Re: [DNG] sudo or su?
On 05/22/2016 12:38 AM, Paweł Cholewiński wrote: > Read this > http://unix.stackexchange.com/questions/35338/su-vs-sudo-s-vs-sudo-i-vs-sudo-bash > > > Paweł That's a good comparison with sound analysis but looks like it tries to use sudo just as if it were su. They are very different tools with very different use-cases. There are two main advantages of sudo which almost never get mentioned as too many systems *cough*ubuntu*cough*mint*cough* are set up to allow 'sudo -i' by default: One advantage of sudo is that control can be granted in a highly granular way. Specific programs with only specific options can be made available to specific users. Another advantage is an all but unknown auditing system which shows which account did or tried what and exactly when. See 'sudoreplay' for that. As far as default settings go, instead of defaulting to %sudo ALL=(ALL:ALL) ALL I'd raise the bar, with a default sudoers something like this: %sudo ALL=(ALL) /usr/bin/apt-get update, \ /usr/bin/apt-get install [A-Za-z0-9][A-Za-z0-9-]*, \ /usr/bin/apt-get remove [A-Za-z0-9][A-Za-z0-9-]*, \ /usr/bin/apt-get autoremove, /usr/sbin/visudo "" Maybe in a future version of Devuan, some changes to sudoers can be considered. Michael W Lucas has had very useful presentations on sudo: https://www.bsdcan.org/2014/schedule/attachments/283_2014-04-29%20sudo%20tutorial%20-%20bsdcan%202014.pdf https://www.youtube.com/watch?v=o0purspHg-o but his book 'Sudo Mastery' is even more useful. IMHO it's not that sudo is any harder than most other utilities, it's just that common misuse has gotten the herd heading off in the wrong direction. regards, /Lars ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] sudo or su?
Le 21/05/2016 23:22, emnin...@riseup.net a écrit : I followed the standard settings of the installer which leads me to have root and (a) user. Now, i know there are different philosophies about the use of sudo. Frankly, is there any relevant difference between 'sudo + command' or 'su -c + command'? TIA! Hi emniger. . su allows you to execute any command, and asks root password sudo allows the admin to configure with fine grain what users and/or lists of users are allowed to execute with or without typing their personal password. Even if you are the only user of your laptop, you may like to have some priviledged commands be executable without typing your password. Also, limiting the authorized commands brings you some additional level of safety. Didier ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] sudo or su?
On Sun, May 22, 2016 at 11:49:24AM +0200, Didier Kryn wrote: [cut] > > Hi emniger. > . > su allows you to execute any command, and asks root password > > sudo allows the admin to configure with fine grain what users > and/or lists of users are allowed to execute with or without typing > their personal password. > > Even if you are the only user of your laptop, you may like to > have some priviledged commands be executable without typing your > password. Also, limiting the authorized commands brings you some > additional level of safety. > I have a slightly different view on the matter, indeed :) In a unix environment there are two kinds of users: "normal" or "regular" users, and the administrator, or root. The administrator of the system decides policies and performs system configuration and monitoring. If you log into a unix system to do your own work, you are a "regular" user, and you should not be bothered at all with system configuration or monitoring. This is a fairly easy scheme to understand. The problem is that in a desktop environment, where you are both the only "regular" user and the "administrator" of your system, the two things might become entangled. My solution has always been to keep users and root *separate*, avoiding sudo altogether, and to ask myself to wear an appropriate "magic-shiny-hat-with-green-glitters-and-silver-triangle-on-top" (that I keep on my desk) whenever a part of myself has to become root and perform a configuration task. I know that whenever I am wearing the "magic-shiny-hat-with-green-glitters-and-silver-triangle-on-top" I have to put extra care on whatever I do, since a mistake could cause the regular users of my system (including the other part of myself) to suffer unnecessary pain and disruption. No automagic tool can save you from your own stupidity. You need a system administrator to manage your linux box, and investing a bit of time in training a part of yourself for that task, and 2$ in buying a "magic-shiny-hat-with-green-glitters-and-silver-triangle-on-top" is really worth the effort, and the price :) HND KatolaZ -- [ Enzo Nicosia aka KatolaZ --- GLUG Catania -- Freaknet Medialab ] [ me [at] katolaz.homeunix.net -- http://katolaz.homeunix.net -- ] [ GNU/Linux User:#325780/ICQ UIN: #258332181/GPG key ID 0B5F062F ] [ Fingerprint: 8E59 D6AA 445E FDB4 A153 3D5A 5F20 B3AE 0B5F 062F ] ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] sudo or su?
On Sun, May 22, 2016 at 11:08:47AM +0100, KatolaZ wrote: > My solution has always been to keep users and root *separate*, > avoiding sudo altogether, and to ask myself to wear an appropriate > "magic-shiny-hat-with-green-glitters-and-silver-triangle-on-top" (that > I keep on my desk) whenever a part of myself has to become root and > perform a configuration task. I know that whenever I am wearing the > "magic-shiny-hat-with-green-glitters-and-silver-triangle-on-top" I > have to put extra care on whatever I do, since a mistake could cause > the regular users of my system (including the other part of myself) to > suffer unnecessary pain and disruption. > > No automagic tool can save you from your own stupidity. You need a > system administrator to manage your linux box, and investing a bit of > time in training a part of yourself for that task, and 2$ in buying a > "magic-shiny-hat-with-green-glitters-and-silver-triangle-on-top" is > really worth the effort, and the price :) very +1 and keep in mind: real men do everything as root and don't make backups :) I think sudo main advantage is to grant certain administrative privileges to junior sysadmin or regular users, without to reveal the root password. -- Fernando M. Maresca ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] sudo or su?
