|
covener posted:This requires that: You've configured sudo to allow your unpriveleged user to run commands including 'rm' AND to remember passwords AND you're sharing userids/terminals (and your girlfriend explicitly called sudo rm -rf, there's no sudo voodoo that allows implicit privelege escalation across the system) I understand all that, point being that most people (in my experience) who use sudo do use it in a manner as outlined above AND most production unix type systems don't use sudo at all... Those who have access to root do their root tasks in a root shell, those who don't need it don't have access and those who only need some of it submit work requests to those who do have it. Places with more complex privileged requirements than that often use a full blown MAC system instead of trying to emulate one with sudo and hoping that limited sudo users don't find ways to spawn shells or execute arbitrary commands from within the subset of binaries they can execute through sudo. Point being, I think that people tend to use sudo because it gives them a sense of greater security, however I think that sudo actually provides a FALSE sense of security in allowing more than people tend to think at first glance. To each their own... BTW: I just tested my original example case and found that apparently that behavior has been fixed.. which is nice 
|
#
¿
Aug 2, 2007 18:54
|
|
|
|
| # ¿ May 13, 2024 18:21 |
|
|
covener posted:People use sudo for convenience and not having to share a root password. Those are two big wins. This is what I'm getting at. What security advantage is there in not having a shared root password? If root access is being shared through a presumably limited sudo config it seems that you only have the perceived benefit of limiting root access until which time as someone finds a way to spawn a shell or execute an arbitrary child command. I don't even let my non-wheel users execute anything outside of a very limited chroot... Convenience and security have a inversely proportionate relationship in nearly every way. Why would you want people who you don't trust with your root password to be running commands with root privileges? quote:I don't think that behavior of sudo ever existed. That is possible, my knowledge of it was only second hand. And I never bothered testing it, since once the CTO declares something as not allowable there isn't much point in trying to implement something which doesn't add anything to the end user experience.
|
|
#
¿
Aug 2, 2007 19:09
|
|
|
-BokkeN- posted:I'm writing a PHP script to archive files using the exec function and tar. I don't want to store any directory information the occurs *before* the data I'm archiving. I'm using something along the lines of use magic quotes instead of ./* do code:code:
|
|
#
¿
Aug 7, 2007 23:53
|
|
|
indigoe posted:edit: Uhm, setup key only login via ssh and disable remote root login. Would be the lessons you should take away from this... quote:Any ideas how I can get the system to boot up again? Is it worth the effort? I really appreciate the help so far. If you didn't notice the machine had been rooted for at least a month AND based on the relative simplicity of the questions you've been asking I'd say you'd be way in over your head for cleaning any potential rootkits which may be installed at this point and go ahead and start from scratch using better security practices from square one.
|
|
#
¿
Aug 11, 2007 18:24
|
|
|
Magicmat posted:Quick question: I've decided to give Ubuntu a try. I'm trying to install it on the master drive of IDE chain 2, which is recognized as /dev/hdc in the Live CD. My problem is that I also want the bootloader on this drive, too. How can I tell which device to put down in the "Step 7 of 7 -> Advanced -> Device for bootloader installation"? I'm a little confused why you want to do it the way your are describing, since that would mean if you wanted to boot linux you'd need to change your bios boot device to hit the drive with grub on it... however.. the grub device to phsyical device mapping is in /boot/grub/device.map, the format is pretty straight forward. code:
|
|
#
¿
Aug 13, 2007 20:40
|
|
|
Col posted:Not a linux expert or anything, but I have a feeling that logical volume manager (LVM) is designed to do fancy things like resizing partitions possibly on the fly? Might be something to have a quick google about. quote:And just by the way, many people find it extremely useful to have /home on a separate partition (not least that you can reinstall the OS whilst retaining all of your settings for programs, personal files etc) This is great advice which bears being repeated every 2-3 pages of this thread
|
|
#
¿
Aug 13, 2007 20:43
|
|
|
Magicmat posted:No, I want to leave the Windows drive completely untouched. Absolutely no GRUB loading Windows. The idea here is that, when I feel like Linux I just put in the Linux drive and set the correct boot order in the BIOS. Then, when I want Windows again, I unplug the Linux drive and reset the boot order. I don't want to dual boot because I don't want an extra drive in my system taking up power and creating noise when I absolutely won't be using it, thus why I remove it when I'm not using Linux. Plus, I've had bad luck getting rid of GRUB on a Windows drive before. I don't want to repeat that. Are you high on crazy pills?!?! If you are going to be disconnecting and reconnecting power to your hard drives and reconfiguring your boot devices all the time you are one crazy mofo. That said, if you don't want to your windows disk to be touched even a little bit by your linux disk then just disable the windows disk in bios before installing linux from your live cd. If the only disk visible to your distro's installer is the fresh linux old target drive then you have yourself the very most basic config that installers are designed to handle. I'm not sure I understand why you want to go through so much trouble to "dual boot". edit: drat beaten!
|
|
#
¿
Aug 14, 2007 06:48
|
|
|
Col posted:As a random aside, I'm sure I remember burning a cd image on to a dvd as a kid. It blows my mind... I hole punched 5.25" disks to make them doubles sided as a kid. I'm going to go back to feeling old now.
