judabuda | How do i make my own devuan fork and customize the installation? | 20:07 |
---|---|---|
golinux | judabuda: https://dev1galaxy.org/viewforum.php?id=9 | 20:08 |
judabuda | golinux: Thanks, but i need to know how i can get started with making my own derivative | 20:11 |
tux12 | judabuda: may be this can help (didn't try it out) https://www.devuan.org/os/distro-kit | 20:21 |
Afdal | Someone explain to a dummy how to use sudo swapoff -a; sudo swapon -a without going to a terminal | 20:40 |
Afdal | I've thought about pkexec but I don't think it works for this sort of thing | 20:40 |
Afdal | err, wait... | 20:41 |
fsmithred | afdal, set up sudo nopasswd for that command and for that user | 20:41 |
Afdal | Eh? | 20:41 |
fsmithred | then make a panel button or whatever to run that command | 20:41 |
Afdal | what's nopasswd | 20:42 |
Afdal | And do I actually want to remove the sudo requirement... | 20:42 |
fsmithred | what sudo requirement? | 20:42 |
Afdal | for swap toggling | 20:42 |
fsmithred | you must be admin to do that | 20:42 |
Afdal | seems risky | 20:42 |
fsmithred | well, if others have access to your computer, then they could turn swap off without needing to know your password | 20:43 |
Afdal | I'd prefer if the password requirement remained | 20:43 |
Afdal | a simple pkexec prompt from a shortcut would be nice | 20:44 |
fsmithred | then don't user nopasswd in your sudoers.d file | 20:44 |
fsmithred | is there such a thing? the simple part, I mean. | 20:44 |
Afdal | wait, do I just put this in a .sh script and run the script? | 20:44 |
Afdal | pkexec urscript.sh? | 20:45 |
fsmithred | pkexec needs a file in /etc/something | 20:45 |
Afdal | By the way has that huge security hole in pkexec finally been fixed | 20:45 |
fsmithred | etc/pam.d/ ? | 20:45 |
Afdal | there was a big exploit like nine months ago if I remember | 20:45 |
fsmithred | no clue | 20:45 |
fsmithred | I try not to pay attention to any policykit stuff. | 20:45 |
Afdal | Local Privilege Escalation in polkit's pkexec (CVE-2021-4034) | 20:46 |
Afdal | ^ that thing | 20:46 |
fsmithred | for example, synaptic has a script in /usr/bin/synaptic-pkexec. It comes with the package. | 20:48 |
fsmithred | my browser shows that I've already been to this page: https://security-tracker.debian.org/tracker/CVE-2021-4034 | 20:49 |
fsmithred | it's fixed | 20:50 |
Afdal | hmmm good | 20:51 |
fsmithred | Afdal, are you on chimaera or beowulf? | 20:51 |
Afdal | chimaera | 20:51 |
Afdal | And I might switch to Ceres sometime in the near future | 20:52 |
Afdal | or was it daedalus | 20:52 |
fsmithred | daedalus next release | 20:52 |
fsmithred | ceres is sid is always unstabl | 20:52 |
fsmithred | e | 20:52 |
fsmithred | I can't tell if the devuan versions of policykit-1 are fixed or not | 20:53 |
fsmithred | by looking at the version | 20:53 |
Afdal | yeah Daedalus is what I meant | 20:54 |
Afdal | I'm not crazy... | 20:54 |
Afdal | pkexec bash cleardatswap.sh | 20:56 |
Afdal | /bin/bash: cleardatswap.sh: No such file or directory | 20:56 |
Afdal | hmm, what am I doing wrong here... | 20:56 |
Afdal | cleardatswap.sh: line 2: swapoff: command not found | 20:57 |
Afdal | cleardatswap.sh: line 2: swapon: command not found | 20:57 |
Afdal | Uh, are swap commands not recognized in bash scripts? | 20:57 |
Afdal | oh it's one of those things that's hidden from bash environment without sudo preceding it | 20:57 |
sixwheeledbeast | root? | 20:58 |