On Sun, May 22, 2016 at 07:22:44AM -0300, Fernando M. Maresca wrote: > > > > On Sun, May 22, 2016 at 11:08:47AM +0100, KatolaZ wrote: > > > My solution has always been to keep users and root *separate*, > > avoiding sudo altogether, and to ask myself to wear an appropriate > > "magic-shiny-hat-with-green-glitters-and-silver-triangle-on-top" (that > > I keep on my desk) whenever a part of myself has to become root and > > perform a configuration task. I know that whenever I am wearing the > > "magic-shiny-hat-with-green-glitters-and-silver-triangle-on-top" I > > have to put extra care on whatever I do, since a mistake could cause > > the regular users of my system (including the other part of myself) to > > suffer unnecessary pain and disruption. > > > > No automagic tool can save you from your own stupidity. You need a > > system administrator to manage your linux box, and investing a bit of > > time in training a part of yourself for that task, and 2$ in buying a > > "magic-shiny-hat-with-green-glitters-and-silver-triangle-on-top" is > > really worth the effort, and the price :) > > very +1 > > > and keep in mind: real men do everything as root and don't make > backups :) > > I think sudo main advantage is to grant certain administrative > privileges to junior sysadmin or regular users, without to reveal the > root password. > sudo is undeniably handy when administration is shared among several admins, but in those cases it should be used with extreme care. I know of real situations when one of the sudoers was allowed to edit /etc/sudoers, and left the machine unusable by other admins due to a syntax error in /etc/sudoers... Again, tools are just tools, and can't be replacements for policy and knowledge. If one has to use something like sudo, I prefer the approach of simpler tools, in the same spirit of "sup" https://git.devuan.org/jaromil/sup). My2Cents KatolaZ -- [ Enzo Nicosia aka KatolaZ --- GLUG Catania -- Freaknet Medialab ] [ me [at] katolaz.homeunix.net -- http://katolaz.homeunix.net -- ] [ GNU/Linux User:#325780/ICQ UIN: #258332181/GPG key ID 0B5F062F ] [ Fingerprint: 8E59 D6AA 445E FDB4 A153 3D5A 5F20 B3AE 0B5F 062F ] ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] sudo or su?
Le 22/05/2016 12:22, Fernando M. Maresca a écrit : On Sun, May 22, 2016 at 11:08:47AM +0100, KatolaZ wrote: My solution has always been to keep users and root *separate*, avoiding sudo altogether, and to ask myself to wear an appropriate "magic-shiny-hat-with-green-glitters-and-silver-triangle-on-top" (that I keep on my desk) whenever a part of myself has to become root and perform a configuration task. I know that whenever I am wearing the "magic-shiny-hat-with-green-glitters-and-silver-triangle-on-top" I have to put extra care on whatever I do, since a mistake could cause the regular users of my system (including the other part of myself) to suffer unnecessary pain and disruption. No automagic tool can save you from your own stupidity. You need a system administrator to manage your linux box, and investing a bit of time in training a part of yourself for that task, and 2$ in buying a "magic-shiny-hat-with-green-glitters-and-silver-triangle-on-top" is really worth the effort, and the price :) very +1 and keep in mind: real men do everything as root and don't make backups :) I think sudo main advantage is to grant certain administrative privileges to junior sysadmin or regular users, without to reveal the root password. I use both. On hosts with many users and subsystems, I give permissions to others to act as (eg) mysql-admin, web-admin, elog-admin, or just halt/reboot. I can't do/know everything and must give priviledges to others. sudo is fitted for that. On my laptop I use su because I'm too lazy to configure sudo, but I'm sure I would save time by allowing myself to run ifupdown without password. Didier ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Dng Digest, Vol 20, Issue 83
On 05/15/2016 09:47 PM, Florian Zieboll wrote: > On Sun, 15 May 2016 19:43:02 +0200 > Irrwahn wrote: > >> On Sun, 15 May 2016 13:20:47 -0400, Fsmithred wrote: >>> I have the following file (or equivalent) any time I have more than >>> one release enabled in sources.list: >>> >>> cat /etc/apt/apt.conf.d/00defaultrelease >>> APT::Default-Release "jessie"; >>> >>> That way, only packages from jessie will be installed unless I use >>> the -t option to name a different release. > > > Be careful, this may interfere with your apt pinning. After having put > your suggested file into apt.conf.d, I added jessie-backports to my > sources.list and the following well-proven pin didn't take any effect: > > Package: * > Pin: release a=jessie-backports > Pin-Priority: 200 > > Bug, or feature? Drove me nuts until I realized that I had added this > "default release" two hours earlier ;) > > Florian > > ___ > On Sun, 15 May 2016 22:54:33 -0400 > ". fsmithred" wrote: > >> Florian, >> >> Thanks! I tried pinning backports like that a few weeks ago, and it >> didn't work. I thought it was due to changes in the way pinning is >> done. I don't think I ever would have figured that one out on my own. >> Does the pinning work properly if you remove 00defaultrelease? I >> can't test this right now, but I will do it in a few days. >> >> -fsr >> > > > Hallo fsr, > > I'll reply to the list, hope that's fine... Yes indeed, the > [APT::Default-Release "jessie";] line seems to suppress apt pinning. My > first thought had been, that amprolla / the merging workflow somehow > interferes with pinning, but after a second of alarm I verified that my > desktop, which runs a similar configuration, has only manually selected > backports installed. > > I also had tried to get backports from another mirror and pin by > "origin", to no avail. Further experiments fell prey to the lucky fact > that I remembered (and found) your apt related mail > > IIU apt_perferences(5) correctly, the "Default-Release" preference was > intended to play together with a "NotAutomatic: yes" entry in the > repository's release file (see section "APT's Default Priority > Assignments"), but I'm still not sure if its impact on pinning is a bug > or not. > > Florian Florian, Your way works. I removed 00defaultrelease and added the pin for jessie-backports, and now I will get packages from backports only if I ask for them. I tried the same with ascii and ceres, and it didn't work at first. I had to do a couple of things differently. (Both of these are required.) 1. pinning did not work when I used deb http://packages.devuan.org/devuan ascii main but it did work when I used deb http://us.mirror.devuan.org/merged/ ascii main 2. "Pin: release a=ascii" did not work. but "Pin: release n=ascii" did work. So now the file (preferences.d/00releases) looks like this: Package: * Pin: release a=jessie-backports Pin-Priority: 200 Package: * Pin: release n=ascii Pin-Priority: 90 Package: * Pin: release n=ceres Pin-Priority: 50 IMPORTANT NOTE!!! Those of you who are cringing at the thought of mixing stable, testing and unstable can relax. I'm not mixing. I just like to be able to easily see what versions of packages are in other releases. -fsr ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
[DNG] xpdf needs to uninstall lxde and lxde-desktop-tasks !?!
Anyone here knows, why the hell the installation of xpdf (in devuan) needs to deinstall lxde and lxde-desktop-tasks? I do not understand the reason why (in slackware for example there did not exist this problem). May be that's an inherited dependency problem (?) Me, as a simple user, i would like to suggest, that capable people step by step might have a look in all this dependency spiderweb (with the obvious target to cut all of it which not really is needed). Please do not take me wrong, i'm far from being able to judge this, but often it is my impression, in debian there way more dependencies excluding reasonable options than really necessary. Cheers ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] sudo or su?
