Re: Can Debian's paranoia be tamed

[Celejar]

On Fri, 23 Nov 2012 09:36:35 +0100
berenger.mo...@neutralite.org wrote:

> > Display managers, and particularly window managers and desktop
> > environments  are
> > often confounded.  A window manager is a component of a desktop
> > environment.  Decent desktop environments allow you to use the window
> > manager of your choice.
> True, but I always had problems to know in what they are useful? Maybe 
> to automate distant connection configuration? Most users only use them 
> as a replacement of getty to start an xsession, I think, and for that 
> use, I wonder if it is really useful.
> 
> Of course, I respect the fact people use it, but if someone could 
> explain me why, I would be happy to learn.

Indeed - I, and I believe many others, don't use them. We just startx
straight up.

Celejar


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20121129083451.2f136696.cele...@gmail.com

Re: Can Debian's paranoia be tamed

[Ralf Mardorf]

On Wed, 2012-11-28 at 01:17 +0100, mouss wrote:
> > When I boot I want to do *ANYTHING*!
> 
> Install DOS?

What is a good DOS nowadays? IIRC on my Atari ST 80286 hardware emulator
I used DR DOS.

I googled for "open dos" and "free dos" and indeed, both searches were
successful but I didn't read about it.

Are there WMs for DOS, beside GEM?
Anything from Microsoft should be excluded!

Regards,
Ralf


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/1354082443.2528.53.camel@q

Re: Can Debian's paranoia be tamed

[mouss]

Le 22/11/2012 18:00, Richard Owlett a écrit :
> I've a laptop whose *SOLE* purpose in life is to be used in a manner
> that a even I would never do on a machine with real data on it.
> It has intrinsically the best security in place
>   Only _*I*_ have physical access to the machine.
>   It has no possibility of connecting to the internet.
>   It will *never* be updated.
>   The installation CD lives in the drive, for various reasons the hard
> drive is wiped and reinstall done 2-3 times per week.
> 
> When I boot I want to do *ANYTHING*!

Install DOS?

unix systems have a superadmin (root) and standard users, and the common
usage is to connect as a standard user and only "become root" when
necessary.

in short, me as a user, can do *ANYTHING*. I just have to issue a su or
sudo. sure, that's limited power, but it's intentional.


anyway, if your goal is to star an X11 session as root, while not
recommended, you can do it. you can configure whataver x11 manager to
allow root and you can even make the connection automatic (without the
need to enter a password).

> HOW?
> 
> {Owl now ducks for cover from incoming brick-a-brac ;}
> 
> 
> 


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/50b55808.3020...@ml.netoyen.net

Re: Can Debian's paranoia be tamed

[Ralf Mardorf]

On Mon, 2012-11-26 at 12:40 +0100, berenger.mo...@neutralite.org wrote:
> 
> Le 25.11.2012 00:14, Andrei POPESCU a écrit :
> > On Jo, 22 nov 12, 22:30:54, berenger.mo...@neutralite.org wrote:
> >>
> >> And, seriously, windows users do that by default and their computers
> >> works not so bad.
> >
> > That's a joke, right?
> >
> > Kind regards,
> > Andrei
> 
> Yes and no :)
> 
> This could become a troll topic, but I will explain my thought at least 
> once.
> I have a forgotten (and near forbidden, for games only. And, yes, I 
> know there is wine.) partition with an old XP, and it run *not so bad*. 
> But it does not run smoothly, fast, or any nice adjective I usually use 
> to describe how nicely my computers with their true operating system 
> works.
> 
> Of course, I am not really a "normal windows user", since I have 
> destroyed and repaired it an unknown but high number of times, and now I 
> know what to disable to have a less insecure system (like... distant 
> access to register, enabled by default... there are also stupid things 
> like telephony enabled by default. Probably an history choice)

I don't like the policy of Microsoft, that's why I don't use it [1], but
it's possible to run an absolutely stable Windows XP. XP often is broken
because most Windows users don't have got the self responsibility Linux
users must have.
Some XP don't have or at least hide the admin account, but similar to
Linux there's an admin account too and a user doesn't have world
domination on XP too.

Regards,
Ralf

[1] Half truth, I run an XP without admin account in VBox, because I've
got an iPad and neither wine can run iTunes, nor does ad hoc work in
combination Linux/iPad. If I would seriously use Windows, than I would
chose XP, but with admin account.



-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/1353930951.2508.312.camel@q

Re: Can Debian's paranoia be tamed

[berenger . morel]

Le 25.11.2012 00:14, Andrei POPESCU a écrit :

On Jo, 22 nov 12, 22:30:54, berenger.mo...@neutralite.org wrote:


And, seriously, windows users do that by default and their computers
works not so bad.


That's a joke, right?

Kind regards,
Andrei


Yes and no :)

This could become a troll topic, but I will explain my thought at least 
once.
I have a forgotten (and near forbidden, for games only. And, yes, I 
know there is wine.) partition with an old XP, and it run *not so bad*. 
But it does not run smoothly, fast, or any nice adjective I usually use 
to describe how nicely my computers with their true operating system 
works.


Of course, I am not really a "normal windows user", since I have 
destroyed and repaired it an unknown but high number of times, and now I 
know what to disable to have a less insecure system (like... distant 
access to register, enabled by default... there are also stupid things 
like telephony enabled by default. Probably an history choice)



--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/e688df5df07d6805e529110fc0316...@neutralite.org

Re: Can Debian's paranoia be tamed

[Charles Kroeger]

On Fri, 23 Nov 2012 23:20:03 +0100
Stefan Monnier  wrote:

> Decency seems to be a dying breed, sadly ;-)


lunacy is very much alive however.

-- 
CK


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/ahdn8nf2gd...@mid.individual.net

Re: Can Debian's paranoia be tamed

[Ralf Mardorf]

On Sun, 2012-11-25 at 01:14 +0200, Andrei POPESCU wrote:
> On Jo, 22 nov 12, 22:30:54, berenger.mo...@neutralite.org wrote:
> > 
> > And, seriously, windows users do that by default and their computers
> > works not so bad.
> 
> That's a joke, right?

FWIW for old computers it did work that way and I wanted that for Linux
too in the past, but found out that it's not needed. If I would need
something similar today, I would use sudo and it's frontends (e.g.
gksudo) without a password.


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/1353799725.2662.50.camel@q

Re: Can Debian's paranoia be tamed

[Ralf Mardorf]

On Sun, 2012-11-25 at 01:11 +0200, Andrei POPESCU wrote:
> On Sb, 24 nov 12, 02:50:41, Ralf Mardorf wrote:
> > 
> > PS: It's completely useless to run a web browser with root privileges.
> 
> Especially on a computer without *any* network access :D

Oops, a bad example :D.


