Lukas Ocilka schrieb:

Ralf Prengel napsal(a):

...

Hallo,

after the full factory-update (including kernel) the system doesn t boot any longer. what I ve seen that only a vga parameter is show in the first green bootscreen. I hope the problem will be fixed by using a rescue disc and changing the menu.lst. Or are there other known problems?

Might be bound to a similar problem when installation (from media) doesn't start Kernel. It prints "BUG: Int 14: CR2 XXXXXXXX" instead and hangs, VirtualBox doesn't show anything.

Try booting with acpi=off on a kernel command-line (or try booting Failsafe section).

Yeap, I found this message after deleting vga=791 as parameter. Unfortunatelly I ve no failsafe option any longer. I made a copy of the entry. acpi=off worked and gives me access to my system again. -- i.A. Ralf Prengel Customer Care Manager Comline AG Hauert 8 D-44227 Dortmund/Germany Fon +49231 97575- 904 Fax +49231 97575- 905 EMail ralf.prengel@comline.de www.comline.de Vorstand Stephan Schilling, Erwin Leonhardi Aufsichtsrat Dr. Franz Schoser (Vorsitzender) HR Dortmund B 14570 USt.-ID-Nr. DE 124727422 --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org

2008/5/21 Lukas Ocilka <lukas.ocilka@suse.cz>:

Ralf Prengel napsal(a):

I've just got this from Jozef Uhliarik (maintainer of yast2-bootloader):

Failsafe section adds these options to a normal section:

showopts ide=nodma apm=off acpi=off noresume edd=off x11failsafe vga=0x317

Bye Lukas

Also, if the system is installed by the LiveCD, when updating the kernel, the 'initrd' file is not generated (its a know bug) regards, Luiz Fernando --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org

Andreas Jaeger wrote:

Yes, the FACTORY kernel is unfortunately broken for many :-(

We will checkin a new kernel now, that one should work. you can use the latest kotd (kernel of the day) from ftp (ftp://ftp.suse.com/pub/projects/kernel/kotd/HEAD/).

Sorry, most of us where moving offices (inside the building) today and that led to some delays:-(

Andreas

Thank you for this reference - I'll see if this will repair the 'damage'. Unfortunately, when 11.0B3 was upgraded (~900 upgrades) a couple of nights ago I had to re-install 11B3 from scratch to "recover" -- which also caused me to lose all my latest e-mail (my backups aren't done on a daily basis). Last night I re-installed 11B3 from scratch, from the DVD, and noticed that B3 installs as the *default* selection the "-pae" kernel and not the "-default" kernel for "single and multiprocessors". (The pae kernel was also the one installed at the time and it was upgraded when the ~900 upgrades were done a couple of nights ago and the system wouldn't boot (also the nVidia 178-03 beta driver would not compile - error message states that the pae 2.6.25.4-2 kernel is compiled using gcc4.2 but the script(s) are asking for 4.3 [or words to this effect]) . Considering that I have always used an AMD CPU, and my computer (put together by myself) is now 3 years old I don't know why suddenly 11B3 decided that I need the "-pae" kernel rather than the usual "-default" as in past SuSEs/openSUSEs.) Ciao. -- Vulgar language is the linguistic crutch of inarticulate morons. --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org

Felix Miata wrote:

On 2008/05/22 15:29 (GMT+1000) Basil Chupin apparently typed:

...

I don't know why suddenly 11B3 decided that I need the "-pae" kernel rather than the usual "-default" as in past SuSEs/openSUSEs.)

Basil, I don't know why either, but I did 3 11.0b3 installs in recent days, and all of them got the pae instead, even though all were 32 bit installs and had 1G or less of installed RAM. At least I was able to boot those pae kernels in every case, something not true of any kernels subsequently upgraded to. Good thing I don't let YaST or zypper replace working kernels, doing my kernels using rpm directly and my other upgrades via Smart. Curious isn't it?

(I cannot but get the feeling, rightly or wrongly, that people working on SuSE are being stressed by 'forces' not of their own doing and as a result wrong decisions and errors are being made....) Ciao. -- --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org

Stephan Kulow schrieb:

Am Donnerstag, 22. Mai 2008 schrieb Felix Miata:

...

On 2008/05/22 15:29 (GMT+1000) Basil Chupin apparently typed:

...

I don't know why suddenly 11B3 decided that I need the "-pae" kernel rather than the usual "-default" as in past SuSEs/openSUSEs.) Basil, I don't know why either, but I did 3 11.0b3 installs in recent days, and all of them got the pae instead, even though all were 32 bit installs and had 1G or less of installed RAM. At least I was able to boot those pae

Yeah, we're thinking about renaming kernel-default to kernel-usually-works-on-most-hardware and kernel-pae to kernel-the-one-you-really-want to avoid this confusion in the future.

