[opensuse] sudo fails
13.1 Hi Why can't I run commands as sudo? e.g. lynn@catral:~> sudo automount -m root's password: sudo: automount: command not found Fails, but: lynn@catral:~> su Password: hh16:/home/lynn # automount -m autofs dump map information ...works fine. Is this meant to be the default? Thanks, L x -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
El 09/06/14 12:47, lynn escribió:
13.1 Hi Why can't I run commands as sudo? e.g. lynn@catral:~> sudo automount -m root's password: sudo: automount: command not found Fails, but:
lynn@catral:~> su Password: hh16:/home/lynn # automount -m autofs dump map information
...works fine. Is this meant to be the default? Thanks, L x
automount is not in path ...see sudoers file comments on how to correct it. -- Cristian "I don't know the key to success, but the key to failure is trying to please everybody." -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 06/09/2014 12:47 PM, lynn wrote:
13.1 Hi Why can't I run commands as sudo? e.g. lynn@catral:~> sudo automount -m root's password: sudo: automount: command not found Fails, but:
lynn@catral:~> su Password: hh16:/home/lynn # automount -m autofs dump map information
...works fine. Is this meant to be the default?
Probably. Sounds like a PATH problem to me. When you do a real 'su' you get root's PATH which includes /sbin and /usr/sbin. I suspect that the way you have sudo set up it does not replace the user's PATH with root's PATH. Which is probably the default. -- "It's not true unless it makes you laugh, but you don't understand until it makes you weep." -- Shea and Wilson, -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 06/09/2014 01:29 PM, Anton Aylward pecked at the keyboard and wrote:
On 06/09/2014 12:47 PM, lynn wrote:
13.1 Hi Why can't I run commands as sudo? e.g. lynn@catral:~> sudo automount -m root's password: sudo: automount: command not found Fails, but:
lynn@catral:~> su Password: hh16:/home/lynn # automount -m autofs dump map information
...works fine. Is this meant to be the default?
Probably. Sounds like a PATH problem to me.
When you do a real 'su' you get root's PATH
Not correct. you must use 'su -' to get root's $PATH. -- Ken Schneider SuSe since Version 5.2, June 1998 -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 2014-06-10 15:12, Ken Schneider - openSUSE wrote:
On 06/09/2014 01:29 PM, Anton Aylward pecked at the keyboard and wrote:
On 06/09/2014 12:47 PM, lynn wrote:
13.1 Hi Why can't I run commands as sudo? e.g. lynn@catral:~> sudo automount -m root's password: sudo: automount: command not found
...
Probably. Sounds like a PATH problem to me.
When you do a real 'su' you get root's PATH
Not correct. you must use 'su -' to get root's $PATH.
Wait, there is a common confusion here. When you do "sudo automount" as above, it is searched not as root, but as the user that started sudo, ie "lynn", and "lynn" does not have automount in the path. That's the reason of the error message. It does not matter what path or powers you get after "sudo", root or not. However, IMHO it is a bug or bad programming that when you call "sudo something" it first ask you for the password, then tries to find the program, using the calling user's path. It could have bailed out without wasting the user time asking for the password. -- Cheers / Saludos, Carlos E. R. (from 13.1 x86_64 "Bottle" at Telcontar)
On 06/10/2014 03:21 PM, Carlos E. R. wrote:
However, IMHO it is a bug or bad programming that when you call "sudo something" it first ask you for the password, then tries to find the program, using the calling user's path.
hmm, what if the user calling sudo creates a malicious shell script with that same name as configured in /etc/sudoers, which then would be executed as the other user? I'd consider this a backdoor. I personally always specify absolute paths in the sudoers file btw. Have a nice day, Berny -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 2014-06-10 15:36, Bernhard Voelker wrote:
On 06/10/2014 03:21 PM, Carlos E. R. wrote:
However, IMHO it is a bug or bad programming that when you call "sudo something" it first ask you for the password, then tries to find the program, using the calling user's path.
hmm, what if the user calling sudo creates a malicious shell script with that same name as configured in /etc/sudoers, which then would be executed as the other user? I'd consider this a backdoor. I personally always specify absolute paths in the sudoers file btw.
Mmm. Some programs usable as sudo are already in the user path. I don't have an example right now, but there are some. But you may be right, that could be the reason. I have one entry: cer Telcontar = (news) NOPASSWD: /usr/bin/tailf /var/log/news/news.debug Obviously "tailf" can be called as plain user, but for use with sudo I needed to input the full path. -- Cheers / Saludos, Carlos E. R. (from 13.1 x86_64 "Bottle" at Telcontar)
On 06/10/2014 03:47 PM, Carlos E. R. wrote:
But you may be right, that could be the reason. I have one entry:
cer Telcontar = (news) NOPASSWD: /usr/bin/tailf /var/log/news/news.debug
Obviously "tailf" can be called as plain user, but for use with sudo I needed to input the full path.
It's the other way round: if just "tailf" would be in your sudoers without absolute path, and sudo would first try to resolve it before switching the user, then it would be possible for the local user/attacker to create another script/program with the same name (e.g. with content like "rm -rf /var/spool/news"), put it into a directory which is more at the beginning of $PATH, and then run that arbitrary stuff as user 'news'. I don't think this is wanted ... Absolute paths in sudoers are *good* (and not only there). ;-) Have a nice day, Berny -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 2014-06-10 16:48, Bernhard Voelker wrote:
On 06/10/2014 03:47 PM, Carlos E. R. wrote:
But you may be right, that could be the reason. I have one entry:
cer Telcontar = (news) NOPASSWD: /usr/bin/tailf /var/log/news/news.debug
Obviously "tailf" can be called as plain user, but for use with sudo I needed to input the full path.
It's the other way round: if just "tailf" would be in your sudoers without absolute path, and sudo would first try to resolve it before switching the user, then it would be possible for the local user/attacker to create another script/program with the same name (e.g. with content like "rm -rf /var/spool/news"), put it into a directory which is more at the beginning of $PATH, and then run that arbitrary stuff as user 'news'. I don't think this is wanted ... Absolute paths in sudoers are *good* (and not only there). ;-)
Yes, that's what I'm saying. -- Cheers / Saludos, Carlos E. R. (from 13.1 x86_64 "Bottle" at Telcontar)
On 6/9/2014 9:47 AM, lynn wrote:
Why can't I run commands as sudo? e.g. lynn@catral:~> sudo automount -m root's password: sudo: automount: command not found Fails, but:
Which reminds me..... Why does Opensuse continue to require root's password for sudo?!! I don't run every distro, but I run a lot of them in addition to a couple BDS flavors, and OS is the only one where you have to hand out root's password to anyone who might need to do some trivial task such as automount or starting samba or some such. I can remember when sudo was broken and this was necessary but that is a long time ago, and I see no reason for this to continue. A rational structuring of the sudo configurations would seem to long overdue so that we could get away from this like everybody else. -- _____________________________________ ---This space for rent--- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On Mon, 09 Jun 2014 15:43:47 -0700, John Andersen wrote:
Why does Opensuse continue to require root's password for sudo?!!
Changing the behaviour is trivial. It's even documented in the sudoers file. Jim -- Jim Henderson Please keep on-topic replies on the list so everyone benefits -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 2014-06-10 00:43, John Andersen wrote:
Which reminds me..... Why does Opensuse continue to require root's password for sudo?!!
Because you are expected to change this yourself. The config file has comments saying that it is this way on purpose, for the initial system install, and then you are expected to change it as appropriate for your system. -- Cheers / Saludos, Carlos E. R. (from 13.1 x86_64 "Bottle" at Telcontar)
John Andersen wrote:
Which reminds me..... Why does Opensuse continue to require root's password for sudo?!!
Which users would you want open suse to automatically configure for root access by default? If you can answer that, maybe you can ask it to be fixed... ;-) But barring that, in your /etc/sudoers, you can make local changes to allow users to do things w/o passwords, like: lindaw ALL=(ALL) NOPASSWD: SETENV: ALL Bliss\\lindaw ALL=(ALL) NOPASSWD: SETENV: ALL ## WinNT domain login or by group: ## Same thing without a password ## %wheel ALL=(ALL) NOPASSWD: ALL etc.etc.blahblahblah... BTW, there are a BUNCH of defaults you might want to go through and make decisions on.. things like what to log, what ENV vars to pass through, what editor to use when updating the 'sudoers' file, tons of stuff.. I count a least 18-20 lines in my sudoer's file. The defaults are almost always wrong for this file (for ease of local use)... Like it usually wipes most of your environment, which is good or bad depending on what you expect. (I don't like it, so I prevent that, but you can also list specific exemptions instead of a blanket exception). Oh yeah -- and be sure to set your path to include the normal root programs, or you'll wonder why things don't work.... ;-) -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
* John Andersen
Which reminds me..... Why does Opensuse continue to require root's password for sudo?!!
I don't run every distro, but I run a lot of them in addition to a couple BDS flavors, and OS is the only one where you have to hand out root's password to anyone who might need to do some trivial task such as automount or starting samba or some such.
I can remember when sudo was broken and this was necessary but that is a long time ago, and I see no reason for this to continue. A rational structuring of the sudo configurations would seem to long overdue so that we could get away from this like everybody else.
sudo *is* configurable. All you must do is configure it to allow what you deem necessary. -- (paka)Patrick Shanahan Plainfield, Indiana, USA @ptilopteri http://en.opensuse.org openSUSE Community Member facebook/ptilopteri http://wahoo.no-ip.org Photo Album: http://wahoo.no-ip.org/gallery2 Registered Linux User #207535 @ http://linuxcounter.net -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 6/9/2014 4:47 PM, Patrick Shanahan wrote:
I can remember when sudo was broken and this was necessary but that is a
long time ago, and I see no reason for this to continue. A rational structuring of the sudo configurations would seem to long overdue so that we could get away from this like everybody else.
sudo *is* configurable. All you must do is configure it to allow what you deem necessary.