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/1353799293.2662.47.camel@q

Re: Can Debian's paranoia be tamed

[Andrei POPESCU]

On Jo, 22 nov 12, 22:30:54, berenger.mo...@neutralite.org wrote:
> 
> And, seriously, windows users do that by default and their computers
> works not so bad.

That's a joke, right?

Kind regards,
Andrei
-- 
Offtopic discussions among Debian users and developers:
http://lists.alioth.debian.org/mailman/listinfo/d-community-offtopic


signature.asc
Description: Digital signature

Re: Can Debian's paranoia be tamed

[Andrei POPESCU]

On Sb, 24 nov 12, 02:50:41, Ralf Mardorf wrote:
> 
> PS: It's completely useless to run a web browser with root privileges.

Especially on a computer without *any* network access :D

SCNR

Kind regards,
Andrei
-- 
Offtopic discussions among Debian users and developers:
http://lists.alioth.debian.org/mailman/listinfo/d-community-offtopic


signature.asc
Description: Digital signature

Re: Can Debian's paranoia be tamed

[Andrei POPESCU]

On Vi, 23 nov 12, 17:04:27, Nate Bargmann wrote:
> 
> On Ubuntu distros set up like that, 'sudo su' has worked on the rare
> occasion a root shell prompt was needed.  

Why bother with su? sudo can start a shell as well and you don't even 
need to type its name (hint: -i or -s).

Kind regards,
Andrei
-- 
Offtopic discussions among Debian users and developers:
http://lists.alioth.debian.org/mailman/listinfo/d-community-offtopic


signature.asc
Description: Digital signature

Re: Can Debian's paranoia be tamed

[Miles Fidelman]

Ralf Mardorf wrote:


It's wise not to run a complete session as root. It's better to e.g. use
a su frontend, e.g.

kind of depends on what you're doing - if you're doing software installs 
and admin on a server (most of what I do), one spends a lot of time in 
root sessions



--
In theory, there is no difference between theory and practice.
In practice, there is.    Yogi Berra




--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Archive: http://lists.debian.org/50b0314d.8070...@meetinghouse.net

Re: Can Debian's paranoia be tamed

[Ralf Mardorf]

On Sat, 2012-11-24 at 02:50 +0100, Ralf Mardorf wrote:
> On Sat, 2012-11-24 at 02:43 +0100, Ralf Mardorf wrote:
> > On Fri, 2012-11-23 at 20:28 -0500, Miles Fidelman wrote:
> > > Richard Owlett wrote:
> > > >
> > > >> As in, you were not able to log in as root, even though
> > > >> you'd enabled root and provided a root password during
> > > >> installation? That's also kind of weird.  What about logging
> > > >> in as a normal user, and then opening a terminal window and
> > > >> typing "su" ?
> > > >
> > > > That was *NOT* my goal .
> > > > When booting, I wished "world domination" so to speak ;/
> > > >
> > > > "su" and "sudo" kept doing THEIR thing.
> > > 
> > > ummm that's what su does - gives you "world domination"
> > 
> > It's wise not to run a complete session as root. It's better to e.g. use
> > a su frontend, e.g.
> > 
> > gksu thunar
> > 
> > or gksudo so that /etc/sudoers can be used to set up that no password is
> > required.
> > 
> > The menu entries can be edited with Alacarte, so instead of launching
> > Thunar, Nautilus or what ever file browser, launch it by gksudo thunar
> > and do this for all apps, that should run with root privileges.
> 
> PS: It's completely useless to run a web browser with root privileges.
> If we explain how to enable to login as root, several people will do it.
> If several people do it, it becomes more interesting to attack Linux
> machines. After a while they not only will attack machines that run
> complete sessions with root privileges, but they also will learn to
> attack other machines.

PPS: I forgot to mention that if by /etc/sudoers it's allowed to execute
apps with root privilegs, even without password, the apps should not
have permissions to be overwritten, only root should be allowed to do
that, so that nobody can replace an app, by another app.



-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/1353722450.11101.90.camel@q

Re: Can Debian's paranoia be tamed

[Ralf Mardorf]

On Sat, 2012-11-24 at 02:43 +0100, Ralf Mardorf wrote:
> On Fri, 2012-11-23 at 20:28 -0500, Miles Fidelman wrote:
> > Richard Owlett wrote:
> > >
> > >> As in, you were not able to log in as root, even though
> > >> you'd enabled root and provided a root password during
> > >> installation? That's also kind of weird.  What about logging
> > >> in as a normal user, and then opening a terminal window and
> > >> typing "su" ?
> > >
> > > That was *NOT* my goal .
> > > When booting, I wished "world domination" so to speak ;/
> > >
> > > "su" and "sudo" kept doing THEIR thing.
> > 
> > ummm that's what su does - gives you "world domination"
> 
> It's wise not to run a complete session as root. It's better to e.g. use
> a su frontend, e.g.
> 
> gksu thunar
> 
> or gksudo so that /etc/sudoers can be used to set up that no password is
> required.
> 
> The menu entries can be edited with Alacarte, so instead of launching
> Thunar, Nautilus or what ever file browser, launch it by gksudo thunar
> and do this for all apps, that should run with root privileges.

PS: It's completely useless to run a web browser with root privileges.
If we explain how to enable to login as root, several people will do it.
If several people do it, it becomes more interesting to attack Linux
machines. After a while they not only will attack machines that run
complete sessions with root privileges, but they also will learn to
attack other machines.


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/1353721841.11101.86.camel@q

Re: Can Debian's paranoia be tamed

[Ralf Mardorf]

On Fri, 2012-11-23 at 20:28 -0500, Miles Fidelman wrote:
> Richard Owlett wrote:
> >
> >> As in, you were not able to log in as root, even though
> >> you'd enabled root and provided a root password during
> >> installation? That's also kind of weird.  What about logging
> >> in as a normal user, and then opening a terminal window and
> >> typing "su" ?
> >
> > That was *NOT* my goal .
> > When booting, I wished "world domination" so to speak ;/
> >
> > "su" and "sudo" kept doing THEIR thing.
> 
> ummm that's what su does - gives you "world domination"

It's wise not to run a complete session as root. It's better to e.g. use
a su frontend, e.g.

gksu thunar

or gksudo so that /etc/sudoers can be used to set up that no password is
required.

The menu entries can be edited with Alacarte, so instead of launching
Thunar, Nautilus or what ever file browser, launch it by gksudo thunar
and do this for all apps, that should run with root privileges.


