September 2003 - openSUSE Edu - openSUSE Mailing Lists

This list
by Chris Puttick 02 Oct '03

02 Oct '03

Hi As a result of a core network failure on a scale I hope none of you ever have to face, I've only just had the delightful experience of reading today's developments of "wont run as root". I have to say some of it appalled me. Andrew (Nix, not Ray!) has made it clear a number of times that he is new to Linux; he joined this list on my suggestion as it is intended to help those trying to make Linux a solution in the UK schools environment, and I do not have either enough time or enough knowledge to resolve all the problems he comes across by being both a Linux "newbie" and supporting a cutting edge environment. To give some background, the Linux thin client network that faces our Mr Nix every working day is one of the biggest in the world (no exaggeration); it is also one of the only large-scale Linux deployments in an English school. Because of the realities of the British education system, there has been neither enough time or money to provide Andrew and his colleague with the training that they ideally would have had to support such a solution. This list provides them with access to essential front-line knowledge to make their position vaguely tenable. Those that are helped tend to become the helpers of the future; this is the primary advantage to me of utilising open source solutions - there's always someone slightly ahead of you who can help you the next step up the ladder, empowering you to then help those below. Don't take this personally, Thomas, but your answers have become increasingly complex, difficult to understand and are often not the simplest solution. Occam's razor is a simple tool for simple people like myself; please think about using it. In the thread in question, Garry gave a simple and effective answer which I personally was unaware of and have stored away for future use. While your discussion with our Mr Ray has been enlightening in parts, if I had read it 2 years ago it would have made very little sense and been of no use. And that's the point; on this list, unlike some others, answers need to be of use and preferably immediate. That's why people join, to ask for help. Moreover, by its very nature, many people joining will be very new to Linux, and possibly have little general technical understanding; those of us who can help do. When we can't help, we look forward to answers from those with more knowledge. As always, this is just IMNSHO (in my not so humble opinion!). Chris

8 9

RE: [suse-linux-uk-schools] Winbind & Suse
by Chris Puttick 01 Oct '03

01 Oct '03

Ok, it would be easiest with an NIS server for the Linux clients then that server authenticating to the domain - you could create all the users initially using <newusers> on the NIS server, starting with a CSV dump of the NT user database (using <addusers /d filename> on NT). Failing an available NIS server, running the newusers command on a few workstations should not be too much hassle. Try <man newusers> and <man 5 passwd> for more guidance on bulk user creation. -----Original Message----- From: Thomas Adam To: tneale(a)kingsdown.swindon.sch.uk; 'suse-linux-uk-schools(a)suse.com '; Chris Puttick Sent: 9/23/03 1:09 PM Subject: RE: [suse-linux-uk-schools] Winbind & Suse --- tneale(a)kingsdown.swindon.sch.uk wrote: > I had looked at smb_auth but was put off as it seems to require that > all users are set up with accounts on the Linux workstations first > whereas winbind would create them automatically, the former way > seems more time consuming and more difficult to maintain, of > course I've never done this before so maybe I'm just Hmm, how so? It is up to you, being the network administrator to create the accounts, anyhow. This can be automated somewhat using a simple shell script (I won't give an example, as it depends on how your usernames are mapped throughout the school). Or do I miss your point? -- Thomas Adam ===== Thomas Adam "The Linux Weekend Mechanic" -- www.linuxgazette.com ________________________________________________________________________ Want to chat instantly with your online friends? Get the FREE Yahoo! Messenger http://mail.messenger.yahoo.co.uk

5 6

whiteboards
by garry saddington 29 Sep '03

29 Sep '03

Does anyone know of linux interactive whiteboard software? regards garry

6 9

RE: [suse-linux-uk-schools] whiteboards
by Chris Puttick 27 Sep '03

27 Sep '03

Works fine for us (SuSE Pro 8.x) - SMART are also working on a Java version of their SMART Notebook software for use on Linux. Given their already dominant position in the market, if you use any other manufacturer's products, do mention that you are looking to change to SMART to facilitate future migrations to Linux. Given the number of schools that are now planning a move, this should be enough to, at the very least, gain some cooperation on driver development. Cheers Chris -----Original Message----- From: John Ingleby To: ian Cc: suse-linux-uk-schools(a)suse.com Sent: 9/27/03 1:12 PM Subject: Re: [suse-linux-uk-schools] whiteboards Anyone used this driver with SMART Boards? http://www.smarttech.com/support/software/unix.asp John **** On Sat, 2003-09-27 at 11:11, ian wrote: > On Sat, 2003-09-27 at 10:00, garry saddington wrote: > > Does anyone know of linux interactive whiteboard software? > > All you need is a Linux Driver and some overlay software. I'm not aware > that either exist but neither would be a hugely difficult project. > > > -- > ian <ian.lynch2(a)ntlworld.com> -- John Ingleby <john(a)coronet.co.uk> -- To unsubscribe, e-mail: suse-linux-uk-schools-unsubscribe(a)suse.com For additional commands, e-mail: suse-linux-uk-schools-help(a)suse.com

