[opensuse-factory] (pick one): 12.1 is conflicted...(another regression) OR Rationality of current software release process?
When I try to run yast2, I get > sudo yast2 Error: "/var/tmp/kdecache-law" is owned by uid 5013 instead of uid 0. --- So I think...ok...that's weird, it wants law's kdecache to be owned by root.. ok, I'm game (changed ownership)... Then I go to do a kernel build (another kde using app)...which I usually build as normal user... scripts/kconfig/qconf Kconfig # # using defaults found in arch/x86/configs/x86_64_defconfig # Error: "/var/tmp/kdecache-law" is owned by uid 0 instead of uid 5013. Error: "/var/tmp/kdecache-law" is owned by uid 0 instead of uid 5013. Error: "/tmp/kde-law" is owned by uid 0 instead of uid 5013. Error: "/tmp/kde-law" is owned by uid 0 instead of uid 5013. Um.... I think yast2 is the one at fault here... It shouldn't expect that /var/tmp/kdecache-law would be owned by other than law!... or is that just silly? This worked on 11.4. I think 12.1 should be declared null and void as far as moving the support dates for previous releases 'forward', since from my own experience, and others, it doesn't seem it was read to be released, yet was because "It was the date". Maybe we should move more toward a linux kernel model -- aim for 3-4 months, but if it isn't ready then, then it won't be shipped until it's quality!.. even if it means a 1-month delay -- and that DOES push the next release out by that amount. It is **impossible** -- i.e not rational, to expect that one can know how much work something will take and fit it to exactly a preset time period. This is a delusion mostly pushed down from marketers and managers who want control over a chaotic process that is -- sorry, becoming increasingly chaotic as the number of software packages grows and the number of new programmers who have no experience enter the field and generate whole knew sets of popular packages with bugs that were fixed in older software 40 years ago. I need to start keeping a log of how many times a "new idea" comes up or a new methodology" comes up that is just a repackaging of a previous --- not that new ideas are impossible, but since most of the people writing software have no software background, they don't know what has been done before, so of course it is new! It's rare that I find a computer science graduate actually doing software engineering these days...which is fine -- humans are very adaptable creatures, but it does mean many of them will re-invent wheels and re-invent the same mistakes that were done a generation ago. There is little "institutional knowledge" that is carried over from generation to generation due to software engineering not being treated like those requiring similar training and operating in fields of similar complexity. Nor are there any standards for who is qualified to write code nor for code quality. It's not like you can call a building inspector to inspect to see if your code meets 'Code', and it's not like you have to be vetted by some process (journeyman training with plumbers/electricians), or lawyers and doctors studying under seniors -- all of those complex professions have requirements of working under senior partners to make sure you get trained. Software engineering doesn't have that. As a result -- the chaos at each generation (and each release) is inescapably more complex than the previous. To expect each to take the same finite amount of time is irrational. That doesn't mean each release HAS to take longer, but the scope of what is done may need to be narrowed to fit the time allotted. This isn't being done and quality is going down the tubes (noticed first with 11.4 in terms of ease of upgrade)... This wasn't meant to be about these larger issues -- just that yast2 is broken in expecting a user-specific kde dir to be owned by root. Feel freel to discuss the larger issue -- but maybe the subjects should split to help people who want to discuss either (please prune my verbosity appropriately). Linda -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
On Fri, Apr 20, 2012 at 06:54:24PM -0700, Linda Walsh wrote:
When I try to run yast2, I get
> sudo yast2 Error: "/var/tmp/kdecache-law" is owned by uid 5013 instead of uid 0.
--- So I think...ok...that's weird, it wants law's kdecache to be owned by root..
ok, I'm game (changed ownership)...
Then I go to do a kernel build (another kde using app)...which I usually build as normal user...
scripts/kconfig/qconf Kconfig # # using defaults found in arch/x86/configs/x86_64_defconfig # Error: "/var/tmp/kdecache-law" is owned by uid 0 instead of uid 5013. Error: "/var/tmp/kdecache-law" is owned by uid 0 instead of uid 5013. Error: "/tmp/kde-law" is owned by uid 0 instead of uid 5013. Error: "/tmp/kde-law" is owned by uid 0 instead of uid 5013.
Um....
I think yast2 is the one at fault here...
It shouldn't expect that /var/tmp/kdecache-law would be owned by other than law!... or is that just silly?
This worked on 11.4.
I think 12.1 should be declared null and void as far as moving the support dates for previous releases 'forward', since from my own experience, and others, it doesn't seem it was read to be released, yet was because "It was the date".
