Re: How to gain control over the system?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Sun, Jul 16, 2017 at 09:42:46AM -0400, RavenLX wrote: [...] > I use a laptop but I've never needed to ssh into a laptop computer. > Also, if you want to set up ssh, add ssh client and set up your user > (sudo enabled) account and random obscure port in sshd config. Be > sure to set it up so that it uses a key pair. Then you still won't > need root over ssh. I must have been unclear. I think I explicitly discouraged from allowing root login via SSH (this is the general recommendation out there anyway). The *only* case a root account (with password) may help is a busted boot (e.g. by a root FS file system check dropping into an interactive root session, among other things). There, you need a root password (or alternatively, a rescue medium, if you have one handy). And in this case (root login with password restricted to physical presence) there is no security downside, in the "normal" case (i.e. laptop or workstation). A kiosk or (physically remote) server is a different story, though. Cheers - -- tomás -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux) iEYEARECAAYFAllrer8ACgkQBcgs9XrR2kY5ZACfbrpofJQNLQP86QgM7AVRyXgL qgIAnimLiZVrAverAnPcJYp1JYOCniLF =C82S -END PGP SIGNATURE-
Re: How to gain control over the system?
On 07/12/2017 09:21 AM, to...@tuxteam.de wrote: [snip] I've been following this back-and-forth for a while. Yes, I think it's a good idea to use the root account as little as possible. Myself, I use sudo in the overwhelming majority of cases. But I learnt the hard way that sometimes it's a good idea to keep a root account (with a corresponding password!) around. When the system boots and the root file system is corrupt (or a similar early-boot problem happens), you find yourself staring at a message more or less looking like that: Please enter your root password to start a rescue shell: (message is from memory, but you get the -uh- message). This was shortly after Debian convinced me that having a root password is The Evil Itself. Duh. I'm wiser now. (Yah, there is a workaround for that: a rescue disk, and that's how I got myself out of that, but hey). I have only used a rescue disk once many years ago. That was because of a failing hard drive. Got the data from it OK, thankfully. Of course: no remote login as root (sshd_config). Use sudo in normal life (it's more comfortable, anyway). All that. Use a hard-to-guess root password (pwgen -n 16, for me). But. A root password doesn't make your system more insecure (unless it opens up one more remote access). And sometimes, just sometimes you wish you had one :-) I use a laptop but I've never needed to ssh into a laptop computer. Also, if you want to set up ssh, add ssh client and set up your user (sudo enabled) account and random obscure port in sshd config. Be sure to set it up so that it uses a key pair. Then you still won't need root over ssh. I'm not totally convinced that having a root account accessible 24/7 is a good idea, especially on portable systems that can also be accessed via internet.
Re: How to gain control over the system?
On Thu 13 Jul 2017 at 15:11:59 (+0200), to...@tuxteam.de wrote: > On Thu, Jul 13, 2017 at 01:34:39PM +0200, Kaj Persson wrote: > > [...] > > [added cc debian-user] > > > Can you have this defined from /etc/fstab too? I have had no success > > in that. > > This line in the fstab works for me (note: no systemd here; systemd > is known to do things with mounting, so results may vary): > > # > > /dev/sdb1 /media/usb0 autorw,user,noauto,uid=tomas,gid=tomas > 0 0 > > Season to taste :-) > > Fixed entries in fstab are of limited use for removable media, though: > you never know which device your stick appears as (you might use label > or UUID, depending on your use case). Another way that works for me is lines like: UUID=2017-0401 /media/esxplore4g vfat rw,errors=remount-ro,utf8,shortname=lower,user,noauto,fmask=137,dmask=027 With this, whoever mounts it owns it and gets rw-r- (files) and drwxr-x--- (directories). All our sticks/cards etc have individual mount points, and mount by UUID (fat) or LABEL (ext/fat). The mount points are all created drwx-- root root with identical timestamps, so any with devices mounted on them can easily be spotted. Cheers, David.