Yes, I know that. I was born in the morning, Patrick, but not THIS morning. The point is no other 'nix that I am aware of requires you go give out root's password to do a restricted set of operations by default. All of the others require only the user's password by default, (just add desired users to wheel). This sets a bad precedent. Many people might be entrusted to mount a CD on a server, or start some service like cups or restart samba or something. If you give them root's password they will simply log in as root, either at the console or via su, and avoid prefacing every command with sudo. Most distros set up sudo to require people be on the sudoers list AND to use their OWN password. Some make the first user account (created at at installation time) a member of wheel, and able to do all sudo functions by default, but still require only that user's password. Virtually all distros require some configuration of sudo to be generally useful to a all users, but only opensuse requires roots password by default. The question is why does Opensuse stand alone in this practice? _____________________________________ ---This space for rent--- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
* John Andersen
On 6/9/2014 4:47 PM, Patrick Shanahan wrote:
I can remember when sudo was broken and this was necessary but that is a
long time ago, and I see no reason for this to continue. A rational structuring of the sudo configurations would seem to long overdue so that we could get away from this like everybody else.
sudo *is* configurable. All you must do is configure it to allow what you deem necessary.
Yes, I know that. I was born in the morning, Patrick, but not THIS morning.
The point is no other 'nix that I am aware of requires you go give out root's password to do a restricted set of operations by default.
nor does openSUSE, but configuring/editing /etc/sudoers *is* necessary and then root's password does not need to be exposed.
All of the others require only the user's password by default, (just add desired users to wheel).
iow, a different configuration change but still *only* requires configuration.
This sets a bad precedent. Many people might be entrusted to mount a CD on a server, or start some service like cups or restart samba or something. If you give them root's password they will simply log in as root, either at the console or via su, and avoid prefacing every command with sudo.
As it is no longer morning, you should realize that root's password does not need to be exposed, period. But "root" must properly configure the system.
Most distros set up sudo to require people be on the sudoers list AND to use their OWN password. Some make the first user account (created at at installation time) a member of wheel, and able to do all sudo functions by default, but still require only that user's password.
So everyone is *root* but must use there own password. Come on, you don't believe that is proper system configuration!
Virtually all distros require some configuration of sudo to be generally useful to a all users, but only opensuse requires roots password by default.
If *anyone* can configure sudo, root is no longer necessary.
The question is why does Opensuse stand alone in this practice?
To maintain a safe/sane environment! -- (paka)Patrick Shanahan Plainfield, Indiana, USA @ptilopteri http://en.opensuse.org openSUSE Community Member facebook/ptilopteri http://wahoo.no-ip.org Photo Album: http://wahoo.no-ip.org/gallery2 Registered Linux User #207535 @ http://linuxcounter.net -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 6/10/2014 1:16 PM, Patrick Shanahan wrote:
Most distros set up sudo to require people be on the sudoers list AND to use their OWN password. Some make the first user account (created at at installation time) a member of wheel, and able to do all sudo functions by default, but still require only that user's password. So everyone is *root* but must use there own password. Come on, you don't believe that is proper system configuration!
That is not what I said. And you know it. Look, Patrick, instead of arguing with me why not stop being so provincial and at least TAKE A LOOK at some other distros or OpenBSD, FreeBSD, etc. -- _____________________________________ ---This space for rent--- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
* John Andersen
On 6/10/2014 1:16 PM, Patrick Shanahan wrote:
Most distros set up sudo to require people be on the sudoers list AND to use their OWN password. Some make the first user account (created at at installation time) a member of wheel, and able to do all sudo functions by default, but still require only that user's password. So everyone is *root* but must use there own password. Come on, you don't believe that is proper system configuration!
That is not what I said. And you know it.
Look, Patrick, instead of arguing with me why not stop being so provincial and at least TAKE A LOOK at some other distros or OpenBSD, FreeBSD, etc.
I have and I know the difference. But the topic is openSUSE's status and I believe sudo is handled correctly and securely. -- (paka)Patrick Shanahan Plainfield, Indiana, USA @ptilopteri http://en.opensuse.org openSUSE Community Member facebook/ptilopteri http://wahoo.no-ip.org Photo Album: http://wahoo.no-ip.org/gallery2 Registered Linux User #207535 @ http://linuxcounter.net -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Patrick Shanahan wrote:
* John Andersen
[06-10-14 19:41]: On 6/10/2014 1:16 PM, Patrick Shanahan wrote:
Most distros set up sudo to require people be on the sudoers list AND to use their OWN password. Some make the first user account (created at at installation time) a member of wheel, and able to do all sudo functions by default, but still require only that user's password. So everyone is *root* but must use there own password. Come on, you don't believe that is proper system configuration!
That is not what I said. And you know it.
Look, Patrick, instead of arguing with me why not stop being so provincial and at least TAKE A LOOK at some other distros or OpenBSD, FreeBSD, etc.
I have and I know the difference. But the topic is openSUSE's status and I believe sudo is handled correctly and securely.
It's so non-standard that it's utterly FUBAR. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Patrick Shanahan wrote:
* John Andersen
[06-10-14 15:35]: On 6/9/2014 4:47 PM, Patrick Shanahan wrote:
I can remember when sudo was broken and this was necessary but that is a
long time ago, and I see no reason for this to continue. A rational structuring of the sudo configurations would seem to long overdue so that we could get away from this like everybody else.
sudo *is* configurable. All you must do is configure it to allow what you deem necessary.
Yes, I know that. I was born in the morning, Patrick, but not THIS morning.
The point is no other 'nix that I am aware of requires you go give out root's password to do a restricted set of operations by default.
nor does openSUSE, but configuring/editing /etc/sudoers *is* necessary and then root's password does not need to be exposed.
All of the others require only the user's password by default, (just add desired users to wheel).
iow, a different configuration change but still *only* requires configuration.
This sets a bad precedent. Many people might be entrusted to mount a CD on a server, or start some service like cups or restart samba or something. If you give them root's password they will simply log in as root, either at the console or via su, and avoid prefacing every command with sudo.
As it is no longer morning, you should realize that root's password does not need to be exposed, period. But "root" must properly configure the system.
Most distros set up sudo to require people be on the sudoers list AND to use their OWN password. Some make the first user account (created at at installation time) a member of wheel, and able to do all sudo functions by default, but still require only that user's password.
So everyone is *root* but must use there own password. Come on, you don't believe that is proper system configuration!
By default, NO login name should be in /etc/sudoers. When the admin adds a login name to /etc/sudoers, he should, likewise, list the programs (and ONLY the programs) which that user needs to be able to run as root. It is anything BUT a blank check. At least that's how it has always been configured on the Solaris, HP-UX, Irix, and other commercial unixes that I administrated in the auto industry. The point of using their own password is that 1. They (the users allowed to sudo) DON'T have the root password 2. The user is responsible for anything done, since it was THEIR OWN PASSWORD which was used to run the sudo-ed command. 3. The sudo command allows the admin to allow each user to run ONLY the precise administrative commands that they need to run, and no others. 4. If you don't want a user using sodo, then you don't put their login name in /etc/sudoers 5. Revoking one user's sudo privileges is as easy as removing their login name from /etc/sudoers, and thus NOT requiring a change to the root password. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 6/10/2014 5:37 PM, Dirk Gently wrote:
When the admin adds a login name to /etc/sudoers, he should, likewise, list the programs (and ONLY the programs) which that user needs to be able to run as root.
It is anything BUT a blank check.
At least that's how it has always been configured on the Solaris, HP-UX, Irix, and other commercial unixes that I administrated in the auto industry.
Well, playing the devil's advocate, it is very difficult to control ALL the programs that sudo can invoke. When you start digging into the sudoers man page you will find it has become hopelessly complex to properly set it up such that you can let users do something as simple as cancel a print jobs. I've been given sudo privileged on a few machines to do something that simple, and 9 time out of 10 you can send the admin up a tree when you issue the simple command: sudo -s or sudo sudo /bin/sh There are just way too many things to forget or get wrong when setting up sudoers. I only ran into one geezer (older than me, and I'm no spring chicken) who truly had a good understanding of it and had his Cmnd_Spec_lists) well sorted out. -- _____________________________________ ---This space for rent--- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 2014-06-10 21:35, John Andersen wrote: ...
Virtually all distros require some configuration of sudo to be generally useful to a all users, but only opensuse requires roots password by default.
The question is why does Opensuse stand alone in this practice?
Because as Patrick says, root *must* configure the system. The openSUSE etc/sudoers file says: ## In the default (unconfigured) configuration, sudo asks for the root password. ## This allows use of an ordinary user account for administration of a freshly ## installed system. When configuring sudo, delete the two ## following lines: And when you do delete those lines, you have to use your own password, not root's password. In openSUSE, and previously SuSE, sudo is intentionally configured (ie, not configured) to require root's password till you do configure sudoers. If I remember right, wheel was also intentionally disabled: I read something about it related to tyranny years ago. -- Cheers / Saludos, Carlos E. R. (from 13.1 x86_64 "Bottle" at Telcontar)
John Andersen wrote:
Most distros set up sudo to require people be on the sudoers list AND to use their OWN password. Some make the first user account (created at at installation time) a member of wheel, and able to do all sudo functions by default, but still require only that user's password.
---- That's sounds weird. I've always had to type a root password to get root-enabled -- never my own. That's not very secure -- i.e. if someone hacks my PW they get root? root's PW was another layer of security. You say most other distros are _that_ insecure? Ouch!
The question is why does Opensuse stand alone in this practice?
Security? -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 11/06/14 15:23, Linda Walsh wrote:
John Andersen wrote:
Most distros set up sudo to require people be on the sudoers list AND to use their OWN password. Some make the first user account (created at at installation time) a member of wheel, and able to do all sudo functions by default, but still require only that user's password.
That's sounds weird.
