|
Misogynist posted:This is as good a thread as any, at the moment, but I'd be more concerned with the high post volume in here drowning out your questions than anything else. Mostly, I'm curious if there exists a reputable guide to editing the sudoers file. I noticed when playing around with permissions that the system "reports" users that attempt to use sudo without having access to do so. Obligatory XKCD:  That said, I couldn't find any such reports, which led me to the sudoers file. Problem is, there don't seem to be any solid descriptions for a dumbo like me that say "enter something like "x" if you want y to happen." I should just buy a book, huh? :\
|
#
?
Feb 9, 2013 12:55
|
|
|
|
| # ? Jun 13, 2024 06:40 |
|
|
One reputable guide to sudoers is the man page; it's a bit dense though. (The man page mentions this, but I'll emphasize it: always edit sudoers with visudo, which does a syntax check before saving the new file. If sudo is your only way of running as root -- as in Ubuntu's default configuration -- go one step further and leave a root shell running while you edit, so you can revert to a known-good copy if you mess something up. Also, keep a known-good copy.) The default sudoers file has a good set of examples that cover many common cases. Those reports are emails sent to root on the local machine. If you have sendmail or another mail server properly configured, it should just work. You can configure how sudo sends mail in sudoers (search the man page for "mail"). A lot of Unix-style software likes to send mail to root, so it's common practice to forward root's mail to the administrator's account.
|
|
#
?
Feb 9, 2013 13:21
|
|
|
I am wondering, is there a point in running a squid proxy locally for a single desktop and occasionally a tablet and smartphone? I've absolved my DSL router of its routing functionality and am using a virtual machine for it (which would be where squid would go to, too).
|
|
#
?
Feb 9, 2013 14:10
|
|
|
Combat Pretzel posted:I am wondering, is there a point in running a squid proxy locally for a single desktop and occasionally a tablet and smartphone? I've absolved my DSL router of its routing functionality and am using a virtual machine for it (which would be where squid would go to, too). Not really, no, Learning Squid, I guess.
|
|
#
?
Feb 9, 2013 18:03
|
|
|
Combat Pretzel posted:I am wondering, is there a point in running a squid proxy locally for a single desktop and occasionally a tablet and smartphone? I've absolved my DSL router of its routing functionality and am using a virtual machine for it (which would be where squid would go to, too). Potentially speed things up if your connection is slow as piss? You can also do fun things like flip the images backwards.
|
|
#
?
Feb 9, 2013 18:08
|
|
|
Gorilla Salsa posted:Mostly, I'm curious if there exists a reputable guide to editing the sudoers file. I noticed when playing around with permissions that the system "reports" users that attempt to use sudo without having access to do so. Obligatory XKCD: Check /var/log/auth.log As was previously stated it will fire a mail to root but most desktop distros don't have mail setup so that root gets forwarded to any accounts because it would be extremely confusing to a layman why "You have new mail in /var/mail/$USERNAME" randomly comes up when they open the terminal. Combat Pretzel posted:I am wondering, is there a point in running a squid proxy locally for a single desktop and occasionally a tablet and smartphone? I've absolved my DSL router of its routing functionality and am using a virtual machine for it (which would be where squid would go to, too). If you had a really low bandwidth cap and you wanted to save every single possible byte by using a caching proxy?
|
|
#
?
Feb 9, 2013 19:10
|
|
|
I've got another fun question about Kickstart. I'm pretty sure I've got my ks.cfg set up correctly now and the installation appears to begin as normal, but after the partitions are set up I get an error reading:code:
|
|
#
?
Feb 10, 2013 00:27
|
|
|
I am seriously at the end of my chain with Syslinux documentation... I have been reading tutorials and wikis and FAQs for six hours and I still can do anything at all. My situation is very simple: I have a usb flash drive, whose first partition is a FAT32 partition for sharing files between windows and linux machines. The second partition is an extended partition with logical partitions to contain different distros of linux. It a foolish attempt to move away from Grub Legacy, I have been trying to use Syslinux and Extlinux make this multi-partition usb drive multi-bootable. I have Syslinux installed on the first partition and the MBR of the usb drive. It works fine. Syslinux, unlike Grub legacy, cannot boot kernels on different partitions that itself. I thought it would be trivial to install extlinux on the logical partition containing the distro I want to boot and chain load it from the first syslinux. boy was I wrong. Has anyone tried to do something similar using Syslinux? I'm only interested in doing it with Syslinux because I already know how to do it with Grub Legacy and I abhor Grub2...
|
|
#
?