A failover Kernel would be great. A kernel that is never changed/ deleted after beeing installed. Nothing for the daily work but as a golden bullet when the kernel crashed or grub is making stuppid things. Not a really new theme I know. -- i.A. Ralf Prengel Customer Care Manager Comline AG Hauert 8 D-44227 Dortmund/Germany Fon +49231 97575- 904 Fax +49231 97575- 905 EMail ralf.prengel@comline.de www.comline.de Vorstand Stephan Schilling, Erwin Leonhardi Aufsichtsrat Dr. Franz Schoser (Vorsitzender) HR Dortmund B 14570 USt.-ID-Nr. DE 124727422 --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org

Dňa Thursday 22 May 2008 14:49:10 Putrycz, Erik ste napísal:

...

Stephan Kulow schrieb:

...

Am Donnerstag, 22. Mai 2008 schrieb Felix Miata:

...

On 2008/05/22 15:29 (GMT+1000) Basil Chupin apparently typed:

...

I don't know why suddenly 11B3 decided that I need the "-pae" kernel rather than

the

...

...

...

...

usual "-default" as in past SuSEs/openSUSEs.)

Basil, I don't know why either, but I did 3 11.0b3 installs in

recent

...

days,

...

...

and all of them got the pae instead, even though all were 32 bit

installs

...

...

and had 1G or less of installed RAM. At least I was able to boot

those

...

pae

...

Yeah, we're thinking about renaming kernel-default to kernel-usually-works-on-most-hardware and kernel-pae to kernel-the-one-you-really-want to avoid this confusion in the

future.

...

A failover Kernel would be great. A kernel that is never changed/ deleted after beeing installed. Nothing for the daily work but as a golden bullet when the kernel crashed or grub is making stuppid things. Not a really new theme I know.

The kernel upgrade process should be improved... Ideally, everytime it is updated, it would be nice for zipper to keep the latest working version there and have one option on boot for "Latest working version". No sense in having more previous versions...

What is the 'latest working version'? All I can imagine is to have libzypp to install addiotional kernel instead of update. But user would need to delete the kernels that are of no interest (i.e. manually decide which ones to keep). Stano

Otherwise, agreed, it is a time killer to repair an installation if the kernel or grub crash.

Erik

--------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org

--------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org

Dňa Thursday 22 May 2008 23:57:28 Putrycz, Erik ste napísal:

...

What is the 'latest working version'?

All I can imagine is to have libzypp to install addiotional kernel

instead

...

of update. But user would need to delete the kernels that are of no

interest

...

(i.e. manually decide which ones to keep).

The latest working version would be the last one that booted up correctly. If a new kernel installation boots correctly, then the old one can be deleted.

Having a kernel to boot does not mean kernel is good. Your application might crash due to kernel bug, but until you start the app, your kernel appears to run fine. Stano --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org

On Thu, May 22, 2008 at 09:36:36AM -0400, Felix Miata wrote:

On 2008/05/22 14:09 (GMT+0200) Stephan Kulow apparently typed:

...

Am Donnerstag, 22. Mai 2008 schrieb Felix Miata:

...

...

On 2008/05/22 15:29 (GMT+1000) Basil Chupin apparently typed:

...

...

...

I don't know why suddenly 11B3 decided that I need the "-pae" kernel rather than the usual "-default" as in past SuSEs/openSUSEs.)

...

...

Basil, I don't know why either, but I did 3 11.0b3 installs in recent days, and all of them got the pae instead, even though all were 32 bit installs and had 1G or less of installed RAM. At least I was able to boot those pae

...

Yeah, we're thinking about renaming kernel-default to kernel-usually-works-on-most-hardware and kernel-pae to kernel-the-one-you-really-want to avoid this confusion in the future.

I don't get it. Why is kernel-the-one-you-really-want wanted on systems with 1G or less of installed RAM? What besides ability to address non-existent RAM

...

4G is different about pae kernels?

It allows using "NX" bit (if the processor supports it), for hardware level page execute protection. Ciao, Marcus --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org

Seems it works if i log in as root, but not as normal user. Jan-Olof Eriksson kirjoitti:

openSUSE Updater applet doesnt work. All other update methods work, but that applet dosnt. It allways asks set up settings, but it wont try to find updates. Is this known bug or is it just me?

J-O.E --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org

--------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org

Vahis kirjoitti:

Jan-Olof Eriksson wrote:

...

openSUSE Updater applet doesnt work. All other update methods work, but that applet dosnt. It allways asks set up settings, but it wont try to find updates. Is this known bug or is it just me?

J-O.E --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org

I ran zypper ref and it started working. There was a prompt to try this.

I tryed that, no luck. J-O.E --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org

On Thu, May 22, 2008 at 11:26 AM, Vahis <waxborg@gmail.com> wrote:

I think there was also a tick on "save" or maybe "keep" password I unticked that at some stage before it started working.

I have on beta 11 (as I've always had) a different password for root.

Yes, I don't care for that setup at all. Having the user and root passwords the same as default is a bad security setup and smells of Ubuntu. Same goes with the keep password option being checked already. I can't agree that it's a good default. --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org

Vahis wrote:

Larry Stotler wrote:

...