On Sun, 22 May 2016 10:34:57 +0300 Lars Noodén wrote: > As far as default settings go, instead of defaulting to > > %sudo ALL=(ALL:ALL) ALL Yeah, that's the first thing I comment out. And the first thing I add are nopasswd commands so slitt can mount and unmount. Probably, in my case, I should make it so slitt can do updatedb too. SteveT Steve Litt May 2016 featured book: Rapid Learning for the 21st Century http://www.troubleshooters.com/rl21 ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] xpdf needs to uninstall lxde and lxde-desktop-tasks !?!
On Sun, 22 May 2016 17:12:35 +0200 wrote: > Anyone here knows, why the hell the installation of xpdf (in devuan) > needs to deinstall lxde and lxde-desktop-tasks? > > (...) > > dependency spiderweb No spiderwebs or other dust here... (Jessie): | root@nulldevice:~# apt-get install xpdf lxde task-lxde-desktop | Reading package lists... Done | Building dependency tree | Reading state information... Done | lxde is already the newest version. | The following extra packages will be installed: | libmotif-common libxm4 | Recommended packages: | lxlauncher gnome-orca gsfonts-x11 | The following NEW packages will be installed: | libmotif-common libxm4 task-lxde-desktop xpdf | 0 upgraded, 4 newly installed, 0 to remove and 0 not upgraded. | Need to get 1,211 kB of archives. | After this operation, 3,705 kB of additional disk space will be used. | Do you want to continue? [Y/n] BTW, I feel kind of stupid to answer troubleshooting requests that don't include any error messages (which often state quite clearly what the actual problem is). > in debian there way more dependencies excluding reasonable options > than really necessary That's probably true. AFAIK the decision about dependants / recommends / suggests is up to the respective package maintainers. Florian ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] xpdf needs to uninstall lxde and lxde-desktop-tasks !?!
On Sun, 22 May 2016 17:12:35 +0200, Emninger wrote: > Anyone here knows, why the hell the installation of xpdf (in devuan) > needs to deinstall lxde and lxde-desktop-tasks? Does it? I was unable to locate any dependencies in lxde or xpdf that might form such a mutual exclusion. What was the actual error message you got? [...] > Me, as a simple user, i would like to suggest, that capable people step > by step might have a look in all this dependency spiderweb (with the > obvious target to cut all of it which not really is needed). [...] I am certain almost nobody would object to that proposal. But it would need a notable number of people to step up and act as package maintainers to accomplish the task, namely to cut down to a tolerable size that giant maze of dependencies created by generations of Debian maintainers. "Fun" fact: Looking for a possible reason for your apparent problem I stumbled upon that gem: The lxde package depends on, among others, galculator and gpicview. Seriously, WTF? Regards Urban ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] sudo or su?
Hi, Sudo is used to run a command as root (Super User DO) without typing the root password. Sudo can also be used to run a command as another user. It can also be used to lower privileges on a command. For instance, suppose you have logged in as root in a terminal without X running and you want to start X as an unprivileged use. This can be done as follows: sudo -U user startx The beauty in it is that it starts X as a normal user while running root is logged in. Although the above is not probably why sudo was written it demonstrates one of its many uses. The Sudoers file: This file can be abused to allow all users to run commands as root by simply preceding commands by 'sudo'. If you are in a situation requiring some users to have access to commands that are only accessible to root, sudoers can be used to enable such users to run the minimum of commands an admin may wish. This enhances local security. Specifying command parameters in sudoers for every command for users defined in sudoers, also improves security. Using sudo the Ubuntu way is like leaving a master key in the wrong hands. Preceding a command by the same string is no security at all when sudo is configured the Ubuntu way. Edward On 22/05/2016, Steve Litt wrote: > On Sun, 22 May 2016 10:34:57 +0300 > Lars Noodén wrote: > > >> As far as default settings go, instead of defaulting to >> >> %sudo ALL=(ALL:ALL) ALL > > Yeah, that's the first thing I comment out. > > And the first thing I add are nopasswd commands so slitt can mount and > unmount. Probably, in my case, I should make it so slitt can do > updatedb too. > > SteveT > > Steve Litt > May 2016 featured book: Rapid Learning for the 21st Century > http://www.troubleshooters.com/rl21 > ___ > Dng mailing list > Dng@lists.dyne.org > https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng > ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] xpdf needs to uninstall lxde and lxde-desktop-tasks !?!
Le 22/05/2016 18:13, Irrwahn a écrit : On Sun, 22 May 2016 17:12:35 +0200, Emninger wrote: Anyone here knows, why the hell the installation of xpdf (in devuan) needs to deinstall lxde and lxde-desktop-tasks? Does it? I was unable to locate any dependencies in lxde or xpdf that might form such a mutual exclusion. What was the actual error message you got? [...] Me, as a simple user, i would like to suggest, that capable people step by step might have a look in all this dependency spiderweb (with the obvious target to cut all of it which not really is needed). [...] I am certain almost nobody would object to that proposal. But it would need a notable number of people to step up and act as package maintainers to accomplish the task, namely to cut down to a tolerable size that giant maze of dependencies created by generations of Debian maintainers. Sure there are the "recommends" and the decision of the maintainer when creating the *-task package, but I have the impression the problem is also upstream. The authors cherry-pick libraries providing features they need. I noticed long ago some application (don't remember which) which has no relation with the www but depends on some Apache library. Didier ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] xpdf needs to uninstall lxde and lxde-desktop-tasks !?!
On Sun, 22 May 2016 18:41:32 +0200, Didier Kryn wrote: > Le 22/05/2016 18:13, Irrwahn a écrit : [...] >> I am certain almost nobody would object to that proposal. >> But it would need a notable number of people to step up >> and act as package maintainers to accomplish the task, >> namely to cut down to a tolerable size that giant maze of >> dependencies created by generations of Debian maintainers. >> > > Sure there are the "recommends" and the decision of the maintainer > when creating the *-task package, I was not concerned about the *Recommends* (I have configured APT::Install-Recommends "0"; anyway), but about the *Depends*. In the example you snipped lxde actually *Depends* on galculator etc.! Otherwise I would not even have objected. > but I have the impression the problem > is also upstream. The authors cherry-pick libraries providing features > they need. I noticed long ago some application (don't remember which) > which has no relation with the www but depends on some Apache library. True. Alas, there is only so much a package maintainer can do about a messy upstream. Regards Urban ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] xpdf needs to uninstall lxde and lxde-desktop-tasks !?!