Feb 11, 2013 03:36
|
|
|
What's so bad about GRUB2?
|
|
#
?
Feb 11, 2013 03:56
|
|
|
fivre posted:What's so bad about GRUB2? I prefer writing simple configuration files rather than having to deal with the output of a script that thinks it knows what I want but doesn't? I mostly just don't like to use things that are more complex than I need them to be. I only decided to stop using grub legacy because I thought it would be a good idea to learn something more modern. Someone in this very thread (I think) pointed me towards Syslinux. On the surface, Syslinux's simple customization is exactly what I want, but getting it to do even a fraction of what I could do with Grub Legacy seems impossible. I am obviously relatively new to linux, but I seem to have read everything I can find on chainloading with Syslinux and it's a bunch of contradictory mumbo-jumbo and none of it works in my situation.
|
|
#
?
Feb 11, 2013 04:10
|
|
|
Snak posted:I prefer writing simple configuration files rather than having to deal with the output of a script that thinks it knows what I want but doesn't? So... just write your own grub2 configuration file? You don't have to use whatever script is on your system to write one for you.
|
|
#
?
Feb 11, 2013 04:48
|
|
|
ShoulderDaemon posted:So... just write your own grub2 configuration file? You don't have to use whatever script is on your system to write one for you. I'm sure that's what I'll end up doing in the future, but the last time I tried to use syslinux i tried for says to make it work before giving up and going back to grub legacy. Now that I've wasted my entire day off learning about syslinux I'm not particularly eager to give up and spend my next day off learning about grub2. It really shouldn't be this hard just to set up a bootloader!
|
|
#
?
Feb 11, 2013 04:58
|
|
|
I made a user on my beaglebone (running Angstrom), with its own password, everything separate from root, but I can type su or su <user> to move back and forth between root and the user with no password. How is this supposed to work? It doesn't make sense that I can log on as a user and then get root by just typing su. Also, I still cannot get my .bashrc or .profile to be recognized by the system. I put them in /home, that didn't work, so I tried /home/root, /home/<user>, nothing. Are those the right directories?
|
|
#
?
Feb 11, 2013 05:02
|
|
|
Kire posted:I made a user on my beaglebone (running Angstrom), with its own password, everything separate from root, but I can type su or su <user> to move back and forth between root and the user with no password. How is this supposed to work? It doesn't make sense that I can log on as a user and then get root by just typing su. Is su installed?
|
|
#
?
Feb 11, 2013 06:27
|
|
|
Kire posted:I made a user on my beaglebone (running Angstrom), with its own password, everything separate from root, but I can type su or su <user> to move back and forth between root and the user with no password. How is this supposed to work? It doesn't make sense that I can log on as a user and then get root by just typing su. Let's examine Angstroms FAQ on security which is easily google-able. quote:Angstrom is currently being developed without specific consideration to security issues. Defining "security" as "protection against access to your data by someone you did not authorize", several aspects of such protection can be listed. These are complicated by the fact that Angstrom mostly runs on PDA-style devices, which are physically small, and also lack much computing power. Depending on your usage pattern, one or more of the following aspects may apply: From your previous posts it seems like you're really wet behind the ears in regards to unix. Is there a reason you don't want to run ubuntu or debian on your beaglebone? It seems like it would be easier for you.
|
|
#
?
Feb 11, 2013 08:54
|
|
|
quote:Local access. Angstrom is focused on ease-of-use which requires the root account to have no password, and an X session to be fully accessible by any processes on the local machine (xhost + localhost). What a spectacularly bad idea.
|
|
#
?
Feb 11, 2013 17:16
|
|
|
"These are complicated by the fact that Angstrom mostly runs on PDA-style devices, which are physically small, and also lack much computing power." Wait, what? was this written in 1998 or something, when "PDAs" a) existed b) sucked c) weren't an issue? Don't you WANT more local security on a smaller device that may contain user data because it's easier for someone to just gently caress off with it?
|
|
#
?
Feb 11, 2013 17:22
|
|
|
My work laptop has an account with no sudo lockout, so I can become root at any time. I don't use LUKS for various reasons, so I figure that if an attacker gets my laptop, it's compromised anyway, why even hide it.
|
|
#
?
