humm, mc can now copy stuff, but fails to chown the file. So as I have an ssh session going as gene, go check, and gene:gene owns everything I copied there with this copy session. So, now I have a way to do it without screwing around till my blood pressure is up 40 points. Next I need to scan back through this list and find some code that was uploaded 2 or 3 weeks ago that I need on that machine. As for NFS, I have spent many hours trying to configure NFS, but the failure rate is 100% forever. I gave up on it when, on another mailing list I was sent config files guaranteed to work, but never did. I gave up on it 3 or 4 installs back and haven't tried since. That may also be due to the differences in usernum base systems for all I know. The error messages are obtuse and rarely make sense to those who claim to know something about NFS. Can't get sockets and such. I'd better git-r-done for the night Jon, thanks for listening. Jon Cheers, Gene -- There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order. -Ed Howdershelt (Author) My web page: http://coyoteden.dyndns-free.com:85/gene Military secrets are the most fleeting of all. -- Spock, The Enterprise Incident, stardate 5027.4 -- Write once. Port to many. Get the SDK and tools to simplify cross-platform app development. Create new or port existing apps to sell to consumers worldwide. Explore the Intel AppUpSM program developer opportunity. appdeveloper.intel.com/join http://p.sf.net/sfu/intel-appdev ___ Emc-users mailing list Emc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/emc-users