Afdal | and for some reason pkexec doesn't work... | 20:58 |
tux12 | use full path to files | 20:59 |
Afdal | sudo bash cleardatswap.sh works fine | 20:59 |
Afdal | pkexec bash cleardatswap.sh does not... | 20:59 |
fsmithred | not sure what you expect pkexec to do | 20:59 |
Afdal | to give me a GUI password prompt | 21:00 |
Afdal | that's the purpose of pkexec | 21:00 |
Afdal | so I can run this command outside of terminals | 21:00 |
fsmithred | doesn't it need a file to tell it how to interact with the command you want to use? | 21:01 |
Afdal | Does it? | 21:01 |
Afdal | I use it in this way for other things... | 21:01 |
fsmithred | like what? | 21:03 |
Afdal | pkexec mousepad %f | 21:03 |
Afdal | I use this to open files in mousepad with root privileges ;y | 21:03 |
fsmithred | yeah, I just tried it with geany and it came up, but the I got an error message that it can't open the display | 21:04 |
Afdal | o rly | 21:05 |
fsmithred | /usr/share/polkit-1/actions/ | 21:05 |
fsmithred | I see a file for mousepad | 21:05 |
fsmithred | but not for geany | 21:05 |
sixwheeledbeast | fwiw it's not correct to use .sh extension for bash. | 21:07 |
Afdal | Oh? | 21:10 |
Afdal | what's the correct thing to do? | 21:10 |
fsmithred | no extension, I think | 21:10 |
fsmithred | sh suggests /bin/sh | 21:11 |
Afdal | I always just do bash script.sh when I wanna run a script | 21:11 |
fsmithred | Afdal, did you look at /usr/share/polkit-1/actions/org.xfce.mousepad.policy ? | 21:12 |
sixwheeledbeast | extensions aren't required. | 21:12 |
sixwheeledbeast | some people use .bash | 21:12 |
Afdal | That doesn't work when I want to set something to a shortcut, sixwheeledbeast | 21:12 |
fsmithred | why not? | 21:12 |
Afdal | like for example an Xfce keyboard shortcut | 21:12 |
Afdal | because it wants to call up programs | 21:12 |
sixwheeledbeast | shebang declares what program the file runs with. | 21:13 |
sixwheeledbeast | how does that matter | 21:13 |
fsmithred | yeah, linux doesn't really care so much about the name | 21:13 |
* Afdal shrugs | 21:13 | |
fsmithred | it looks at what the file really is | 21:13 |
Afdal | Ah, now I understand what pkexec actually does fsmithred :) | 21:14 |
fsmithred | if using just the program name doesn't work, try the full path to the program | 21:14 |
fsmithred | then you have me beat. | 21:14 |
Afdal | I thought it was just a thing that runs stuff with a password prompt, but I guess it depends on whatever you define it to do | 21:14 |
fsmithred | I read that stuff and go crosseyed | 21:15 |
Afdal | with those policy files | 21:15 |
Afdal | lol | 21:15 |
fsmithred | the thing it replaced worked like you describe | 21:15 |
fsmithred | I can't even remember what it was called. g... | 21:15 |
Afdal | Although it seems most of these policy files do in fact say <description>Run Thing as root</description> | 21:15 |
fsmithred | yeah, that's what you want, right? | 21:16 |
Afdal | yeah | 21:16 |
Afdal | So maybe I need to make one of these for... bash? | 21:16 |
fsmithred | for your specific script | 21:16 |
Afdal | This seems like I could be setting myself up for a vulnerability | 21:16 |
Afdal | oh for the script itself? | 21:16 |
Afdal | uh how would that work | 21:17 |
Afdal | pkexec .script.sh? | 21:17 |
fsmithred | or maybe for swapon/swapoff | 21:17 |
fsmithred | not sure | 21:17 |
Afdal | I'm just tired of cluttering up my terminal history with sudo swapoff -a; sudo swapon -a to be honest | 21:17 |
