[opensuse] User Permissions
I've recently encountered problems with my home set-up that I suspect may stem from having secure rather than easy permissions set for my user account. 1. I can't get scripts to run within Amarok although this works fine using the root account. 2. The su aspect of Konqueror (within the KDE Menu) while accepting my password fails to proceed. 3. The tray item of Suse Update shows only the yellow triangle. I have set sudo to be most promiscuous to no effect. While doing system management by blundering about in the file system I spotted the secure and easy permissions files and it occurred to me that my user account was probably set to secure when I was using SLED 10 (now using OpenSuse 10.2). What I can't find is a file linking users to the easy or secure permissions or even a means of determining what is currently set. I have found a setting in Yast/Users which probably only applies to new users. I'd welcome any thoughts or assistance on this matter as I am particularly keen to get replay-gain to work having heard how it improves music playback when using it with the root account (offline, of course) :-) -- Stuart Neill -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The Monday 2007-03-12 at 23:01 -0000, Stuart Neill wrote: ...
I have set sudo to be most promiscuous to no effect. While doing system management by blundering about in the file system I spotted the secure and easy permissions files and it occurred to me that my user account was probably set to secure when I was using SLED 10 (now using OpenSuse 10.2).
What I can't find is a file linking users to the easy or secure permissions
There isn't.
or even a means of determining what is currently set.
Yast. Or: grep PERMISSION_SECURITY /etc/sysconfig/security
I have found a setting in Yast/Users which probably only applies to new users.
No, that's the one. It doesn't apply to either new or old users. It applies to programs, mostly.
I'd welcome any thoughts or assistance on this matter as I am particularly keen to get replay-gain to work having heard how it improves music playback when using it with the root account (offline, of course) :-)
Just have a look at the "/etc/permissions*" files, and you will see what it is about. It is just a set of permissions applied by SuSEconfig - -- Cheers, Carlos E. R. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Made with pgp4pine 1.76 iD8DBQFF9d7itTMYHG2NR9URArcjAJwPcZS99jOIZGA/UIrH+pK0na6KowCfQxz0 lFFFAyr9STbazROLQFthLsQ= =WqZV -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Monday 12 March 2007 23:14, Carlos E. R. wrote:
What I can't find is a file linking users to the easy or secure permissions
There isn't.
or even a means of determining what is currently set.
Yast.
Or:
grep PERMISSION_SECURITY /etc/sysconfig/security
I have found a setting in Yast/Users which probably only applies to new users.
No, that's the one. It doesn't apply to either new or old users. It applies to programs, mostly.
Just have a look at the "/etc/permissions*" files, and you will see what it is about. It is just a set of permissions applied by SuSEconfig
Thanks Carlos, PERMISSION_SECURITY is set for easy,local which if I understand you correctly applies to any UID and is therefore not the reason I can run Amarok scripts as root but not as a user. I hope someone can shed some light on what might actually be the cause of the problem. -- Stuart Neill -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The Monday 2007-03-12 at 23:52 -0000, Stuart Neill wrote:
Just have a look at the "/etc/permissions*" files, and you will see what it is about. It is just a set of permissions applied by SuSEconfig
Thanks Carlos, PERMISSION_SECURITY is set for easy,local which if I understand you correctly applies to any UID and is therefore not the reason I can run Amarok scripts as root but not as a user. I hope someone can shed some light on what might actually be the cause of the problem.
It does not either apply or not apply to any UID. That's not what I said, read again above. It applies only to the exact files listed in /etc/permissions.easy and /etc/permissions.local For instance, the "/etc/permissions.easy" contains: /var/lib/xemacs/lock root:root 1777 /var/run/uscreens root:root 1777 Meaning that /var/lib/xemacs/lock will be forced to be owned bu user "root" and group "root" with octal permissions 1777. Understood now? :-) - -- Cheers, Carlos E. R. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Made with pgp4pine 1.76 iD8DBQFF9e+RtTMYHG2NR9URAkvUAJ0XNuQ9hibe/ROYFuY5jkwSAM4A2ACeKksz Ee5mXlvVY/D15ev+r0YP51s= =IER+ -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Tuesday 13 March 2007 00:25, Carlos E. R. wrote:
It does not either apply or not apply to any UID. That's not what I said, read again above.
It applies only to the exact files listed in /etc/permissions.easy and /etc/permissions.local
For instance, the "/etc/permissions.easy" contains:
/var/lib/xemacs/lock root:root 1777 /var/run/uscreens root:root 1777
Meaning that /var/lib/xemacs/lock will be forced to be owned bu user "root" and group "root" with octal permissions 1777.
Understood now? :-)
I possibly do understand although my phrasing might not have been particularly precise. File permissions are as they are until modified firstly by any entry in /etc/permissions.easy and then by /etc/permissions.local for a system such as mine where PERMISSION_SECURITY within /etc/sysconfig/security is set to "easy local". Any User Account will operate with these permissions. Is this better? If I do find that I have a permissions problem is it then better practice to modify /etc/permissions.local than to change a files permission more directly? -- Stuart Neill -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The Tuesday 2007-03-13 at 01:51 -0000, Stuart Neill wrote:
Understood now? :-)
I possibly do understand although my phrasing might not have been particularly precise.
File permissions are as they are until modified firstly by any entry in /etc/permissions.easy and then by /etc/permissions.local for a system such as mine where PERMISSION_SECURITY within /etc/sysconfig/security is set to "easy local". Any User Account will operate with these permissions. Is this better?
Perfect! :-) Well, except the user account part. It affects system files, it is not used for user's files. There is another mechanism that sets some permissions for devices based on who is logged in, for instance.
If I do find that I have a permissions problem is it then better practice to modify /etc/permissions.local than to change a files permission more directly?
If a file is listed in /etc/permissions.easy, and the permissions it sets are not those you want, then it is much better to add your settings to /etc/permissions.local. If it is not listed, then you can change the permissions directly, as the system will not modify it back - except if the file is replaced by an rpm update. What you should not do is edit /etc/permissions.easy (nor secure nor paranoid). - -- Cheers, Carlos E. R. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Made with pgp4pine 1.76 iD8DBQFF9gcNtTMYHG2NR9URAiUnAKCANZMCyhhhRsIkxcp0u0XKiUS1dwCggt2c 4eWxVGIXnpoVoZKyCsYfnC8= =JYEd -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
participants (2)
-
Carlos E. R.
-
Stuart Neill