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/1353721401.11101.81.camel@q

Re: Can Debian's paranoia be tamed

[Miles Fidelman]

Richard Owlett wrote:



As in, you were not able to log in as root, even though
you'd enabled root and provided a root password during
installation? That's also kind of weird.  What about logging
in as a normal user, and then opening a terminal window and
typing "su" ?


That was *NOT* my goal .
When booting, I wished "world domination" so to speak ;/

"su" and "sudo" kept doing THEIR thing.


ummm that's what su does - gives you "world domination"

Miles




--
In theory, there is no difference between theory and practice.
In practice, there is.    Yogi Berra


--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Archive: http://lists.debian.org/50b022a1.4040...@meetinghouse.net

Re: Can Debian's paranoia be tamed

[Richard Owlett]

Miles Fidelman wrote:

Richard Owlett wrote:

Miles Fidelman wrote:

Richard Owlett wrote:

Miles Fidelman wrote:


you might try using expert mode when installing, and then
answering yes when the installer asks about enabling root
login,


That did not work.


That's rather odd.  The installer always asks me to set up a
root account, before setting up an account for the first
user, just before configuring the clock.


Those steps took place as you expected.
When I said "That did not work" I could have said "that
did not accomplish my goal".


As in, you were not able to log in as root, even though
you'd enabled root and provided a root password during
installation? That's also kind of weird.  What about logging
in as a normal user, and then opening a terminal window and
typing "su" ?


That was *NOT* my goal .
When booting, I wished "world domination" so to speak ;/

"su" and "sudo" kept doing THEIR thing.






You're pretty limited without access to a repository,


As far as I'm concerned I do. That's why I purchased the 8
DVD set. Admittedly it is a snapshot in time. But that
suits my needs/desires. As my goal is primarily
educational - a constant environment has its advantages.


Interesting.  I didn't realize you could get a full snapshot
of packages.debian.org.



Did I say anything about "full"?
For *ALL* practical purposes I got a 'snapshot' of 
../pool/main ;)


People keep reading THEIR goals into what I do.


--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Archive: http://lists.debian.org/50b01ac0.3020...@cloud85.net

Re: Can Debian's paranoia be tamed

[Miles Fidelman]

Ralf Mardorf wrote:

spinymouse@q:~$ sudo -i
[sudo] password for spinymouse:
root@q:~#


ahh... that's a good one, I've always used:
sudo su
which does the same thing

Miles

--
In theory, there is no difference between theory and practice.
In practice, there is.    Yogi Berra


--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Archive: http://lists.debian.org/50b0133a.9060...@meetinghouse.net

Re: Can Debian's paranoia be tamed

[Miles Fidelman]

Richard Owlett wrote:

Miles Fidelman wrote:

Richard Owlett wrote:

Miles Fidelman wrote:


you might try using expert mode when installing, and then
answering yes when the installer asks about enabling root
login,


That did not work.


That's rather odd.  The installer always asks me to set up a
root account, before setting up an account for the first
user, just before configuring the clock.


Those steps took place as you expected.
When I said "That did not work" I could have said "that did not 
accomplish my goal".


As in, you were not able to log in as root, even though you'd enabled 
root and provided a root password during installation? That's also kind 
of weird.  What about logging in as a normal user, and then opening a 
terminal window and typing "su" ?





You're pretty limited without access to a repository,


As far as I'm concerned I do. That's why I purchased the 8 DVD set. 
Admittedly it is a snapshot in time. But that suits my needs/desires. 
As my goal is primarily educational - a constant environment has its 
advantages.


Interesting.  I didn't realize you could get a full snapshot of 
packages.debian.org.








--
In theory, there is no difference between theory and practice.
In practice, there is.    Yogi Berra


--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Archive: http://lists.debian.org/50b01252.9090...@meetinghouse.net

Re: Can Debian's paranoia be tamed

[Ralf Mardorf]

On Fri, 2012-11-23 at 17:23 -0600, John Hasler wrote:
> Nate writes:
> > Some things seem to fail with 'sudo'.
> 
> Sudo applies only to the single command that follows it.  Thus if you
> type 'sudo' followed by a pipeline, for example, you may not get the
> result you expect.  


http://ubuntuforums.org/showthread.php?t=766891



-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/1353715015.11101.60.camel@q

Re: Can Debian's paranoia be tamed

[Ralf Mardorf]

On Fri, 2012-11-23 at 17:04 -0600, Nate Bargmann wrote:
> * On 2012 23 Nov 16:18 -0600, berenger.mo...@neutralite.org wrote:
> > 
> > 
> > Le 23.11.2012 22:19, Miles Fidelman a écrit :
> > >Richard Owlett wrote:
> > >>Miles Fidelman wrote:
> > >>>
> > >>>you might try using expert mode when installing, and then
> > >>>answering yes when the installer asks about enabling root
> > >>>login,
> > >>
> > >>That did not work.
> > >
> > >That's rather odd.  The installer always asks me to set up a root
> > >account, before setting up an account for the first user, just before
> > >configuring the clock.
> > 
> > If I am not wrong, when you choose to disable root, it means you can
> > only have root rights with sudo, su or login as root just does not
> > work.
> 
> On Ubuntu distros set up like that, 'sudo su' has worked on the rare
> occasion a root shell prompt was needed.  Some things seem to fail with
> 'sudo'.  Once in the root shell it is a trivial matter to set a password
> for 'root' and have a root login available at a virtual terminal prompt.
> 
> - Nate

spinymouse@q:~$ sudo -i
[sudo] password for spinymouse: 
root@q:~#


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/1353714822.11101.59.camel@q

Re: Can Debian's paranoia be tamed

[Richard Owlett]

Miles Fidelman wrote:

Richard Owlett wrote:

Miles Fidelman wrote:


you might try using expert mode when installing, and then
answering yes when the installer asks about enabling root
login,


That did not work.


That's rather odd.  The installer always asks me to set up a
root account, before setting up an account for the first
user, just before configuring the clock.


Those steps took place as you expected.
When I said "That did not work" I could have said "that did 
not accomplish my goal".

MPR's suggestion seems to have accomplished my goal.
_*NOTE BENE*_
That MPR's advice worked should encourage all system 
administrators to keep their systems physically secure as 
well as using strong passwords etc.





(note: it's a good idea to disable remote telnet login
before doing so; maybe install ssh if you want remote
access)


Not necessary. There is not now, nor will there be any
connection to the rest of the world.



That would seem a bit crippling.


Actually it is liberating.
Go back and reread my original post.
Does it not specify an environment that would never apply to 
99.% of this group ;/




 Most of the power and
unique aspects of Debian lie in the packaging system and apt
- which aren't very useful without a network connection.