fsmithred | put those commands in a script and tie them to a button or keyboard shorcut | 21:18 |
fsmithred | oh, if you want password, then you need something to take the password. I've done it with xterm in the past. | 21:19 |
Afdal | Hence, the pkexec thing | 21:20 |
fsmithred | any time I've tried editing one of those pkexec files to get it working correctly, it did not do what I expected it to do. | 21:21 |
fsmithred | and did not work | 21:21 |
fsmithred | but it's been a few years since I've tried any of that. | 21:21 |
fsmithred | xterm -e "echo 'Enter password' && sudo swapon -a" | 21:25 |
fsmithred | or you could create a file that looks kinda like the pkexec file for mousepad. | 21:26 |
fsmithred | If your user is set up to use sudo for all commands, then you don't need to do anything else. | 21:27 |
fsmithred | if not set up for sudo, change "sudo" to "su -c" | 21:28 |
fsmithred | gksu is what I was trying to remember | 21:36 |
Afdal | I would never set my user to use sudo for all commands | 21:38 |
Afdal | that's crazy... | 21:39 |
Afdal | at least for a network-enabled machine... | 21:39 |
fsmithred | that's every ubuntu installation | 21:39 |
Afdal | lol since when? | 21:39 |
fsmithred | since forever. Primary user is in the sudo group. | 21:40 |
fsmithred | there is no root password. | 21:40 |
Afdal | Is Xubuntu setup differently? | 21:40 |
Afdal | or Lubuntu | 21:40 |
Afdal | I've rarely touched vanilla Ubuntu | 21:40 |
fsmithred | I don't think so. | 21:40 |
Afdal | I don't remember it being like that | 21:40 |
Afdal | Xu and Lu, that is | 21:40 |
fsmithred | you can create a root password, but don't talk about it on their forum | 21:40 |
Afdal | I can never remember my root passwords | 21:41 |
Afdal | when I set them | 21:41 |
fsmithred | isn't that what post-it notes are for? | 21:42 |
onefang | Or password managers? | 21:47 |
Xenguy | Curse Ubuntu for ever breaking the root password model | 21:52 |
Afdal | What do you mean Xenguy | 22:08 |
Afdal | I think sudo with non-root users is generally better than going to root | 22:08 |
Afdal | Is Canonical the one who started that trend? | 22:09 |
Xenguy | 1. I disagree | 22:10 |
Xenguy | 2. AFAIK, yes | 22:10 |
Afdal | Why do you disagree :c | 22:11 |
live1 | :c | 22:12 |
Afdal | :'c | 22:12 |
Xenguy | Quite simply, I think the original *nix security model was designed by people smarter than those who decided to change it | 22:14 |
Xenguy | Don't fuck with that shit for the sake of 'convenience' | 22:15 |
Afdal | root has too much power, it's easy to accidentally do something really bad with it | 22:16 |
Afdal | In fact I've done so before | 22:16 |
Xenguy | That's the power of *nix, and with great power comes great responsibility | 22:16 |
Afdal | I prefer the thought that goes into the sudo paradigm | 22:16 |
Afdal | the thought on the user's part | 22:16 |
Xenguy | Look at Canonical now: ads in terminals (is the latest I'm reading) ? | 22:16 |
onefang | Think youk are wandering into #devuan-offtopic now. | 22:16 |
Xenguy | Just, no | 22:16 |
Xenguy | onefang, yes, thanks for the reminder | 22:17 |
Afdal | oh yeah gksudo was the older thing you were thinkin of fsmithred | 22:22 |
Afdal | I wonder why it was replaced by pkexec | 22:23 |
Afdal | And I wonder if we should be suspicious | 22:24 |
Afdal | considering policykit is IBMware | 22:24 |
Generated by irclog2html.py 2.17.0 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!