1 0

RE: [suse-linux-uk-schools] This list
by Chris Puttick 26 Sep '03

26 Sep '03

Between the team and the engineers at Cisco (how did you guess?) we've learnt the supervisor engine in the 4006 chassis is experiencing problems; it takes 6 hours to find this out when the first piece of evidence is a separate stack of switches suddenly disconnecting from the network, then reconnecting, then intermittently... Then the Internet starts going really slowly, then stops - packet loss through the firewall reaches 80%... As the admin staff and teachers could still access the internal network services they needed we left the "let's try restarting the core switch" for 2 hours after we deduced it was having problems; as a last step we reloaded the layer module, which promptly came back up with the righthand third inoperable, along with every other module in the chassis... Ooops. We spent the next hour finding ways of repatching the 8 servers into other switches, then this morning moved some fibres to bring the entire network up to full hobble! The replacement engine is on its way, although to quote "due to a part shortage, there may be a delay". Somehow these three paragraphs doesn't really bring to life the anxiety levels experienced during the process! Cheers Chris PS Where should I type the rm -Rf *? -----Original Message----- From: Christopher Dawkins To: 'suse-linux-uk-schools(a)suse.com' Sent: 9/26/03 1:20 PM Subject: Re: [suse-linux-uk-schools] This list > --- Chris Puttick <chris(a)centralmanclc.com> wrote: > >> As a result of a core network failure on a scale I hope >> none of you ever have to face, We'd all be very interested to know the details. Power cuts? Floods? Loose SCSI cable? rm -Rf *? Or just Cisco? -- Christopher Dawkins, Felsted School, Dunmow, Essex CM6 3JG 01371-822698, mobile 07816 821659 cchd(a)felsted.essex.sch.uk -- To unsubscribe, e-mail: suse-linux-uk-schools-unsubscribe(a)suse.com For additional commands, e-mail: suse-linux-uk-schools-help(a)suse.com

1 0

RE: [suse-linux-uk-schools] wont run as root
by Andrew RAY 25 Sep '03

25 Sep '03

> > With this solution. I tried ssh -x user@localhost and then ran the app > but it failed to connect to Xserver. Just as it did when I tried the > same operation with ssh. > With this one, the x has to be upper case, and you should specify the command you are trying to execute as part of the single continuous line. Let's suppose you were trying to run Yast2 as the root user in and xterm, while you were logged in as the user fred. The full path to Yast2 is actually: /sbin/yast2 So, in your xterm you would type as a single command: ssh -X root@localhost /sbin/yast2 You will then be asked to provide a password, which is that of the root user. After all that, the program, yast2 would start up. In the command line simply replace /sbin/yast2 with the full path to the program you want to run. (If you don't know the full path, you can find it out by typing: whereis yast2 whereis myprog etc In some cases you may need to do this investigation actually logged in as root, simply because some programs are privileged and may only be accessed by that user. Once you've determined the full path to the program, you can return to your humble user's x session and try again. Hope this helps Andrew -- Email: aray(a)computerpark.co.uk --------------------------------------------------------- This private and confidential e-mail has been sent to you by Computer Park Ltd. If you are not the intended recipient of this e-mail and have received it in error, please notify us via the email address or telephone number below, and then delete it from your mailbox. Email: mailbox(a)computerpark.co.uk Tel: +44 (0) 1536 417155 Fax: +44 (0) 1536 417566 Head Office: Computer Park Ltd, Broughton Grange, Headlands, Kettering Northamptonshire NN15 6XA Registered in England: 3022961. Registered Office: 6 North Street, Oundle, Peterborough PE8 4AL =========================================================