On Thu, May 22, 2008 at 11:26 AM, Vahis <waxborg@gmail.com> wrote:

...

I think there was also a tick on "save" or maybe "keep" password I unticked that at some stage before it started working.

I have on beta 11 (as I've always had) a different password for root.

Yes, I don't care for that setup at all. Having the user and root passwords the same as default is a bad security setup and smells of Ubuntu. Same goes with the keep password option being checked already. I can't agree that it's a good default.

There was already a long thread about this that I kinda started so no more about that, but I have always had for my own user during installation (against defaults): Receive system mail No autologin

Now I need to also check at install: Separate password for root

And then later: Don't keep password

Maybe all this is in the name of "desktop usability". But it sure is going against all *nix principals of security.

One can always say that advanced users do what they want and change the defaults to their liking. I'm quite taken because of version 11 but still I think that this autologin stuff with kept root passwords is _very_ strange to me...

After updating to RC1 I can see that "remember password" is no more default when starting YaST. This is good, thank you :) Since I haven't made any fresh installs of RC1 I need to ask: Is same password for root still default in a fresh installation? I wish it would be an option if it needs to be there. Maybe it's changed? If it is still default I keep whining :( All new users being automatically promoted to root from day one sounds bad IMHO I can't help it. -- Vahis --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org

Rajko M. wrote:

On Saturday 31 May 2008 09:40:26 am Vahis wrote: ...

...

If it is still default I keep whining :( All new users being automatically promoted to root from day one sounds bad IMHO I can't help it.

Promoted to root? In what way? It is just the password that is the same. Users have no greater rights then before.

OK. So I won't give root privileges to a user. Just the root password? The user is a user that has root password. What does that make him/her? -- Vahis --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org

Patrick Shanahan wrote:

* Vahis <waxborg@gmail.com> [05-31-08 11:30]:

...

...

OK. So I won't give root privileges to a user. Just the root password? The user is a user that has root password. What does that make him/her?

A *user* with root password is root. NO USER should have root password. Change "root"s password.

As we now have the root's password defaulted to the same as the first user I also think that the first user is very much root. And uninvited guests via ssh only need to know/guess one password instead of two to be root, is very bad IMHO. I must admit that that I have changed from the new default back to what I'm used to: no autologin, different (strong) root password. So I don't really know what the default first user can/cannot do with the root password. But I sure don't like it. -- Vahis --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org

Kevin Dupuy wrote:

On Sat, 2008-05-31 at 12:42 -0400, Patrick Shanahan wrote:

...

* Vahis <waxborg@gmail.com> [05-31-08 11:30]:

...

...

OK. So I won't give root privileges to a user. Just the root password? The user is a user that has root password. What does that make him/her?

A *user* with root password is root. NO USER should have root password. Change "root"s password.

That doesn't make sense.

How is a user with one password to login and a different one for root any different than a user with the same password for both? If he/she knows the root password anyway, it's no different.

Look, if Novell want to dumb-down openSUSE to the level of Windows XP (with using the same password for user and root, and also autologin for chrissake!) users then let them do it but let's cut out this never ending debate about this particular stupid nonsense being built into openSUSE and get on with fixing other problems. Linux has always made security of a system a priority. If those now in charge of openSUSE want to lower this standard then why not? Ciao. -- Vulgar language is the linguistic crutch of inarticulate brain-dead. --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org

Putrycz, Erik wrote:

...

Look, if Novell want to dumb-down openSUSE to the level of Windows XP (with using the same password for user and root, and also autologin

for

...

chrissake!) users then let them do it but let's cut out this never ending debate about this particular stupid nonsense being built into openSUSE and get on with fixing other problems.

Linux has always made security of a system a priority. If those now in charge of openSUSE want to lower this standard then why not?

Why don't you precise how this lowers the security and precise what kind of attacks you are considering here, and back that up with stats, otherwise making all these claims in the wild and is not helping to come with solutions...

This 'debate' has been going on since 11.0 Alpha 1 was released so go back to that time and search through the archives for has been stated by many people on this topic, and don't expect me to restate what has been stated already. -- Vulgar language is the linguistic crutch of inarticulate persons. --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org

Basil Chupin wrote:

Kevin Dupuy wrote:

...

On Sat, 2008-05-31 at 12:42 -0400, Patrick Shanahan wrote:

...

* Vahis <waxborg@gmail.com> [05-31-08 11:30]:

...

...

OK. So I won't give root privileges to a user. Just the root password? The user is a user that has root password. What does that make him/her?

A *user* with root password is root. NO USER should have root password. Change "root"s password.

That doesn't make sense.

How is a user with one password to login and a different one for root any different than a user with the same password for both? If he/she knows the root password anyway, it's no different.

Look, if Novell want to dumb-down openSUSE to the level of Windows XP (with using the same password for user and root, and also autologin for chrissake!) users then let them do it but let's cut out this never ending debate about this particular stupid nonsense being built into openSUSE and get on with fixing other problems.