On Sun, 22 May 2016 17:42:47 +0200, Florian Zieboll wrote: > On Sun, 22 May 2016 17:12:35 +0200 > wrote: > >> Anyone here knows, why the hell the installation of xpdf (in devuan) >> needs to deinstall lxde and lxde-desktop-tasks? >> >> (...) >> >> dependency spiderweb > > No spiderwebs or other dust here... (Jessie): > > | root@nulldevice:~# apt-get install xpdf lxde task-lxde-desktop > | Reading package lists... Done > | Building dependency tree > | Reading state information... Done > | lxde is already the newest version. > | The following extra packages will be installed: > | libmotif-common libxm4 > | Recommended packages: > | lxlauncher gnome-orca gsfonts-x11 > | The following NEW packages will be installed: > | libmotif-common libxm4 task-lxde-desktop xpdf [...] To me it somehow looks like you have the equivalent of APT::Install-Recommends "0"; configured on your system, whereas the OP might have not. That might well account for noticeable differences. However, that's just an educated guess at best, since my dear crystal ball is still off-site for maintenance. ;o) Regards Urban ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] xpdf needs to uninstall lxde and lxde-desktop-tasks !?!
Am Sun, 22 May 2016 16:39:26 + schrieb Florian Zieboll : > No spiderwebs or other dust here... (Jessie): > > | root@nulldevice:~# apt-get install xpdf lxde task-lxde-desktop > | Reading package lists... Done > | Building dependency tree > | Reading state information... Done > | lxde is already the newest version. > | The following extra packages will be installed: > | libmotif-common libxm4 > | Recommended packages: > | lxlauncher gnome-orca gsfonts-x11 > | The following NEW packages will be installed: > | libmotif-common libxm4 task-lxde-desktop xpdf > | 0 upgraded, 4 newly installed, 0 to remove and 0 not upgraded. > | Need to get 1,211 kB of archives. > | After this operation, 3,705 kB of additional disk space will be > used. | Do you want to continue? [Y/n] Ok, it was synaptic which told me lxde and task-lxde-desktop would be uninstalled (?) Now, using apt-get i see, it's not xpdf but gpicview missing which makes apt lament. Although i do not like it, i'll install it (i prefer viewnior). ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] xpdf needs to uninstall lxde and lxde-desktop-tasks !?!
On Sun, 22 May 2016 20:01:29 +0200, Emninger wrote: > Am Sun, 22 May 2016 16:39:26 + > schrieb Florian Zieboll : > >> No spiderwebs or other dust here... (Jessie): >> >> | root@nulldevice:~# apt-get install xpdf lxde task-lxde-desktop [...] > Ok, it was synaptic which told me lxde and task-lxde-desktop would be > uninstalled (?) > > Now, using apt-get i see, it's not xpdf but gpicview missing which > makes apt lament. Although i do not like it, i'll install it (i prefer > viewnior). Q.E.D. Random "Depends" in Metapackages _are_ a Bad Thing™. Regards Urban ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] xpdf needs to uninstall lxde and lxde-desktop-tasks !?!
On 05/22/2016 02:01 PM, emnin...@riseup.net wrote: > > Ok, it was synaptic which told me lxde and task-lxde-desktop would be > uninstalled (?) > > Now, using apt-get i see, it's not xpdf but gpicview missing which > makes apt lament. Although i do not like it, i'll install it (i prefer > viewnior). > ___ The other solution is to install the parts of lxde you want, without installing the metapackages (lxde and task-lxde-desktop). In fact, you might be able to let them be uninstalled without losing the actual parts of lxde. (--simulate is your friend here.) -fsr ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
[DNG] address change notification
Virgin Media chose to sell its ADSL customers to the highest bidder last year (which happened to be TalkTalk) and as consequence of this, the @virginmedia.com address I used to suscribe to the list will be going away at the end of this month. Because of this, I've changed to subscription address to a still valid @talktalk.net address. The purpose of this seemingly pointless message is to give people an opportunity to update their "kill files" instead of flaming me for maliciously trying to circumvent them (as people have been doing in the past because of similar, address changes forced onto me by adverse circumstance). ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Unofficial Devuan live images
Hi all, El 21/05/16 a las 14:00, Didier Kryn escribió: Le 21/05/2016 11:35, KatolaZ a écrit : >On Sat, May 21, 2016 at 08:18:16AM +0200, Didier Kryn wrote: > >[cut] > >>>version of the initramfs), but might be useful if you want to use the >>>live image as a rescue cd, and boot into an existing / on your >>>drive. Not necessary. Maybe useful. >> The disk controllers need to be on the live cd for sure, but why >>in the initramfs? >Only if you want to boot to an existing partition, which is something >that I would like to support anyway. OK, I didn't catch that. Means you don't boot to the cdrom and interrupt the initramfs script to ask it to mount the other disk instead? > rebuild the kernel with those drivers statically linked and boot directly to the cdrom without and initramfs. >>>Oh, sure we could. But my point is to use standard packages from the >>>Devuan repo, without too much of customising/recompiling. >> I was just thinking of a minimal hack: starting from Devuan's >>kernel config, just change a few drivers' build-mode from module to >>static. After all, do you think it's more of a hack than stripping >>the initramfs? But I admit it's a different journey than the one you >>have undertaken. >> >That would be possible, but maybe it will not be needed, since the >initrd is currently under 7MB anyway, and the "micro" version might be >as small as 5 MB. The problem now might be the kernel itself, whose >size (when decompressed) is of the same order of the initrd:) But I >won't dig in that direction, for the moment > >>> Otherwise we >>>could also recompile everything with uclibc, as done in other minimal >>>distro, and have a truly microscopic userland, but that would be >>>*another* distribution, not a Devuan;) >>> >> Musl libc is already a serious challenge:-) Uclibc a nightmare, >>too incompatible with glibc. >> >> Sorry if I look harsh, providing recommendations to people who >>do the real job:-) ideas come out of the conversation and I just >>like to share them with knowledgeable people. >> >Among adults, receiving honest and "harsh" comments, and reflecting on >them, is the most effective and productive way to improve on your >work. Saying that everything is cool and smooth and perfect has never >saved the world, or changed things. So thank you again for your >comments, which are very much appreciated and will be taken into >account seriously, and please feel free to fire at me any thought as >you have done so far:) > > Thanks for your words, and for Devuan at all... I'm going to install beta on a desktop today:-) I rebuilt KatolaZ's distribution doing some minor changes: I added deborphan, firmware-linux-free and ntp... I also removed the refracta tools from the filesystem.squashfs, including them in devuan-installer together with the backend of simple-netaid as optional unofficial packages of Devuan, in a *udeb* package named "unofficial-packages-udeb". Installing the backend of simple-netaid, you will be able to connect to eth0 typing: /usr/lib/simple-netaid/bin/backend 9 eth0 Here you are the download zone: http://gnuinos.org/devuan/ Following Jaromil's suggestions, I added the package_list including the versions of the installed packages. Cheers, Aitor. ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] sudo or su?