Chuckle. You you haven't been present when I've sputtered 
abut Debian users are *IDENTICAL* to Debian developers ;/



You're pretty limited without access to a repository,


As far as I'm concerned I do. That's why I purchased the 8 
DVD set. Admittedly it is a snapshot in time. But that suits 
my needs/desires. As my goal is primarily educational - a 
constant environment has its advantages.




and
once you connect for outbound use, you're potentially
exposed to attack (though NAT routers and firewalls can
help).  Without an outside connection, you're also unable to
use  NTP to keep your clock accurate.


A sundial would provide all the precision that I need. 
[CAVEAT LECTOR: precision <> readability <> accuracy by 
definition ;]




Miles Fidelman





--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Archive: http://lists.debian.org/50b00935.1060...@cloud85.net

Re: Can Debian's paranoia be tamed

[John Hasler]

Nate writes:
> Some things seem to fail with 'sudo'.

Sudo applies only to the single command that follows it.  Thus if you
type 'sudo' followed by a pipeline, for example, you may not get the
result you expect.  
-- 
John Hasler


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/874nkf3nv5@thumper.dhh.gt.org

Re: Can Debian's paranoia be tamed

[Nate Bargmann]

* On 2012 23 Nov 16:18 -0600, berenger.mo...@neutralite.org wrote:
> 
> 
> Le 23.11.2012 22:19, Miles Fidelman a écrit :
> >Richard Owlett wrote:
> >>Miles Fidelman wrote:
> >>>
> >>>you might try using expert mode when installing, and then
> >>>answering yes when the installer asks about enabling root
> >>>login,
> >>
> >>That did not work.
> >
> >That's rather odd.  The installer always asks me to set up a root
> >account, before setting up an account for the first user, just before
> >configuring the clock.
> 
> If I am not wrong, when you choose to disable root, it means you can
> only have root rights with sudo, su or login as root just does not
> work.

On Ubuntu distros set up like that, 'sudo su' has worked on the rare
occasion a root shell prompt was needed.  Some things seem to fail with
'sudo'.  Once in the root shell it is a trivial matter to set a password
for 'root' and have a root login available at a virtual terminal prompt.

- Nate

-- 

"The optimist proclaims that we live in the best of all
possible worlds.  The pessimist fears this is true."

Ham radio, Linux, bikes, and more: http://www.n0nb.us


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/20121123230427.ga6...@n0nb.us

Re: Can Debian's paranoia be tamed

[Ralf Mardorf]

On Fri, 2012-11-23 at 17:13 -0500, Stefan Monnier wrote:
> > Decent desktop environments allow you to use the window manager of
> > your choice.
> 
> Decency seems to be a dying breed, sadly ;-)

It started a long time ago with some insane hard dependencies and for
many distros it has become much more extreme than it is for Debian. In
the future it will become that bad for Debian too. However, the WM has
less to do with login, the display manager is more important.



-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/1353709528.11101.45.camel@q

Re: Can Debian's paranoia be tamed

[Ralf Mardorf]

On Fri, 2012-11-23 at 14:43 -0600, Richard Owlett wrote:
> MPR wrote:
> > On Thu, Nov 22, 2012 at 10:06 AM, Richard Owlett  
> > wrote:
> >> Darac Marjal wrote:
> >>>
> >>> Log in as root?
> >>
> >> Effectively that's what I want.
> >> BUT neither 'root' nor 'superuser' is recognized by Gnome login screen :<
> >
> > Edit /etc/passwd and change the UID and GID for your login to 0 (which
> > effectively makes you root). Then "chown -R root:root /home/username"
> > to your home directory. Now you can log in with your username but you
> > will be root.
> >
> 
> That seems to have the effect I was looking for. I modified 
> some one else advice (suggestion main background color be 
> bright re) and chose a user name which conveys use caution 
> and st the top and bottom of screen red - whole screen being 
> red would not work well for me.


That's more strange than simply enable login for root. /home for root
should be /root.



-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/1353708418.11101.39.camel@q

Re: Can Debian's paranoia be tamed

[berenger . morel]

Le 23.11.2012 22:19, Miles Fidelman a écrit :

Richard Owlett wrote:

Miles Fidelman wrote:


you might try using expert mode when installing, and then
answering yes when the installer asks about enabling root
login,


That did not work.


That's rather odd.  The installer always asks me to set up a root
account, before setting up an account for the first user, just before
configuring the clock.


If I am not wrong, when you choose to disable root, it means you can 
only have root rights with sudo, su or login as root just does not work.



--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/b50390eda2fde6a1759b7285d2ccb...@neutralite.org

Re: Can Debian's paranoia be tamed

[Stefan Monnier]

> Decent desktop environments allow you to use the window manager of
> your choice.

Decency seems to be a dying breed, sadly ;-)


Stefan


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: 
http://lists.debian.org/jwvip8waryg.fsf-monnier+gmane.linux.debian.u...@gnu.org

Re: Can Debian's paranoia be tamed

[latinfo]

>> Le 22.11.2012 18:00, Richard Owlett a écrit :
>> >I've a laptop whose *SOLE* purpose in life is to be used in a manner
>> >that a even I would never do on a machine with real data on it.
>> >It has intrinsically the best security in place
>> >  Only _*I*_ have physical access to the machine.
>> >  It has no possibility of connecting to the internet.
>> >  It will *never* be updated.
>> >  The installation CD lives in the drive, for various reasons the
>> >hard drive is wiped and reinstall done 2-3 times per week.
>> >When I boot I want to do *ANYTHING*!
>> >HOW?

> /etc/kde4/kdmrc or the equivalent for gdm3 - there should be an option for
> AllowRootLogin = false
> Change to AllowRootLogin = true
> and you should be fine.
>
> AndyC

Or:

Gnome:
/etc/pam.d/gdm3
authrequiredpam_succeed_if.so user != root quiet_success
Change to:
# auth  requiredpam_succeed_if.so user != root quiet_success
and continue being free to do what you want with your OS.


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: 
http://lists.debian.org/97087fd7d4f5520041d720d395dbac95.squir...@mail.vcn.bc.ca

Re: Can Debian's paranoia be tamed

[Miles Fidelman]

Richard Owlett wrote:

Miles Fidelman wrote:


you might try using expert mode when installing, and then
answering yes when the installer asks about enabling root
login,


That did not work.


That's rather odd.  The installer always asks me to set up a root 
account, before setting up an account for the first user, just before 
configuring the clock.



(note: it's a good idea to disable remote telnet login
before doing so; maybe install ssh if you want remote access)


Not necessary. There is not now, nor will there be any connection to 
the rest of the world.