Linux has always made security of a system a priority. If those now in charge of openSUSE want to lower this standard then why not?

Ciao.

To Patrick and Basil and to myself also, we are never going to "make sense" to these guys. They think that the practice established over decades is either a nonsense or a joke. I am at the precise point of taking to heart a profound philosophical saying, "never try to argue with a fool, he'll only bring you down to his level". OVER done with and OUT! Regards Sid. -- Sid Boyce ... Hamradio License G3VBV, Licensed Private Pilot Emeritus IBM/Amdahl Mainframes and Sun/Fujitsu Servers Tech Support Specialist, Cricket Coach Microsoft Windows Free Zone - Linux used for all Computing Tasks --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org

On Saturday 31 May 2008 10:28:47 am Vahis wrote:

Rajko M. wrote:

...

On Saturday 31 May 2008 09:40:26 am Vahis wrote: ...

...

If it is still default I keep whining :( All new users being automatically promoted to root from day one sounds bad IMHO I can't help it.

Promoted to root? In what way? It is just the password that is the same. Users have no greater rights then before.

OK. So I won't give root privileges to a user. Just the root password? The user is a user that has root password. What does that make him/her?

The option is useful for single user machines where user and root is the same person, so nothing to hide or give. The default is intended for beginners. Experienced users change much more during installation and uncheck one option should not generate so much noise (there was large thread about this). -- Regards, Rajko http://en.opensuse.org/Portal needs helpful hands. --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org

...

The option is useful for single user machines where user and root is

the same

...

person, so nothing to hide or give. The default is intended for beginners. It can be an option. Why default? Does openSUSE want to be as much windows-like as possible? So the new users feel at home? Autologin and root password as default?

I really don't understand the fuss about these options. If you don't like them, just uncheck. And no matter *nix or windows, in the end you want ease of use and security. Multiplication of passwords is *not* a security solution. Erik. --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org

That appears to be the problem.

The solution is an opensuse UAC :-) --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org

-----Original Message----- From: Rajko M. [mailto:rmatov101@charter.net] Sent: May-31-08 6:12 PM To: opensuse-factory@opensuse.org Subject: Re: [opensuse-factory] openSUSE updater broken

On Saturday 31 May 2008 02:52:34 pm Putrycz, Erik wrote:

...

...

That appears to be the problem.

The solution is an opensuse UAC :-)

That would be the one.

Technically IMO a good solution but then an opensuse guy will have to sit beside the windows guy on the apple commercials - and nobody wants that. I think too many operations on linux still require root privileges. You should be able to install hardware and software without being root at least on a "home" computer.

Without actually study about passwords usage, opinion of more or less paranoid part of online community doesn't help much.

Totally agree. There is no proof that one strong password is more or less secure than two passwords... Erik --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org

After in excess of 38 years in this industry, I can proudly wear the paranoid tag if attached. After so many years of no problems arising, someone comes up with the idea that new users are so thick, they will have severe difficulty with 2 passwords.

I have over 200 passwords total, given that each stupid online service requires a separate account and many times they have password entropy requirements. This gets over my memory limits; I'd be surprised to be the only one in this situation. So you can certainly count me in for having difficulties to memorise 2 complex passwords for one computer. Erik. --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org

On Sunday 01 June 2008 12:08:48 pm Jan Ritzerfeld wrote:

Am Sonntag, 1. Juni 2008 schrieb Putrycz, Erik:

...

[...] So you can certainly count me in for having difficulties to memorise 2 complex passwords for one computer.

Especially, if I do not have to use one of them (for root) that often. So I am always tempted to use a weak one for root, or I have to write it down.

Gruß Jan

You can open console and log in as root and start all programs that need root access from there. IMHO Ubuntu's idea with sudo is not good, as it is enticing users to use short root passwords, which is counter productive. Better root terminal and strong password, then sudo and 3 letter password. -- Regards, Rajko http://en.opensuse.org/Portal needs helpful hands. --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org

On Sunday 01 June 2008 04:10:06 pm Randall R Schulz wrote:

On Sunday 01 June 2008 12:35, Rajko M. wrote:

...

...

... IMHO Ubuntu's idea with sudo is not good, as it is enticing users to use short root passwords, which is counter productive. Better root terminal and strong password, then sudo and 3 letter password.

That doesn't make sense to me for two reasons:

1) Sudo requests the logged-in user's password, not roots. 2) Sudo can be configured to only demand a password if a certain amount of time had passed since the last time it validated the user.

At least that's how it worked on the RHEL systems used at my last job a big company that had strict security policies.

I used the one in openSUSE 10.3 and it has default sudoers: 1) ask root password for admin tasks, 2) (so far I recall) timeout is set on 10 minutes. I guess default is compiled in, as in sudoers there is no word about timeout. The timeout of 10' is good if one wants to run few commands at once, but for me it is a hassle. -- Regards, Rajko http://en.opensuse.org/Portal needs helpful hands. --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The Sunday 2008-06-01 at 17:26 -0500, Rajko M. wrote:

...