Hi, could You send screenshot? W dniu 22.05.2016 o 21:46, Sadegh Sadegh pisze: > Hi > I can't use terminal at my Devuan 1.0 beta lxde 64. I see this " Your name > -sad- is not on system. > Streng. Please help me. > > 22.05.2016, 14:48, "KatolaZ" : >> On Sun, May 22, 2016 at 07:22:44AM -0300, Fernando M. Maresca wrote: >>> On Sun, May 22, 2016 at 11:08:47AM +0100, KatolaZ wrote: >>> >>> > My solution has always been to keep users and root *separate*, >>> > avoiding sudo altogether, and to ask myself to wear an appropriate >>> > "magic-shiny-hat-with-green-glitters-and-silver-triangle-on-top" (that >>> > I keep on my desk) whenever a part of myself has to become root and >>> > perform a configuration task. I know that whenever I am wearing the >>> > "magic-shiny-hat-with-green-glitters-and-silver-triangle-on-top" I >>> > have to put extra care on whatever I do, since a mistake could cause >>> > the regular users of my system (including the other part of myself) to >>> > suffer unnecessary pain and disruption. >>> > >>> > No automagic tool can save you from your own stupidity. You need a >>> > system administrator to manage your linux box, and investing a bit of >>> > time in training a part of yourself for that task, and 2$ in buying a >>> > "magic-shiny-hat-with-green-glitters-and-silver-triangle-on-top" is >>> > really worth the effort, and the price :) >>> >>> very +1 >>> >>> and keep in mind: real men do everything as root and don't make >>> backups :) >>> >>> I think sudo main advantage is to grant certain administrative >>> privileges to junior sysadmin or regular users, without to reveal the >>> root password. >> >> sudo is undeniably handy when administration is shared among several >> admins, but in those cases it should be used with extreme care. I know >> of real situations when one of the sudoers was allowed to edit >> /etc/sudoers, and left the machine unusable by other admins due to a >> syntax error in /etc/sudoers... >> >> Again, tools are just tools, and can't be replacements for policy and >> knowledge. >> >> If one has to use something like sudo, I prefer the approach of >> simpler tools, in the same spirit of "sup" >> https://git.devuan.org/jaromil/sup). >> >> My2Cents >> >> KatolaZ >> >> -- >> [ Enzo Nicosia aka KatolaZ --- GLUG Catania -- Freaknet Medialab ] >> [ me [at] katolaz.homeunix.net -- http://katolaz.homeunix.net -- ] >> [ GNU/Linux User:#325780/ICQ UIN: #258332181/GPG key ID 0B5F062F ] >> [ Fingerprint: 8E59 D6AA 445E FDB4 A153 3D5A 5F20 B3AE 0B5F 062F ] >> ___ >> Dng mailing list >> Dng@lists.dyne.org >> https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng > ___ > Dng mailing list > Dng@lists.dyne.org > https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng > ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] sudo or su?
> I followed the standard settings of the installer which leads me to > have root and (a) user. > > Now, i know there are different philosophies about the use of sudo. > Frankly, is there any relevant difference between 'sudo + command' or > 'su -c + command'? Hello The first thing to do when looking at any bit of security mechanism is to figure out the threats which it can counter (the threat model that the authors had in mind): Sudo: * protects users against password fatigue - desktop unix users only have to remember one password * discourages unneeded/careless root logins * allows elevated command execution on a finer grained basis than su Su: * prevents immediate root escalation when somebody intercepts/shoulder surfs/sniffs the user password (root might only be needed occasionally, normal user password is provided at each login) * at least makes it possible to offer a trusted path The last bit about trusted path is really quite important, particularly as the biggest threat that the contemporary desktop unix user faces is the javascripted web browser: So in a normal environment, once the user account has been broken, there is no reasonable way that it is possible for a user to work out if the password they are typing at the sudo prompt is actually going to sudo directly or being intercepted by a dodgy piece of code. The attacker could have straced the terminal application, or replaced the any one of the terminal process, shell or sudo with a subtly modified one, or done any other number of tricks (X server key capture, screen session, etc, etc). Yes, I know, in some environments strace is disabled for unprivileged users - but this is a travesty for developers and amounts to security theatre[1]. On the other hand, having a function root account with separate password allows one to log in to a box which holds a compromised user account without giving the attacker root. Possible options: Remotely via ssh (a counterintuitive argument to actually admin a remote system using root directly (!)), or in single user mode, or just maybe even at a text console, using sysreq to kill possible sniffers[2]. TLDR: sudo protects naive users against rookie mistakes, at the cost of making user level compromises much worse[2]. regards marc [1] Npghnyyl vg vf jbefr guna gung. Qbja guvf cngu yvrf gur n ybpxrq qbja nccvsvrq raivebazrag, jurer abezny nppbhagf pna'g pbzcvyr be qroht pbqr - naq jurer lbh arrq ebbg gb or cebqhpgvir. [2] Naq vs lbh ner tbvat gb nethr gung n hfre pbzcebzvfr vf rnfvyl ghearq vagb ebbg npprff naljnl naq guhf fhqb vf whfg f zhpu orggre, gura nfx lbhefrys jul bar fubhyq unir n hfre/ebbg frcnengvba gb ortva jvgu ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] sudo or su?