Feb 11, 2013 17:47
|
|
|
This is just a rant, but why do they have spins of Fedora for XFCE, LXDE, but not MATE?
|
|
#
?
Feb 11, 2013 21:46
|
|
|
Bob Morales posted:This is just a rant, but why do they have spins of Fedora for XFCE, LXDE, but not MATE? I think they are planning to, but it isn't ready yet. MATE is supported in the official repos, they just don't have a prepackaged installer ISO for it.
|
|
#
?
Feb 11, 2013 21:54
|
|
|
Does anyone have any experience with making repquota work with nfs mounts? DirectAdmin relies on it.
|
|
#
?
Feb 11, 2013 22:00
|
|
|
If I ran top on a linux VPS, would it show me CPU/RAM Usage for the whole (physical) server, or just for my (Virtual) Server?
|
|
#
?
Feb 12, 2013 01:24
|
|
|
Jumpingmanjim posted:If I ran top on a linux VPS, would it show me CPU/RAM Usage for the whole (physical) server, or just for my (Virtual) Server? I'm going to go out on a limb and say just your virtual server. Letting a VPS have any access to a host CPU sounds all kinds of bad.
|
|
#
?
Feb 12, 2013 01:35
|
|
|
Doctor w-rw-rw- posted:I'm going to go out on a limb and say just your virtual server. Letting a VPS have any access to a host CPU sounds all kinds of bad. Yeah thats what I thought, but I want to be able to rely on top so I know i'm not upsetting the hosting company.
|
|
#
?
Feb 12, 2013 01:54
|
|
|
With pure-ftpd, is there a way to make it so you can only upload, you can't download? I can kinda accomplish this using upload/download ratio & bandwidth throttling, but I was wondering if there is a better way to do it?
|
|
#
?
Feb 12, 2013 04:12
|
|
|
Jumpingmanjim posted:If I ran top on a linux VPS, would it show me CPU/RAM Usage for the whole (physical) server, or just for my (Virtual) Server? top is only going to show activity on the VCPUs, i.e. not the host and no information on the hypervisor. You need fancy VMWare/Xen monitoring stuff for that. That said, if your CPU usage is that high, either your VPS provider should know how to handle it/contact you or they're idiots. No luck elsewhere, but just in case someone here knows: there's no hardware implementation of something like Synergy, is there? I've got two workstations that I'd like to control with one set of input devices, but they can't reach each other over the network. Just to be clear, I know about hardware KVMs, but I've never seen any dedicated hardware that could automatically switch between machines.
|
|
#
?
Feb 12, 2013 04:44
|
|
|
fletcher posted:With pure-ftpd, is there a way to make it so you can only upload, you can't download? I can kinda accomplish this using upload/download ratio & bandwidth throttling, but I was wondering if there is a better way to do it? Set permissions on the directory to read or write, only. An old trick was to find an ftp server that let you list (and then download) files from the /incoming directory. Free warez server until the admin notices it's filled with .rar files or exceeding bandwidth limits.
|
|
#
?
Feb 12, 2013 04:47
|
|
|
Looks like I'll need to rebuild my Arch box. Logging is broken and I haven't migrated to systemd (init scripts are disappearing :/ ). Backing up service configs and stuff is pretty easy, especially on Arch. Only thing that terrifies me is making sure my array is detected and brought up correctly. It's a 6 disk LVM+mdadm array, anyone have input/advice?
|
|
#
?
Feb 12, 2013 05:58
|
|
|
I really don't know what I'm doing. I'm trying to share a FAT usb stick plugged into my RPi running Raspbian. I installed usbmount and uncommented FS_MOUNTOPTIONS="-fstype=vfat,gid=floppy,dmask=0007,fmask=0117" in its conf files. Then I added "pi" (the default login) and "nobody" to the "floppy" group. The USB stick is now mounted at /media/usb and is locally read/writable when I'm logged in as "pi" I installed nfs-kernel-server and nfs-common, then added /media/usb *(rw,all_squash,no_subtree_check,insecure) to the exports file and restarted nfs-kernel-server without any errors. Now I'm able to mount the NFS share from my Mac, but it doesn't have read or write permissions. What am I missing? Everything I've figured out so far has come from bits and pieces I've googled together because I really don't know what I'm doing.
|
|
#
?