Re: How to gain control over the system?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Thu, Jul 13, 2017 at 08:12:46AM -0400, Fungi4All wrote: > > UTC Time: July 13, 2017 11:13 AM > > From: to...@tuxteam.de > > To: debian-user@lists.debian.org > > -BEGIN PGP SIGNED MESSAGE- > > Hash: SHA1 > > On Thu, Jul 13, 2017 at 12:08:27PM +0200, Kaj Persson wrote: > > [...] > >> As always only root can mount a file system. In the case vfat, which > >> does not have an access system by its own, the owner of the mounted > >> system will be root. > > As a hint (I"m not a purist, mind you): I always mount vfat (well, > > at least when I plan to access them as regular user): > > sudo mount -ouid=tomas,gid=tomas /dev/sdb1 /mnt > > This makes my life easier (yes, you can put the user name in there, > > and separating uid=foo,gid=bar with a comma (no space!) should > > work for you. > > As to your original problem... sorry. > > Cheers > > Minor note and question: > If he or anyone else is using other than MSwin more than one linux/unix > system with a common /home partition and wants access to the > same /home/user if "user" corresponds to 1001 in Debian and 1003 in > LinuxX then the name user will not allow access to the other system as > on is user 1001 and the other 1003, two different users with the same > label. The other way around seems to work with my experience, if > 1002 is Deb on one system and 1002 is Ian on another then it shows > as the same user. The true owner is described by the id not the label, > I think! I couldn't really follow your thoughts. It is simple: the command "mount" translates the user and group names to some IDs according to whatever mapping is defined in the current /etc/passwd. Windows... is another story completely. Cheers - -- t -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux) iEYEARECAAYFAllncpkACgkQBcgs9XrR2kZDsgCfX5QhwauiGu4Hk1hw5cKDzl+6 jZcAn1lo3C8WaUrRoJCDxp0ZOavAVudQ =S/Z9 -END PGP SIGNATURE-
Re: How to gain control over the system?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Thu, Jul 13, 2017 at 01:34:39PM +0200, Kaj Persson wrote: [...] [added cc debian-user] > Can you have this defined from /etc/fstab too? I have had no success > in that. This line in the fstab works for me (note: no systemd here; systemd is known to do things with mounting, so results may vary): # /dev/sdb1 /media/usb0 autorw,user,noauto,uid=tomas,gid=tomas 0 0 Season to taste :-) Fixed entries in fstab are of limited use for removable media, though: you never know which device your stick appears as (you might use label or UUID, depending on your use case). Cheers - -- tomás -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux) iEYEARECAAYFAllncZ8ACgkQBcgs9XrR2kb5MQCfRgJDrdom249bF3L+0R7bLTtM miwAnjWQ6TXWUN3NO/5Ckbi7sKcpSgKv =+B/y -END PGP SIGNATURE-
Re: How to gain control over the system?
> UTC Time: July 13, 2017 11:13 AM > From: to...@tuxteam.de > To: debian-user@lists.debian.org > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > On Thu, Jul 13, 2017 at 12:08:27PM +0200, Kaj Persson wrote: > [...] >> As always only root can mount a file system. In the case vfat, which >> does not have an access system by its own, the owner of the mounted >> system will be root. > As a hint (I"m not a purist, mind you): I always mount vfat (well, > at least when I plan to access them as regular user): > sudo mount -ouid=tomas,gid=tomas /dev/sdb1 /mnt > This makes my life easier (yes, you can put the user name in there, > and separating uid=foo,gid=bar with a comma (no space!) should > work for you. > As to your original problem... sorry. > Cheers Minor note and question: If he or anyone else is using other than MSwin more than one linux/unix system with a common /home partition and wants access to the same /home/user if "user" corresponds to 1001 in Debian and 1003 in LinuxX then the name user will not allow access to the other system as on is user 1001 and the other 1003, two different users with the same label. The other way around seems to work with my experience, if 1002 is Deb on one system and 1002 is Ian on another then it shows as the same user. The true owner is described by the id not the label, I think!
Re: How to gain control over the system?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Thu, Jul 13, 2017 at 12:08:27PM +0200, Kaj Persson wrote: [...] > As always only root can mount a file system. In the case vfat, which > does not have an access system by its own, the owner of the mounted > system will be root. As a hint (I'm not a purist, mind you): I always mount vfat (well, at least when I plan to access them as regular user): sudo mount -ouid=tomas,gid=tomas /dev/sdb1 /mnt This makes my life easier (yes, you can put the user name in there, and separating uid=foo,gid=bar with a comma (no space!) should work for you. As to your original problem... sorry. Cheers - -- t -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux) iEYEARECAAYFAllnVdIACgkQBcgs9XrR2kYtnwCfTqIpa9KgpccLP9pC31xEas7v 9TYAn1z/3Zwcv+lNQvGS4Y33btjsptE6 =IyrH -END PGP SIGNATURE-
Re: How to gain control over the system?