The big thing for me about Ubuntu, etc... is not the fact they use sudo a lot, it is that by default they do not allow root login at all. If the /home partition has problems, you must login as a user, then sudo to root, then attempt to dismount /home and work on it, which will not work since /home has files open (since you logged in as a user with a home directory in /home). So, I have to boot off some other media to do repair work on /home (or fix the login) sudo vs su is an interesting decision to make, but not allowing root login is a matter of too much security to get your job done. Rod On 05/22/2016 02:34 AM, Lars Noodén wrote: > On 05/22/2016 12:38 AM, Paweł Cholewiński wrote: >> Read this >> http://unix.stackexchange.com/questions/35338/su-vs-sudo-s-vs-sudo-i-vs-sudo-bash >> >> >> Paweł > > That's a good comparison with sound analysis but looks like it tries to > use sudo just as if it were su. They are very different tools with very > different use-cases. > > There are two main advantages of sudo which almost never get mentioned > as too many systems *cough*ubuntu*cough*mint*cough* are set up to allow > 'sudo -i' by default: One advantage of sudo is that control can be > granted in a highly granular way. Specific programs with only specific > options can be made available to specific users. Another advantage is > an all but unknown auditing system which shows which account did or > tried what and exactly when. See 'sudoreplay' for that. > > As far as default settings go, instead of defaulting to > > %sudo ALL=(ALL:ALL) ALL > > I'd raise the bar, with a default sudoers something like this: > > %sudo ALL=(ALL) /usr/bin/apt-get update, \ > /usr/bin/apt-get install [A-Za-z0-9][A-Za-z0-9-]*, \ > /usr/bin/apt-get remove [A-Za-z0-9][A-Za-z0-9-]*, \ > /usr/bin/apt-get autoremove, /usr/sbin/visudo "" > > Maybe in a future version of Devuan, some changes to sudoers can be > considered. > > Michael W Lucas has had very useful presentations on sudo: > > > https://www.bsdcan.org/2014/schedule/attachments/283_2014-04-29%20sudo%20tutorial%20-%20bsdcan%202014.pdf > > https://www.youtube.com/watch?v=o0purspHg-o > > but his book 'Sudo Mastery' is even more useful. IMHO it's not that > sudo is any harder than most other utilities, it's just that common > misuse has gotten the herd heading off in the wrong direction. > > regards, > /Lars > ___ > Dng mailing list > Dng@lists.dyne.org > https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng > -- Rod Rodolico Daily Data, Inc. POB 140465 Dallas TX 75214-0465 214.827.2170 http://www.dailydata.net ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Unofficial Devuan live images
El 22/05/16 a las 22:17, aitor_czr escribió: Hi all, El 21/05/16 a las 14:00, Didier Kryn escribió: Le 21/05/2016 11:35, KatolaZ a écrit : >On Sat, May 21, 2016 at 08:18:16AM +0200, Didier Kryn wrote: > >[cut] > >>>version of the initramfs), but might be useful if you want to use the >>>live image as a rescue cd, and boot into an existing / on your >>>drive. Not necessary. Maybe useful. >> The disk controllers need to be on the live cd for sure, but why >>in the initramfs? >Only if you want to boot to an existing partition, which is something >that I would like to support anyway. OK, I didn't catch that. Means you don't boot to the cdrom and interrupt the initramfs script to ask it to mount the other disk instead? > rebuild the kernel with those drivers statically linked and boot directly to the cdrom without and initramfs. >>>Oh, sure we could. But my point is to use standard packages from the >>>Devuan repo, without too much of customising/recompiling. >> I was just thinking of a minimal hack: starting from Devuan's >>kernel config, just change a few drivers' build-mode from module to >>static. After all, do you think it's more of a hack than stripping >>the initramfs? But I admit it's a different journey than the one you >>have undertaken. >> >That would be possible, but maybe it will not be needed, since the >initrd is currently under 7MB anyway, and the "micro" version might be >as small as 5 MB. The problem now might be the kernel itself, whose >size (when decompressed) is of the same order of the initrd:) But I >won't dig in that direction, for the moment > >>> Otherwise we >>>could also recompile everything with uclibc, as done in other minimal >>>distro, and have a truly microscopic userland, but that would be >>>*another* distribution, not a Devuan;) >>> >> Musl libc is already a serious challenge:-) Uclibc a nightmare, >>too incompatible with glibc. >> >> Sorry if I look harsh, providing recommendations to people who >>do the real job:-) ideas come out of the conversation and I just >>like to share them with knowledgeable people. >> >Among adults, receiving honest and "harsh" comments, and reflecting on >them, is the most effective and productive way to improve on your >work. Saying that everything is cool and smooth and perfect has never >saved the world, or changed things. So thank you again for your >comments, which are very much appreciated and will be taken into >account seriously, and please feel free to fire at me any thought as >you have done so far:) > > Thanks for your words, and for Devuan at all... I'm going to install beta on a desktop today:-) I rebuilt KatolaZ's distribution doing some minor changes: I added deborphan, firmware-linux-free and ntp... I also removed the refracta tools from the filesystem.squashfs, including them in devuan-installer together with the backend of simple-netaid as optional unofficial packages of Devuan, in a *udeb* package named "unofficial-packages-udeb". Installing the backend of simple-netaid, you will be able to connect to eth0 typing: /usr/lib/simple-netaid/bin/backend 9 eth0 Here you are the download zone: http://gnuinos.org/devuan/ Following Jaromil's suggestions, I added the package_list including the versions of the installed packages. Cheers, Aitor. Now, i'll add linux-libre-4.x to Gnuinos :) Aitor. ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] sudo or su?
> On May 22, 2016 at 4:49 PM "R. W. Rodolico" wrote: > > The big thing for me about Ubuntu, etc... is not the fact they use sudo > a lot, it is that by default they do not allow root login at all. If the > /home partition has problems, you must login as a user, then sudo to > root, then attempt to dismount /home and work on it, which will not work > since /home has files open (since you logged in as a user with a home > directory in /home). So, I have to boot off some other media to do > repair work on /home (or fix the login) > > sudo vs su is an interesting decision to make, but not allowing root > login is a matter of too much security to get your job done. Or you can sudo, edit /etc/passwd to change your login directory temporarily to something not in /home, logout, and log back in using the temporary directory. Peter Olson ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Unofficial Devuan live images
On 05/22/2016 04:17 PM, aitor_czr wrote: > > I rebuilt KatolaZ's distribution doing some minor changes: I added > deborphan, firmware-linux-free and ntp... I also removed the refracta > tools from the filesystem.squashfs, including them in devuan-installer > together with the backend of simple-netaid as optional unofficial packages > of Devuan, in a *udeb* package named "unofficial-packages-udeb". > > Installing the backend of simple-netaid, you will be able to connect to > eth0 typing: > > /usr/lib/simple-netaid/bin/backend 9 eth0 > > Here you are the download zone: > > http://gnuinos.org/devuan/ > > Following Jaromil's suggestions, I added the package_list including the > versions of the installed packages. > > Cheers, > > Aitor. > What are the passwords? I'm not getting auto-login when I add 'components=keyboard-layouts keyboard-layouts=en' to the boot command. And I'm lost if I don't add that. Thanks, -fsr ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] sudo or su?