|
|
#
¿
Aug 15, 2007 16:30
|
|
|
Scaevolus posted:You should try vim as well, but the learning curve is a bit steeper than emacs. Are you high on needle drugs?!?!?!?! vi is way simpler to learn than emacs.
|
|
#
¿
Aug 22, 2007 19:49
|
|
|
sund posted:I want to do mpd, asterisk and maybe myth-backend on the same machine eventually, so a general purpose distro would be better suited. Thanks though. Gentoo would be my #1 for this job. I've got 9 systems at work booting gentoo from 4gb thumb drives and logging to /var mounted on NFS. works a treat and the lack of crazy dependency hell that you get from redhat/suse/debian based distros just doesn't exist when you do gentoo minimal with a few exclusionary USE flags "-X11 -docs" etc...
|
|
#
¿
Aug 23, 2007 07:58
|
|
|
rugbert posted:Hey, does linux have a sweet spot when it comes to RAM like XP or vista? Depends on what you want to use it for. I find that for my general day to day usage (thunderbird + konsole + firefox + beryl) on a 1.8ghz core duo with centrino chipset I picked up a little performance from jumping to 2gb from 1gb, but I RARELY come close to going much past 1.2 or 1.3gb of physical memory in use. Also, as far as linux on a laptop your best bet is going to ubuntu on a 100% intel based system. Intel has bar none the best driver support in the 2.6 kernel tree and Ubuntu is likewise the best laptop/workstation distro. Its come a LONG way in the past few releases and I'm sure you will find yourself pleasantly surprised if it wasn't your cup of tea before.
|
|
#
¿
Aug 23, 2007 08:02
|
|
|
Al Azif posted:The tediousness of building a package in Gentoo isn't in the same class as the tediousness of building one in LFS. The only similarity is the wait. Thank you for this! Everybody seems to thinking that gentoo is LFS.. Which is simply not the case. deimos posted:Debian unstable has had dependency problems, but generally speaking they were very mild. I'm not sure what you've said even makes any sense or addresses any of what i posted. By "dependency hell" I was referring to the trend in most modern distros to target everything to build against the maximum number of build time options. Which results is in common ridiculousness like requiring a full set of X11 libs in order to build vim, and the X11 requires true type, which requires pango, which requires blah blah blah. This is something unavoidable to a certain extent when you base your distro on binary packages since you can't anticipate what features the end user is going to want to use. The alternative is to overload the package repositories with multiple different builds of every package, which is already how some of the worst offenders have been handled traditionally on Redhat based distros and AFAICT on Debian based ones to a lesser extent. Point being, for a headless network sever running off a very small flash based root you don't want to add an extra several hundred megs of libraries that aren't ever going to ever have their associated functionality used. Likewise your executables will have a smaller memory footprint if they aren't built against all those libraries to begin with. quote:Gentoo unstable (or whatever the unstable branch is called) has crippled entire computers before with a long rear end recovery process. And this is just plain stupid. Why on earth would you run anything called "unstable" and expect anything less than exactly that!??! A vanilla gentoo build is one of the most stable and easy to manage systems available. And the aforementioned lack of unneeded dependencies is one of the reasons why.
|
|
#
¿
Aug 23, 2007 17:02
|
|
|
deimos posted:Also, dependency hell does not generally mean what you think it means, as posted above. Well, that may be, but I'm trying argue semantics. The problem/situation I've described does exist and is contrary to the ultimate goals that were listed. quote:If it's a headless network server running off a very small flash based root, why should it be dedicating most of it's CPU power to compiling instead of disk management like a good headless system should? If you spend all your time compiling you clearly don't understand the point of a server. Once it is running you are only going to be doing compiles to update/install packages. Likewise if /var is mounted on real disk or NFS or something, as I and others has suggested, then compiling and installing packages will not cause a significant increase in disk usage on the flash based root. quote:Also if you can't install vim without x11, you should stop using an apt-based distro, because you clearly don't get it. I don't think you get it. If I install vim from a binary package AND the binary package was built with the build time options to enable X support then the binary will be dynamically linked to X11 libs which will then be an install dependency. In my experience this means that for the worst offending packages there exists multiple version of the binary packages in order to limit the number of cross dependency between packages that only provide features which aren't used. Either way you end up with multiple version which still cater to whatever the lowest common denominator is which in the case of a general use OS will be a major portion of the compile time options turned on. vi was just the first example that came to mind, another common example is ipv6, very few people use it, every major distro has ipv6 support built into every major package. Gentoo allows both of these situations to be eliminated with a "-ipv6 -X11" when you build initially. Now I have no vested interest in which distro the OP eventually uses, I'm just trying to clarify the reasoning behind my suggestions. I'm about as agnostic as it goes as far as OS/distros go. I'm typing this on ubuntu while sitting in a meeting about dev on gentoo based servers which are being rolled to backup Solaris servers which are accesses by way of BSD based gateways; when this is over I'm going to go home and watch TV on my windows HTPC...
