Re: sash
* Raul Miller said: > On Sat, Sep 25, 1999 at 01:27:51PM +0200, Marek Habersack wrote: > > The proposal, as I can see it, is to write a PAM module that could > > be added to /etc/pam.d/passwd to ask whether the just-changed root > > password should be cloned into the sashroot account. And that's a > > really elegant and clean solution, IMHO. > > If someone wants to write such a module, I'd be more than happy > to include it in the sash package. I would be willing to do so if nobody has volunteered yet. marek pgp4qaCoCHHAU.pgp Description: PGP signature
Re: sash
On Sat, Sep 25, 1999 at 01:27:51PM +0200, Marek Habersack wrote: > The proposal, as I can see it, is to write a PAM module that could > be added to /etc/pam.d/passwd to ask whether the just-changed root > password should be cloned into the sashroot account. And that's a > really elegant and clean solution, IMHO. If someone wants to write such a module, I'd be more than happy to include it in the sash package. Aside: currently sashroot is optional, and I also offer the option to change sashroot's password every time sash is reconfigured. Other options include the option to set root's password to be sash and the option to not touch the password file at all. I agree that a pam solution would be elegant, but at the moment it's not an urgent thing for me. -- Raul
Re: sash
* Michael Neuffer said: > * Raul Miller ([EMAIL PROTECTED]) [990923 16:15]: > > On Thu, Sep 23, 1999 at 07:32:50AM -0500, Ashley Clark wrote: > > > Couldn't sash include a PAM module that would change the password to > > > match root's password whenever it was changed? Or am I oversimplifying > > > things? > > > > I don't have enough confidence in Debian's pam, yet, to insist that > > everyone that wants to use sash must implement pam support before > > using sash. > > > Depending on PAM would be a fatal mistake. > sash is for situations when your system is FUBARed, > therefore you can not assume that you will still have > a working PAM subsystem either. sash won't ever be linked with dynamic PAM libs since it's static by definition. The proposal, as I can see it, is to write a PAM module that could be added to /etc/pam.d/passwd to ask whether the just-changed root password should be cloned into the sashroot account. And that's a really elegant and clean solution, IMHO. marek pgpB0czxG4I45.pgp Description: PGP signature
Re: sash
* Ruud de Rooij ([EMAIL PROTECTED]) [990924 08:40]: > Michael Neuffer <[EMAIL PROTECTED]> writes: > > > * Raul Miller ([EMAIL PROTECTED]) [990923 16:15]: > > > On Thu, Sep 23, 1999 at 07:32:50AM -0500, Ashley Clark wrote: > > > > Couldn't sash include a PAM module that would change the password to > > > > match root's password whenever it was changed? Or am I oversimplifying > > > > things? > > > > > > I don't have enough confidence in Debian's pam, yet, to insist that > > > everyone that wants to use sash must implement pam support before > > > using sash. > > > > Depending on PAM would be a fatal mistake. > > sash is for situations when your system is FUBARed, > > therefore you can not assume that you will still have > > a working PAM subsystem either. > > > > It must be completely standalone without needing any external > > libraries. > > This is _not_ about the sash executable itself using PAM. It was a > proposal to use the PAM functionality to ensure that the root and > sashroot passwords remain in sync, i.e., whenever root's password is > changed, change the sashroot password as well. Ooops. I understood it differently. I take my argument back. Mike
Re: sash
Hi. In article <[EMAIL PROTECTED]> [EMAIL PROTECTED] (Raul Miller) writes: > I've filed a wishlist bug against the passwd package to have sash > included. [If you've also done this, let me know the bug number > so I can merge them?] I have not done, and will not because I knew you already did it :) Thanks for your consideration to my proposal. -- Taketoshi Sano: <[EMAIL PROTECTED]>,<[EMAIL PROTECTED]>,<[EMAIL PROTECTED]>
Re: sash
Michael Neuffer <[EMAIL PROTECTED]> writes: > * Raul Miller ([EMAIL PROTECTED]) [990923 16:15]: > > On Thu, Sep 23, 1999 at 07:32:50AM -0500, Ashley Clark wrote: > > > Couldn't sash include a PAM module that would change the password to > > > match root's password whenever it was changed? Or am I oversimplifying > > > things? > > > > I don't have enough confidence in Debian's pam, yet, to insist that > > everyone that wants to use sash must implement pam support before > > using sash. > > Depending on PAM would be a fatal mistake. > sash is for situations when your system is FUBARed, > therefore you can not assume that you will still have > a working PAM subsystem either. > > It must be completely standalone without needing any external > libraries. This is _not_ about the sash executable itself using PAM. It was a proposal to use the PAM functionality to ensure that the root and sashroot passwords remain in sync, i.e., whenever root's password is changed, change the sashroot password as well. - Ruud de Rooij. -- ruud de rooij | [EMAIL PROTECTED] | http://ruud.org
Re: sash
* Raul Miller ([EMAIL PROTECTED]) [990923 16:15]: > On Thu, Sep 23, 1999 at 07:32:50AM -0500, Ashley Clark wrote: > > Couldn't sash include a PAM module that would change the password to > > match root's password whenever it was changed? Or am I oversimplifying > > things? > > I don't have enough confidence in Debian's pam, yet, to insist that > everyone that wants to use sash must implement pam support before > using sash. Depending on PAM would be a fatal mistake. sash is for situations when your system is FUBARed, therefore you can not assume that you will still have a working PAM subsystem either. It must be completely standalone without needing any external libraries. Mike