3 6

RE: [suse-linux-uk-schools] wont run as root
by Andrew RAY 25 Sep '03

25 Sep '03

> > I disagree there -- it would almost certainly create a bigger overhead > on the system. I concede to you on that one for a loopback connection. But read on ... > > One trick I use (for remote systems) is: > > X -query <IP> > > trick on my server so that I can connect locally to it. I am assuming that you have already enabled XDMCP on your X client (i.e. the remote machine to which you want to make the connection). Sorry, but the jargon is all counter-intuitive. Your earlier comment about overheads comes back to haunt you here, though, as well as the introduction of potential security breaches: 1. Network traffic when you start up your remote X server with X -query 192.168.x.y :1 is quite considerable. 2. There is no reliable security governing the connection between your X server and the remote client whose session you are using. Consider again my ssh connection: 1. There is much less network traffic, as only the process actually engaged and ssh itself is causing any. 2. Ssh provides a high level of data encryption at both ends of the conversation. 3. There is absolutely no need to open up XDMCP at all to allow this to happen. 4. In most cases, the root user is debarred from attaching across a LAN using XDMCP because of the inherent security risk. > > You neglect to say *what* failed, and how. I'd be interested in this. Sorry - I don't know what failed - the previous correspndent provided some error messages, but they were not enough for me to determine exactly where the failure occurred and I do not have the time to replicate his problem. >> >> to manage resources on remote stations on the network.) I have also >> in the past used Thomas's 'magic-cookie' solution, but it proves more >> tricky than the one I favour. > > How's that? If you don't like xauth (grin) Just a less elegant command line. With the xauth solution you have to su first, then I suppose you could concoct a more elegant command line along the lines of export DISPLAY=localhost:0.0 && xauth merge ~user/.Xauthority && /usr/local/bin/executable.to.run (all one line, whatever your mailer does to render it!!) Just plug ugly. But I do accept that the overhead is lower for a loopback connection. , the "sudo" is an even > simpler means, in my opinion. > Possibly, eventually, after setting up the appropriate section in sudoers and still not really as secure a connection as the ssh one - but maybe I am too hung up on security. I'm listening ... -- Email: aray(a)computerpark.co.uk --------------------------------------------------------- This private and confidential e-mail has been sent to you by Computer Park Ltd. If you are not the intended recipient of this e-mail and have received it in error, please notify us via the email address or telephone number below, and then delete it from your mailbox. Email: mailbox(a)computerpark.co.uk Tel: +44 (0) 1536 417155 Fax: +44 (0) 1536 417566 Head Office: Computer Park Ltd, Broughton Grange, Headlands, Kettering Northamptonshire NN15 6XA Registered in England: 3022961. Registered Office: 6 North Street, Oundle, Peterborough PE8 4AL =========================================================

3 15

RE: [suse-linux-uk-schools] wont run as root
by E Lea 25 Sep '03

25 Sep '03

It's often easier, as the user who started the X server to run xhost + localhost This isn't as secure, but as long as you trust all local users is fine. -----Original Message----- From: Andrew RAY To: andrew.nix(a)st-paulshigh.manchester.sch.uk Cc: suse-linux-uk-schools(a)suse.com Sent: 9/24/03 10:23 AM Subject: Re: [suse-linux-uk-schools] wont run as root Yes I'm guessing you are logged in to X as a common user, and then using an X terminal to start OO, having, presumably first su'd to root. The root user has no permissions to access your X server. To overcome this, try restarting OO from within the X-term with something like: ssh -X root@localhost /path/to/the/executable/you/were/trying/to/run You will then be asked to provide the password (which should be the root user's password) and everything should start up fine. Andrew > Hi list. > Im installing OOoRC4. Well updating it from Beta2 actually. So I > updated the installtion on the server. Which worked fine. So then I go > to update OOo folder in my home directory. But it tells me that it > cant update the network version, and I have to run it from command > line with -net. So I do. But then it tells me I have to run it as > root, or it wont work properly. When I try to run it as root it wont > work. I get this error. > > glibc version: 2.3.2 > Xlib: connection to ":0.0" refused by server > Xlib: No protocol specified > > ./setup: cannot connect to X server :0 > > Does anyone know what I'm doing wrong? Any comments welcome. Cheers > > -- > Andrew Nix > > St Pauls Catholic High School > Firbank Road > Newall Green > Wythenshawe > Manchester > M23 2YS > tel: 0161 4375841 ext 168 > fax: 0161 4982030 > > > > -- > To unsubscribe, e-mail: suse-linux-uk-schools-unsubscribe(a)suse.com For > additional commands, e-mail: suse-linux-uk-schools-help(a)suse.com -- Email: aray(a)computerpark.co.uk --------------------------------------------------------- This private and confidential e-mail has been sent to you by Computer Park Ltd. If you are not the intended recipient of this e-mail and have received it in error, please notify us via the email address or telephone number below, and then delete it from your mailbox. Email: mailbox(a)computerpark.co.uk Tel: +44 (0) 1536 417155 Fax: +44 (0) 1536 417566 Head Office: Computer Park Ltd, Broughton Grange, Headlands, Kettering Northamptonshire NN15 6XA Registered in England: 3022961. Registered Office: 6 North Street, Oundle, Peterborough PE8 4AL ========================================================= -- To unsubscribe, e-mail: suse-linux-uk-schools-unsubscribe(a)suse.com For additional commands, e-mail: suse-linux-uk-schools-help(a)suse.com