On 2017-07-12 at 03:49, Felix Miata wrote: Kaj Persson composed on 2017-07-11 22:29 (UTC+0200): ... ls -Al /home: drwxr-xr-x 39 kaj kaj 16384 jul 11 17:23 kaj OK... and from the command tree -qpadxugL 2 /home: /home ... │ ├── [drwxrwx--- root kaj ] DATA ... │ ├── [drwxrwx--- root kaj ] Hämtningar ... │ ├── [drwxrwx--- root kaj ] Musik │ ├── [drwxrwx--- root kaj ] Nedladd ... Definitely not OK, making one wonder what lurks deeper or elsewhere. and from tree -qpadxugL 3 /home/kaj/.config: OK only as deep as you went. ... I see nothing which gives me an idea of what is wrong. Are there any more files or directories to look at? In /etc perhaps? You're not done looking. Until you get all the way to the bottom, you can't know what else is wrong. You apparently need depth of at least 3 in the other hidden directories, at least 4 in .config, and probabliy 4 or more in all. Again: chown -R 1000:1000 /home/kaj/ as root should fix them all. If it doesn't, chown would seem to be broken. Maybe this in addition? chown -R 1000:1000 /home/kaj/.* Try MC in fullscreen mode. That way every listing you can see will display ownership. Some of you did react strongly on the ownership on some of the directories. They are owned by root and have group access by group kaj (1000). I tried to shortly explain why. They are mounted vfat partitions, and as far as I have succeeded to mount them, this is the result. I suppose that those people are purists with not too big experience of mixed environments. If I go solely with ext4 partitions, all this is much easier, but I have reasons to have at least half a window open towards the Microsoft world with common data, so that's it. Maybe ntfs is a better choice, and simpler to manage, but at that time, many years ago when I had to chose, the support for that file system was not sufficiently good, so my choice became vfat. As always only root can mount a file system. In the case vfat, which does not have an access system by its own, the owner of the mounted system will be root. According to "man mount" you could put the option uid=1000 (or any), and I do so in my fstab, but at least I have not got this to work. However gid=1000 works fine, and that way I get full access to the vfat partitions. I use umask=007. Possibly you could use 707, but this has not caused me any problems during all these years I have used this method. And these vfat partitions are used purely for user data: photos, documents, downloads etc. Unpacking the downloads are normally performed in an ext4 partition and run from there. Moreover chown has no impact on these mounts. The only way to change the ownership (which does not work) or group, is by umount and a new mount. Not even the option remount has any effect, at least according to my experience. Also, all files and all subdirectories inherit the owner and group properties from its parents all way up, so strictly it is sufficient to look at the top level of all mounts. In my case all mounts except /usr/local are mounted at subdirectories of /mnt. Then some of them have got an extra entry via mount --bind in $HOME, and it is those you see in the list with root as the owner. I have looked at all files down to the bottom of the tree, but this list is not suitable to present in this forum, much too long. Already the previous lists were too big, but I wanted you to see the principle. Nowhere in this huge list I can see an incorrect root influence. BUT! What I lack is power to arrange my desktop and panels. Isn't there some file somewhere in which I should be set access to these facilities, something like sudo access? Maybe a group I should belong to, or something like this? I do not have enough knowledge of all this, but I hope someone in the forum will have. /Kaj
Re: How to gain control over the system?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Wed, Jul 12, 2017 at 08:30:12AM -0400, RavenLX wrote: [...] > To remove the root password so root can't log in again: > > sudo passwd -l root I've been following this back-and-forth for a while. Yes, I think it's a good idea to use the root account as little as possible. Myself, I use sudo in the overwhelming majority of cases. But I learnt the hard way that sometimes it's a good idea to keep a root account (with a corresponding password!) around. When the system boots and the root file system is corrupt (or a similar early-boot problem happens), you find yourself staring at a message more or less looking like that: Please enter your root password to start a rescue shell: (message is from memory, but you get the -uh- message). This was shortly after Debian convinced me that having a root password is The Evil Itself. Duh. I'm wiser now. (Yah, there is a workaround for that: a rescue disk, and that's how I got myself out of that, but hey). Of course: no remote login as root (sshd_config). Use sudo in normal life (it's more comfortable, anyway). All that. Use a hard-to-guess root password (pwgen -n 16, for me). But. A root password doesn't make your system more insecure (unless it opens up one more remote access). And sometimes, just sometimes you wish you had one :-) Cheers - -- t -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.12 (GNU/Linux) iEYEARECAAYFAllmIlkACgkQBcgs9XrR2kbbrQCeMEk2yo4l//4fQ6EmfVKZdCI8 NO8An3h/C2QqwlJU77AjzwDo0y5eRQYe =dq9G -END PGP SIGNATURE-
Re: How to gain control over the system?
