Loading ...
Sorry, an error occurred while loading the content.

Re: [linux-dell-laptops] Next distro?

Expand Messages
  • Gilbert Mendoza
    ... Hash: SHA1 I hate to add to an already long thread, but ... Just because the root account is not given a password during the installation process, doesn t
    Message 1 of 19 , May 25, 2007
    • 0 Attachment
      -----BEGIN PGP SIGNED MESSAGE-----
      Hash: SHA1


      I hate to add to an already long thread, but ...

      Just because the root account is not given a password during the
      installation process, doesn't mean it does not exist. The root
      account has simply been "locked", and most certainly does exist.
      (check out "man passwd" for the "-l" option).

      "sudo -i" and "sudo -s" are two very easy ways to run any
      prolonged root shell without enabling the root account, exposing
      it to local and remote dictionary or brute force password
      attacks. That is unless of course a sudoer user doesn't have a
      weak password. :-P But that's another topic. (the -i will drop
      you to the /root/ directory, and -s will leave you in your own
      /home/user/ directory. See "man sudo".)

      Elevating user privileges on a need-only basis is considered an
      industry wide best practice and is generally accepted by most
      experienced administrators.

      Changing to runlevel 1 (single user mode) just to gain a root
      shell is NOT what one should do if they simply wish to gain root
      access. Runlevel 1 actually stops many services according to
      their init level configurations, and is typically used when
      performing maintenance, troubleshooting, or system recovery.


      As for the default runlevels, Ubuntu moved to "Upstart" which
      doesn't use /etc/inittab, but still evaluates it if you create
      one. (see /etc/event.d/) If one wishes to not use the graphical
      logon manager "GDM", they can simply

      a) remove the symlinks in /etc/rcX.d
      (sudo update-rc.d -f gdm remove)

      b) remove gdm altogether (sudo apt-get remove gdm). This of
      course is a dependency of the ubuntu-desktop meta-package,but if
      you are already comfortable with using a console only, who
      cares.

      c) or even remove just one of the gdm rcX.d scripts, and
      designate that runlevel of your choice as being a non-graphical
      multiuser. To be thorough, you can add a corresponding "K13gdm"
      symlink, so that switching back and forth between this runlevel
      will stop gdm accordingly.
      i.e.
      cd /etc/rc2.d
      sudo rm S13gdm
      sudo ln -s ../init.d/gdm K13gdm

      For regular use of the console, you may also want change your
      frame buffer size to a higher resolution to 1024x768 or higher by
      editing /boot/grub/menu.lst.
      i.e. add "vga=791" to the defoptions variable:
      # defoptions=quiet splash vga=791


      Anyway, hope this is useful for you folks.

      GM
      -----BEGIN PGP SIGNATURE-----
      Version: GnuPG v1.4.6 (GNU/Linux)

      iQEVAwUBRldCqZmBPgq+AK/PAQKgPQgAinYCHTkYfaSocJpFLeOxqC7Voz0p9cwc
      w131d3+uWciDoUrj2AG4jlUMJQalK5y4iAzzru35aomg0I+GUWIUcSAHw8gAyjZr
      MkDFTxyyXkbhybnJPeu8D0mtN7RA0e97JtUKqYhzY8vYy5j7n0TK42QpvPZvMUV/
      zqlH9d9W/SAQZXpwKN7A8aF2YJsqkNjWfW3ozyQk/lTc1DfBpfyLSByv0VkTmqAr
      ygmuPkur5Vr7VqMAbumoZhOpBbuVzPIiwAoKuVAAdAM7/uxTS3sR1gCyYDXX173J
      0DFxcKfLfl7IbbnuCIKzf2Xk962lW6LbjQAjTnJ9XW9s0SCeC3aufQ==
      =y0Xu
      -----END PGP SIGNATURE-----




      ____________________________________________________________________________________Looking for a deal? Find great prices on flights and hotels with Yahoo! FareChase.
      http://farechase.yahoo.com/
    • Douglas S. Oliver
      ... Hash: SHA1 ... Thanks much, Gilbert. This is really useful information. Am I right in thinking that sudo -i and sudo -s are a little like the difference
      Message 2 of 19 , May 25, 2007
      • 0 Attachment
        -----BEGIN PGP SIGNED MESSAGE-----
        Hash: SHA1

        Gilbert Mendoza wrote:
        >
        > I hate to add to an already long thread, but ...
        >
        > Just because the root account is not given a password during the
        > installation process, doesn't mean it does not exist. The root
        > account has simply been "locked", and most certainly does exist.
        > (check out "man passwd" for the "-l" option).
        >

        Thanks much, Gilbert. This is really useful information. Am I right in
        thinking that sudo -i and sudo -s are a little like the difference
        between having a root password and using "su <enter> and <password
        enter>" and "su - <enter> and <password enter>? The difference here
        being the added safety of using sudo and staying out of the root
        account. I've been using linux for almost 10 years but am a relative new
        comer to sudo. A few years ago I was studying for my RHSE cert. At that
        time we were warned to watch out for users using sudo when they had weak
        passwords, as you have said. That's why I stayed away from it till now
        with Ubuntu. Not because of a weak password, but because it was easy to
        use su when and only when I needed to become root. I made an rm error as
        root once on my system. Trashed everything! I just needed to do that
        once to become respectful of becoming root. Thanks again--Douglas