4 4

RE: [suse-linux-uk-schools] wont run as root
by Andrew RAY 24 Sep '03

24 Sep '03

> Read on ... > What failed? This was the whole piont of the thread. When I tried to > run the OOo install from command line as su with borrowed uid I get > the error: > > ./setup: cannot connect to X server > > But Andrew and Thomas have both failed to try and help work out a > solution. >Instead they basicly argue over who knows more about linux and > who knows how to do something unrealted to the problem. Could we > please get back to the question at hand? Now that I have OOo install, > whenever I try and run I get this error: I apologise for disconcerting you - but I believed that you had already come to a conclusion with your problem by logging into X as the root user, hence the meandering. (I think you should also accept that you do not really 'own' a thread. Having believed that you had solved your difficulty, Thomas and I were exploring different methods of remote management, not trying to prove anything. Perhaps that particular meander has now lost its general level of interest.) > > cannot be started due to an error accessing the configuration data. This smells of Linux permissions. What are the perms on the installation files and which user is now trying to access them? -- Email: aray(a)computerpark.co.uk -- Email: aray(a)computerpark.co.uk --------------------------------------------------------- This private and confidential e-mail has been sent to you by Computer Park Ltd. If you are not the intended recipient of this e-mail and have received it in error, please notify us via the email address or telephone number below, and then delete it from your mailbox. Email: mailbox(a)computerpark.co.uk Tel: +44 (0) 1536 417155 Fax: +44 (0) 1536 417566 Head Office: Computer Park Ltd, Broughton Grange, Headlands, Kettering Northamptonshire NN15 6XA Registered in England: 3022961. Registered Office: 6 North Street, Oundle, Peterborough PE8 4AL =========================================================

1 0

RE: [suse-linux-uk-schools] wont run as root
by Andrew RAY 24 Sep '03

24 Sep '03

Comments interspersed ... > --- E Lea <ed(a)centralmanclc.com> wrote: > >> It's often easier, as the user who started the X server to run >> >> xhost + localhost >> >> This isn't as secure, but as long as you trust all local users is >> fine. You also have to issue the following further command after you've su'd to the other user ID (remembering that we were all trying to help you run an application as root while being logged in as a.n.other: export DISPLAY=localhost:0.0 Then, and only then can you type the command you wish to execute. > > Hmm, I prefer these options: > 4) > > $ su - > # export DISPLAY=:0.0 > # xauth merge ~n6tadam/.Xauthority > > where "~n6tadam" is the user X is running as. Personally number 4) is > much more secure. Never use number 1) unless you're mad. I agree with Thomas's assessment of risk and his is a fair alternative to my original suggestion, but I would venture to suggest that using secure sockets (ssh) offers equally reliable connection security, and with a minimum of command-line fuss. Interestingly, my suggestion still failed at a later stage in the application execution, and the one that worked was the (in this case) far simpler expedient of logging in as the root user from the xdm/kdm/gdm login. I'm pretty sure that the other solutions offering a borrowed ID of root during a non-root login would also have failed at the same point. Given that, in this particular case, the 'borrowed ID' solution was a dismal failure, I should still claim that a further advantage of the ssh solution is that it is also easy to implement across network comms quite securely. (I regularly use this one: ssh -X root(a)foreign.host yast2 to manage resources on remote stations on the network.) I have also in the past used Thomas's 'magic-cookie' solution, but it proves more tricky than the one I favour. Now shoot me down! Andrew -- Email: aray(a)computerpark.co.uk -- Email: aray(a)computerpark.co.uk --------------------------------------------------------- This private and confidential e-mail has been sent to you by Computer Park Ltd. If you are not the intended recipient of this e-mail and have received it in error, please notify us via the email address or telephone number below, and then delete it from your mailbox. Email: mailbox(a)computerpark.co.uk Tel: +44 (0) 1536 417155 Fax: +44 (0) 1536 417566 Head Office: Computer Park Ltd, Broughton Grange, Headlands, Kettering Northamptonshire NN15 6XA Registered in England: 3022961. Registered Office: 6 North Street, Oundle, Peterborough PE8 4AL =========================================================

2 1