On 07/09/2017 06:11 PM, Kaj Persson wrote: Hi Jimmy, Well, I did not follow your suggestion exactly, but as people has said, the root account is already and always there, even it has not been assigned a password. So, against my real whish, not to activate the root account, I gave the command sudo passwd root, and entered a password. And now I suppose I have burned my ships and have no way back... [Snip] To remove the root password so root can't log in again: sudo passwd -l root It'll report that the root password expiry has changed: from man passwd: -l, --lock Lock the password of the named account. This option disables a password by changing it to a value which matches no possible encrypted value (it adds a ´!´ at the beginning of the password). Note that this does not disable the account. The user may still be able to login using another authentication token (e.g. an SSH key). To disable the account, administrators should use usermod --expiredate 1 (this set the account's expire date to Jan 2, 1970). Users with a locked password are not allowed to change their password. [end of man entry] Now, nobody can log in as root. But, root account is still there if you need it. To get it back and give it a password: sudo passwd -u root sudo passwd root (Then type in a secure password for root.)
Re: How to gain control over the system?
On Tue, Jul 11, 2017 at 09:49:15PM -0400, Felix Miata wrote: > Again: > > chown -R 1000:1000 /home/kaj/ > > as root should fix them all. If it doesn't, chown would seem to be broken. Looks correct. > Maybe this in addition? > > chown -R 1000:1000 /home/kaj/.* No, NOT correct. Do not do this. .* will expand to .. which will mean you end up chowning all of /home. The chown -R rooted in /home/kaj will include all of the dot files, so you don't need a second step at all. Especially not this one.
Re: How to gain control over the system?
Kaj Persson composed on 2017-07-11 22:29 (UTC+0200): ... > ls -Al /home: > drwxr-xr-x 39 kaj kaj 16384 jul 11 17:23 kaj OK... > and from the command > tree -qpadxugL 2 /home: > /home ... > │ ├── [drwxrwx--- root kaj ] DATA ... > │ ├── [drwxrwx--- root kaj ] Hämtningar ... > │ ├── [drwxrwx--- root kaj ] Musik > │ ├── [drwxrwx--- root kaj ] Nedladd ... Definitely not OK, making one wonder what lurks deeper or elsewhere. > and from > tree -qpadxugL 3 /home/kaj/.config: OK only as deep as you went. ... > I see nothing which gives me an idea of what is wrong. Are there any > more files or directories to look at? In /etc perhaps? You're not done looking. Until you get all the way to the bottom, you can't know what else is wrong. You apparently need depth of at least 3 in the other hidden directories, at least 4 in .config, and probabliy 4 or more in all. Again: chown -R 1000:1000 /home/kaj/ as root should fix them all. If it doesn't, chown would seem to be broken. Maybe this in addition? chown -R 1000:1000 /home/kaj/.* Try MC in fullscreen mode. That way every listing you can see will display ownership. -- "The wise are known for their understanding, and pleasant words are persuasive." Proverbs 16:21 (New Living Translation) Team OS/2 ** Reg. Linux User #211409 ** a11y rocks! Felix Miata *** http://fm.no-ip.com/
Re: How to gain control over the system?
On Tue, Jul 11, 2017 at 03:54:21PM -0500, David Wright wrote: > $ find ~ -mount -not -group 1000 -exec ls -ld {} \; -o -not -user 1000 -exec > ls -ld {} \; find ~ -mount \( ! -group 1000 -o ! -user 1000 \) -ls (You could also use DeMorgan's laws to factor out the "!", but this way seems a little clearer.)
Re: How to gain control over the system?
On Tue 11 Jul 2017 at 22:29:45 (+0200), Kaj Persson wrote: [...] > I see nothing which gives me an idea of what is wrong. Are there any > more files or directories to look at? In /etc perhaps? I don't know whether this would be useful, but # find / -mount -not -group 0 -exec ls -ld {} \; -o -not -user 0 -exec ls -ld {} \; | less or $ find ~ -mount -not -group 1000 -exec ls -ld {} \; -o -not -user 1000 -exec ls -ld {} \; might be useful (where 1000 is the typical UID of the First User). The latter would usually be expected to produce no output, the former will produce some, depending on where /var, /tmp etc are mounted. Cheers, David.
Re: How to gain control over the system?
