trinity-users@lists.pearsoncomputing.net

Message: previous - next
Month: August 2020

Re: [trinity-users] Beowulf/Buster upgrade - sudoers list - password problems

From: "Dr. Nikolaus Klepp" <office@...>
Date: Sat, 29 Aug 2020 15:12:06 +0200
Anno domini 2020 Sat, 29 Aug 04:24:07 -0700
 William Morder via trinity-users scripsit:
>  [... sniped a lot of text ...]
> On Saturday 29 August 2020 04:04:55 Dr. Nikolaus Klepp wrote:
> > What I have not understood yet: you can get root access from terminal with
> > "su" or you have to use "sudo bash" ?
> >
> 
> Thanks, Nik! I'm glad somebody is willing to explain this to me like I am a 
> child. I probably ought to have got this years and years ago, but since I 
> don't need it so much in a group setting, or office, I could put it off. 
> 
> Some of this discussion has been superseded by another email, as they crossed 
> paths. 
> 
> However, in answer to this point: When I open a terminal, type "sudo su", I 
> can enter my password, and then I am root. I can do whatever I want to my 
> system, no matter how ill-conceived and dangerous. However, I cannot use it 
> to launch gui programs, only to run some root commands, such as when I want 
> to run pkill to kill several processes all at once, because they relate to 
> something else that is running away. 

Ok. To run programs as root on X11 you need to transfer X credentials to root. This can be done by hand (eek!) or just use "sux". That package was was kicked on debian in ~ 2014 by applying greater wisdom. Still in the source tree here https://sources.debian.org/src/sux/ - but better get the original from here http://fgouget.free.fr/sux/sux-readme.shtml - I've found it to be a very valuable piece of software. 

"sudo su" should do the same as "sudo bash". "su" should work on a clean install, but it will refuse to work if you have no password set for root. so the first thing on ubuntu is to do a "sudo passwd" :) Anyway, "sudo" asks for your password, "su" for the root password.
 
> When I am done, I type exit, or I can even kill su processes, rather than 
> waiting for permissions to expire. 
> 
> But when I (was) try(ing) to run a gui program (for example, gufw), I would be 
> asked for my password, then told that it was incorrect. I have set my system 
> not to allow root logins. There is no separate admin apart from the present 
> author, although I cannot just do anything; I still must enter my password to 
> become su. 
> 
> However, without having installed quite all the trinity-sudo packages, I was 
> denied root permissions, except in the shell, by running "sudo su". 
> 
> Sorry for the tedious details, but I do want to get to the bottom of this 
> issue, even though it may be self-inflicted. 

There are no tedious details. If things are unclear they must be addressed - and everybody is free to ignore or give input at any time. Nowadays with that windows nomenclatura mixed in ... well, some days ago there was athread on "how to all a file or folder or directory thingie" on devuan :)

Nik

> 
> Bill
> 
> > > > > Anyway, so now, suddenly, I am asked for the root password in order
> > > > > to run gufw and other such stuff. But when I enter my password, I get
> > > > > a message that the password is incorrect. This happened before, long
> > > > > ago, when I first switched from (k)ubuntu to debian; debian seems to
> > > > > have a stricter default policy, which is probably a good thing, and I
> > > > > probably ought to get the hang of this thing, right?
> > > > >
> > > > > So I need an easier solution than whatever this is that I am doing
> > > > > (or not doing). I have been combing through my Linux pocket guide and
> > > > > Linux in a Nutshell and Linux Bible, etc., but they all say the same
> > > > > thing, and none of them work.
> > > > >
> > > > > #2 - I still want a graphical firewall that runs like the old
> > > > > Firestarter; gufw isn't quite what I want, or maybe I just haven't
> > > > > yet configured it properly.
> > > >
> > > > didn't know Firestarter, but it loks nice for a firewall. I have to
> > > > admit I don't like linux firewall (I prefer the BSD way). Anyway, I use
> > > > "ufw" - it has a nice GUI, depending on your text editor :)
> > > >
> > > > > What I want is not just a GUI, but instead, one that displays *active
> > > > > connections* as they appear and disappear, and allows changing rules
> > > > > on the fly. Is there such a thing?
> > > >
> > > > "fierwall-applet" could be what you want, but it drags in a hole bunch
> > > > of things.
> > >
> > > Will check it out, thanks.
> > >
> > > > > Running it in a terminal would suit me just fine, so long as it is a
> > > > > dynamic display of active connections as they occur. Also an easier
> > > > > way to edit iptables. (I read that there is some new "thing" to
> > > > > replace iptables, meaning that ufw and gufw and their kin will all
> > > > > become obsolete very soon, apparently being phased out, and I had a
> > > > > hard time downloading them.)
> > > > >
> > > > > Another possible fix would be: to pass my firestarter rules (based on
> > > > > iptables) along to ufw/gufw.
> > > >
> > > > gufw? a gui for ufw? Abomoination!
> > > > That could definitly be done. Are you in for a bit of shell black
> > > > magic?
> > >
> > > I am always prepared for some black magic. That is why I keep my *Linux
> > > in a Nutshell* grimoire always close to hand. Oh, and salt, burning
> > > sulfur, candles and incense, and some cats.
> > >
> > > I used to keep goats and chickens, but nowadays my landlord is always
> > > complaining.
> > >
> > > Seriously, whatever you can recommend to get me back "in control" of the
> > > Mother Ship.
> > >
> > > Thanks a bunch!
> > >
> > > > > But anyway, what I want is to see my active connections. (See
> > > > > enclosed screenshot.)
> > > > >
> > > > > Any help or comments or suggestions are appreciated. If not, at least
> > > > > a good joke.
> > > >
> > > > Windows guys suggest to run a firewall in amazon cloud and send all
> > > > your network through it. I still have not figured out if tis is a bad
> > > > joke or that they actully do, but I have the strong feeling this is a
> > > > seriouse advise (there are commertial offers for this kind of stuff).
> > >
> > > It sounds like these kids forget everything about security, privacy,
> > > whenever somebody says the word "cloud" -- then it's all okay.
> > >
> > > > > Bill
> > > > >
> > > > > P.S. The worst insult is, just before my upgrade, I had got my Jessie
> > > > > system fine-tuned to near-perfection, and was feeling rather smug and
> > > > > virtually bulletproof. On the bright side: Beowulf/Buster does seem
> > > > > to run better, overall, except for when I can't get it to DO WHAT I
> > > > > WANT.
> > > > >
> > > > > :-\
> > > > >
> > > > > See screenshot for firewall example.
> > >
> > > ---------------------------------------------------------------------
> > > To unsubscribe, e-mail:
> > > trinity-users-unsubscribe@... For additional
> > > commands, e-mail: trinity-users-help@... Read list
> > > messages on the web archive: http://trinity-users.pearsoncomputing.net/
> > > Please remember not to top-post:
> > > http://trinity.pearsoncomputing.net/mailing_lists/#top-posting
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: trinity-users-unsubscribe@...
> For additional commands, e-mail: trinity-users-help@...
> Read list messages on the web archive: http://trinity-users.pearsoncomputing.net/
> Please remember not to top-post: http://trinity.pearsoncomputing.net/mailing_lists/#top-posting
> 
> 



-- 
Please do not email me anything that you are not comfortable also sharing with the NSA, CIA ...

powered by ezmlm-www (v1.4.5)