Hi I can't use terminal at my Devuan 1.0 beta lxde 64. I see this " Your name -sad- is not on system. Streng. Please help me. 22.05.2016, 14:48, "KatolaZ" : > On Sun, May 22, 2016 at 07:22:44AM -0300, Fernando M. Maresca wrote: >> On Sun, May 22, 2016 at 11:08:47AM +0100, KatolaZ wrote: >> >> > My solution has always been to keep users and root *separate*, >> > avoiding sudo altogether, and to ask myself to wear an appropriate >> > "magic-shiny-hat-with-green-glitters-and-silver-triangle-on-top" (that >> > I keep on my desk) whenever a part of myself has to become root and >> > perform a configuration task. I know that whenever I am wearing the >> > "magic-shiny-hat-with-green-glitters-and-silver-triangle-on-top" I >> > have to put extra care on whatever I do, since a mistake could cause >> > the regular users of my system (including the other part of myself) to >> > suffer unnecessary pain and disruption. >> > >> > No automagic tool can save you from your own stupidity. You need a >> > system administrator to manage your linux box, and investing a bit of >> > time in training a part of yourself for that task, and 2$ in buying a >> > "magic-shiny-hat-with-green-glitters-and-silver-triangle-on-top" is >> > really worth the effort, and the price :) >> >> very +1 >> >> and keep in mind: real men do everything as root and don't make >> backups :) >> >> I think sudo main advantage is to grant certain administrative >> privileges to junior sysadmin or regular users, without to reveal the >> root password. > > sudo is undeniably handy when administration is shared among several > admins, but in those cases it should be used with extreme care. I know > of real situations when one of the sudoers was allowed to edit > /etc/sudoers, and left the machine unusable by other admins due to a > syntax error in /etc/sudoers... > > Again, tools are just tools, and can't be replacements for policy and > knowledge. > > If one has to use something like sudo, I prefer the approach of > simpler tools, in the same spirit of "sup" > https://git.devuan.org/jaromil/sup). > > My2Cents > > KatolaZ > > -- > [ Enzo Nicosia aka KatolaZ --- GLUG Catania -- Freaknet Medialab ] > [ me [at] katolaz.homeunix.net -- http://katolaz.homeunix.net -- ] > [ GNU/Linux User:#325780/ICQ UIN: #258332181/GPG key ID 0B5F062F ] > [ Fingerprint: 8E59 D6AA 445E FDB4 A153 3D5A 5F20 B3AE 0B5F 062F ] > ___ > Dng mailing list > Dng@lists.dyne.org > https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Unofficial Devuan live images
On 05/22/2016 05:41 PM, fsmithred wrote: > On 05/22/2016 04:17 PM, aitor_czr wrote: >> >> I rebuilt KatolaZ's distribution doing some minor changes: I added >> deborphan, firmware-linux-free and ntp... I also removed the refracta >> tools from the filesystem.squashfs, including them in devuan-installer >> together with the backend of simple-netaid as optional unofficial packages >> of Devuan, in a *udeb* package named "unofficial-packages-udeb". >> >> Installing the backend of simple-netaid, you will be able to connect to >> eth0 typing: >> >> /usr/lib/simple-netaid/bin/backend 9 eth0 >> >> Here you are the download zone: >> >> http://gnuinos.org/devuan/ >> >> Following Jaromil's suggestions, I added the package_list including the >> versions of the installed packages. >> >> Cheers, >> >> Aitor. >> > > What are the passwords? I'm not getting auto-login when I add > 'components=keyboard-layouts keyboard-layouts=en' to the boot command. And > I'm lost if I don't add that. > > Thanks, > -fsr > n/m, I found KatolaZ's post where he lists the password. They are exactly what I thought they were, but they don't work for me when I set the keyboard at boot. I'm installing it now. That seems to be working correctly. -fsr ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Unofficial Devuan live images
Hi fsr, El 22/05/16 a las 23:41, fsmithred escribió: On 05/22/2016 04:17 PM, aitor_czr wrote: > >I rebuilt KatolaZ's distribution doing some minor changes: I added >deborphan, firmware-linux-free and ntp... I also removed the refracta >tools from the filesystem.squashfs, including them in devuan-installer >together with the backend of simple-netaid as optional unofficial packages >of Devuan, in a*udeb* package named "unofficial-packages-udeb". > >Installing the backend of simple-netaid, you will be able to connect to >eth0 typing: > >/usr/lib/simple-netaid/bin/backend 9 eth0 > >Here you are the download zone: > >http://gnuinos.org/devuan/ > >Following Jaromil's suggestions, I added the package_list including the >versions of the installed packages. > >Cheers, > > Aitor. > What are the passwords? I'm not getting auto-login when I add 'components=keyboard-layouts keyboard-layouts=en' to the boot command. And I'm lost if I don't add that. Thanks, -fsr I also customized live-config. So, you don't need any password during live-sessions. Root's password also has been removed. The live-user has sudo permissions. These changes are required for d-i :) Cheers, Aitor. ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] sudo or su?