On 2017-07-10 at 01:36, Felix Miata wrote: Kaj Persson composed on 2017-07-09 14:54 (UTC+0200): * Regarding access to my user directory: During my search I did in fact find some files and directories owned by user root or group root. These are changed to be owned by my user id and group id, but this did not help. By the way, On this computer I have always had just one user, mine, and hence got the user id 1000 and group id 1000. This is the case now too. Are you 100% sure you found and corrected 100% of bad ones? Does 1000:1000 own $HOME? X session settings not saved is virtually always bad file permissions or errant ownership. Anything that got stolen by root:root via errant sudo or su will almost certainly have to be fixed as root, exception being via a superwizard who would unlikely ever have gotten into this trouble in the first place. You really don't need to hunt for any that are bad unless you care to know which are causing the trouble. Simply do as root: chown -R 1000:1000 /home/kaj/ using whatever your actual username is rather than kaj. Yes, I think so. Shouldn't I? All the commands in the following are given as user root. This is the output from the command ls -Al /home: drwxr-xr-x 39 kaj kaj 16384 jul 11 17:23 kaj drwx-- 2 root root 16384 sep 28 2016 lost+found drwx-- 4 root root 4096 okt 26 2016 .Trash-0 and from the command tree -qpadxugL 2 /home: /home ├── [drwxr-xr-x kaj kaj ] kaj │ ├── [drwx-- kaj kaj ] .alsaplayer │ ├── [drwxr-xr-x kaj kaj ] Bilder │ ├── [drwxr-xr-x kaj kaj ] bin │ ├── [drwx-- kaj kaj ] .cache │ ├── [drwxr-xr-x kaj kaj ] .config │ ├── [drwxrwx--- root kaj ] DATA │ ├── [drwxr-xr-x kaj kaj ] Dokument │ ├── [drwxr-xr-x kaj kaj ] dwhelper │ ├── [drwx-- kaj kaj ] .gconf │ ├── [drwx-- kaj kaj ] .gnome2 │ ├── [drwx-- kaj kaj ] .gnome2_private │ ├── [drwx-- kaj kaj ] .gnupg │ ├── [drwxrwx--- root kaj ] Hämtningar │ ├── [drwx-- kaj kaj ] .local │ ├── [drwx-- kaj kaj ] Mail │ ├── [drwxr-xr-x kaj kaj ] Mallar │ ├── [drwx-- kaj kaj ] .mozc │ ├── [drwx-- kaj kaj ] .mozilla │ ├── [drwxrwx--- root kaj ] Musik │ ├── [drwxrwx--- root kaj ] Nedladd │ ├── [drwxr-xr-x kaj kaj ] Publikt │ ├── [drwxr-xr-x kaj kaj ] Skrivbord │ ├── [drwx-- kaj kaj ] .thunderbird │ ├── [drwxr-xr-x kaj kaj ] Video ├── [drwx-- root root] lost+found └── [drwx-- root root] .Trash-0 ├── [drwx-- root root] files └── [drwx-- root root] info and from tree -qpadxugL 3 /home/kaj/.config: /home/kaj/.config ├── [drwxr-xr-x kaj kaj ] caja │ └── [drwxr-xr-x kaj kaj ] scripts ├── [drwx-- kaj kaj ] enchant ├── [drwx-- kaj kaj ] gtk-2.0 ├── [drwx-- kaj kaj ] gtk-3.0 ├── [drwx-- kaj kaj ] ibus │ └── [drwx-- kaj kaj ] bus ├── [drwxr-xr-x kaj kaj ] libreoffice │ └── [drwx-- kaj kaj ] 4 │ ├── [drwxr-xr-x kaj kaj ] cache │ └── [drwxr-xr-x kaj kaj ] user ├── [drwx-- kaj kaj ] mate │ ├── [drwx-- kaj kaj ] eom │ └── [drwx-- kaj kaj ] panel2.d │ └── [drwx-- kaj kaj ] default ├── [drwxr-xr-x kaj kaj ] mate-session │ └── [drwxr-xr-x kaj kaj ] saved-session ├── [drwx-- kaj kaj ] mc ├── [drwxr-xr-x kaj kaj ] pluma └── [drwxr-xr-x kaj kaj ] rncbc.org A few explanations: The names are partly in Swedish, but you might never the less understand them, I think. "Hämtningar" and "Nedladd" is Swedish for "Downloads". Those few directories owned by user root and group kaj are mounted file systems (FAT32) containing only user data. I have removed a few lines regarding installed programmes. I see nothing which gives me an idea of what is wrong. Are there any more files or directories to look at? In /etc perhaps? /Kaj
Re: How to gain control over the system?