That would seem a bit crippling.  Most of the power and unique aspects 
of Debian lie in the packaging system and apt - which aren't very useful 
without a network connection.  You're pretty limited without access to a 
repository, and once you connect for outbound use, you're potentially 
exposed to attack (though NAT routers and firewalls can help).  Without 
an outside connection, you're also unable to use  NTP to keep your clock 
accurate.


Miles Fidelman


--
In theory, there is no difference between theory and practice.
In practice, there is.    Yogi Berra


--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Archive: http://lists.debian.org/50afe848.4030...@meetinghouse.net

Re: Can Debian's paranoia be tamed

[Richard Owlett]

Miles Fidelman wrote:

MPR wrote:

On Thu, Nov 22, 2012 at 10:06 AM, Richard Owlett
 wrote:

Darac Marjal wrote:

Log in as root?

Effectively that's what I want.
BUT neither 'root' nor 'superuser' is recognized by Gnome
login screen :<

Edit /etc/passwd and change the UID and GID for your login
to 0 (which
effectively makes you root). Then "chown -R root:root
/home/username"
to your home directory. Now you can log in with your
username but you
will be root.


you might try using expert mode when installing, and then
answering yes when the installer asks about enabling root
login,


That did not work.


 or.. google "debian enable root login" and you'll
find multiple ways to enable root login after the fact


I'll check that out.


(note: it's a good idea to disable remote telnet login
before doing so; maybe install ssh if you want remote access)


Not necessary. There is not now, nor will there be any 
connection to the rest of the world.


Subject line indicated I wished to tame _Debian's_ paranoia.
I never had any intention of eliminating any of my own ;!







--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Archive: http://lists.debian.org/50afe110.7000...@cloud85.net

Re: Can Debian's paranoia be tamed

[Richard Owlett]

MPR wrote:

On Thu, Nov 22, 2012 at 10:06 AM, Richard Owlett  wrote:

Darac Marjal wrote:


Log in as root?


Effectively that's what I want.
BUT neither 'root' nor 'superuser' is recognized by Gnome login screen :<


Edit /etc/passwd and change the UID and GID for your login to 0 (which
effectively makes you root). Then "chown -R root:root /home/username"
to your home directory. Now you can log in with your username but you
will be root.



That seems to have the effect I was looking for. I modified 
some one else advice (suggestion main background color be 
bright re) and chose a user name which conveys use caution 
and st the top and bottom of screen red - whole screen being 
red would not work well for me.



--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Archive: http://lists.debian.org/50afdfd5.4010...@cloud85.net

Re: Can Debian's paranoia be tamed

[Ralf Mardorf]

On Thu, 2012-11-22 at 12:10 -0700, Glenn English wrote:
> A little CLI typing will fix right up that lack of a GUI root login. 
> Sometimes it's necessary. A suggestion, though: when you do manage to get 
> root in a GUI, make the background a bright, solid red to remind yourself of 
> where you are.
> 
> But I'm hoping Debian's paranoia will never go away. I use Debian because of 
> what I consider it's (relative) security and reliability. As an admin, I like 
> that the software at least tries to keep me from shooting myself in the foot. 
> 
> The multi-level releases are a good idea, IMHO. If I want my servers to 
> really work, I can use stable. If I want to check out a little more modern 
> (and possibly buggy) software, I can use one of the others -- with lots of 
> beta testers.
> 
> I hope Debian's paranoia is never 'tamed.' As long as there are workarounds 
> like startx and su -, and sudo...

I recommend to read about su and sudo and how to set up or disable such
accounts, with and without password required. Policykit, setuid etc. and
how to set up a DE manually, e.g. how to start the display manager.

After knowing all this, it's easy to log in as root for the desktop
environment, but nobody with this knowledge will do this.

2 Cents,
Ralf


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/1353700772.6366.65.camel@q

Re: Can Debian's paranoia be tamed

[lina]

On 23 Nov, 2012, at 20:13, Richard Owlett  wrote:

> lina wrote:
>> On Friday 23,November,2012 01:00 AM, Richard Owlett wrote:
>>> I've a laptop whose *SOLE* purpose in life is to be used in a manner
>>> that a even I would never do on a machine with real data on it.
>>> It has intrinsically the best security in place
>>>   Only _*I*_ have physical access to the machine.
>>>   It has no possibility of connecting to the internet.
>>>   It will *never* be updated.
>>>   The installation CD lives in the drive, for various reasons the hard
>>> drive is wiped and reinstall done 2-3 times per week.
>>> 
>>> When I boot I want to do *ANYTHING*!
>>> HOW?
>>> 
>>> {Owl now ducks for cover from incoming brick-a-brac ;}
>> 
>> Out of pure curiosity, why this machine to be "chastened" in this way?
> 
> *ROFL* - you were much gentler than various long time friends and relatives ;)
> 
> Actually there are solid reasons my work pattern. As to the dramatic 
> description, that has a different rationale.
> 
> As to the machine, I'm a "learn by doing" learner. In my three score and ten 
> I've learned that failure can be much more instructive than success.

It's said, the more risk the more rewards. 

My head is a bit small to understand it profoundly. Anyway thanks for your 
reply. 

> Therefore I can assume the machine will eventually be trashed in varying 
> degrees. As to the frequent reinstalls, I haven't decided what configuration 
> I want. The only way to find out is to try each of the options.
> 
> As to the statement, I was editorializing a bit (my bits are larger than 
> average). One of my pet peeves are those saying that automatically applied 
> security blankets can solve all security problems. I was trying to hint that 
> security in the end depends on the user. *nix environments have historically 
> been multi-user. That made it reasonable that the OS be very security 
> conscious. Personal computers are called *personal* for a reason.
> 
> 


--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/d3848ea0-cdae-48a4-9a86-433409225...@gmail.com

Re: Can Debian's paranoia be tamed

[Richard Owlett]

berenger.mo...@neutralite.org wrote:

Le 23.11.2012 02:06, Richard Owlett a écrit :

berenger.mo...@neutralite.org wrote:

Remove gdm, and put in the file "/root/.bash_profile"
following lines:
===
if [ -z "$DISPLAY" ] && [ $(tty) == /dev/tty1 ];then
 startx
fi
===
To have a auto-login, you can also modify "/etc/inittab" and
replace a "/sbin/getty" by "/bin/sh".
The better with those solutions is the removal of a useless
software.


That is reason I'm learning Debian instead of Ubuntu.
I'm exploring just how many undesired I get with any
flavor of Gnome.
I suspect I'm looking more for a display manager than a
desktop
environment. I'm beginning to think the line between them
can at times
be blurry.