Re: sash
On Thu, Sep 23, 1999 at 02:38:46PM -0400, Ben Collins wrote: > Just out of curiosity, does sash support the standard -c command line > option yet? If not, I wouldn't really consider pushing it as a root > shell since it will break a lot of scripts (from cron and elsewhere). $ sash -c date Thu Sep 23 14:48:14 EDT 1999 Sash has been running as the root shell on debian machines for quite a while. It's not suitable for *scripting*, but it's had the -c since Jan 1998, when Michael Meskes added it. -- Raul
Re: sash
On Thu, Sep 23, 1999 at 09:53:45AM -0400, Raul Miller wrote: > On Thu, Sep 23, 1999 at 07:32:50AM -0500, Ashley Clark wrote: > > Couldn't sash include a PAM module that would change the password to > > match root's password whenever it was changed? Or am I oversimplifying > > things? > > I don't have enough confidence in Debian's pam, yet, to insist that > everyone that wants to use sash must implement pam support before > using sash. > > By the way, I've written a sashconfig which offers several different > options for managing a root account with /bin/sash as its shell. I'm not > going to release it yet, because I may want to make some more changes > to it, but there should be a new sash package out before long. Just out of curiosity, does sash support the standard -c command line option yet? If not, I wouldn't really consider pushing it as a root shell since it will break a lot of scripts (from cron and elsewhere). Ben
Re: sash
On Thu, Sep 23, 1999 at 07:32:50AM -0500, Ashley Clark wrote: > Couldn't sash include a PAM module that would change the password to > match root's password whenever it was changed? Or am I oversimplifying > things? I don't have enough confidence in Debian's pam, yet, to insist that everyone that wants to use sash must implement pam support before using sash. By the way, I've written a sashconfig which offers several different options for managing a root account with /bin/sash as its shell. I'm not going to release it yet, because I may want to make some more changes to it, but there should be a new sash package out before long. -- Raul
Re: sash
On Thu, Sep 23, 1999 at 11:06:48AM +0900, Taketoshi Sano wrote: > and (here is my proposal) > > d) sash will create a locked sashroot account with useradd, and >display the message to use sashpasswd above as soon as possible. That's an interesting idea. I'll think about it. > By the way, /bin/sash is not listed on /etc/shells. Is it Okay ? Good point. I've filed a wishlist bug against the passwd package to have sash included. [If you've also done this, let me know the bug number so I can merge them?] Thanks, -- Raul
Re: sash
On Wed, 22 Sep 1999, Taketoshi Sano wrote: > In article <[EMAIL PROTECTED]> > [EMAIL PROTECTED] (Raul Miller) writes: > > > > I think you should just use useradd to edit the password file. > > > > You mean without ensuring that the password is useful? > > > > I've already elected to give the admin a choice (whether or not to add > > the account -- that'll be in the next release). The problem with password > > prompting is that it doesn't fit well into an automated or gui install. > > > > Under these circumstances do you still feel it's useful to add > > a locked account? > > How about to include following small script > (maybe "/sbin/sashpasswd" with permission 0700 or 0744): > > #! /bin/sh > PATH=/usr/bin > passwd root > passwd sashroot Couldn't sash include a PAM module that would change the password to match root's password whenever it was changed? Or am I oversimplifying things? -- Ashley Clark
Re: sash
Hi. In article <[EMAIL PROTECTED]> [EMAIL PROTECTED] (Raul Miller) writes: > > I think you should just use useradd to edit the password file. > > You mean without ensuring that the password is useful? > > I've already elected to give the admin a choice (whether or not to add > the account -- that'll be in the next release). The problem with password > prompting is that it doesn't fit well into an automated or gui install. > > Under these circumstances do you still feel it's useful to add > a locked account? How about to include following small script (maybe "/sbin/sashpasswd" with permission 0700 or 0744): #! /bin/sh PATH=/usr/bin passwd root passwd sashroot and promote to use it instead of passwd command itself in changing the root's password. I think about hacking the passwd command, but it may go difficult work as the passwd package has so many patches, and not so efficient work to hack with other package, at least for me, I feel. It may be better just to use it. You wrote: | Ok, I'll put back a single install time question where the sysadmin has | one of several options: sash is inert and doesn't manage the password | file, sash will become the root shell, sash will create a sashroot | account from the current root account and use that as it's shell. | | And some notes on how to change this. then, the action maybe a) sash is inert and doesn't manage the password file. : only put the files into their place. b) sash will become the root shell. : a) + use "usermod -s /bin/sash root" or "chsh -s /bin/sash root" c) sash will create a sashroot account from the current root account and use that as it's shell. : the default setting for 3.3-6 and (here is my proposal) d) sash will create a locked sashroot account with useradd, and display the message to use sashpasswd above as soon as possible. By the way, /bin/sash is not listed on /etc/shells. Is it Okay ? # sash may be not the choise for ordinary users, but it does not # need to prohibit to use sash as login shell by normal users. ## Well, I should file this to passwd package as wishlist,,, Thanks. -- Taketoshi Sano: <[EMAIL PROTECTED]>,<[EMAIL PROTECTED]>,<[EMAIL PROTECTED]>
Re: sash (was Re: demo vs. real package: FYI (was ...))