I've always had to type a root password to get root-enabled -- never my own. That's not very secure -- i.e. if someone hacks my PW they get root? root's PW was another layer of security. You say most other distros are _that_ insecure?
Ouch!
One of the "most" popular distro is Ubuntu (/Kubuntu) and all you do to get things *MOST* - not all - things done is to type 'sudo <whatever-command>' followed by *your* login password and....... Bob's your Uncle, the command is executed! AND there is no configuration of any sudo-voodoo config file(s) - it's the default setting that the user can perform most root tasks by doing the above.
The question is why does Opensuse stand alone in this practice? Security?
But who cares about security, really? If they did nobody would be running Windows, eg. Now, of all the group of people who would be - or should be! - worried by security are corporations but how many are using Windows, eg? Worrying about security, just like global warming, is only for the nerds and similar who hide behind anything-Linux; but "real men" "don't dance" and don't use fancy stuff like Linux 'cause "he-men" prefer the excitement generated when using something like Windows! BUT the main reason for using the latter is that it is also a wealth-generating system where people are employed coming up with virus scanners etc. You get the picture. A slight change of words used by Hagrid in 'Harry Potter and the Chamber of Secrets', "Just follow the money". BC -- Over the years you've helped raise awareness of a number of issues but the main one has been what a pain in the arse you are. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Basil Chupin wrote:
On 11/06/14 15:23, Linda Walsh wrote:
John Andersen wrote:
Most distros set up sudo to require people be on the sudoers list AND to use their OWN password. Some make the first user account (created at at installation time) a member of wheel, and able to do all sudo functions by default, but still require only that user's password.
That's sounds weird.
I've always had to type a root password to get root-enabled -- never my own. That's not very secure -- i.e. if someone hacks my PW they get root? root's PW was another layer of security. You say most other distros are _that_ insecure?
Ouch!
One of the "most" popular distro is Ubuntu (/Kubuntu) and all you do to get things *MOST* - not all - things done is to type 'sudo <whatever-command>' followed by *your* login password and....... Bob's your Uncle, the command is executed!
Well, Ubuntu is utterly retarded in their set-up of making you do all admin tasks through sudo.... Sudo is supposed to be for a few things... starting/stopping a database, or mounting and unmounting CD/DVD media...
AND there is no configuration of any sudo-voodoo config file(s) - it's the default setting that the user can perform most root tasks by doing the above.
The question is why does Opensuse stand alone in this practice? Security?
But who cares about security, really? If they did nobody would be running Windows, eg. Now, of all the group of people who would be - or should be! - worried by security are corporations but how many are using Windows, eg?
Worrying about security, just like global warming, is only for the nerds and similar who hide behind anything-Linux; but "real men" "don't dance" and don't use fancy stuff like Linux 'cause "he-men" prefer the excitement generated when using something like Windows! BUT the main reason for using the latter is that it is also a wealth-generating system where people are employed coming up with virus scanners etc. You get the picture.
A slight change of words used by Hagrid in 'Harry Potter and the Chamber of Secrets', "Just follow the money".
BC
-- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 06/11/2014 02:08 AM, Basil Chupin wrote:
But who cares about security, really? If they did nobody would be running Windows, eg. Now, of all the group of people who would be - or should be! - worried by security are corporations but how many are using Windows, eg?
I have two computer that run Windows 7. One is set up as a two user system, administrator and myself, the other is a three user setup, Administrator, my best half and myself. Only the administrative user has any administrative privileges. In this configuration it is very much like running Linux except I have seen no kind of "sudo". You have to use the administrator password. -- Those who expect to reap the blessings of freedom must. like men, undergo the fatigue of supporting it.-Thomas Paine _ _... ..._ _ _._ ._ ..... ._.. ... .._ -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 06/11/2014 08:40 AM, Billie Walsh wrote:
In this configuration it is very much like running Linux except I have seen no kind of "sudo". You have to use the administrator password.
In W7, you have to provide the admin password to run admin stuff. However, there are still some things that still require you to be logged in as root. I'm not aware of anything in Linux that can't be done with sudo and requires a root login. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 2014-06-11 16:22, James Knott wrote:
On 06/11/2014 08:40 AM, Billie Walsh wrote:
In this configuration it is very much like running Linux except I have seen no kind of "sudo". You have to use the administrator password.
In W7, you have to provide the admin password to run admin stuff. However, there are still some things that still require you to be logged in as root.
Yes, I have some windows applications that fail as user, even if they ask for the administrator password. For instance, my android samsung phone update. I thought my phone was broken or something, and it was that blasted samsung app, not saying it needed to run as real administrator to work. What for, I can not figure out, but I guess their developers did not even bother to run as plain user, in that stupid Windows tradition of working full time as administrator.
I'm not aware of anything in Linux that can't be done with sudo and requires a root login.
No, I can't think of any. Wait, sudo? Yes, I know of a few that fail, that need instead "su -". It happens sometimes with yast, no permission to access the graphical window or something, or dbus, or something of the sort. -- Cheers / Saludos, Carlos E. R. (from 13.1 x86_64 "Bottle" at Telcontar)
On 06/11/2014 11:33 AM, Carlos E. R. wrote:
Wait, sudo? Yes, I know of a few that fail, that need instead "su -"
I included "su -" when I referred to sudo. In fact I normally use "su -". I have yet to see it fail. I use sudo when I to be able to do something without having to provide the root password. For those, I have a special "sudo" directory, where I place a script that runs what I want. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 2014-06-11 17:39, James Knott wrote:
On 06/11/2014 11:33 AM, Carlos E. R. wrote:
Wait, sudo? Yes, I know of a few that fail, that need instead "su -"
I included "su -" when I referred to sudo. In fact I normally use "su -". I have yet to see it fail. I use sudo when I to be able to do something without having to provide the root password. For those, I have a special "sudo" directory, where I place a script that runs what I want.
No, sudo and "su -" have important differences in the environment they set or pass on. Sudo keeps part of the calling user environment, and erases some vars. On the other hand, "su -" sets the full "root" default environment. Some applications simply fail when used via sudo because of this. -- Cheers / Saludos, Carlos E. R. (from 13.1 x86_64 "Bottle" at Telcontar)
On 06/11/2014 11:56 AM, Carlos E. R. wrote:
No, sudo and "su -" have important differences in the environment they set or pass on. Sudo keeps part of the calling user environment, and erases some vars. On the other hand, "su -" sets the full "root" default environment.
"Su -" is the full root environment. "Su" is just root privilege in the user environment. I will use either, depending on what I'm doing. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 2014-06-11 18:20, James Knott wrote:
On 06/11/2014 11:56 AM, Carlos E. R. wrote:
No, sudo and "su -" have important differences in the environment they set or pass on. Sudo keeps part of the calling user environment, and erases some vars. On the other hand, "su -" sets the full "root" default environment.
"Su -" is the full root environment. "Su" is just root privilege in the user environment. I will use either, depending on what I'm doing.
Exactly. And sudo is roughly equivalent to "su" in that respect, you get no choice. -- Cheers / Saludos, Carlos E. R. (from 13.1 x86_64 "Bottle" at Telcontar)
On 12/06/14 02:20, James Knott wrote:
On 06/11/2014 11:56 AM, Carlos E. R. wrote:
No, sudo and "su -" have important differences in the environment they set or pass on. Sudo keeps part of the calling user environment, and erases some vars. On the other hand, "su -" sets the full "root" default environment. "Su -" is the full root environment. "Su" is just root privilege in the user environment. I will use either, depending on what I'm doing.
Hold onthere for a moment :-) . What exactly is the difference in what you just stated above re "su -" and '"su" is just root privilege in the user environment"'? If you are 'root' why would you want to use "su -" anyway? I have found that in openSUSE when one uses "su -" - or even "su" - you are asked for the root's password and you can do whatever root is able to do with the system. As well, when you use "sudo <command>" you are asked for the *root's* password; whereas in something like Ubuntu you are simply asked for your *user* login password - but you *cannot* do everything which root can do. What am I misunderstanding in this discussion? BC -- Over the years you've helped raise awareness of a number of issues but the main one has been what a pain in the arse you are. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 06/12/2014 08:46 AM, Basil Chupin pecked at the keyboard and wrote:
On 12/06/14 02:20, James Knott wrote:
On 06/11/2014 11:56 AM, Carlos E. R. wrote:
No, sudo and "su -" have important differences in the environment they set or pass on. Sudo keeps part of the calling user environment, and erases some vars. On the other hand, "su -" sets the full "root" default environment. "Su -" is the full root environment. "Su" is just root privilege in the user environment. I will use either, depending on what I'm doing.
Hold onthere for a moment :-) .
What exactly is the difference in what you just stated above re "su -" and '"su" is just root privilege in the user environment"'?
If you are 'root' why would you want to use "su -" anyway?
I have found that in openSUSE when one uses "su -" - or even "su" - you are asked for the root's password and you can do whatever root is able to do with the system.
It's all about the $ENV Basil. To test this use 'su', enter roots password, and type "env" and then (after you exit using CTRL-d) use 'su -', enter root's password, and type "env". Compare the two lists and you will find many differences, chief among them will be the $PATH result. HTH -- Ken Schneider SuSe since Version 5.2, June 1998 -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 06/12/2014 09:15 AM, Ken Schneider - openSUSE wrote:
It's all about the $ENV Basil. To test this use 'su', enter roots password, and type "env" and then (after you exit using CTRL-d) use 'su -', enter root's password, and type "env". Compare the two lists and you will find many differences, chief among them will be the $PATH result.