On 10-07-17, Kaj Persson wrote: > Hi Jimmy, > Well, I did not follow your suggestion exactly, but as people has said, the > root account is already and always there, even it has not been assigned a > password. So, against my real whish, not to activate the root account, I > gave the command sudo passwd root, and entered a password. And now I suppose > I have burned my ships and have no way back... > > But! Nothing has changed. I can still not enter program icons to the panel, > and not define keyboard shortcuts. If I sort the icons on the desktop they > still, after a cold start, come back in a completely other order, dispite I > had marked "Keep ajusted" (right click on desktop). > > So...? > /Kaj > What are you talking about, there are several ways to lock your root account? Not sure why you would like to though. You can lock it with sudo, like this: sudo passwd -l root But that is not really necessary. Better would be to learn how to strengthen your root account. Depending on what you really want to achieve, you can set it up so only way to access it would be to use su, or sudo from trusted accounts. If you are interested in that, further reading you can find here: https://www.centos.org/docs/5/html/5.1/Deployment_Guide/s2-wstation-privileges-noroot.html
Re: How to gain control over the system?
On Mon, Jul 10, 2017 at 7:11 AM, Kaj Perssonwrote: > Hi Jimmy, > Well, I did not follow your suggestion exactly, but as people has said, the > root account is already and always there, even it has not been assigned a > password. So, against my real whish, not to activate the root account, I > gave the command sudo passwd root, and entered a password. And now I suppose > I have burned my ships and have no way back... Of course you have a way back. man vipw man 5 passwd man 5 shadow and note the -s option. man nologin man false Then sudo vipw and change the line for root (should be the very first line) to give it either /bin/false or /sbin/nologin as the default shell for root. (That's the last field.) cat /etc/passwd after you're done, to make sure you saved it. Then, sudo vipw -s and replace the encrypted password (second ffield) there with '*'. > But! Nothing has changed. I can still not enter program icons to the panel, > and not define keyboard shortcuts. If I sort the icons on the desktop they > still, after a cold start, come back in a completely other order, dispite I > had marked "Keep ajusted" (right click on desktop). > > So...? > /Kaj Have you checked group ownership and permissions? Also, have you checked your mount parameters? And have you checked whether you have established SELinux or acl permissions or anything of that ilk? (BTW, do you keep a backup of your /home partition? I usually find myself using cp -p or tar to copy the files from the old /home to the new one, instead of keeping an old /home around.) -- Joel Rees One of these days I'll get someone to pay me to design a language that combines the best of Forth and C. Then I'll be able to leap wide instruction sets with a single #ifdef, run faster than a speeding infinite loop with a #define, and stop all integer size bugs with my bare cast. http://defining-computers.blogspot.com/2017/06/reinventing-computers.html More of my delusions: http://reiisi.blogspot.com/2017/05/do-not-pay-modern-danegeld-ransomware.html http://reiisi.blogspot.jp/p/novels-i-am-writing.html
Re: How to gain control over the system?
Kaj Persson composed on 2017-07-09 14:54 (UTC+0200): > * Regarding access to my user directory: During my search I did in fact > find some files and directories owned by user root or group root. These > are changed to be owned by my user id and group id, but this did not > help. By the way, On this computer I have always had just one user, > mine, and hence got the user id 1000 and group id 1000. This is the case > now too. Are you 100% sure you found and corrected 100% of bad ones? Does 1000:1000 own $HOME? X session settings not saved is virtually always bad file permissions or errant ownership. Anything that got stolen by root:root via errant sudo or su will almost certainly have to be fixed as root, exception being via a superwizard who would unlikely ever have gotten into this trouble in the first place. You really don't need to hunt for any that are bad unless you care to know which are causing the trouble. Simply do as root: chown -R 1000:1000 /home/kaj/ using whatever your actual username is rather than kaj. -- "The wise are known for their understanding, and pleasant words are persuasive." Proverbs 16:21 (New Living Translation) Team OS/2 ** Reg. Linux User #211409 ** a11y rocks! Felix Miata *** http://fm.no-ip.com/
Re: How to gain control over the system?
On 07/09/2017 03:11 PM, Kaj Persson wrote: Hi Jimmy, Well, I did not follow your suggestion exactly, but as people has said, the root account is already and always there, even it has not been assigned a password. So, against my real whish, not to activate the root account, I gave the command sudo passwd root, and entered a password. And now I suppose I have burned my ships and have no way back... But! Nothing has changed. I can still not enter program icons to the panel, and not define keyboard shortcuts. If I sort the icons on the desktop they still, after a cold start, come back in a completely other order, dispite I had marked "Keep ajusted" (right click on desktop). So...? /Kaj I don't do sudo nor do I top post. Maybe you should start over and this time use the net install, you will be given the option to install task mate. Good luck. -- Jimmy Johnson Debian Buster - KDE Plasma 5.8.7 - Intel G3220 - EXT4 at sda14 Registered Linux User #380263
Re: How to gain control over the system?