        - --

        ******

        Douglas S. Oliver

        "Only two things are infinite, the universe and human stupidity,
        and I'm not sure about the former." --Albert Einstein

        "....What right do I have to think?" --Ugarte, December 1941

        ******
        -----BEGIN PGP SIGNATURE-----
        Version: GnuPG v1.4.6 (GNU/Linux)
        Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

        iD8DBQFGV1qvGtLw/+nYp8ERAvceAKCEYa2UdCxJRnQeD+OtisJDL5A9pgCggKcm
        uJQC0BLb0Ycqf3xs+pAoDIc=
        =ZfM+
        -----END PGP SIGNATURE-----
      • Gilbert Mendoza
        ... Hash: SHA1 No problem at all. You are correct regarding similarities between su , su - , sudo -i and -s. su - and sudo -i elevate privileges to root
        Message 3 of 19 , May 25, 2007
        • 0 Attachment
          -----BEGIN PGP SIGNED MESSAGE-----
          Hash: SHA1


          No problem at all.

          You are correct regarding similarities between "su", "su -",
          sudo -i and -s.

          "su -" and "sudo -i" elevate privileges to root and use the shell
          environment for the root user in /etc/passwd. you will notice by
          issuing a 'pwd' command, you are placed in the /root directory.

          "su" and "sudo -s" elevate privileges to root and use the shell
          environment of the user running the command. So, you will stay
          in /home/user, and any bash aliases, etc, will remain intact.

          There are many advantages in using sudo vs. su, but primarily it
          comes down to the granularity of control one has in limiting what
          sudoer's can do with their privileges. For instance, with sudo
          you can allow a user (or group of users) to to run a small set of
          commands with root privileges, without granting access to more
          sensitive functions.

          Have a great weekend...

          GM

          -----BEGIN PGP SIGNATURE-----
          Version: GnuPG v1.4.6 (GNU/Linux)

          iD8DBQFGV3b2BZd5UQddvKkRAmwZAJ44mKr8x1z69RrZjBMjGrYtkLGIpACgu0hz
          No4m+xJgGwBjUrKvDA+oc30=
          =dzqI
          -----END PGP SIGNATURE-----



          --- "Douglas S. Oliver" <dsoliver@...> wrote:
          >
          > Thanks much, Gilbert. This is really useful information. Am I right in
          > thinking that sudo -i and sudo -s are a little like the difference
          > between having a root password and using "su <enter> and <password
          > enter>" and "su - <enter> and <password enter>? The difference here
          > being the added safety of using sudo and staying out of the root
          > account. I've been using linux for almost 10 years but am a relative new
          > comer to sudo. A few years ago I was studying for my RHSE cert. At that
          > time we were warned to watch out for users using sudo when they had weak
          > passwords, as you have said. That's why I stayed away from it till now
          > with Ubuntu. Not because of a weak password, but because it was easy to
          > use su when and only when I needed to become root. I made an rm error as
          > root once on my system. Trashed everything! I just needed to do that
          > once to become respectful of becoming root. Thanks again--Douglas
          >




          ____________________________________________________________________________________
          Sucker-punch spam with award-winning protection.
          Try the free Yahoo! Mail Beta.
          http://advision.webevents.yahoo.com/mailbeta/features_spam.html
        • Lamar Owen
          ... While there is nothing wrong (and a lot right) with apt, let s compare apples to apples here. The raw rpm command is equivalent to the raw dpkg command.
          Message 4 of 19 , May 25, 2007
          • 0 Attachment
            On Friday 25 May 2007, John DeCarlo wrote:
            > Using apt is much easier and more reliable than using rpm. Trust me, I
            > used rpm and Red Hat for decades. When I switched to Ubuntu last year, I
            > was delightfully amazed at how much I had been missing while using rpm.

            While there is nothing wrong (and a lot right) with apt, let's compare apples
            to apples here. The raw rpm command is equivalent to the raw dpkg command.
            The equivalent command to apt in a Debian-inspired distribution on, say, a
            Fedora Core installation, is 'yum'. You do that same sorts of things: 'yum
            install kshisen' will pull in any needed RPM's from the repository, exactly
            like 'apt-get install kshisen' would.

            Now, with Ubuntu or plain Debian you will get a substantially larger
            repository of software available; and it's not as fractured as the typical
            RPM third party repositories are. But that has nothing to do with the tools
            that are available.

            I've been evaluating Kubuntu 7.04 in a virtual machine for a week or so, and I
            like most of what I see. The biggest thing is the unified repository. The
            second biggest thing is that the gnuradio and usrp packages are 'just there'
            in that repository, whereas getting RPM's of same is difficult. However, I
            find that adept-installer is just about as slow as pirut (GUI yum frontend on
            Fedora Core 5 and above), and that's with identical hardware. Now,
            adept-manager is quite a bit better.

            Incidentally, there is an apt version for RPM-based systems. You can even get
            synaptic on Fedora Core if you'd like.

            I'm using Fedora Core 6 here on an Inspiron 640m, and most things work fine
            (no headphones is an annoyance, but the sound does at least play; I haven't
            worked much on the wireless, but that's a low priority for me; LCD backlight
            control with Fn-UP or Fn-DOWN isn't working, etc).
            --
            Lamar Owen
            Chief Information Officer
            Pisgah Astronomical Research Institute
            1 PARI Drive
            Rosman, NC 28772
            (828)862-5554
            www.pari.edu
          Your message has been successfully submitted and would be delivered to recipients shortly.