|
|
#
¿
Aug 23, 2007 19:34
|
|
|
SnatchRabbit posted:drat, already hit a snag. I'm running Ubuntu, but for some reason I can't connect to any of my office's wireless networks. I can see the networks fine in the manager with good signal strength, but when I connect, it asks me for the passphrase, which I put in, then it just has the warning symbol in the network icon. I connect to the same network easily in my Vista dual boot, but no such luck in Ubuntu. Is there a way to check the driver? Not sure why I can't connect. What wireless chipset are you using? They are not all created equal.
|
|
#
¿
Aug 30, 2007 18:56
|
|
|
atticus posted:So, my laptop hard drive is SMART failing and I have 2GB worth of e-mail to get off of it before it goes. Knoppix can mount the hdd and see the files but when I try to scp the files to my other linux desktop I get "permission denied" even as root. What is the exact command you are using and the exact error message you are getting? 
|
|
#
¿
Sep 12, 2007 04:34
|
|
|
deimos posted:I am not at my computer, but I am having problems with it's clock going fast, I boot it with the noapic option but I still get severe clock drifts (about a minute or so gain an hour, maybe more). Without noapic I am pretty sure the drifts were worse. PC internal clocks are notoriously inaccurate, setup ntp on a cron job to skew it back to the correct time if it bothers you.
|
|
#
¿
Sep 21, 2007 23:26
|
|
|
Steve French posted:I'll give that a try again when I get home from work, hopefully that'll do something for me. I see you've resolved your issue, but just FYI I had a brand new dvd drive that simply refused to read ubuntu install media before. I swore up and down it couldn't be a hardware issue, but I switched out the drive just to be thorough and everything just started working fine. The drive that wouldn't read the linux install media worked fine with the Vista and XP install discs.. YMMV
|
|
#
¿
Oct 2, 2007 21:27
|
|
|
Crush posted:Is there any other way to identify the processor name other than: code:
|
|
#
¿
Oct 5, 2007 21:04
|
|
|
Steve French posted:Is there any advantage to doing it that way vs my solution? nope
|
|
#
¿
Oct 6, 2007 00:54
|
|
|
Crush posted:How can I make an image of a CD/DVD? I have tried You want to do something like code:
|
|
#
¿
Oct 21, 2007 22:30
|
|
|
hooah posted:Went ahead and did the dual-boot with preserving my existing XP stuff. However, now I can't access that drive from Ubuntu. I've installed the ntfs-3g program, but it didn't seem to do much good. When I look at the partitioning tool, it sees this as my second drive: Firstly, stop messing with the partitioning tool. It isn't going to do anything to help you out and you very well may end up wiping your data while messing around. You just need to mount your ntfs partition. code:What version of ubuntu are you using? The latest, 7.10, seems to automount ntfs partitions read/write using hald. The last version 7.04 may have required manual intervention to mount things up (like the above example, or ntfs partition manager IIRC). At any rate you will find more detailed examples of the mount options for all the different FS types by reading their individual manpages i.e. code:
|
|
#
¿
Oct 21, 2007 22:37
|
|
|
Crush posted:See I get this when I do that command verbatim. Stop copy/pasting commands from the forums... What device is your cdrom drive? that needs to be the if "input file".... "reading `/dev/cdrom': Input/output error" leads me to believe that /dev/cdrom isn't a valid node or symlink to a node on your system. Also, your first post indicated that you were doing /dev/sda1 which dumped over 20gb, which leads me to likewise believe you have copied/pasted that from somewhere else and you're actually dumping from a hard drive which sda1 happens to be on your system. run a dmesg and look for something like this code:
|
|
#
¿
Oct 21, 2007 22:42
|
|
|
|
| # ¿ May 13, 2024 18:21 |
|
|
Crush posted:I was only typing what you told me to try. Otherwise I always try for whatever is specific to my problem...I have (obviously) already tried cdrom, cdrom0, dvd, and dvdrw. All have the same problem. This apparently isn't working for me which is why in my original post I asked for an alternative to doing it this way. I appreciate your help, but there is no need to assume (which seem to do a lot) anything. It doesn't help, only makes things worse. Heh, funny that you accuse me of making assumption when you clearly say "I was only typing what you told me to try" when I already pointed out that you need to use the correct device node when doing the dd command. Also you never asked for an alternative way, you asked if there was something better than what you were doing (which, would be a working command line as opposed to your close but no cigar attempts)... which I then outlined for you and again in that post "I do that command verbatim." which sure sounds like copy/pasting. You sure got your panties in a bunch about the perceived assumption on my part. This bit here is loving stellar too, "I have (obviously) already tried," when there is nothing obvious about what you have or haven't tried... Your first 3 attempts were pretty close to what you should be doing, but you are not making the last little logical leap; one which I've tried to walk you through. Instead you've chosen to lash out because you can't figure out a simple command. Maybe you'd be better off with a point and click gui program like k3b or it's ilk and instead of asking for help and then acting like a total retard when someone actually goes out of their way to try and help you learn something you can go read a loving man page instead of wasting other peoples' time being dense. (USER WAS PUT ON PROBATION FOR THIS POST)
|
|
#
¿
Oct 22, 2007 02:57
|
|