You likely blame openSUSE quality for something you changed on your system actually... You probably changed your sudo configuration to keep environment variables, which it is not set to do by default. This is why some KDE environment variables pass through your sudo call. WHat is in the "Defaults env...." variables in your /etc/sudoers? I bet you removed the "Defaults env_reset" line. Ciao, Marcus -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
Marcus Meissner wrote:
WHat is in the "Defaults env...." variables in your /etc/sudoers?
I bet you removed the "Defaults env_reset" line.
==== It is not impossible that you are correct -- however, I would also assert it's settings are no different than what they were in 11.4. I didn't change any settings between them nor did I let any programs corrupt the security settings I put in place. I lack of regression testing for something that used to work and is now broken. That's why the subject says "regression". And your point is? I didn't change anything. -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
On 21/04/12 18:57, Linda Walsh wrote:
Marcus Meissner wrote:
WHat is in the "Defaults env...." variables in your /etc/sudoers?
I bet you removed the "Defaults env_reset" line.
==== It is not impossible that you are correct -- however, I would also assert it's settings are no different than what they were in 11.4.
I didn't change any settings between them nor did I let any programs corrupt the security settings I put in place.
I lack of regression testing for something that used to work and is now broken.
That's why the subject says "regression".
And your point is?
I didn't change anything.
My wife has a friend who asks me to help her out with her Linux problems. I ask that person several questions but I usually do not get a reply to all the questions just the one which *she* assumes is what I need to know. And she never answers a question with a direct answer. Marcus asked, "WHat is in the "Defaults env...." variables in your /etc/sudoers?". Why not simply tell him what these settings are and be done with it instead of going off on a tangent and leaving everybody wondering what those setting are? BC -- There comes a time in the affairs of a man when he has to take the bull by the tail and face the situation. W C Fields -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 2012-04-21 11:18, Basil Chupin wrote:
Marcus asked, "WHat is in the "Defaults env...." variables in your /etc/sudoers?".
I tried to replicate the problem, I have not edited sudoers. I do: cer@Elanor:~> sudo yast --qt root's password: sudo: yast: command not found Ok, the path. cer@Elanor:~> sudo /sbin/yast --qt cer@Elanor:~> sudo /sbin/yast2 --qt cer@Elanor:~> sudo /sbin/YaST --qt All three instances get the ncurses interface, not the qt interface - and I do get qt if I use "su -" instead. I'm running xfce. So, sudo is broken. What else? :-P - -- Cheers / Saludos, Carlos E. R. (from 11.4 x86_64 "Celadon" at Telcontar) -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.16 (GNU/Linux) Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org/ iEYEARECAAYFAk+SuosACgkQIvFNjefEBxproACgpNLuhcie0lLcPbnr1HcVq2dl 9QoAoJoyNQNO7qXnlUv1X6/b8EwzFOPA =zZuj -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
On 21/04/12 23:47, Carlos E. R. wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 2012-04-21 11:18, Basil Chupin wrote:
Marcus asked, "WHat is in the "Defaults env...." variables in your /etc/sudoers?". I tried to replicate the problem, I have not edited sudoers. I do:
cer@Elanor:~> sudo yast --qt root's password: sudo: yast: command not found
Ok, the path.
cer@Elanor:~> sudo /sbin/yast --qt cer@Elanor:~> sudo /sbin/yast2 --qt cer@Elanor:~> sudo /sbin/YaST --qt
All three instances get the ncurses interface, not the qt interface - and I do get qt if I use "su -" instead.
I'm running xfce.
So, sudo is broken. What else? :-P
But, but, but....Marcus didn't ask you the question but the OP 8-) . What YOU have has nothing to do with what Linda may have :-) . BC -- There comes a time in the affairs of a man when he has to take the bull by the tail and face the situation. W C Fields -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 2012-04-21 15:58, Basil Chupin wrote:
On 21/04/12 23:47, Carlos E. R. wrote:
But, but, but....Marcus didn't ask you the question but the OP 8-) .
What YOU have has nothing to do with what Linda may have :-) .
X'-) :-P - -- Cheers / Saludos, Carlos E. R. (from 11.4 x86_64 "Celadon" at Telcontar) -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.16 (GNU/Linux) Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org/ iEYEARECAAYFAk+SvfgACgkQIvFNjefEBxrzZACaAmvXojUFs66GWxlVaD987G8K VikAn1mJt5mGRm9JGigE0962+IwHxWDb =AMkf -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
On Sat, Apr 21, 2012 at 15:47, Carlos E. R.
Marcus asked, "WHat is in the "Defaults env...." variables in your /etc/sudoers?".
I tried to replicate the problem, I have not edited sudoers. I do:
cer@Elanor:~> sudo yast --qt root's password: sudo: yast: command not found
Ok, the path.
cer@Elanor:~> sudo /sbin/yast --qt cer@Elanor:~> sudo /sbin/yast2 --qt cer@Elanor:~> sudo /sbin/YaST --qt
All three instances get the ncurses interface, not the qt interface - and I do get qt if I use "su -" instead.