I can understand, I did the same.
IMHO, best WM are tiling one, and in those, I have choosen
i3, for it's ease of configuration and the philosophy is not
to limit the number of lines of code, just to not add
useless features (avoid making a bloatware)


I experimented with several desktops and liked the look and 
feel of Gnome best. That may change with the newest Gnome - 
do not like what I've seen so far.




My other advice would like to install debian with as less
packagages as possible: aka: disable all task at install
time, and add softwares one after one when you need it.


That's the procedure I've been using.


Also, keep a file to remember which soft you prefer, because
you'll need many experimentation.


I hope to do that by a series of preseed.cfg files. That 
will allow me to easily reinstall a previous configuration 
for comparison to whatever is my current "favorite".



--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Archive: http://lists.debian.org/50af6ab5.1040...@cloud85.net

Re: Can Debian's paranoia be tamed

[Richard Owlett]

lina wrote:

On Friday 23,November,2012 01:00 AM, Richard Owlett wrote:

I've a laptop whose *SOLE* purpose in life is to be used in a manner
that a even I would never do on a machine with real data on it.
It has intrinsically the best security in place
   Only _*I*_ have physical access to the machine.
   It has no possibility of connecting to the internet.
   It will *never* be updated.
   The installation CD lives in the drive, for various reasons the hard
drive is wiped and reinstall done 2-3 times per week.

When I boot I want to do *ANYTHING*!
HOW?

{Owl now ducks for cover from incoming brick-a-brac ;}





Out of pure curiosity, why this machine to be "chastened" in this way?



*ROFL* - you were much gentler than various long time 
friends and relatives ;)


Actually there are solid reasons my work pattern. As to the 
dramatic description, that has a different rationale.


As to the machine, I'm a "learn by doing" learner. In my 
three score and ten I've learned that failure can be much 
more instructive than success. Therefore I can assume the 
machine will eventually be trashed in varying degrees. As to 
the frequent reinstalls, I haven't decided what 
configuration I want. The only way to find out is to try 
each of the options.


As to the statement, I was editorializing a bit (my bits are 
larger than average). One of my pet peeves are those saying 
that automatically applied security blankets can solve all 
security problems. I was trying to hint that security in the 
end depends on the user. *nix environments have historically 
been multi-user. That made it reasonable that the OS be very 
security conscious. Personal computers are called *personal* 
for a reason.




--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Archive: http://lists.debian.org/50af684f.6060...@cloud85.net

Re: Can Debian's paranoia be tamed

[lina]

On Friday 23,November,2012 01:00 AM, Richard Owlett wrote:
> I've a laptop whose *SOLE* purpose in life is to be used in a manner
> that a even I would never do on a machine with real data on it.
> It has intrinsically the best security in place
>   Only _*I*_ have physical access to the machine.
>   It has no possibility of connecting to the internet.
>   It will *never* be updated.
>   The installation CD lives in the drive, for various reasons the hard
> drive is wiped and reinstall done 2-3 times per week.
> 
> When I boot I want to do *ANYTHING*!
> HOW?
> 
> {Owl now ducks for cover from incoming brick-a-brac ;}
>  
> 
> 

Out of pure curiosity, why this machine to be "chastened" in this way?


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/50af53ff.1060...@gmail.com

Re: Can Debian's paranoia be tamed

[berenger . morel]

Display managers, and particularly window managers and desktop
environments  are
often confounded.  A window manager is a component of a desktop
environment.  Decent desktop environments allow you to use the window
manager of your choice.
True, but I always had problems to know in what they are useful? Maybe 
to automate distant connection configuration? Most users only use them 
as a replacement of getty to start an xsession, I think, and for that 
use, I wonder if it is really useful.


Of course, I respect the fact people use it, but if someone could 
explain me why, I would be happy to learn.



--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Archive: http://lists.debian.org/bec646bfdb68e51a0d7c11ccafd30...@neutralite.org

Re: Can Debian's paranoia be tamed

[berenger . morel]

Le 23.11.2012 02:06, Richard Owlett a écrit :

berenger.mo...@neutralite.org wrote:

Remove gdm, and put in the file "/root/.bash_profile"
following lines:
===
if [ -z "$DISPLAY" ] && [ $(tty) == /dev/tty1 ];then
 startx
fi
===
To have a auto-login, you can also modify "/etc/inittab" and
replace a "/sbin/getty" by "/bin/sh".
The better with those solutions is the removal of a useless
software.


That is reason I'm learning Debian instead of Ubuntu.
I'm exploring just how many undesired I get with any flavor of Gnome.
I suspect I'm looking more for a display manager than a desktop
environment. I'm beginning to think the line between them can at 
times

be blurry.


I can understand, I did the same.
IMHO, best WM are tiling one, and in those, I have choosen i3, for it's 
ease of configuration and the philosophy is not to limit the number of 
lines of code, just to not add useless features (avoid making a 
bloatware)


My other advice would like to install debian with as less packagages as 
possible: aka: disable all task at install time, and add softwares one 
after one when you need it. Also, keep a file to remember which soft you 
prefer, because you'll need many experimentation.



--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/57942549fd3b0ef61bcd670539c28...@neutralite.org

Re: Can Debian's paranoia be tamed

[John Hasler]

Richard Owlett writes:
> I suspect I'm looking more for a display manager than a desktop
> environment.

You don't mean a display manager: that's GDM, XDM, etc
.  You mean a window
manager such as FVWM, etc .

> I'm beginning to think the line between them can at times be blurry.

Display managers, and particularly window managers and desktop
environments  are
often confounded.  A window manager is a component of a desktop
environment.  Decent desktop environments allow you to use the window
manager of your choice.

-- 
John Hasler


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/87fw412gfv@thumper.dhh.gt.org

Re: Can Debian's paranoia be tamed

[Richard Owlett]

berenger.mo...@neutralite.org wrote:

Remove gdm, and put in the file "/root/.bash_profile"
following lines:
===
if [ -z "$DISPLAY" ] && [ $(tty) == /dev/tty1 ];then
 startx
fi
===
To have a auto-login, you can also modify "/etc/inittab" and
replace a "/sbin/getty" by "/bin/sh".
The better with those solutions is the removal of a useless
software.


That is reason I'm learning Debian instead of Ubuntu.
I'm exploring just how many undesired I get with any flavor 
of Gnome. I suspect I'm looking more for a display manager 
than a desktop environment. I'm beginning to think the line 
between them can at times be blurry.



The problem is that you will not have a shiny
background while you are not logged in.


No problem. I'm of the CPM-80 era.