That doesn't make sense to me for two reasons:

1) Sudo requests the logged-in user's password, not roots. 2) Sudo can be configured to only demand a password if a certain amount of time had passed since the last time it validated the user.

At least that's how it worked on the RHEL systems used at my last job a big company that had strict security policies.

I used the one in openSUSE 10.3 and it has default sudoers: 1) ask root password for admin tasks,

You are supposed to disable that behavior after you have done the initial system configuration. Ie, you install the system, configure it, and then, edit the sudoers file and disable the requesting of root's password. - -- Cheers, Carlos E. R. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4-svn0 (GNU/Linux) iD8DBQFIQywqtTMYHG2NR9URAolHAJ4klUJFhUR1Bh4JVcNVE02qOPehcgCZAUJp pO1bBlULazfEprH5uqypj24= =LHPk -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org

...

...

On 02.06.2008 at 09:54, Daniel Fuhrmann <schoppehaller@vr-web.de> wrote: Opensuse/Linux wants to become a common System also for normal users with one

PC at home with office suite, browser and email.

My parents e.G. need a stable system which is secure for internet violations. They have one userlogin and no home network. If they need to login manually they wouldn't understand it.

I find it important to have strong passwords in other kind of usage, but not

here.

So if we want to be common, we must also provide a easy login solution.

We provide Auto-Login for such cases... what more is needed? I use it myself on my home computer; it does not stop me from putting a strong password on the user account; after all, when I ssh to that box, I'd still want to have this password be requested. Dominqiue --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The Monday 2008-06-02 at 10:41 +0200, Ludwig Nussel wrote: ...

...

...

I used the one in openSUSE 10.3 and it has default sudoers: 1) ask root password for admin tasks,

You are supposed to disable that behavior after you have done the initial system configuration. Ie, you install the system, configure it, and then, edit the sudoers file and disable the requesting of root's password.

The default sudo configuration serves three purposes: - be usable without configuration - but don't allow more than su already does - aid admins to avoid common pitfalls due to misconfiguration

First and second goal is achieved with asking for root's password and by allowing everone to use sudo (upstream default is to ask for the user's password but allow noone to use sudo). Third goal is achieved by not keeping the environment by default.

I wouldn't say that you are supposed to change that behavior. It's fine to modify the config to achive other goals such as asking for the users' password. You'll have to restrict who is allowed to use sudo then though.

The people that created the default sudo configuration file disagree: # In the default (unconfigured) configuration, sudo asks for the root password. # This allows use of an ordinary user account for administration of a freshly # installed system. When configuring sudo, delete the two # following lines: # Defaults targetpw # ask for the password of the target user i.e. root # ALL ALL=(ALL) ALL # WARNING! Only use this together with 'Defaults targetpw'! If you do read the configuration file, the comments tell the admin to delete, thus disable, the configuration that makes sudo use the admin password instead of the user password. In my view, this is a nonsecure use of sudo: why should I use sudo, if I do know the root password? That's absurd. I become root then I type anything I want without having to type "sudo" in front for every command. It only makes sense if you also have the same password for root and the 1st user. The main purpose of sudo is to allow non-root to use root commands, without having to give them all the power that comes with knowing the root password. This is defeated by the install configuration. - -- Cheers, Carlos E. R. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4-svn0 (GNU/Linux) iD8DBQFIQ8xqtTMYHG2NR9URAmnQAKCD+otKPQ4mVg5pdP7yEO+DJCW7OQCfZHej NyJh5i/+p4dBEFZc7rs4yUM= =m/Zi -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org

On Mon, Jun 2, 2008 at 8:08 AM, Ludwig Nussel <ludwig.nussel@suse.de> wrote:

Carlos E. R. wrote:

...

The main purpose of sudo is to allow non-root to use root commands, without having to give them all the power that comes with knowing the root password. This is defeated by the install configuration.

WRONG! The main purpose in sudo is to permit audits and non sharable root passwords in CORPORATE environments which have MULTIPLE system administrators. Despite the ubuntu propaganda. Nothing, nothing and no amount of ubuntu bizarreness making-truth-from-a-lie-by-repetition will change that. Marcio --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org

On Mon, 2 Jun 2008, Carlos E. R. wrote:

Per the man:

sudo allows a permitted user to execute a command as the superuser or another user, as specified in the sudoers file. The real and effective uid and gid are set to match those of the target user as specified in the passwd file and the group vector is initialized based on the group file (unless the -P option was specified). If the invoking user is root or if the target user is the same as the invoking user, no password is required. Otherwise, sudo requires that users authenticate themselves with a password by default > (NOTE: in the default configuration this is the user's password, > not the root password). Once a user has been authenticated, a timestamp is updated and the user may then use sudo without a password for a short period of time (5 minutes unless overridden in sudoers).

