On Saturday 29 August 2020 04:04:55 Dr. Nikolaus Klepp wrote:
> > > > #1 - When installing, I deliberately chose *not* to set a root
> > > > password; since nobody else ever gets to touch my system, it is
> > > > enough that my user password is granted root privileges when I use
> > > > sudo or su.
> > >
> > > Always set a root password, even it's 123456789. Not all programs
> > > accept root without password.
> >
> > Yeah, I tried that, but I always end up with this same problem. When I
> > tried setting a root password before (because it always seemed like the
> > *right* answer), I got this same result.
> >
> > When I made the move from Kubuntu to Debian, I went through this
> > root-password thing at least 5 or 6 times. I always ended up with a
> > system where I could not be granted admin or root privileges ... EXCEPT
> > in a sudo su shell! So that's what I usually do: I create a sudo su
> > shell, then exit and allow permissions to expire, then when I need quick
> > access again, I just hit my UP arrow key, re-enter password, and go back
> > into sudo su to kill something or whatever else needs immediate
> > attention.
> >
> > Now, it would be nice to crack this nut, once and for all, but I don't
> > want to keep asking my own machine for permission to do things. The
> > question is, which of us is master?
>
> Hm. I'm quite sure I'm master on my systems, but that could be a delusion
> ...
>
> What I have not understood yet: you can get root access from terminal with
> "su" or you have to use "sudo bash" ?
>

Thanks, Nik! I'm glad somebody is willing to explain this to me like I am a 
child. I probably ought to have got this years and years ago, but since I 
don't need it so much in a group setting, or office, I could put it off. 

Some of this discussion has been superseded by another email, as they crossed 
paths. 

However, in answer to this point: When I open a terminal, type "sudo su", I 
can enter my password, and then I am root. I can do whatever I want to my 
system, no matter how ill-conceived and dangerous. However, I cannot use it 
to launch gui programs, only to run some root commands, such as when I want 
to run pkill to kill several processes all at once, because they relate to 
something else that is running away. 

When I am done, I type exit, or I can even kill su processes, rather than 
waiting for permissions to expire. 

But when I (was) try(ing) to run a gui program (for example, gufw), I would be 
asked for my password, then told that it was incorrect. I have set my system 
not to allow root logins. There is no separate admin apart from the present 
author, although I cannot just do anything; I still must enter my password to 
become su. 

However, without having installed quite all the trinity-sudo packages, I was 
denied root permissions, except in the shell, by running "sudo su". 

Sorry for the tedious details, but I do want to get to the bottom of this 
issue, even though it may be self-inflicted. 

Bill

> > > > Anyway, so now, suddenly, I am asked for the root password in order
> > > > to run gufw and other such stuff. But when I enter my password, I get
> > > > a message that the password is incorrect. This happened before, long
> > > > ago, when I first switched from (k)ubuntu to debian; debian seems to
> > > > have a stricter default policy, which is probably a good thing, and I
> > > > probably ought to get the hang of this thing, right?
> > > >
> > > > So I need an easier solution than whatever this is that I am doing
> > > > (or not doing). I have been combing through my Linux pocket guide and
> > > > Linux in a Nutshell and Linux Bible, etc., but they all say the same
> > > > thing, and none of them work.
> > > >
> > > > #2 - I still want a graphical firewall that runs like the old
> > > > Firestarter; gufw isn't quite what I want, or maybe I just haven't
> > > > yet configured it properly.
> > >
> > > didn't know Firestarter, but it loks nice for a firewall. I have to
> > > admit I don't like linux firewall (I prefer the BSD way). Anyway, I use
> > > "ufw" - it has a nice GUI, depending on your text editor :)
> > >
> > > > What I want is not just a GUI, but instead, one that displays *active
> > > > connections* as they appear and disappear, and allows changing rules
> > > > on the fly. Is there such a thing?
> > >
> > > "fierwall-applet" could be what you want, but it drags in a hole bunch
> > > of things.
> >
> > Will check it out, thanks.
> >
> > > > Running it in a terminal would suit me just fine, so long as it is a
> > > > dynamic display of active connections as they occur. Also an easier
> > > > way to edit iptables. (I read that there is some new "thing" to
> > > > replace iptables, meaning that ufw and gufw and their kin will all
> > > > become obsolete very soon, apparently being phased out, and I had a
> > > > hard time downloading them.)
> > > >
> > > > Another possible fix would be: to pass my firestarter rules (based on
> > > > iptables) along to ufw/gufw.
> > >
> > > gufw? a gui for ufw? Abomoination!
> > > That could definitly be done. Are you in for a bit of shell black
> > > magic?
> >
> > I am always prepared for some black magic. That is why I keep my *Linux
> > in a Nutshell* grimoire always close to hand. Oh, and salt, burning
> > sulfur, candles and incense, and some cats.
> >
> > I used to keep goats and chickens, but nowadays my landlord is always
> > complaining.
> >
> > Seriously, whatever you can recommend to get me back "in control" of the
> > Mother Ship.
> >
> > Thanks a bunch!
> >
> > > > But anyway, what I want is to see my active connections. (See
> > > > enclosed screenshot.)
> > > >
> > > > Any help or comments or suggestions are appreciated. If not, at least
> > > > a good joke.
> > >
> > > Windows guys suggest to run a firewall in amazon cloud and send all
> > > your network through it. I still have not figured out if tis is a bad
> > > joke or that they actully do, but I have the strong feeling this is a
> > > seriouse advise (there are commertial offers for this kind of stuff).
> >
> > It sounds like these kids forget everything about security, privacy,
> > whenever somebody says the word "cloud" -- then it's all okay.
> >
> > > > Bill
> > > >
> > > > P.S. The worst insult is, just before my upgrade, I had got my Jessie
> > > > system fine-tuned to near-perfection, and was feeling rather smug and
> > > > virtually bulletproof. On the bright side: Beowulf/Buster does seem
> > > > to run better, overall, except for when I can't get it to DO WHAT I
> > > > WANT.
> > > >
> > > > :-\
> > > >
> > > > See screenshot for firewall example.
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail:
> > trinity-users-unsubscribe@... For additional
> > commands, e-mail: trinity-users-help@... Read list
> > messages on the web archive: http://trinity-users.pearsoncomputing.net/
> > Please remember not to top-post:
> > http://trinity.pearsoncomputing.net/mailing_lists/#top-posting