Feb 12, 2013 05:59
|
|
|
Generally with nfs the user/group has to exist on both the server and client. If you don't do this you'll have some weird behavior.
|
|
#
?
Feb 12, 2013 06:18
|
|
|
Are you sure? I've been poking at this all evening, and at one point had it mounted up read-only on my mac, but I've reinstalled the OS a few times trying to get it right. Eventually my NFS client will be a very closed up embedded audio playback machine called a Digicart/E that will only read music files from proprietary formatted Zip250 discs, or NFS shares. Adding a user account on the client machine won't be an option.
|
|
#
?
Feb 12, 2013 06:28
|
|
|
Bob Morales posted:Set permissions on the directory to read or write, only. An old trick was to find an ftp server that let you list (and then download) files from the /incoming directory. Free warez server until the admin notices it's filled with .rar files or exceeding bandwidth limits. Ideally I would like for them to be able to list the files still, just not be able to download anything. Is that possible with directory permissions?
|
|
#
?
Feb 12, 2013 06:43
|
|
|
Try setting the umask to 777 or permissions to 000 or something like that.
|
|
#
?
Feb 12, 2013 06:59
|
|
|
fletcher posted:Ideally I would like for them to be able to list the files still, just not be able to download anything. Is that possible with directory permissions? Edit: This could also be done in a bash script using an infinite loop and code:waffle iron fucked around with this message at 07:35 on Feb 12, 2013 |
|
#
?
Feb 12, 2013 07:00
|
|
|
eddiewalker posted:Are you sure? I've been poking at this all evening, and at one point had it mounted up read-only on my mac, but I've reinstalled the OS a few times trying to get it right. It doesn't really matter too much what the user/group is so long as they exist. Did you setup idmap.conf? Take a look at this guide for some more info. Edit: Actually this has more info, is you're using NFSv4 the user/group thing isn't required. Ashex fucked around with this message at 07:12 on Feb 12, 2013 |
|
#
?
Feb 12, 2013 07:06
|
|
|
Ashex posted:Looks like I'll need to rebuild my Arch box. Logging is broken and I haven't migrated to systemd (init scripts are disappearing :/ ). You might get away with just installing systemd since that has built-in logging (journald) and you can make it use whatever syslog you want later.
|
|
#
?
Feb 12, 2013 12:38
|
|
|
Ashex posted:It doesn't really matter too much what the user/group is so long as they exist. Did you setup idmap.conf? Take a look at this guide for some more info. Adding "anonuid=0,anongid=0" to my export parameters seemed to fix it. I don't know what that means or if its ideal/secure, but for two lonely devices connected via a crossover cable, it works.
|
|
#
?
Feb 12, 2013 18:45
|
|
|
eddiewalker posted:Adding "anonuid=0,anongid=0" to my export parameters seemed to fix it. I don't know what that means or if its ideal/secure, but for two lonely devices connected via a crossover cable, it works. Let me guess, you have all_squash enabled? Alternatively you don't have permissions on your shared directory setup correctly. You just set it so logging in with an anonymous account (nobody) gives you super user (root) access which is, I suppose, a technically valid way of avoid uid issues. Why are you using NFS instead of samba anyway? Longinus00 fucked around with this message at 19:23 on Feb 12, 2013 |
|
#
?
Feb 12, 2013 19:14
|
|
|
Longinus00 posted:Why are you using NFS instead of samba anyway? These relatively modern, but stupid $5000 audio players will only read from proprietary format Zip disks or NFS shares. Currently, the best way to get audio into the closed system is playing it back real-speed and recording.  I'm trying to set up a way to drop audio files onto a thumbdrive, plug it into a Raspberry Pi, then access them from the Digicart machine via NFS. All of the manufacturers instructions are step-by-step screenshots for setting up NFS with "Unix services for Windows" with no mention of permissions. I think I've got it going, though. I hope to try it in a live environment this weekend.
|
|
#
?
Feb 12, 2013 19:50
|
|
|
|
| # ? Jun 13, 2024 06:40 |
|
|
fletcher posted:Ideally I would like for them to be able to list the files still, just not be able to download anything. Is that possible with directory permissions? Set the directory +r-x - read permission will let them list the directory contents, but without execute permission they can't access anything in the directory.
|
|
#
?
Feb 12, 2013 19:52
|
|