On Mon, Sep 20, 1999 at 06:02:47PM -0400, Greg Johnson wrote: > Here's one (happend to me). I have a '+' at the end of my /etc/passwd file > for nis. sash tried to add the new root acccount at teh end of /etc/passwd > AFTER the +. didn't work. That was sash 3.3-5 Sash 3.3-6 already addresses this issue. Thanks, -- Raul
Re: sash (was Re: demo vs. real package: FYI (was ...))
On Mon, Sep 20, 1999 at 02:46:09PM -0700, Joey Hess wrote: > Raul Miller wrote: > > Also, if you can anticipate any failure modes where sash would damage > > the password file I'd appreciate hearing about them. It's already > > the case that if sash has any problem writing out the new password > > file that it won't install it. > > I think you should just use useradd to edit the password file. You mean without ensuring that the password is useful? I've already elected to give the admin a choice (whether or not to add the account -- that'll be in the next release). The problem with password prompting is that it doesn't fit well into an automated or gui install. Under these circumstances do you still feel it's useful to add a locked account? -- Raul
Re: sash (was Re: demo vs. real package: FYI (was ...))
On Mon, Sep 20, 1999 at 02:20:12PM -0400, Raul Miller wrote: > Also, if you can anticipate any failure modes where sash would damage > the password file I'd appreciate hearing about them. It's already > the case that if sash has any problem writing out the new password > file that it won't install it. > Here's one (happend to me). I have a '+' at the end of my /etc/passwd file for nis. sash tried to add the new root acccount at teh end of /etc/passwd AFTER the +. didn't work. Greg -- Greg Johnson [EMAIL PROTECTED] http://physics.clarku.edu/~gjohnsonfinger for PGP key
Re: sash (was Re: demo vs. real package: FYI (was ...))
Raul Miller wrote: > Also, if you can anticipate any failure modes where sash would damage > the password file I'd appreciate hearing about them. It's already > the case that if sash has any problem writing out the new password > file that it won't install it. I think you should just use useradd to edit the password file. -- see shy jo
Re: sash (was Re: demo vs. real package: FYI (was ...))
On Mon, Sep 20, 1999 at 01:37:43PM -0400, Andrew Pimlott wrote: > Will this affect people who upgrade? It would be very unpleasant to upgrade > from slink and have a new root user. Hmmm... > Even for new installs, I disagree with your decision. sash is useful > without another root account; however you require users who wish to > use it this way to read your documentation on undoing the damage > (which you hopefully provide) and take the (hopefully small) risk that > you mess up the passwd file. At the moment, I only provide documentation on what's happening, not suggestions on how to manage this. Also, if you can anticipate any failure modes where sash would damage the password file I'd appreciate hearing about them. It's already the case that if sash has any problem writing out the new password file that it won't install it. > My opinion on prompting in the postinst is that, for all its > disadvantages, there is a legitimate place for it within the current > system. One question on sash install (not upgrade) would be fine if > there is no clear default. Ok, I'll put back a single install time question where the sysadmin has one of several options: sash is inert and doesn't manage the password file, sash will become the root shell, sash will create a sashroot account from the current root account and use that as it's shell. And some notes on how to change this. -- Raul
Re: sash (was Re: demo vs. real package: FYI (was ...))