Perhaps another way of looking at it is the difference between merely escalating authority and creating a new login environment. If you look at the man page for the shell it talks of the login shell A login shell is one whose first character of argument zero is a -, or one started with the --login option. Perhaps you should read the rest of that section. A RTFM of SU(1) also mentions: -, -l, --login Starts the shell as login shell with an environment similar to a real login: o clears all environment variables except for TERM o initializes the environment variables HOME, SHELL, USER, LOGNAME, PATH o changes to the target user's home directory o sets argv[0] of the shell to '-' in order to make the shell a login shell And of course that last line brings us back to the section in the man page for the shell that I mentioned above. Of course the matter of a password when using 'sudo' or even 'su' is just another configuration issue. If the user is a member of the wheel group and the /etc/sudoers file and the file /etc/pamd.d/su and/or /etc/pamd.d/sudo have been configured correctly then no password is required or the user's own password rather than the root password can be required. The issue here is 'this is Linux' so it is configurable. The 'wheel group' is something that Berkeley UNIX came up with about 35 years ago to address the issue of having multiple sysadmins without disclosing the root password. The policy was that all admins had the same universal power. If you look at how the wheel group is implemented (see PAM_WHEEL(8)) then it is easy to see that this mechanism can be generalized and applied to more restrictive administrative powers. For example, you can set up a group than can add new users by inserting the pan_wheel entry in /etc/pam.d/useradd with the parameter of the group created for that purpose. PAM is very powerful and very flexible. Take a look also as PAM_LISTFILE(8) That being said, the same could be done with sudo and to a large degree simply by the proper use of access controls and groups. Steve Simmons presented a paper "Live Without Root" back at LISA in 1990. Although he describes a very specific set of circumstances I have applied this for such things as printer administration in a AIX setting. Of course it helps if one can draw Venn diagrams :-) http://www-personal.umich.edu/~scs/TechWriting/rootless.html http://www.ussrback.com/docs/papers/unix/noroot.ps -- /"\ \ / ASCII Ribbon Campaign X Against HTML Mail / \ -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Basil Chupin wrote:
On 12/06/14 02:20, James Knott wrote:
On 06/11/2014 11:56 AM, Carlos E. R. wrote:
No, sudo and "su -" have important differences in the environment they set or pass on. Sudo keeps part of the calling user environment, and erases some vars. On the other hand, "su -" sets the full "root" default environment. "Su -" is the full root environment. "Su" is just root privilege in the user environment. I will use either, depending on what I'm doing.
Hold onthere for a moment :-) .
What exactly is the difference in what you just stated above re "su -" and '"su" is just root privilege in the user environment"'?
If you are 'root' why would you want to use "su -" anyway?
I have found that in openSUSE when one uses "su -" - or even "su" - you are asked for the root's password and you can do whatever root is able to do with the system.
As well, when you use "sudo <command>" you are asked for the *root's* password; whereas in something like Ubuntu you are simply asked for your *user* login password - but you *cannot* do everything which root can do.
What am I misunderstanding in this discussion?
The purpose of sudo is to allow a non-privileged user to execute a limited number of commands as root, WITHOUT giving the root password to the user. Both Ubuntu and openSuSE are set up wrong. If the user has the root password, then they can just use su, and do anything with that. That's the problem with the openSuSE configuration. If the user can do ANYTHING with sudo, then, they can do ANYTHING as root. That's the prbolem with the Ubuntu configuration.
BC
-- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On Friday 13 June 2014, Dirk Gently wrote:
Basil Chupin wrote:
On 12/06/14 02:20, James Knott wrote:
On 06/11/2014 11:56 AM, Carlos E. R. wrote:
No, sudo and "su -" have important differences in the environment they set or pass on. Sudo keeps part of the calling user environment, and erases some vars. On the other hand, "su -" sets the full "root" default environment.
"Su -" is the full root environment. "Su" is just root privilege in the user environment. I will use either, depending on what I'm doing.
Hold onthere for a moment :-) .
What exactly is the difference in what you just stated above re "su -" and '"su" is just root privilege in the user environment"'?
If you are 'root' why would you want to use "su -" anyway?
I have found that in openSUSE when one uses "su -" - or even "su" - you are asked for the root's password and you can do whatever root is able to do with the system.
As well, when you use "sudo <command>" you are asked for the *root's* password; whereas in something like Ubuntu you are simply asked for your *user* login password - but you *cannot* do everything which root can do.
What am I misunderstanding in this discussion?
The purpose of sudo is to allow a non-privileged user to execute a limited number of commands as root, WITHOUT giving the root password to the user.
Both Ubuntu and openSuSE are set up wrong.
If the user has the root password, then they can just use su, and do anything with that.
Using su has the disadvantage that you need to type password for each su command. Sudo asks for pwd only once at the first time and then it's cached for some minutes. Using su to start a interactive root shell is unwanted because of several obvious reasons. So IMO the password protected sudo as is the right default. How else would you like it. Allowing sudo without password for all users per default?
That's the problem with the openSuSE configuration.
If the user can do ANYTHING with sudo, then, they can do ANYTHING as root. That's the prbolem with the Ubuntu configuration.
BC -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Ruediger Meier wrote:
On Friday 13 June 2014, Dirk Gently wrote:
Basil Chupin wrote:
On 12/06/14 02:20, James Knott wrote:
On 06/11/2014 11:56 AM, Carlos E. R. wrote:
No, sudo and "su -" have important differences in the environment they set or pass on. Sudo keeps part of the calling user environment, and erases some vars. On the other hand, "su -" sets the full "root" default environment.
"Su -" is the full root environment. "Su" is just root privilege in the user environment. I will use either, depending on what I'm doing.
Hold onthere for a moment :-) .
What exactly is the difference in what you just stated above re "su -" and '"su" is just root privilege in the user environment"'?
If you are 'root' why would you want to use "su -" anyway?
I have found that in openSUSE when one uses "su -" - or even "su" - you are asked for the root's password and you can do whatever root is able to do with the system.
As well, when you use "sudo <command>" you are asked for the *root's* password; whereas in something like Ubuntu you are simply asked for your *user* login password - but you *cannot* do everything which root can do.
What am I misunderstanding in this discussion?
The purpose of sudo is to allow a non-privileged user to execute a limited number of commands as root, WITHOUT giving the root password to the user.
Both Ubuntu and openSuSE are set up wrong.
If the user has the root password, then they can just use su, and do anything with that.
Using su has the disadvantage that you need to type password for each su command. Sudo asks for pwd only once at the first time and then it's cached for some minutes.
You have su and sudo reversed. su (substitute user) will give you a shell of another user. If no user is specified, it is a root shell. sudo allows you to run one command as root.
Using su to start a interactive root shell is unwanted because of several obvious reasons.
The thing is this -- if you want a generic user to be able to mount a dvd, the last thing you want to do is give him the root password, because then he can do ANYTHING. Instead, what you want to do is edit /etc/sudoers, and add him as a n allowed user, and allow him torun the required mount and unmount command, and nothing else. You want his password for sudo to be his normal user password, NOT THE ROOT PASSWORD. If you give the users the root password for sudo, then they can just login to root, and not have to fuss with sudo at all. And then you have a non-administrator with administrative privileges. Anybody who has seen how users act when they get a little bit of admin power, they will customize the system to optimize for their own benefit, even to the detriment of all other users. Why? "Because I have root privileges and they don't -- the powers that be obviously condone me customizing the machine to my benefit and not theirs"
So IMO the password protected sudo as is the right default. How else would you like it. Allowing sudo without password for all users per default?
That's the problem with the openSuSE configuration.
If the user can do ANYTHING with sudo, then, they can do ANYTHING as root. That's the prbolem with the Ubuntu configuration.
BC
-- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 6/15/2014 4:40 PM, Dirk Gently wrote:
Using su has the disadvantage that you need to type password for each su command. Sudo asks for pwd only once at the first time and then it's cached for some minutes.
You have su and sudo reversed.
su (substitute user) will give you a shell of another user. If no user is specified, it is a root shell.
sudo allows you to run one command as root.
Unfortunately, in almost every system, the default install allows that ONE Command to be "sudo -s" which gives you a root shell. -- _____________________________________ ---This space for rent--- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
* John Andersen
Unfortunately, in almost every system, the default install allows that ONE Command to be "sudo -s" which gives you a root shell.
Only unfortunate if one has foolishly given out the root password rather than utilizing sudo as intended, specifically selecting commands for access and assigning them to a password protected group. -- (paka)Patrick Shanahan Plainfield, Indiana, USA @ptilopteri http://en.opensuse.org openSUSE Community Member facebook/ptilopteri http://wahoo.no-ip.org Photo Album: http://wahoo.no-ip.org/gallery2 Registered Linux User #207535 @ http://linuxcounter.net -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 6/16/2014 1:39 PM, Patrick Shanahan wrote:
* John Andersen
[06-16-14 15:16]: [...] Unfortunately, in almost every system, the default install allows that ONE Command to be "sudo -s" which gives you a root shell.
Only unfortunate if one has foolishly given out the root password rather than utilizing sudo as intended, specifically selecting commands for access and assigning them to a password protected group.
Not sure that would actually help in this case, because the -s is built into sudo. There is no specific command to be selected or excluded from execution. First, your understanding of this is wrong. You don't need root's password to get a root shell. Even on OpenBSD, as default, you issue sudo -s and are asked for your (user) password. If your user is in sudoers, AND the root account has a shell allowed, you get a shell, (although it won't (usually) run root's profile, nor will it necessarily offer a complete environment. Not sure if there is another way to disable this feature. -- _____________________________________ ---This space for rent--- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
* John Andersen
On 6/16/2014 1:39 PM, Patrick Shanahan wrote:
* John Andersen
[06-16-14 15:16]: [...] Unfortunately, in almost every system, the default install allows that ONE Command to be "sudo -s" which gives you a root shell.
Only unfortunate if one has foolishly given out the root password rather than utilizing sudo as intended, specifically selecting commands for access and assigning them to a password protected group.
Not sure that would actually help in this case, because the -s is built into sudo. There is no specific command to be selected or excluded from execution.
First, your understanding of this is wrong. You don't need root's password to get a root shell. Even on OpenBSD, as default, you issue sudo -s and are asked for your (user) password.