Of course, you asked for a very unsecure trick, do that at
your own risk if someone or yourself in another state (say,
after a nice night with friends and beers ;)) can access
physically your computer... but you said it was not the case.
And, seriously, windows users do that by default and their
computers works not so bad.

Le 22.11.2012 18:00, Richard Owlett a écrit :

I've a laptop whose *SOLE* purpose in life is to be used
in a manner
that a even I would never do on a machine with real data
on it.
It has intrinsically the best security in place
  Only _*I*_ have physical access to the machine.
  It has no possibility of connecting to the internet.
  It will *never* be updated.
  The installation CD lives in the drive, for various
reasons the
hard drive is wiped and reinstall done 2-3 times per week.

When I boot I want to do *ANYTHING*!
HOW?

{Owl now ducks for cover from incoming brick-a-brac ;}






--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Archive: http://lists.debian.org/50aecc33.5000...@cloud85.net

Re: Can Debian's paranoia be tamed

[Richard Owlett]

green wrote:

Richard Owlett wrote at 2012-11-22 11:00 -0600:

   The installation CD lives in the drive, for various reasons the
hard drive is wiped and reinstall done 2-3 times per week.

When I boot I want to do *ANYTHING*!
HOW?


Use grml instead?



Not looking for a "live" system. I'm only looking to "tame" 
Debian until I know all its possibilities. "Security" in 
itself is good/necessary but not "automagic" that tries to 
out think the user.





--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Archive: http://lists.debian.org/50aec55d.3080...@cloud85.net

Re: Can Debian's paranoia be tamed

[Richard Owlett]

Tom Grace wrote:

On 22/11/12 18:06, Richard Owlett wrote:


Effectively that's what I want.
BUT neither 'root' nor 'superuser' is recognized by Gnome login screen :<


Presuming you're using GDM, maybe this will help you out?
http://projects.gnome.org/gdm/docs/2.14/configuration.html#securitysection

You could even get it to auto login if you want.




That documentation is for version 2.14.0. I have 3.30.6 
installed. I now know what to read tomorrow ;)
It may not be current, but it may get me asking "right" 
questions.

Thanks.


--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Archive: http://lists.debian.org/50aec288.8010...@cloud85.net

Re: Can Debian's paranoia be tamed

[Miles Fidelman]

MPR wrote:

On Thu, Nov 22, 2012 at 10:06 AM, Richard Owlett  wrote:

Darac Marjal wrote:

Log in as root?

Effectively that's what I want.
BUT neither 'root' nor 'superuser' is recognized by Gnome login screen :<

Edit /etc/passwd and change the UID and GID for your login to 0 (which
effectively makes you root). Then "chown -R root:root /home/username"
to your home directory. Now you can log in with your username but you
will be root.


you might try using expert mode when installing, and then answering yes 
when the installer asks about enabling root login, or.. google "debian 
enable root login" and you'll find multiple ways to enable root login 
after the fact (note: it's a good idea to disable remote telnet login 
before doing so; maybe install ssh if you want remote access)


--
In theory, there is no difference between theory and practice.
In practice, there is.    Yogi Berra


--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Archive: http://lists.debian.org/50aebbe9.8030...@meetinghouse.net

Re: Can Debian's paranoia be tamed

[MPR]

On Thu, Nov 22, 2012 at 10:06 AM, Richard Owlett  wrote:
> Darac Marjal wrote:
>>
>> Log in as root?
>
> Effectively that's what I want.
> BUT neither 'root' nor 'superuser' is recognized by Gnome login screen :<

Edit /etc/passwd and change the UID and GID for your login to 0 (which
effectively makes you root). Then "chown -R root:root /home/username"
to your home directory. Now you can log in with your username but you
will be root.


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: 
http://lists.debian.org/can3v7bqrjcwxbhsctkiyktvcie7faszz8lrulytythz2psm...@mail.gmail.com

Re: Can Debian's paranoia be tamed

[Andrew M.A. Cater]

On Thu, Nov 22, 2012 at 10:30:54PM +0100, berenger.mo...@neutralite.org wrote:
> Remove gdm, and put in the file "/root/.bash_profile" following lines:
> ===
> if [ -z "$DISPLAY" ] && [ $(tty) == /dev/tty1 ];then
>   startx
> fi
> ===
> To have a auto-login, you can also modify "/etc/inittab" and replace
> a "/sbin/getty" by "/bin/sh".
> The better with those solutions is the removal of a useless
> software. The problem is that you will not have a shiny background
> while you are not logged in.
> 
> Of course, you asked for a very unsecure trick, do that at your own
> risk if someone or yourself in another state (say, after a nice
> night with friends and beers ;)) can access physically your
> computer... but you said it was not the case.
> And, seriously, windows users do that by default and their computers
> works not so bad.
> 
> Le 22.11.2012 18:00, Richard Owlett a écrit :
> >I've a laptop whose *SOLE* purpose in life is to be used in a manner
> >that a even I would never do on a machine with real data on it.
> >It has intrinsically the best security in place
> >  Only _*I*_ have physical access to the machine.
> >  It has no possibility of connecting to the internet.
> >  It will *never* be updated.
> >  The installation CD lives in the drive, for various reasons the
> >hard drive is wiped and reinstall done 2-3 times per week.
> >
> >When I boot I want to do *ANYTHING*!
> >HOW?
> >
> >{Owl now ducks for cover from incoming brick-a-brac ;}
> 
> 
> -- 
> To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a
> subject of "unsubscribe". Trouble? Contact
> listmas...@lists.debian.org
> Archive: 
> http://lists.debian.org/bd643219ceb49b94ab1d615a37cdc...@neutralite.org

/etc/kde4/kdmrc or the equivalent for gdm3 - there should be an option for

AllowRootLogin = false

Change to AllowRootLogin = true

and you should be fine.

AndyC


--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/2012110205.ga6...@galactic.demon.co.uk

Re: Can Debian's paranoia be tamed

[berenger . morel]

Remove gdm, and put in the file "/root/.bash_profile" following lines:
===
if [ -z "$DISPLAY" ] && [ $(tty) == /dev/tty1 ];then
startx
fi
===
To have a auto-login, you can also modify "/etc/inittab" and replace a 
"/sbin/getty" by "/bin/sh".
The better with those solutions is the removal of a useless software. 
The problem is that you will not have a shiny background while you are 
not logged in.


Of course, you asked for a very unsecure trick, do that at your own 
risk if someone or yourself in another state (say, after a nice night 
with friends and beers ;)) can access physically your computer... but 
you said it was not the case.
And, seriously, windows users do that by default and their computers 
works not so bad.