On Sun, Sep 19, 1999 at 10:53:01PM -0400, Raul Miller wrote: > Raul Miller wrote: > > > They don't touch the root account. Instead, they clone > > > it as sashroot and set the shell on the cloned account. > > > > > > This is mentioned in the package description. > > On Sun, Sep 19, 1999 at 03:39:30PM -0700, Joey Hess wrote: > > I suppose you have considered the security problems, if root forgets > > to change that password when they change the main root one? > > Yes I did. > > There's not a lot I can do about this beyond advising the sysadmin that > it's a good idea. Will this affect people who upgrade? It would be very unpleasant to upgrade from slink and have a new root user. Even for new installs, I disagree with your decision. sash is useful without another root account; however you require users who wish to use it this way to read your documentation on undoing the damage (which you hopefully provide) and take the (hopefully small) risk that you mess up the passwd file. My opinion on prompting in the postinst is that, for all its disadvantages, there is a legitimate place for it within the current system. One question on sash install (not upgrade) would be fine if there is no clear default. Andrew -- Don't forget that Linux became only possible because 20 years of OS research was carefully studied, analyzed, discussed and thrown away. - kernel hacker Ingo Molnar
Re: sash (was Re: demo vs. real package: FYI (was ...))
On Sun, 19 Sep 1999, Raul Miller wrote: > There's not a lot I can do about this beyond advising the sysadmin that > it's a good idea. what about asking it before doing the actual cloning ? (should be defaulted to no, imho). as i see the postinst for 3.3-6, it does not ask... -- [-]
Re: sash (was Re: demo vs. real package: FYI (was ...))
Raul Miller wrote: > > They don't touch the root account. Instead, they clone > > it as sashroot and set the shell on the cloned account. > > > > This is mentioned in the package description. On Sun, Sep 19, 1999 at 03:39:30PM -0700, Joey Hess wrote: > I suppose you have considered the security problems, if root forgets > to change that password when they change the main root one? Yes I did. There's not a lot I can do about this beyond advising the sysadmin that it's a good idea. It might be a good idea to write a tool to automate this reminder [Perhaps generalizing it so that if one instance of a uid has its password changed and other instances do not change the account that got changed will get a mail message suggesting that the other accounts get changed.] But I've not undertaken this project, at least not yet. I want to get sash right first. [There's still some subtle issues that I think I can handle better. See bugs.debian.org/sash for details.] -- Raul
Re: sash (was Re: demo vs. real package: FYI (was ...))
Raul Miller wrote: > They don't touch the root account. Instead, they clone > it as sashroot and set the shell on the cloned account. > > This is mentioned in the package description. I suppose you have considered the security problems, if root forgets to change that password when they change the main root one? -- see shy jo
Re: sash (was Re: demo vs. real package: FYI (was ...))
On Sun, Sep 19, 1999 at 06:30:37PM -0400, Raul Miller wrote: > On Fri, Sep 17, 1999 at 02:45:32PM -0400, Raul Miller wrote: > > > FYI, sash_3.3-5 (which has been sitting in Incoming for the > > > last couple weeks) no longer prompts at postinst time, as the > > > postinst/prerm scripts have been completely redesigned. > > On Mon, Sep 20, 1999 at 07:18:09AM +1000, Craig Sanders wrote: > > do they automatically set up sash as root's shell? > > They don't touch the root account. Instead, they clone it as sashroot > and set the shell on the cloned account. cool. i was just checking that the discussion from two weeks ago on how/what to do hadn't been forgotten. > This is mentioned in the package description. even better :) craig -- craig sanders
sash (was Re: demo vs. real package: FYI (was ...))
On Fri, Sep 17, 1999 at 02:45:32PM -0400, Raul Miller wrote: > > FYI, sash_3.3-5 (which has been sitting in Incoming for the > > last couple weeks) no longer prompts at postinst time, as the > > postinst/prerm scripts have been completely redesigned. On Mon, Sep 20, 1999 at 07:18:09AM +1000, Craig Sanders wrote: > do they automatically set up sash as root's shell? They don't touch the root account. Instead, they clone it as sashroot and set the shell on the cloned account. This is mentioned in the package description. -- Raul
Thinking about packaging sash
The README says: The purpose of this program is to make replacing of shared libraries easy and safe. It does this by firstly being linked statically, and secondly by including many of the standard utilities within itself. I needed it the other day. And maybe other's could need it, too. So maybe I package it up. Michael -- Dr. Michael Meskes, Project-Manager| topsystem Systemhaus GmbH [EMAIL PROTECTED]| Europark A2, Adenauerstr. 20 [EMAIL PROTECTED] | 52146 Wuerselen Go SF49ers! Go Rhein Fire! | Tel: (+49) 2405/4670-44 Use Debian GNU/Linux! | Fax: (+49) 2405/4670-10 -- TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to [EMAIL PROTECTED] . Trouble? e-mail to [EMAIL PROTECTED] .