Ah??? 07:01 Crash: ~ > sudo -s root's password:
If your user is in sudoers, AND the root account has a shell allowed, you get a shell, (although it won't (usually) run root's profile, nor will it necessarily offer a complete environment.
Users Hosts RunAs NOPASS Cmds ALL ALL (ALL) No ALL ALL ALL (ALL) No ALL
Not sure if there is another way to disable this feature.
I don't see that with my config or lack of config. I made no changes to sudo config, it is as it came, stock. No, root's passwd is not the same as <user> which is *not* what is suggested on install :^( My desktop is essentially a single user seat but at times others sit there but there is *no* access in any manner of root's domain w/o providing "root's" passwd. Security setting #1. And I do *not* give out root's passwd. -- (paka)Patrick Shanahan Plainfield, Indiana, USA @ptilopteri http://en.opensuse.org openSUSE Community Member facebook/ptilopteri http://wahoo.no-ip.org Photo Album: http://wahoo.no-ip.org/gallery2 Registered Linux User #207535 @ http://linuxcounter.net -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 2014-06-19 13:13, Patrick Shanahan wrote:
* John Andersen <> [06-19-14 06:46]:
First, your understanding of this is wrong. You don't need root's password to get a root shell. Even on OpenBSD, as default, you issue sudo -s and are asked for your (user) password.
Ah??? 07:01 Crash: ~ > sudo -s root's password:
The default openSUSE (and S.u.S.E. decades before) sudo configuration, is a non-configured sudoers file, which requires root's password, on purpose. You have to do the configuration yourself, as system administrator, and decide which users, if any, can use their own password to do root things. Till you do that, nobody can become root without root's password. Obviously. -- Cheers / Saludos, Carlos E. R. (from 13.1 x86_64 "Bottle" at Telcontar)
* Carlos E. R.
On 2014-06-19 13:13, Patrick Shanahan wrote:
* John Andersen <> [06-19-14 06:46]:
First, your understanding of this is wrong. You don't need root's password to get a root shell. Even on OpenBSD, as default, you issue sudo -s and are asked for your (user) password.
Ah??? 07:01 Crash: ~ > sudo -s root's password:
The default openSUSE (and S.u.S.E. decades before) sudo configuration, is a non-configured sudoers file, which requires root's password, on purpose.
You have to do the configuration yourself, as system administrator, and decide which users, if any, can use their own password to do root things. Till you do that, nobody can become root without root's password. Obviously.
Yes, that is exactly what I meant to convey :^) -- (paka)Patrick Shanahan Plainfield, Indiana, USA @ptilopteri http://en.opensuse.org openSUSE Community Member facebook/ptilopteri http://wahoo.no-ip.org Photo Album: http://wahoo.no-ip.org/gallery2 Registered Linux User #207535 @ http://linuxcounter.net -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On Monday 16 June 2014, Dirk Gently wrote:
Ruediger Meier wrote:
On Friday 13 June 2014, Dirk Gently wrote:
Basil Chupin wrote:
On 12/06/14 02:20, James Knott wrote:
On 06/11/2014 11:56 AM, Carlos E. R. wrote:
No, sudo and "su -" have important differences in the environment they set or pass on. Sudo keeps part of the calling user environment, and erases some vars. On the other hand, "su -" sets the full "root" default environment.
"Su -" is the full root environment. "Su" is just root privilege in the user environment. I will use either, depending on what I'm doing.
Hold onthere for a moment :-) .
What exactly is the difference in what you just stated above re "su -" and '"su" is just root privilege in the user environment"'?
If you are 'root' why would you want to use "su -" anyway?
I have found that in openSUSE when one uses "su -" - or even "su" - you are asked for the root's password and you can do whatever root is able to do with the system.
As well, when you use "sudo <command>" you are asked for the *root's* password; whereas in something like Ubuntu you are simply asked for your *user* login password - but you *cannot* do everything which root can do.
What am I misunderstanding in this discussion?
The purpose of sudo is to allow a non-privileged user to execute a limited number of commands as root, WITHOUT giving the root password to the user.
Both Ubuntu and openSuSE are set up wrong.
If the user has the root password, then they can just use su, and do anything with that.
Using su has the disadvantage that you need to type password for each su command. Sudo asks for pwd only once at the first time and then it's cached for some minutes.
You have su and sudo reversed.
No, see below.
su (substitute user) will give you a shell of another user. If no user is specified, it is a root shell.
That's not what I want. I compared "su -c xyz" with "sudo xyz". And actually I was thinking only about the case that any command xyz is allowed. cu, Rudi -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 06/13/2014 02:20 AM, Dirk Gently wrote:
The purpose of sudo is to allow a non-privileged user to execute a limited number of commands as root, WITHOUT giving the root password to the user.
The purpose of sudo is to allow the system administrator to delegate to a non-privileged user a limited number of commands by appropriate configuration
Both Ubuntu and openSuSE are set up wrong.
In that 'out of the box' they are not set up to the specific needs of any particular system, yes.
If the user has the root password, then they can just use su, and do anything with that. That's the problem with the openSuSE configuration.
That's the problem with the 'out of the box' configuration that has not been customized to specific site needs by the system administrator. Many packages, Postfix, Samba, Dovecot and more are in this category.
If the user can do ANYTHING with sudo, then, they can do ANYTHING as root. That's the prbolem with the Ubuntu configuration.
The problem is really 'learned disability' and treating the user of a single-user system as if he was a sophisticated and experienced system administrator. This 'dumbing down' was epitomised by Microsoft with MS-DOS and early Windows where the end user had sysadmin privileges simply because there was no access control. Dijkstra talks of languages such as COBOL crippling the mind. I get to wonder about the security attitudes people whose first system was MS-DOS or early Windows, sometimes. I also get to wonder about people who expect complex systems that don't have an 'idiot stick' front end[1] to be managed without specific administration and configuration. After all, what are sysadmins for if not to understand the needs of the users and make sure the system meets those needs? What was that? "BoFH"? Oh, right! []1 A car is an example of that. The mechanical, chemical, electrical and electronic complexity is immense, but kids and grandmothers can drive one. All it takes is two pedals and steering wheel. -- /"\ \ / ASCII Ribbon Campaign X Against HTML Mail / \ -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 13/06/14 22:41, Anton Aylward wrote:
On 06/13/2014 02:20 AM, Dirk Gently wrote:
The purpose of sudo is to allow a non-privileged user to execute a limited number of commands as root, WITHOUT giving the root password to the user.
The purpose of sudo is to allow the system administrator to delegate to a non-privileged user a limited number of commands by appropriate configuration
Both Ubuntu and openSuSE are set up wrong. In that 'out of the box' they are not set up to the specific needs of any particular system, yes.
If the user has the root password, then they can just use su, and do anything with that. That's the problem with the openSuSE configuration. That's the problem with the 'out of the box' configuration that has not been customized to specific site needs by the system administrator.
[pruned] There are a couple things re this su/su -/sudo and their use in openSUSE. The first is that if you enter 'Gecko>Computer>Install/remove software' a menu comes up asking for the ROOT's password and you are then taken to the relevant section of YaST. Now, the ROOT's password is *remembered* for - I believe but have not timed it - around 15 minutes so if you need to come back to install more s/ware you are not asked for the ROOT's password again (until the time runs out). So for some 15 minutes the ability to install/delete software can be performed without being asked for the ROOT password by anyone who has access to the computer should the User walk away from his/her computer. The second thing relates to what occurs when one is installing openSUSE. During installation you are asked for your Full Name, User Name and User Password. But at bottom of this menu there are 2 boxes already ticked - that is the default setting is selected for you by oS; one selects the default that you use the User Password for the ROOT's password. Unless you see this and deselect this default setting then oS becomes like Windows in a way and this is where 'sudo' probably comes in as well as 'su' and su -'. I cannot verify what I just wrote because I never leave the default setting and always create a separate password for ROOT. I suspect that everyone who installs oS for the first time - or even after several installations - doesn't pay attention to this default setting and therefore turns oS into a 'Windows' "system" so to speak :-) . (The other default setting at this point is the ability for the USER to receive mail sent by the system to ROOT. This, too, I deselect.) BC -- Over the years you've helped raise awareness of a number of issues but the main one has been what a pain in the arse you are. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 2014-06-14 07:43, Basil Chupin wrote:
(The other default setting at this point is the ability for the USER to receive mail sent by the system to ROOT. This, too, I deselect.)
Wrong. Some of the tools⁽¹⁾ in the mail chain refuse to process mail sent to root, on purpose. The intention is that you can not read nor send email as root. Thus email that is sent to root has to be redirected to another user instead. After all, root should never be logged in an GUI and run a mail client, and will never see those emails. The setting "send ROOT mail to XYZ user" is an intentional security setting. (1) See procmail and postfix docs. The old sendmail did not have this limitation. -- Cheers / Saludos, Carlos E. R. (from 13.1 x86_64 "Bottle" at Telcontar)
Carlos E. R. wrote:
Some of the tools⁽¹⁾ in the mail chain refuse to process mail sent to root, on purpose. The intention is that you can not read nor send email as root.
--- Lame.
Thus email that is sent to root has to be redirected to another user instead. After all, root should never be logged in an GUI and run a mail client, and will never see those emails.
--- Should? rarely, maybe, but should? Who am I logged in as in single-user or rescue?
The setting "send ROOT mail to XYZ user" is an intentional security setting.
(1) See procmail and postfix docs. The old sendmail did not have this limitation.
---- Neither does my current sendmail. But I do have an alias root->"my local user"... -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 14/06/14 23:44, Carlos E. R. wrote:
On 2014-06-14 07:43, Basil Chupin wrote:
(The other default setting at this point is the ability for the USER to receive mail sent by the system to ROOT. This, too, I deselect.) Wrong.
No, not at all :-) .
Some of the tools⁽¹⁾ in the mail chain refuse to process mail sent to root, on purpose. The intention is that you can not read nor send email as root.