The man page not matching our default installation looks like a bug, so I went ahead and filed Bugzilla #404710 - sudo man pages does not match default configuration. Gerald -- Dr. Gerald Pfeifer E gp@novell.com SUSE Linux Products GmbH Director Inbound Product Mgmt T +49(911)74053-0 HRB 16746 (AG Nuremberg) openSUSE/SUSE Linux Enterprise F +49(911)74053-483 GF: Markus Rex --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org

... *sigh* On 6/2/08, Carlos E. R. <robin.listas@telefonica.net> wrote:

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

The Monday 2008-06-02 at 13:08 +0200, Ludwig Nussel wrote:

...

Carlos E. R. wrote:

...

The main purpose of sudo is to allow non-root to use root commands, without having to give them all the power that comes with knowing the root password. This is defeated by the install configuration.

The default config doesn't defeat anything. It merely makes sudo usable without configuration (sudo would issue a fake password

I agree that it serves a purpose, but it does defeat the idea of using root commands without knowing the root password. It defeats the idea of the real root determining what commands he allows his minions to use, and only those commands.

That configuration may makes sense for a single user, that is also root, which is also the idea behing them having the same password, as you said.

...

prompt and then complain by default if those two lines you dislike weren't there).

Of course, you have to configure what commands to allow, one by one. That's the idea ;-)

...

Think of it as su without stupid shell quoting problems. If you've already read the sudo manpage and therefore found out how to allow certain operations without root authentication feel free to run "sudo visudo" and change the config to your liking ("su -c visudo" if you want to boycot the default behavior ;-).

Of course I did that, ages ago :-)

But if I do know the root password, I don't bother about sudo; as much as I dislike using "su -c command" I also dislike "sudo command". I simply type "su -" once and then do as I please :-) .

- -- Cheers, Carlos E. R.

-----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4-svn0 (GNU/Linux)

iD8DBQFIQ+YrtTMYHG2NR9URAodrAJ0dHojvVgIdiIZnscElKInw1Oq6KwCfQR8a TSG+ipWPVjHWlfeVmsLhfyQ= =faIc -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org

--------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org

You just want to turn this thread in another infinite thread so you can post more emails, which seems to be your way of entertainment. Sorry, not gonna happen. On Mon, Jun 2, 2008 at 11:26 AM, Carlos E. R. <carlos.e.r@opensuse.org> wrote:

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

The Monday 2008-06-02 at 09:49 -0300, Druid wrote:

...

...

*sigh*

*sigh*

- -- Cheers, Carlos E. R.

-----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4-svn0 (GNU/Linux)

iD8DBQFIRAM4tTMYHG2NR9URAtatAJwNSs2QQDHDal96aF5qTfp+IP3ZJwCfZtpk ho4Te26+b6tqlMQYGO3m078= =866y -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org

--------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The Monday 2008-06-02 at 17:19 +0200, Lukas Ocilka wrote: Right :-)

Lukas Have a nice day!

*sigh* ;)

A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? A: Top-posting. Q: What is the most annoying thing in e-mail?

- -- Cheers. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4-svn0 (GNU/Linux) iD8DBQFIREiRtTMYHG2NR9URAm+5AJ9m6kREatQkqtSvvcVza2hsovtpPgCgjbKz GPKyreITRo/24n2uLL4ZB1Q= =Jfig -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org

Am Sonntag, 1. Juni 2008 schrieb Boyd Lynn Gerber:

[...] I have a file on my computer that is gpg encrypted with the passwords for my 400+ logins. There just is no way to remember that many passwords.

I had such a gpg file some years ago. However, preventing the decrypted passwords from leaking is not that easy, think about /tmp and swap.

That is why I use password phases for ssh logins and disable password logins on my machines. So I understand this very well. But I really feel that root and the admin need strong passwords.

The more users your system has, the stronger the root password must be (sounds like Yoda speech, doesn't it?). If a system has one user only, breaking the root password will have much less impact. Then, the problem is reduced to the necessity of reinstalling a compromised system instead of just cleaning up the home directory. In general, I want to prevent both my system and my personal data. So, the my user password should not be much less stronger than the root password. Choosing two different but equally strong passwords for the same purpose (and system!) seems to me at least superfluous. Gruß Jan -- One of the few rules of evolution is that extreme specialization results in eventual extinction. --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org

On Sun, 2008-06-01 at 19:41 +0100, Sid Boyce wrote:

Putrycz, Erik wrote:

...

...

After in excess of 38 years in this industry, I can proudly wear the paranoid tag if attached. After so many years of no problems arising, someone comes up with the idea that new users are so thick, they will have severe difficulty with 2 passwords.

I have over 200 passwords total, given that each stupid online service requires a separate account and many times they have password entropy requirements. This gets over my memory limits; I'd be surprised to be the only one in this situation. So you can certainly count me in for having difficulties to memorise 2 complex passwords for one computer.

Erik.