Le 22.11.2012 18:00, Richard Owlett a écrit :

I've a laptop whose *SOLE* purpose in life is to be used in a manner
that a even I would never do on a machine with real data on it.
It has intrinsically the best security in place
  Only _*I*_ have physical access to the machine.
  It has no possibility of connecting to the internet.
  It will *never* be updated.
  The installation CD lives in the drive, for various reasons the
hard drive is wiped and reinstall done 2-3 times per week.

When I boot I want to do *ANYTHING*!
HOW?

{Owl now ducks for cover from incoming brick-a-brac ;}



--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/bd643219ceb49b94ab1d615a37cdc...@neutralite.org

Re: Can Debian's paranoia be tamed

[Glenn English]

A little CLI typing will fix right up that lack of a GUI root login. Sometimes 
it's necessary. A suggestion, though: when you do manage to get root in a GUI, 
make the background a bright, solid red to remind yourself of where you are.

But I'm hoping Debian's paranoia will never go away. I use Debian because of 
what I consider it's (relative) security and reliability. As an admin, I like 
that the software at least tries to keep me from shooting myself in the foot. 

The multi-level releases are a good idea, IMHO. If I want my servers to really 
work, I can use stable. If I want to check out a little more modern (and 
possibly buggy) software, I can use one of the others -- with lots of beta 
testers.

I hope Debian's paranoia is never 'tamed.' As long as there are workarounds 
like startx and su -, and sudo...

-- 
Glenn English





--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: 
http://lists.debian.org/2244b401-1f86-4a9e-91a5-7db561130...@slsware.com

Re: Can Debian's paranoia be tamed

[Beco]

On Thu, Nov 22, 2012 at 3:17 PM, Tom Grace
 wrote:
> On 22/11/12 18:06, Richard Owlett wrote:
>>
>> Effectively that's what I want.
>> BUT neither 'root' nor 'superuser' is recognized by Gnome login screen :<
>
> Presuming you're using GDM, maybe this will help you out?
> http://projects.gnome.org/gdm/docs/2.14/configuration.html#securitysection
>
> You could even get it to auto login if you want.
>
>
> --




Hi there,

In the same subject: my computer is not THAT safe (it has internet and
all), but I recall years ago I could login as root (KDE). Now I can't.

What to change to allow that?

(I know it's a bad idea, no need to say.)


Thanks!
Beco







-- 
Dr Beco
A.I. researcher

--> . <--

"Look again at that dot. That's here. That's home. That's us. On it
everyone you love, everyone you know..." (Carl Sagan, 1934-1996)


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: 
http://lists.debian.org/caluyw2zpx_l1rjfyq5nukf8tttu81apjjbn8f1evlwnipyb...@mail.gmail.com

Re: Can Debian's paranoia be tamed

[Tom Grace]

On 22/11/12 18:06, Richard Owlett wrote:
> 
> Effectively that's what I want.
> BUT neither 'root' nor 'superuser' is recognized by Gnome login screen :<

Presuming you're using GDM, maybe this will help you out?
http://projects.gnome.org/gdm/docs/2.14/configuration.html#securitysection

You could even get it to auto login if you want.


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/50ae6c57.4070...@deathbycomputers.co.uk

Re: Can Debian's paranoia be tamed

[green]

Richard Owlett wrote at 2012-11-22 11:00 -0600:
>   The installation CD lives in the drive, for various reasons the
> hard drive is wiped and reinstall done 2-3 times per week.
> 
> When I boot I want to do *ANYTHING*!
> HOW?

Use grml instead?


signature.asc
Description: Digital signature

Re: Can Debian's paranoia be tamed

[b.g. white]

Start without X. Log in as root. Start X
On Nov 22, 2012 11:20 AM, "Darac Marjal"  wrote:

> On Thu, Nov 22, 2012 at 11:00:17AM -0600, Richard Owlett wrote:
> > I've a laptop whose *SOLE* purpose in life is to be used in a manner
> > that a even I would never do on a machine with real data on it.
> > It has intrinsically the best security in place
> >   Only _*I*_ have physical access to the machine.
> >   It has no possibility of connecting to the internet.
> >   It will *never* be updated.
> >   The installation CD lives in the drive, for various reasons the
> > hard drive is wiped and reinstall done 2-3 times per week.
> >
> > When I boot I want to do *ANYTHING*!
> > HOW?
>
> Log in as root?
>
>

Re: Can Debian's paranoia be tamed

[Richard Owlett]

Darac Marjal wrote:

On Thu, Nov 22, 2012 at 11:00:17AM -0600, Richard Owlett wrote:

I've a laptop whose *SOLE* purpose in life is to be used in a manner
that a even I would never do on a machine with real data on it.
It has intrinsically the best security in place
   Only _*I*_ have physical access to the machine.
   It has no possibility of connecting to the internet.
   It will *never* be updated.
   The installation CD lives in the drive, for various reasons the
hard drive is wiped and reinstall done 2-3 times per week.

When I boot I want to do *ANYTHING*!
HOW?


Log in as root?



Effectively that's what I want.
BUT neither 'root' nor 'superuser' is recognized by Gnome 
login screen :<


[installed from Debian GNU/Linux 6.0.5 "Squeeze" - Official 
i386 DVD Binary-1 20120512-13:45]





--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Archive: http://lists.debian.org/50ae69ae.90...@cloud85.net

Re: Can Debian's paranoia be tamed

[Darac Marjal]

On Thu, Nov 22, 2012 at 11:00:17AM -0600, Richard Owlett wrote:
> I've a laptop whose *SOLE* purpose in life is to be used in a manner
> that a even I would never do on a machine with real data on it.
> It has intrinsically the best security in place
>   Only _*I*_ have physical access to the machine.
>   It has no possibility of connecting to the internet.
>   It will *never* be updated.
>   The installation CD lives in the drive, for various reasons the
> hard drive is wiped and reinstall done 2-3 times per week.
> 
> When I boot I want to do *ANYTHING*!
> HOW?

Log in as root?



signature.asc
Description: Digital signature

Can Debian's paranoia be tamed

[Richard Owlett]

I've a laptop whose *SOLE* purpose in life is to be used in 
a manner that a even I would never do on a machine with real 
data on it.

It has intrinsically the best security in place
  Only _*I*_ have physical access to the machine.
  It has no possibility of connecting to the internet.
  It will *never* be updated.
  The installation CD lives in the drive, for various 
reasons the hard drive is wiped and reinstall done 2-3 times 
per week.


When I boot I want to do *ANYTHING*!
HOW?

{Owl now ducks for cover from incoming brick-a-brac ;}



--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Archive: http://lists.debian.org/50ae5a21.5030...@cloud85.net