Thus email that is sent to root has to be redirected to another user instead. After all, root should never be logged in an GUI and run a mail client, and will never see those emails.
The setting "send ROOT mail to XYZ user" is an intentional security setting.
I can, as User, use the "su -" command and become ROOT; then run "mc" and I can then go into the relevant directory/sub-directory (forgot which ones) and can read (F3) the e-mails (if any) the system has posted to me as ROOT :-) . No big deal, no sweat, no knickers in a knot and therefore no "wedgies" :-) .
(1) See procmail and postfix docs. The old sendmail did not have this limitation.
Procmail or postfix don't interest me - nor 99% of the other users of openSUSE. I don't even know what they are :-) . I try and look at problems from a very broad perspective: what the Joe in the street sees or wants or would like to see. I am not a nerd - and don't want to be. However, this last bit - re the e-mail - is really a non-event. What about the other 2 matters I mentioned which I consider to be much more important? BC -- Using openSUSE 13.1, KDE 4.13.1 & kernel 3.15.0-1 on a system with- AMD FX 8-core 3.6/4.2GHz processor 16GB PC14900/1866MHz Quad Channel RAM Gigabyte AMD3+ m/board; Gigabyte nVidia GTX660 GPU -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 2014-06-15 08:12, Basil Chupin wrote:
On 14/06/14 23:44, Carlos E. R. wrote:
However, this last bit - re the e-mail - is really a non-event.
What about the other 2 matters I mentioned which I consider to be much more important?
That's for others to answer if they wish. I know the facts about why the redirection of root's mail, that it is intentional, and that it is for security, you believe it or not, you agree or not. :-) We are talking about defaults, not how experienced people configure their own systems, after all. -- Cheers / Saludos, Carlos E. R. (from 13.1 x86_64 "Bottle" at Telcontar)
On 16/06/14 04:54, Carlos E. R. wrote:
On 2014-06-15 08:12, Basil Chupin wrote:
On 14/06/14 23:44, Carlos E. R. wrote:
However, this last bit - re the e-mail - is really a non-event.
What about the other 2 matters I mentioned which I consider to be much more important? That's for others to answer if they wish. I know the facts about why the redirection of root's mail, that it is intentional, and that it is for security, you believe it or not, you agree or not. :-)
We are talking about defaults,
We are talking default setting here, as I mentioned. But let's stop here for a moment. I think I let the hare loose when I mentioned that this default setting is about E-MAIL to the ROOT. I don't think that it is e-mail at all but simple mail - ie error messages etc - which the system may send to the root/administrator and has nothing to do with E-MAIL. Because I have never ever used this default settings I don't have a clue what form this mail to the root/administrator takes. Perhaps someone who is now using this default setting could educate me (us) how this mail is seen by the User - and where (ie, Thunderbird, Kmail, whatever).
not how experienced people configure their own systems, after all. BC
-- Using openSUSE 13.1, KDE 4.13.2 & kernel 3.15.0-1 on a system with- AMD FX 8-core 3.6/4.2GHz processor 16GB PC14900/1866MHz Quad Channel RAM Gigabyte AMD3+ m/board; Gigabyte nVidia GTX660 GPU -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 2014-06-16 08:45, Basil Chupin wrote:
On 16/06/14 04:54, Carlos E. R. wrote:
But let's stop here for a moment.
I think I let the hare loose when I mentioned that this default setting is about E-MAIL to the ROOT. I don't think that it is e-mail at all but simple mail - ie error messages etc - which the system may send to the root/administrator and has nothing to do with E-MAIL.
Yes, email to the root, typically sent internally by system daemons. But technically, it is the same thing as external email; in fact, with the default system, just telling the system to accept external email, if your machine has a fixed IP you could send emails to it from another machine, using local names, like "root@mywondefulmachine.localnet". The must complicated thing needed would be to run yast to tell it to configure mail defaults. Thus, as the toolchain included by default is built so that you can send/receive email from root@somemachine to sombody@gmail, there are some tools that their developers (not opensuse) redesigned them to bail out if the destination was root. This happened or was evident when openSUSE changed from sendmail to postfix
Because I have never ever used this default settings I don't have a clue what form this mail to the root/administrator takes.
As any other email, only that typically the address is not known on Internet, because few people have machines with real Internet domain names.
Perhaps someone who is now using this default setting could educate me (us) how this mail is seen by the User - and where (ie, Thunderbird, Kmail, whatever).
Those MUA do not read system email out of the box, you have to tell them to. If they are not configured to do it, plain "mail" in a terminal will do it, but I use "alpine" instead. In fact, whn some nosyparker site wants my email and I do not want to give it, I tell them that my email is root@theirdomain.com, and the web form happily accepts it :-p -- Cheers / Saludos, Carlos E. R. (from 13.1 x86_64 "Bottle" at Telcontar)
On 16/06/14 07:45, Basil Chupin wrote:
Perhaps someone who is now using this default setting could educate me (us) how this mail is seen by the User - and where (ie, Thunderbird, Kmail, whatever).
I use it to get the results of various scripts that are run as cronjobs by root. For example, I have a python script that runs each night to tell me if my son has rsyncd any new (music) files to my machine. 1. Allow your user to receive system mail (at install time or later on in YaST) 2. Set up a new account in TB (I don't use KMail anymore, so can't comment) Bob -- Bob Williams System: Linux 3.11.10-11-desktop Distro: openSUSE 13.1 (x86_64) with KDE Development Platform: 4.13.1 Uptime: 06:00am up 1 day 6:52, 4 users, load average: 0.00, 0.01, 0.05 -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Carlos E. R. wrote:
On 2014-06-14 07:43, Basil Chupin wrote:
(The other default setting at this point is the ability for the USER to receive mail sent by the system to ROOT. This, too, I deselect.)
Wrong.
Some of the tools⁽¹⁾ in the mail chain refuse to process mail sent to root, on purpose. The intention is that you can not read nor send email as root.
Thus email that is sent to root has to be redirected to another user instead. After all, root should never be logged in an GUI and run a mail client, and will never see those emails.
The setting "send ROOT mail to XYZ user" is an intentional security setting.
(1) See procmail and postfix docs. The old sendmail did not have this limitation.
Didn't know that. That's really fucked up. I understand the reasoning, but I also understand the downside of making a "special user" who isn't root... either you put all the system mail-reading one one user, or you have to set up a 2nd admin account, and make the admin login to both root AND the system-mail receiving account. Not exactly what I would call a good idea. I don't understand why there would be any problem with root running Thunderbird. And if I bring the system into single-user mode to fix a problem, and root doesn't have the mail.....and I need to read system mail messages to get a grasp of the problem... where am I? -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Le 15/06/2014 09:57, Dirk Gently a écrit :
Carlos E. R. wrote:
The setting "send ROOT mail to XYZ user" is an intentional security setting.
it's simply an alias in /etc/aliases and you can keep mail for root adding \root on the same line
I don't understand why there would be any problem with root running Thunderbird.
or pine/alpine on remote server, by the way, or simply "mail". But there is a strong reason for mail reaching *also* sompe user, just in case nobody ever read root mails :-)
And if I bring the system into single-user mode to fix a problem, and root doesn't have the mail.....and I need to read system mail messages to get a grasp of the problem... where am I?
in single user mode you don't have network, but keep old mail (already received) my basic postfix configure (for my server, I ver change anything on my desktop) http://dodin.info/wiki/index.php?n=Doc.PostfixConfigure jdd -- http://www.dodin.org -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 6/15/2014 12:57 AM, Dirk Gently wrote:
Carlos E. R. wrote:
Thus email that is sent to root has to be redirected to another user instead. After all, root should never be logged in an GUI and run a mail client, and will never see those emails.
The setting "send ROOT mail to XYZ user" is an intentional security setting.
Didn't know that.
That's really fucked up. I understand the reasoning, but I also understand the downside of making a "special user" who isn't root... either you put all the system mail-reading one one user, or you have to set up a 2nd admin account, and make the admin login to both root AND the system-mail receiving account.
Not exactly what I would call a good idea.
Well just about every distro does call that a good idea. Its one less reason to log in as root. Even HOME machines have one user who is a "special user", who installed and maintains the OS. Big organizations have sys-admins that maintain dozens or hundreds of machines and need roots mail. This is a choice you make at set-up time. You aren't *forced* into it. You have the option of allowing root to collect their own mail, forwarding it to an off-machine admin, or sending it to a user of choice on the local machine. Most Distros *nominate* the first user installed (as a part of the setup) as the user that gets root's mail. But its strictly your choice. My choice on servers is to forward all of roots mail to an off-machine account so that anyone who gains root will not be able to delete the mails. For personal machines, I send root-mail to my normal user account. That gets checked daily. But root's mail could languish for weeks or months, because I never log in as root other than to do maintenance. You are probably alone in your inability to see the problem with running thunderbird as root. I doubt it is audited to a sufficient level to assure that is a recommended practice. Most recommend never running any kind of GUI as root. -- _____________________________________ ---This space for rent--- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Dirk Gently wrote:
The purpose of sudo is to allow a non-privileged user to execute a limited number of commands as root, WITHOUT giving the root password to the user.
That is 1 application and sudo can be configured that way. It doesn't come preconfigured that way, as who would be able to make up the commands a home user is allowed to run on their own system as 'root' without them knowing the password? It doesn't make sense for OSuse.
Both Ubuntu and openSuSE are set up wrong.
---- Ubuntu seems to be setup with no security other than 'user'. I can give out user logins on my system w/o giving out root. (The users I might give out a login to are housemates... not hackers, so they wouldn't be likely to try to leverage the user password to get root access -- most of them find logging on challenging enough). -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 15/06/14 12:24, Linda Walsh wrote:
Dirk Gently wrote:
The purpose of sudo is to allow a non-privileged user to execute a limited number of commands as root, WITHOUT giving the root password to the user.