I see the difficulty..... e.g 199 no problem, 200th the straw that broke the camel's back. I haven't counted how many I need, but they are quite a few and when I was in full time employment, we had multiple passwords that changed every 30 days - also presented no problem. If a couple of passwords on a box causes so much havoc, is such a major obstruction and is the major challenge that the technology presents its users with, then global warming must be causing sieve type memory retention problems. I wonder why in all its years of existence, it never has been a problem. Are they trying to say that there are now brainless new users that must be catered for? I think most of the ones you imply as "the brainless" would take exception to that tag. Separate root and user passwords served us well before and through the Windows era and before the current Ubuntu fad and there is no real literate reason for it to change. What do you think all the new users did before this idiocy crept in? Regards Sid.

There is really no reason to keep the "non-paranoid" audience from posting their passwords on their favorite blog or put them on a sticker underneath their keyboard. They can always check ( willingly and in full conscience ) the boxes for "use as root password" and "login automatically", but why this sloppiness should be pressed on new, uncritical users without a hint on what may become of it, is really escaping my intellectual capacities. Casual --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org

On Sunday 01 June 2008 11:46:53 am Putrycz, Erik wrote:

...

After in excess of 38 years in this industry, I can proudly wear the paranoid tag if attached. After so many years of no problems arising, someone comes up with the idea that new users are so thick, they will have severe difficulty with 2 passwords.

I have over 200 passwords total, given that each stupid online service requires a separate account and many times they have password entropy requirements. This gets over my memory limits; I'd be surprised to be the only one in this situation.

No you are not. Add user IDs to the number and it is a mess. That is how people are coming on idea to use one of each for all services, or to remember few that are used for different levels of security.

So you can certainly count me in for having difficulties to memorise 2 complex passwords for one computer.

Me too. Problem is that many of us have in house few computers, some single boot, some dual, some multiple boots, count routers and modems, and without leaving a house you can end with 50 places that ask for user IDs and passwords. My current count is just a bit below that. So, we normal mortals are forced to use same group of passwords for all accounts. That makes me wonder why so much hype on openSUSE decision to make user lives a bit easier. Asking to have same password for first created user and root is not bad as that would be the same person. Passwords are stored separately and there is no indication that they are the same. -- Regards, Rajko http://en.opensuse.org/Portal needs helpful hands. --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org

On Sat, 2008-05-31 at 11:50 -0500, Rajko M. wrote:

On Saturday 31 May 2008 10:28:47 am Vahis wrote:

...

Rajko M. wrote:

...

On Saturday 31 May 2008 09:40:26 am Vahis wrote: ...

...

If it is still default I keep whining :( All new users being automatically promoted to root from day one sounds bad IMHO I can't help it.

Promoted to root? In what way? It is just the password that is the same. Users have no greater rights then before.

OK. So I won't give root privileges to a user. Just the root password? The user is a user that has root password. What does that make him/her?

The option is useful for single user machines where user and root is the same person, so nothing to hide or give. The default is intended for beginners.

Experienced users change much more during installation and uncheck one option should not generate so much noise (there was large thread about this).

This is sheer "Ubuntu Think", especially beginning users should be guided towards security awareness, rather than to complete lack of it. It's extremely easy to become root by accident, just typing the password you are used to, in the process typing some commands you utterly regret as soon as you have pressed enter. If "Ubuntu Think" is the way openSUSE is headed, we should drop installing AppArmor and other security measures by default. Waste of resources and disk space. See also Bug 381420 and Bug 371811 for reference. I think we can't protect a user ( especially a beginner ) from jeopardizing his installation, but we should surely make him aware of the consequences instead of removing security measures by default. Casual P.S. Nobody would remove all traffic lights, so it becomes easier for children to cross the street.. --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org

Vahis wrote:

Rajko M. wrote:

...

On Saturday 31 May 2008 09:40:26 am Vahis wrote: ...

...

If it is still default I keep whining :( All new users being automatically promoted to root from day one sounds bad IMHO I can't help it.

Promoted to root? In what way? It is just the password that is the same. Users have no greater rights then before.

OK. So I won't give root privileges to a user. Just the root password? The user is a user that has root password. What does that make him/her?

It perhaps makes him/her as blissfully unaware of security issues as the person implementing such a crass scheme. One day when the crackers turn their attention to Linux in a big way and the break-ins hit the headlines indicating that Linux is less or no more secure than anything else out there, perhaps that person will have moved on to higher things, the usual fate of such guys. Why or Why do these people regard new users as total airheads, with not enough brain space to remember a couple of passwords? I can think of a number of IT managers who would tell Novell to go take a hike if they were talking security and they mentioned this idiotic scheme as a plus. I have a 68+ year old and a 80+ year old both using openSUSE as their only OS and both would feel insulted if told they couldn't handle separate root and user passwords. Point is they do and they don't need anyone telling them they are born stupid, blaming them for this dumbing down insecure process. Regards Sid. -- Sid Boyce ... Hamradio License G3VBV, Licensed Private Pilot Emeritus IBM/Amdahl Mainframes and Sun/Fujitsu Servers Tech Support Specialist, Cricket Coach Microsoft Windows Free Zone - Linux used for all Computing Tasks --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org

Basil Chupin wrote:

Vahis wrote:

[pruned]

...