I'm running xfce.
So, sudo is broken. What else? :-P
I see the same... ncurses for any/all options passed while using sudo. For more fun, try this with only the QT YaST (no GTK installed) ~> su - # yast --gtk It says no GTK found falling back to QT, and then displays a really odd looking QT version that is missing all the icons and nice layout. :-) C. -- openSUSE 12.1 x86_64, KDE 4.8.2 -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 2012-04-21 15:58, C wrote:
On Sat, Apr 21, 2012 at 15:47, Carlos E. R. <> wrote:
I see the same... ncurses for any/all options passed while using sudo.
For more fun, try this with only the QT YaST (no GTK installed) ~> su - # yast --gtk
It says no GTK found falling back to QT, and then displays a really odd looking QT version that is missing all the icons and nice layout. :-)
Yes, I have seen something similar, but the other way round: requesting the qt interface, with no qt installed. - -- Cheers / Saludos, Carlos E. R. (from 11.4 x86_64 "Celadon" at Telcontar) -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.16 (GNU/Linux) Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org/ iEYEARECAAYFAk+SvnwACgkQIvFNjefEBxoXIgCfWGjiBFDNc+Ob+9MN94U0fhFY CN8AnRIIKsxJ/DJRA0MfE+nqWluD/ZtK =D8gR -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
* Carlos E. R.
On 2012-04-21 15:58, C wrote:
On Sat, Apr 21, 2012 at 15:47, Carlos E. R. <> wrote:
I see the same... ncurses for any/all options passed while using sudo.
For more fun, try this with only the QT YaST (no GTK installed) ~> su - # yast --gtk
It says no GTK found falling back to QT, and then displays a really odd looking QT version that is missing all the icons and nice layout. :-)
Yes, I have seen something similar, but the other way round: requesting the qt interface, with no qt installed.
odd things ??? sudo with/without path works for both --gtk and --qt on my box ???? I have not altered sudo conf. running kde 4.8.2.3.1 -- (paka)Patrick Shanahan Plainfield, Indiana, USA HOG # US1244711 http://wahoo.no-ip.org Photo Album: http://wahoo.no-ip.org/gallery2 http://en.opensuse.org openSUSE Community Member Registered Linux User #207535 @ http://linuxcounter.net -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 2012-04-21 16:17, Patrick Shanahan wrote:
* Carlos E. R. <> [04-21-12 10:08]:
odd things ???
Odd icons, yes, odd appeareance. To make a photo I would need to reinstall.
sudo with/without path works for both --gtk and --qt on my box ????
It doesn't here, and I have not altered sudo conf either: Elanor:~ # rpm -q --verify sudo Elanor:~ # Pristine.
I have not altered sudo conf. running kde 4.8.2.3.1
xfce here. - -- Cheers / Saludos, Carlos E. R. (from 11.4 x86_64 "Celadon" at Telcontar) -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.16 (GNU/Linux) Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org/ iEYEARECAAYFAk+SwqQACgkQIvFNjefEBxre6wCfXvTLmfaNTh9Ln8nRLngrfb22 dV0AmQG4/iI0K940oXOrZfpkKWHHyvpQ =0+WC -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
On Sat, Apr 21, 2012 at 16:17, Patrick Shanahan
I see the same... ncurses for any/all options passed while using sudo.
For more fun, try this with only the QT YaST (no GTK installed) ~> su - # yast --gtk
It says no GTK found falling back to QT, and then displays a really odd looking QT version that is missing all the icons and nice layout. :-)
Yes, I have seen something similar, but the other way round: requesting the qt interface, with no qt installed.
odd things ???
sudo with/without path works for both --gtk and --qt on my box ???? I have not altered sudo conf. running kde 4.8.2.3.1
Well that's weird. I never use sudo... it's there... I never touch it. If I need root, I just su to root.. so I've never touched the sudo config. I've got a fairly new/clean install or 12.1 that I tested on. I just tried the same on my laptop with 12.2M3 (clean install with KDE4 and Gnome3). sudo yast fails with the error as Carlos described (and I can duplicate) for 12.1. If I type (on the 12.2M3 install) sudo /sbin/yast or sudo sbin/yast2 nothing happens... YaST is not launched in any mode and no error is shown at the CLI. I can start YaST in whatever mode I choose (on 12.2M3) if I su to root. C. -- openSUSE 12.1 x86_64, KDE 4.8.2 -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
* Carlos E. R.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 2012-04-21 11:18, Basil Chupin wrote:
Marcus asked, "WHat is in the "Defaults env...." variables in your /etc/sudoers?".