On Sat, May 21, 2016 at 06:40:23PM -0400, Steve Litt wrote: > On Sat, 21 May 2016 23:22:35 +0200 > wrote: > > > I followed the standard settings of the installer which leads me to > > have root and (a) user. > > > > Now, i know there are different philosophies about the use of sudo. > > Frankly, is there any relevant difference between 'sudo + command' or > > 'su -c + command'? > > > > TIA! > > Ginger, or Mary Ann? > > Vim, or Emacs? > > Sudo, or su -c? > > Best of luck getting a concensus :-) :-) :-) You forgot: sysvinit or ... -- An imaginary friend squared is a real enemy. ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Unofficial Devuan live images
On Sun, May 22, 2016 at 06:32:14PM -0400, fsmithred wrote: [cut] > > n/m, I found KatolaZ's post where he lists the password. They are exactly > what I thought they were, but they don't work for me when I set the > keyboard at boot. > > I'm installing it now. That seems to be working correctly. > Hi, the password are also indicated in thw webpage http://devuan.kalos.mine.nu devuan/devuan root/toor A new version of the images is on its way right now. Smaller initrd. Smaller memory footprint. Many more packages. Same image size ;) StayTuned KatolaZ -- [ Enzo Nicosia aka KatolaZ --- GLUG Catania -- Freaknet Medialab ] [ me [at] katolaz.homeunix.net -- http://katolaz.homeunix.net -- ] [ GNU/Linux User:#325780/ICQ UIN: #258332181/GPG key ID 0B5F062F ] [ Fingerprint: 8E59 D6AA 445E FDB4 A153 3D5A 5F20 B3AE 0B5F 062F ] ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Unofficial Devuan live images
On 05/22/2016 06:33 PM, aitor_czr wrote: > Hi fsr, > > El 22/05/16 a las 23:41, fsmithred escribió: >> On 05/22/2016 04:17 PM, aitor_czr wrote: >>> > >>> >I rebuilt KatolaZ's distribution doing some minor changes: I added >>> >deborphan, firmware-linux-free and ntp... I also removed the refracta >>> >tools from the filesystem.squashfs, including them in devuan-installer >>> >together with the backend of simple-netaid as optional unofficial >>> packages >>> >of Devuan, in a*udeb* package named "unofficial-packages-udeb". >>> > >>> >Installing the backend of simple-netaid, you will be able to connect to >>> >eth0 typing: >>> > >>> >/usr/lib/simple-netaid/bin/backend 9 eth0 >>> > >>> >Here you are the download zone: >>> > >>> >http://gnuinos.org/devuan/ >>> > >>> >Following Jaromil's suggestions, I added the package_list including the >>> >versions of the installed packages. >>> > >>> >Cheers, >>> > >>> > Aitor. >>> > >> What are the passwords? I'm not getting auto-login when I add >> 'components=keyboard-layouts keyboard-layouts=en' to the boot command. And >> I'm lost if I don't add that. >> >> Thanks, >> -fsr >> > > I also customized live-config. So, you don't need any password during > live-sessions. Root's password also has been removed. The live-user has > sudo permissions. These changes are required for d-i :) > > Cheers, > > Aitor. > I found the hyphen ok, but where is the pipe key? What keyboard configuration is used, so I can look up a map? -fsr ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] sudo or su?
Hi, I am very sory, I can't. 22.05.2016, 22:28, "Paweł Cholewiński" : > Hi, could You send screenshot? > > W dniu 22.05.2016 o 21:46, Sadegh Sadegh pisze: >> Hi >> I can't use terminal at my Devuan 1.0 beta lxde 64. I see this " Your name >> -sad- is not on system. >> Streng. Please help me. >> >> 22.05.2016, 14:48, "KatolaZ" : >>> On Sun, May 22, 2016 at 07:22:44AM -0300, Fernando M. Maresca wrote: On Sun, May 22, 2016 at 11:08:47AM +0100, KatolaZ wrote: > My solution has always been to keep users and root *separate*, > avoiding sudo altogether, and to ask myself to wear an appropriate > "magic-shiny-hat-with-green-glitters-and-silver-triangle-on-top" (that > I keep on my desk) whenever a part of myself has to become root and > perform a configuration task. I know that whenever I am wearing the > "magic-shiny-hat-with-green-glitters-and-silver-triangle-on-top" I > have to put extra care on whatever I do, since a mistake could cause > the regular users of my system (including the other part of myself) to > suffer unnecessary pain and disruption. > > No automagic tool can save you from your own stupidity. You need a > system administrator to manage your linux box, and investing a bit of > time in training a part of yourself for that task, and 2$ in buying a > "magic-shiny-hat-with-green-glitters-and-silver-triangle-on-top" is > really worth the effort, and the price :) very +1 and keep in mind: real men do everything as root and don't make backups :) I think sudo main advantage is to grant certain administrative privileges to junior sysadmin or regular users, without to reveal the root password. >>> >>> sudo is undeniably handy when administration is shared among several >>> admins, but in those cases it should be used with extreme care. I know >>> of real situations when one of the sudoers was allowed to edit >>> /etc/sudoers, and left the machine unusable by other admins due to a >>> syntax error in /etc/sudoers... >>> >>> Again, tools are just tools, and can't be replacements for policy and >>> knowledge. >>> >>> If one has to use something like sudo, I prefer the approach of >>> simpler tools, in the same spirit of "sup" >>> https://git.devuan.org/jaromil/sup). >>> >>> My2Cents >>> >>> KatolaZ >>> >>> -- >>> [ Enzo Nicosia aka KatolaZ --- GLUG Catania -- Freaknet Medialab ] >>> [ me [at] katolaz.homeunix.net -- http://katolaz.homeunix.net -- ] >>> [ GNU/Linux User:#325780/ICQ UIN: #258332181/GPG key ID 0B5F062F ] >>> [ Fingerprint: 8E59 D6AA 445E FDB4 A153 3D5A 5F20 B3AE 0B5F 062F ] >>> ___ >>> Dng mailing list >>> Dng@lists.dyne.org >>> https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng >> ___ >> Dng mailing list >> Dng@lists.dyne.org >> https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng > > ___ > Dng mailing list > Dng@lists.dyne.org > https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
[DNG] Evince
Hi. I do not know if it is intended to do such trivial suggestions but ... ;) Being on my way to adapt my (jwm/fluxbox) setup to what i had before on slackware, i stumbled into this: Devuan comes with evince by default. Now, i installed epdfviewer which says in its description: "Lightweight pdf viewer based on poppler libs The aim of ePDFView is to make a simple PDF document viewer, in the lines of Evince but without using the GNOME libraries. " Shouldn't that be the default pdf-viewer devuan comes with? Since as i understand it, the "evil" are the gnome dependencies (?) ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Evince
On Mon, May 23, 2016 at 07:45:40AM +0200, emnin...@riseup.net wrote: > Being on my way to adapt my (jwm/fluxbox) setup to what i had before on > slackware, i stumbled into this: Devuan comes with evince by default. > Now, i installed epdfviewer which says in its description: > > "Lightweight pdf viewer based on poppler libs > The aim of ePDFView is to make a simple PDF document viewer, in the > lines of Evince but without using the GNOME libraries. " > > Shouldn't that be the default pdf-viewer devuan comes with? Since as i > understand it, the "evil" are the gnome dependencies (?) Evince is evil and insane. #721783 is one of many regressions. You want atril for a fork of evince from before its upstream went completely bonkers. It's still gnomey but to a far more acceptable degree. As for epdfview, it's gone from jessie and higher, #710550: --- Reason --- ROM; unmaintained, abandonned upstream -- -- An imaginary friend squared is a real enemy. ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