After updating to RC1 I can see that "remember password" is no more default when starting YaST. This is good, thank you :)

...

Since I haven't made any fresh installs of RC1 I need to ask: Is same password for root still default in a fresh installation?

YES, it is :-( .

Ciao.

Actually I chose my words a bit wrong. Remembering password is still default, but now when you you choose not to, it will stay unticked. In beta3 it always appeared ticked each time you started YaST. (KDE4) -- Vahis --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org

Vahis wrote:

...

Basil Chupin wrote:

...

Vahis wrote:

[pruned]

...

After updating to RC1 I can see that "remember password" is no more default when starting YaST. This is good, thank you :)

...

Since I haven't made any fresh installs of RC1 I need to ask: Is same password for root still default in a fresh installation?

YES, it is :-( .

Ciao.

Actually I chose my words a bit wrong. Remembering password is still default, but now when you you choose not to, it will stay unticked. In beta3 it always appeared ticked each time you started YaST. (KDE4)

Alright, just to make sure that we are talking about the same thing.

I took your question (above, the one I quoted) to mean that when during installation one is asked for a password as a USER but there is also the tick box which asks if you want to use the SAME password for Root. During installation this box is TICKED so that whatever password one chooses as a USER is then automatically used as the ROOT's password. Having taken your question to mean this then the answer is YES: whatever password you choose as a user will be used as the password for root UNLESS you disallow this by unticking the box.

Don't forget, I PRUNED most of your original posting and only responded to the question I mention above. I've got this quite clear: During the initial installation you are defaulted to accept the same

Basil Chupin wrote: password for root which you can change by not accepting the default. If you do disagree and choose different password for root you are defaulted to have it remembered when you open YaST system tools. If you still deny, remembering won't be default anymore in RC1. It was in beta3. I greeted this change with joy and then I thought maybe the installation default was changed, too. But it wasn't as you pointed out. -- Vahis --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org

Vahis kirjoitti:

I think there was also a tick on "save" or maybe "keep" password I unticked that at some stage before it started working.

That applet have never asked any passwords. It wont try to find any updates.. --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org

Hi,

openSUSE Updater applet doesnt work. All other update methods work, but that applet dosnt. It allways asks set up settings, but it wont try to find updates. Is this known bug or is it just me?

since a week or so the applet is working great for me. I did not do anything except updating. ;) Before that the applet was broken for a long time. I am running: kde4-opensuse-updater-0.7.12-7 fm --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org

Dňa Thursday 22 May 2008 16:42:32 Jan-Olof Eriksson ste napísal:

openSUSE Updater applet doesnt work. All other update methods work, but that applet dosnt. It allways asks set up settings, but it wont try to find updates. Is this known bug or is it just me?

Sounds like this bug: https://bugzilla.novell.com/show_bug.cgi?id=389765 Stano --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org

On Thursday 22 May 2008, Ken Schneider wrote:

...

Yeah, we're thinking about renaming kernel-default to kernel-usually-works-on-most-hardware and kernel-pae to kernel-the-one-you-really-want to avoid this confusion in the future.

Greetings, Stephan

Sounds more like the algorithm to select the proper kernel at install time is broken not kernel-default.

Since there was no previous announcement (at least that I recall) about the change in default install kernel there was no need to be sarcastic in your reply.

Ahhhhhhh someone else has noticed as well at last ... Pete . -- SuSE Linux 10.3-Alpha3. (Linux is like a wigwam - no Gates, no Windows, and an Apache inside.) --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org

Yeah, we're thinking about renaming kernel-default to kernel-usually-works-on-most-hardware and kernel-pae to kernel-the-one-you-really-want to avoid this confusion in the future. well, there *is* confusion, and I think it's at least partly due to naming the kernel "Pae - something" in the grub selector screen.

As a user, if I want to boot openSUSE 11.0 I'd expect an entry called "openSUSE 11.0", or maybe "openSUSE 11.0 - <kernel-version>". Perhaps this small change would prevent more confusion about Pae and whether one really wants/needs that kernel. Cheers, Michael --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org

Basil Chupin <blchupin@tpg.com.au> writes:

Last night I re-installed 11B3 from scratch, from the DVD, and noticed that B3 installs as the *default* selection the "-pae" kernel and not the "-default" kernel for "single and multiprocessors".

That's correct. We install the pae whenever pae is supported. Default works as well - it's just the fallback and you miss PAE which also includes allows some nice security features like non-executable stack. Andreas -- Andreas Jaeger, Director Platform/openSUSE, aj@suse.de SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nürnberg) Maxfeldstr. 5, 90409 Nürnberg, Germany GPG fingerprint = 93A3 365E CE47 B889 DF7F FED1 389A 563C C272 A126