That is 1 application and sudo can be configured that way. It doesn't come preconfigured that way, as who would be able to make up the commands a home user is allowed to run on their own system as 'root' without them knowing the password?
It doesn't make sense for OSuse.
Both Ubuntu and openSuSE are set up wrong.
---- Ubuntu seems to be setup with no security other than 'user'.
Correct - which is the default when installed it. However, if one knows what to do, one can then create a ROOT with his/her own password to do "all sorts of unspeakable things to the system (ooooh!)" :-) . But how to do this is clouded in 'mystery and intrigue' and only made known by getting really pally with The High Priests :-) .
I can give out user logins on my system w/o giving out root. (The users I might give out a login to are housemates... not hackers, so they wouldn't be likely to try to leverage the user password to get root access -- most of them find logging on challenging enough).
BC -- Using openSUSE 13.1, KDE 4.13.1 & kernel 3.15.0-1 on a system with- AMD FX 8-core 3.6/4.2GHz processor 16GB PC14900/1866MHz Quad Channel RAM Gigabyte AMD3+ m/board; Gigabyte nVidia GTX660 GPU -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 2014-06-15 08:26, Basil Chupin wrote:
However, if one knows what to do, one can then create a ROOT with his/her own password to do "all sorts of unspeakable things to the system (ooooh!)" :-) . But how to do this is clouded in 'mystery and intrigue' and only made known by getting really pally with The High Priests :-) .
Huh? I did it myself on the only ubuntu system I touched about two minutes after sitting on the chair, without asking for help to anyone or googling it. -- Cheers / Saludos, Carlos E. R. (from 13.1 x86_64 "Bottle" at Telcontar)
On 16/06/14 04:51, Carlos E. R. wrote:
On 2014-06-15 08:26, Basil Chupin wrote:
However, if one knows what to do, one can then create a ROOT with his/her own password to do "all sorts of unspeakable things to the system (ooooh!)" :-) . But how to do this is clouded in 'mystery and intrigue' and only made known by getting really pally with The High Priests :-) . Huh? I did it myself on the only ubuntu system I touched about two minutes after sitting on the chair, without asking for help to anyone or googling it.
"Now that was good, very good, Carlos. "And now for your next task which is worth $100....." O:-) . (Actually, there is some doco in Ubuntu's Community Documentation, and Launchpad, on how to do this - but I have never bothered to do so because 'sudo' did almost everything.) BC -- Using openSUSE 13.1, KDE 4.13.2 & kernel 3.15.0-1 on a system with- AMD FX 8-core 3.6/4.2GHz processor 16GB PC14900/1866MHz Quad Channel RAM Gigabyte AMD3+ m/board; Gigabyte nVidia GTX660 GPU -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Carlos E. R. wrote:
On 2014-06-11 16:22, James Knott wrote:
On 06/11/2014 08:40 AM, Billie Walsh wrote:
In this configuration it is very much like running Linux except I have seen no kind of "sudo". You have to use the administrator password.
In W7, you have to provide the admin password to run admin stuff. However, there are still some things that still require you to be logged in as root.
Yes, I have some windows applications that fail as user, even if they ask for the administrator password.
Oh yes, plenty of those. They are a testament to the skill level of the average Windows programmer, methinks. -- Per Jessen, Zürich (21.2°C) http://www.hostsuisse.com/ - virtual servers, made in Switzerland. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
Per Jessen wrote:
Carlos E. R. wrote:
On 2014-06-11 16:22, James Knott wrote:
On 06/11/2014 08:40 AM, Billie Walsh wrote:
In this configuration it is very much like running Linux except I have seen no kind of "sudo". You have to use the administrator password.
In W7, you have to provide the admin password to run admin stuff. However, there are still some things that still require you to be logged in as root.
Yes, I have some windows applications that fail as user, even if they ask for the administrator password.
Oh yes, plenty of those. They are a testament to the skill level of the average Windows programmer, methinks.
That, and the fact that Windows is a particularly programmer-hostile environment, such that a higher level of skill is NECESSARY to write properly-working programs on Windows. Windows programmers have to be aware of, and spend a lot of extra time and effort programming around Microsoft's deficiencies. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 11/06/14 22:40, Billie Walsh wrote:
On 06/11/2014 02:08 AM, Basil Chupin wrote:
But who cares about security, really? If they did nobody would be running Windows, eg. Now, of all the group of people who would be - or should be! - worried by security are corporations but how many are using Windows, eg?
I have two computer that run Windows 7. One is set up as a two user system, administrator and myself, the other is a three user setup, Administrator, my best half and myself. Only the administrative user has any administrative privileges. In this configuration it is very much like running Linux except I have seen no kind of "sudo". You have to use the administrator password.
My reference to security when mentioning Windows, and other closed systems, is bring made with a broad brush and not simply confined to the use, or not use of, "sudo" or similar. I have Windows 7 Professional installed and don't have any special settings for "Administrator" - just like I didn't have such special settings when running XP, eg, many years ago, and just like the normal "Joe in the street" doesn't do when s/he has Windows installed. YOU know about the use of Administrator access so you have consciously configured your Windows systems to use the Admin. configuration. But the "joe in the street" hasn't a clue about this. I know about it but my W7Pro is not setup to do so because I only use W7Pro once in a blue moon. But this "sudo" thing is not what I was stressing. It is the overall insecurity of W and other closed-source systems. Having said this, I know about the recent problem with SSL - meaning that even opensource is subject to containing serious boo-boos. But not like the "others" where there is a flourishing third-party business finding and then creating at a cost protection against the malware which could be done away with by the correct coding of programs. Slightly off this subject of security, but an illustration of what I am talking about re the whole scene being a money-spinner by design. Way back in the early 90s there was an upstart which produced an application to quickly and efficiently defragment an HDD with Windows partitions containing DOS/NTFS files. I cannot remember its name - possibly it was called something like Diskkeeper or some such, but I cannot remember. Anyway, it was fast and it did a bloody good job. So, MS bought this upstart for ?$$$$ and incorporated this defragmenter in its Windows s/ware. But when they did this they also emasculated it so that it became one of the most crappiest defragmenters around: slow like a turtle with arthritis. It is still used in Window 7. I tried to defragment a small partition (~60GB) using this W defragmenter and it took over 50 minutes [#]. But using another application - O&O Defrag Professional ( a German product - you reading this Oh Great PITA-you-know-who?!) a much larger partition (~100GB) with almost double the number of files was defragmented in around 15minutes. There is no incentive to "go Linux" because "Follow the money" is the mantra. (Have you seen the film The Wolf of Wall Street?) [#] And when I then used O&O Defrag to defrag this same partition after it was "defragmented" by W7 it is still had work to do to complete the defrag done by the W7 defrag. Dont' believe me? Try it yourself. DISCLAIMER: I do not have any financial, or otherwise, association with O&O Defrag, nor with any organisation or group which, nor person or persons who, is less than impressed by MS and its products. BC -- Over the years you've helped raise awareness of a number of issues but the main one has been what a pain in the arse you are. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 2014-06-12 14:17, Basil Chupin wrote:
On 11/06/14 22:40, Billie Walsh wrote:
I have Windows 7 Professional installed and don't have any special settings for "Administrator" - just like I didn't have such special settings when running XP, eg, many years ago, and just like the normal "Joe in the street" doesn't do when s/he has Windows installed.
YOU know about the use of Administrator access so you have consciously configured your Windows systems to use the Admin. configuration. But the "joe in the street" hasn't a clue about this.
Many Windows professionals do know that they should install an admin account and separate user accounts, and they do. Microsoft recommends this, but does not enforce it.
Slightly off this subject of security, but an illustration of what I am talking about re the whole scene being a money-spinner by design. Way back in the early 90s there was an upstart which produced an application to quickly and efficiently defragment an HDD with Windows partitions containing DOS/NTFS files. I cannot remember its name - possibly it was called something like Diskkeeper or some such, but I cannot remember. Anyway, it was fast and it did a bloody good job. So, MS bought this upstart for ?$$$$ and incorporated this defragmenter in its Windows s/ware.
I thought they used the Norton or the PC-tools defragmenter, at least in MsDOS 5 or 6. I compared both and they were the same, just that the MS version had fewer options. I did not compare speed, or it was so long ago that I don't remember. I actually thought of writing my own defragmenter. I had a lot of ideas to speed it up.
[#] And when I then used O&O Defrag to defrag this same partition after it was "defragmented" by W7 it is still had work to do to complete the defrag done by the W7 defrag. Dont' believe me? Try it yourself.
Well, when I used the Norton defragmenter, and then the PC-tools one, it found things to do. And if I then run the Norton one, it also found things to do. Order did not matter. The reason is that each one has a different idea of how the clusters should be ordered, not that they do it badly or not. -- Cheers / Saludos, Carlos E. R. (from 13.1 x86_64 "Bottle" at Telcontar)
On 12/06/14 22:33, Carlos E. R. wrote:
On 2014-06-12 14:17, Basil Chupin wrote:
On 11/06/14 22:40, Billie Walsh wrote:
I have Windows 7 Professional installed and don't have any special settings for "Administrator" - just like I didn't have such special settings when running XP, eg, many years ago, and just like the normal "Joe in the street" doesn't do when s/he has Windows installed.
YOU know about the use of Administrator access so you have consciously configured your Windows systems to use the Admin. configuration. But the "joe in the street" hasn't a clue about this. Many Windows professionals do know that they should install an admin account and separate user accounts, and they do. Microsoft recommends this, but does not enforce it.
Slightly off this subject of security, but an illustration of what I am talking about re the whole scene being a money-spinner by design. Way back in the early 90s there was an upstart which produced an application to quickly and efficiently defragment an HDD with Windows partitions containing DOS/NTFS files. I cannot remember its name - possibly it was called something like Diskkeeper or some such, but I cannot remember. Anyway, it was fast and it did a bloody good job. So, MS bought this upstart for ?$$$$ and incorporated this defragmenter in its Windows s/ware. I thought they used the Norton or the PC-tools defragmenter, at least in MsDOS 5 or 6. I compared both and they were the same, just that the MS version had fewer options. I did not compare speed, or it was so long ago that I don't remember.