I tried to replicate the problem, I have not edited sudoers. I do:
cer@Elanor:~> sudo yast --qt root's password: sudo: yast: command not found
Ok, the path.
cer@Elanor:~> sudo /sbin/yast --qt cer@Elanor:~> sudo /sbin/yast2 --qt cer@Elanor:~> sudo /sbin/YaST --qt
All three instances get the ncurses interface, not the qt interface - and I do get qt if I use "su -" instead.
I'm running xfce.
So, sudo is broken. What else? :-P
Only your understanding of what's going on is "broken". sudo and "su -l" are not equivalent, the former strips the environment and executes the command with root privileges while the latter starts a login shell as root which is granted access to your display via pam_xauth. And it's not a good idea to enable the latter for sudo by default because it cannot be controlled on a per-user basis by sudo. -- Guido Berhoerster -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 2012-04-21 16:12, Guido Berhoerster wrote:
* Carlos E. R. <> [2012-04-21 15:49]:
So, sudo is broken. What else? :-P
Only your understanding of what's going on is "broken".
Didn't you see the smiley? - -- Cheers / Saludos, Carlos E. R. (from 11.4 x86_64 "Celadon" at Telcontar) -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.16 (GNU/Linux) Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org/ iEYEARECAAYFAk+SwwIACgkQIvFNjefEBxq3NwCgsRdW8ZgOE0XbBbpnNrtA5rd6 N04An36I3ZrkqPsiZa82xZB/A5JcD2Pu =5N55 -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
* Carlos E. R.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 2012-04-21 16:12, Guido Berhoerster wrote:
* Carlos E. R. <> [2012-04-21 15:49]:
So, sudo is broken. What else? :-P
Only your understanding of what's going on is "broken".
Didn't you see the smiley?
Well I did, I just wasn't sure to how much of the above it was referring to. Anyway, just for the record, on a stock Factory install env_reset is enabled and pam_xauth is not used for sudo so there is no access to the invoking user's display. -- Guido Berhoerster -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
Carlos E. R. wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 2012-04-21 11:18, Basil Chupin wrote:
Marcus asked, "WHat is in the "Defaults env...." variables in your /etc/sudoers?".
I tried to replicate the problem, I have not edited sudoers. I do:
cer@Elanor:~> sudo yast --qt root's password: sudo: yast: command not found
Ok, the path.
cer@Elanor:~> sudo /sbin/yast --qt cer@Elanor:~> sudo /sbin/yast2 --qt cer@Elanor:~> sudo /sbin/YaST --qt
All three instances get the ncurses interface, not the qt interface - and I do get qt if I use "su -" instead.
I'm running xfce.
So, sudo is broken. What else? :-P
---- Given that env settings are set on login, and adjusted to the user -- throwing away all the env settings in SUDO by default, is a draconian security measure guaranteed to cause problems. It didn't **used** to be that way, but someone in some update tried to "fix" a problem I didn't need fixing. I tried listing "exceptions" (env vars allowed to pass through), only to find "Yet another App" that was broken... I gave up. and set it back to it's original settings which is where it is at now -- i.e. it passes my ENV var through... To the person who thought I didn't answer the question... My first line, I thought, was a strong hint.. "it is not impossible that you are correct"... ;-).... sorry, ready too much John Norman lately. -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
Marcus Meissner wrote:
You likely blame openSUSE quality for something you changed on your system actually...
--- Even if it was something I changed on my system, "defensive programming" -- checking your assumptions at runtime, and not relying on ENV vars unless it is documented to be dependent on them, (not something that used to be a problem). In perl, those are call 'tainted' variables -- until they are checked, you don't know the state they are in, and perl will flag root-level progs when doing full security checking. Apparently yast doesn't check and set it's runtime values to something it considers safe and requires. If it notices that it's tmp vars are not pointing to root's dirs, it should reset them. At least that is what I was taught was basic security programming -- don't rely on the environment. Even in my .bashrc, I check that whatever is running it is running as my UID, before it tries to start dbus. If it is running as some other UID, I don't want it starting instances of DBUS in my DBUS working dir. And that's just precautions I take in my .bashrc -- I'd do alot more in a program running with root privs that I wanted to ship to customers (maybe more than necessary, but I tend to go overboard at times). Au Revoir, Linda -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
Marcus Meissner wrote:
I bet you removed the "Defaults env_reset" line.
--- I'll forfeit your bet, but call it with -- if you don't do that, it doesn't work at all in bringing up a GUI... That's also broken. -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
participants (7)
-
Basil Chupin
-
C
-
Carlos E. R.
-
Guido Berhoerster
-
Linda Walsh
-
Marcus Meissner
-
Patrick Shanahan