Hi Jimmy, Well, I did not follow your suggestion exactly, but as people has said, the root account is already and always there, even it has not been assigned a password. So, against my real whish, not to activate the root account, I gave the command sudo passwd root, and entered a password. And now I suppose I have burned my ships and have no way back... But! Nothing has changed. I can still not enter program icons to the panel, and not define keyboard shortcuts. If I sort the icons on the desktop they still, after a cold start, come back in a completely other order, dispite I had marked "Keep ajusted" (right click on desktop). So...? /Kaj Den 2017-07-09 kl. 22:28, skrev Jimmy Johnson: On 07/08/2017 02:57 PM, Kaj Persson wrote: Hi all, So can someone help me get the command back, or do I have to make a new reinstall, hoping for better luck. Possibly setting a password on the Admin, hence activating that account, which I would prefer not having to. Thank you in advance Kaj Hi, Start the Stretch install cd/dvd in repair mode and when you get to where you can start a shell in the install at the prompt type:# passwd root and then enter the new root passwd and then reboot.
Re: How to gain control over the system?
Yes, a good try, but ... Owner and group for /home is root resp. root, and for /home/cookoo (to use your example) is the correct user name resp. group. I have also looked one level further, hence /home/cookoo/subdir/, and all directories on this level have the same ownership (=user name - group). Thank you for your efforts to help. /Kaj On 2017-07-09 at 19:21, Fungi4All wrote: I am interested in the owner of the file structure of /home/user Let's say your username is cookoo Is the owner of and its subdirectories and contents also cookoo? With your filemanager r-click properties and permissions to see owner and file access rights. If you see a number like 1008 instead of the username that is the problem. From: 70147pers...@telia.com To: debian-user@lists.debian.org Well, as I wrote my /home is an own partition, and so it has been for a long time. So it is not a new copy but a new mount. Certainly it therefore contains old config files that maybe ought to be removed. But on the other hand almost all of them are reused, since many of them belong to applications which I want to install also in the new system. Also, as I wrote, I did a test by moving all these config files into a new directory "hidden", itself not hidden despite the name, inside the home directory (and partition). /Kaj On 2017-07-09 at 15:38, Fungi4All wrote: Again, did you copy your /home from a previous system or is it a new configuration that locked your panels? UTC Time: July 9, 2017 12:54 PM From: 70147pers...@telia.com To: debian-user@lists.debian.org Thank you all for thoughts and viewpoints on what can be wrong in my installation of Debian 9. I have looked through places I might expect can contain some explanation, but so far I have not been able to exclaim an "Ah, that"s it!". Here are some of my observations: * First source of install: Well, I do know I wrote that used the live image, but to be honest, for now I am not sure, I do not remember. I had downloaded the live image as well as the install image, and most probable choice would be the later. But I do not know. Anyway the install process itself went without any problems. * At the install I made it fully new from the bottom. The only directory I kept unchanged was my home directory. This is situated on an own partition. All the others were reformatted: /, /boot, /usr, /var and /tmp. All these are on individual partitions while e.g. /etc is contained in the root partition. At earlier installations I have noticed that the home directory can contain wrong configuration files, so as a test I moved all hidden files i.e. files starting with a dot to a new created directory "hidden". This was however after the install. So at a subsequent cold start the system had no configuration files there but created new ones with default values. This however had no positive impact on my problem. * Configuring sudo? No I have not done that explicitly, not more than what the install program did itself. I have looked at /etc/sudoers and what I think the important lines are: # User privilege specification root ALL=(ALL:ALL) ALL # Allow members of group sudo to execute any command %sudo ALL=(ALL:ALL) ALL #includedir /etc/sudoers.d In /etc/sudoers.d there are no more files than README. There is no /etc/sudo.conf file. * Regarding access to my user directory: During my search I did in fact find some files and directories owned by user root or group root. These are changed to be owned by my user id and group id, but this did not help. By the way, On this computer I have always had just one user, mine, and hence got the user id 1000 and group id 1000. This is the case now too. uid 1000 is a member of the sudo group. * As I wrote I have always used this method of not setting any password to the root account, and this is for quite many years now. My Linux path has gone via Ubuntu, well to be honest a couple of years after the Microsoft era I ran in Suse, but was not fully satisfied. And when Ubuntu and Canonical introduced Unity, I left that ship for Linux Mint Debian edition (LMDE) until I took the last(?) step into Debian a couple of years ago where the entrance point was jessie. The empty root password has always worked fine until now. Possibly Ubuntu has patched the sudologin but should LMDE? And jessie? I do not think so. Hope someone can find something significant in this and give a hint on what to do. Kaj
Re: How to gain control over the system?