I don't recall MS having any defrag service in the system - they relied solely on 3rd-party apps like the one I mentioned (?Diskkeeper). They only introduced a defrag app after they bought (?)Diskkeeper.
I actually thought of writing my own defragmenter. I had a lot of ideas to speed it up.
So, you see it appears that W had no defragmenter which made you want to write one, right? :-) Oh, I have to clarify this: whatever defrag apps which were available at the time BEFORE (?)Diskkeeper came along WERE damn slow I remember that now that you mention it :-) .
[#] And when I then used O&O Defrag to defrag this same partition after it was "defragmented" by W7 it is still had work to do to complete the defrag done by the W7 defrag. Dont' believe me? Try it yourself. Well, when I used the Norton defragmenter, and then the PC-tools one, it found things to do. And if I then run the Norton one, it also found things to do. Order did not matter.
The reason is that each one has a different idea of how the clusters should be ordered, not that they do it badly or not.
If you are, or anyone you know, is running Windows then I suggest getting a free, 30-day evaluation, copy of O&O Defrag Professional- http://www.oo-software.com/en and try it out. There are several ways to defrag the HDD - including wiping clean the empty blocks. The quickest defrag is called STEALTH but then there others....... Best to see for yourself when you use it. But what is the most inspiring this about all this is that Linux- openSUSE - has no need for all this defragmentation of the HDD! LLL(tm)! (Translated: Long Live Linux!) BC -- Over the years you've helped raise awareness of a number of issues but the main one has been what a pain in the arse you are. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 2014-06-12 15:13, Basil Chupin wrote:
On 12/06/14 22:33, Carlos E. R. wrote:
I thought they used the Norton or the PC-tools defragmenter, at least in MsDOS 5 or 6. I compared both and they were the same, just that the MS version had fewer options. I did not compare speed, or it was so long ago that I don't remember.
I don't recall MS having any defrag service in the system - they relied solely on 3rd-party apps like the one I mentioned (?Diskkeeper). They only introduced a defrag app after they bought (?)Diskkeeper.
I do, and I can prove it. Look at the photo: http://susepaste.org/33797941 :-) That is my MS Dos version 6.22, installed inside vmplayer. It is in Spanish, but you can surely identify it as a defragmenter made by Norton Utilities. They paid them to include the defragmenter, but they did not buy the company. And it had much fewer options than the one you could buy directly from Norton.
I actually thought of writing my own defragmenter. I had a lot of ideas to speed it up.
So, you see it appears that W had no defragmenter which made you want to write one, right? :-)
No, I was thinking of the idea on MsDos times, and I wanted to do it because I believed that I could do it better than the commercial versions available. I also considered whether I would be able to do it without stopping the system, but that would be in Windows, IIRC.
Oh, I have to clarify this: whatever defrag apps which were available at the time BEFORE (?)Diskkeeper came along WERE damn slow I remember that now that you mention it :-) .
Yes, they were slow. I don't remember well the strategies I thought about, but I think it was reading as many sectors in one go into memory, and then writing all that into the final destination in one go. You only needed to empty a big enough chunk at the start of the disk to start with. The products I tried appeared to work file by file or sector by sector. But that was 20 years ago, at least... I don't remember the details.
If you are, or anyone you know, is running Windows then I suggest getting a free, 30-day evaluation, copy of O&O Defrag Professional-
I do use it, yes, but I don't feel the need to defrag it, either. NTFS seems to be more resilient - and also more dangerous to tamper with. -- Cheers / Saludos, Carlos E. R. (from 13.1 x86_64 "Bottle" at Telcontar)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 06/12/2014 01:04 PM, Carlos E. R. wrote:
I do, and I can prove it. Look at the photo:
On any win 7 or later you can go to Task Manager, then click Services tab and even though you are undoubtedly running NTFS, you will see a defragsvc as one of the services. It might be stopped, because Windows doesn't run it all the time, only during your scheduled disk defrags. And this is on the file system they promised would never need a defrag. - -- Explain again the part about rm -rf / -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.19 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iEYEARECAAYFAlOaQ20ACgkQv7M3G5+2DLIsUACgpcPUW7BQHrOtVKJw4ytVENr0 FDoAnROOpgCbs8weVGszMZKX1Sfxz+2S =toeo -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
John Andersen wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 06/12/2014 01:04 PM, Carlos E. R. wrote:
I do, and I can prove it. Look at the photo:
On any win 7 or later you can go to Task Manager, then click Services tab and even though you are undoubtedly running NTFS, you will see a defragsvc as one of the services.
It might be stopped, because Windows doesn't run it all the time, only during your scheduled disk defrags.
And this is on the file system they promised would never need a defrag.
Has there ever been a claim or promise that Microsoft has actually delivered on? -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 06/12/2014 08:33 AM, Carlos E. R. wrote:
I thought they used the Norton or the PC-tools defragmenter, at least in MsDOS 5 or 6. I compared both and they were the same, just that the MS version had fewer options. I did not compare speed, or it was so long ago that I don't remember.
As one who ran OS/2 with the HPFS file system, I always wondered why people should have to defrag the disk. HPFS, which, incidentally, was created by Microsoft, was fragmentation resistant, as is any decent file system. Microsoft inspired a lot of bad practices. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
James Knott wrote:
On 06/12/2014 08:33 AM, Carlos E. R. wrote:
I thought they used the Norton or the PC-tools defragmenter, at least in MsDOS 5 or 6. I compared both and they were the same, just that the MS version had fewer options. I did not compare speed, or it was so long ago that I don't remember.
As one who ran OS/2 with the HPFS file system, I always wondered why people should have to defrag the disk. HPFS, which, incidentally, was created by Microsoft, was fragmentation resistant, as is any decent file system. Microsoft inspired a lot of bad practices.
Most of the damage to standards and quality in computer software originate completely in Redmond, WA. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 06/12/2014 07:17 AM, Basil Chupin wrote:
My reference to security when mentioning Windows, and other closed systems, is bring made with a broad brush and not simply confined to the use, or not use of, "sudo" or similar.
By creating an administrative user and a user with no admin privileges it is the first line of security. The sudo comment was kind of an aide. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On Tue, 2014-06-10 at 22:23 -0700, Linda Walsh wrote:
John Andersen wrote:
Most distros set up sudo to require people be on the sudoers list AND to use their OWN password. Some make the first user account (created at at installation time) a member of wheel, and able to do all sudo functions by default, but still require only that user's password.
---- That's sounds weird.
I've always had to type a root password to get root-enabled -- never my own. That's not very secure -- i.e. if someone hacks my PW they get root? root's PW was another layer of security. You say most other distros are _that_ insecure?
Ouch!
The question is why does Opensuse stand alone in this practice?
Security?
Ubuntu do that. They discourage having a root password. The first user you create is the only user who can sudo. You use the user's password. L -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
lynn wrote:
On Tue, 2014-06-10 at 22:23 -0700, Linda Walsh wrote:
John Andersen wrote:
Most distros set up sudo to require people be on the sudoers list AND to use their OWN password. Some make the first user account (created at at installation time) a member of wheel, and able to do all sudo functions by default, but still require only that user's password.
---- That's sounds weird.
I've always had to type a root password to get root-enabled -- never my own. That's not very secure -- i.e. if someone hacks my PW they get root? root's PW was another layer of security. You say most other distros are _that_ insecure?
Ouch!
The question is why does Opensuse stand alone in this practice?
Security?
Ubuntu do that. They discourage having a root password. The first user you create is the only user who can sudo. You use the user's password.
Which is taking a good idea and making it totally stupid.
L
-- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
John Andersen wrote:
On 6/9/2014 9:47 AM, lynn wrote:
Why can't I run commands as sudo? e.g. lynn@catral:~> sudo automount -m root's password: sudo: automount: command not found Fails, but:
Which reminds me..... Why does Opensuse continue to require root's password for sudo?!!
I don't run every distro, but I run a lot of them in addition to a couple BDS flavors, and OS is the only one where you have to hand out root's password to anyone who might need to do some trivial task such as automount or starting samba or some such.
I can remember when sudo was broken and this was necessary but that is a long time ago, and I see no reason for this to continue. A rational structuring of the sudo configurations would seem to long overdue so that we could get away from this like everybody else.
Especially considering that the ENTIRE PURPOSE of sudo is to get rid of the need to hand out the root password. Any version or configuration of sudo which requires the use of the root password is fundamentally broken -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
On 2014-06-09 18:47, lynn wrote:
13.1 Hi Why can't I run commands as sudo? e.g. lynn@catral:~> sudo automount -m root's password: sudo: automount: command not found Fails, but:
Try sudo /usr/sbin/automount -m instead. It is not in lynn's path ;-) -- Cheers / Saludos, Carlos E. R. (from 13.1 x86_64 "Bottle" at Telcontar)
On Tue, 2014-06-10 at 01:08 +0200, Carlos E. R. wrote:
On 2014-06-09 18:47, lynn wrote:
13.1 Hi Why can't I run commands as sudo? e.g. lynn@catral:~> sudo automount -m root's password: sudo: automount: command not found Fails, but:
Try
sudo /usr/sbin/automount -m
instead. It is not in lynn's path ;-)
K bueno. ¡Gracias por el sentido común! L x -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org
participants (18)
-
Anton Aylward
-
Basil Chupin
-
Bernhard Voelker
-
Billie Walsh
-
Bob Williams
-
Carlos E. R.
-
Cristian Rodríguez
-
Dirk Gently
-
James Knott
-
jdd
-
Jim Henderson
-
John Andersen
-
Ken Schneider - openSUSE
-
Linda Walsh
-
lynn
-
Patrick Shanahan
-
Per Jessen
-
Ruediger Meier