On 07/08/2017 02:57 PM, Kaj Persson wrote: Hi all, So can someone help me get the command back, or do I have to make a new reinstall, hoping for better luck. Possibly setting a password on the Admin, hence activating that account, which I would prefer not having to. Thank you in advance Kaj Hi, Start the Stretch install cd/dvd in repair mode and when you get to where you can start a shell in the install at the prompt type:# passwd root and then enter the new root passwd and then reboot. -- Jimmy Johnson Debian Buster - KDE Plasma 5.8.7 - Intel G3220 - EXT4 at sda14 Registered Linux User #380263
Re: How to gain control over the system?
Well, as I wrote my /home is an own partition, and so it has been for a long time. So it is not a new copy but a new mount. Certainly it therefore contains old config files that maybe ought to be removed. But on the other hand almost all of them are reused, since many of them belong to applications which I want to install also in the new system. Also, as I wrote, I did a test by moving all these config files into a new directory "hidden", itself not hidden despite the name, inside the home directory (and partition). /Kaj On 2017-07-09 at 15:38, Fungi4All wrote: Again, did you copy your /home from a previous system or is it a new configuration that locked your panels? UTC Time: July 9, 2017 12:54 PM From: 70147pers...@telia.com To: debian-user@lists.debian.org Thank you all for thoughts and viewpoints on what can be wrong in my installation of Debian 9. I have looked through places I might expect can contain some explanation, but so far I have not been able to exclaim an "Ah, that"s it!". Here are some of my observations: * First source of install: Well, I do know I wrote that used the live image, but to be honest, for now I am not sure, I do not remember. I had downloaded the live image as well as the install image, and most probable choice would be the later. But I do not know. Anyway the install process itself went without any problems. * At the install I made it fully new from the bottom. The only directory I kept unchanged was my home directory. This is situated on an own partition. All the others were reformatted: /, /boot, /usr, /var and /tmp. All these are on individual partitions while e.g. /etc is contained in the root partition. At earlier installations I have noticed that the home directory can contain wrong configuration files, so as a test I moved all hidden files i.e. files starting with a dot to a new created directory "hidden". This was however after the install. So at a subsequent cold start the system had no configuration files there but created new ones with default values. This however had no positive impact on my problem. * Configuring sudo? No I have not done that explicitly, not more than what the install program did itself. I have looked at /etc/sudoers and what I think the important lines are: # User privilege specification root ALL=(ALL:ALL) ALL # Allow members of group sudo to execute any command %sudo ALL=(ALL:ALL) ALL #includedir /etc/sudoers.d In /etc/sudoers.d there are no more files than README. There is no /etc/sudo.conf file. * Regarding access to my user directory: During my search I did in fact find some files and directories owned by user root or group root. These are changed to be owned by my user id and group id, but this did not help. By the way, On this computer I have always had just one user, mine, and hence got the user id 1000 and group id 1000. This is the case now too. uid 1000 is a member of the sudo group. * As I wrote I have always used this method of not setting any password to the root account, and this is for quite many years now. My Linux path has gone via Ubuntu, well to be honest a couple of years after the Microsoft era I ran in Suse, but was not fully satisfied. And when Ubuntu and Canonical introduced Unity, I left that ship for Linux Mint Debian edition (LMDE) until I took the last(?) step into Debian a couple of years ago where the entrance point was jessie. The empty root password has always worked fine until now. Possibly Ubuntu has patched the sudologin but should LMDE? And jessie? I do not think so. Hope someone can find something significant in this and give a hint on what to do. Kaj
Re: How to gain control over the system?
Again, did you copy your /home from a previous system or is it a new configuration that locked your panels? > UTC Time: July 9, 2017 12:54 PM > From: 70147pers...@telia.com > To: debian-user@lists.debian.org > Thank you all for thoughts and viewpoints on what can be wrong in my > installation of Debian 9. I have looked through places I might expect > can contain some explanation, but so far I have not been able to exclaim > an "Ah, that"s it!". Here are some of my observations: > * First source of install: Well, I do know I wrote that used the live > image, but to be honest, for now I am not sure, I do not remember. I had > downloaded the live image as well as the install image, and most > probable choice would be the later. But I do not know. Anyway the > install process itself went without any problems. > * At the install I made it fully new from the bottom. The only directory > I kept unchanged was my home directory. This is situated on an own > partition. All the others were reformatted: /, /boot, /usr, /var and > /tmp. All these are on individual partitions while e.g. /etc is > contained in the root partition. At earlier installations I have noticed > that the home directory can contain wrong configuration files, so as a > test I moved all hidden files i.e. files starting with a dot to a new > created directory "hidden". This was however after the install. So at a > subsequent cold start the system had no configuration files there but > created new ones with default values. This however had no positive > impact on my problem. > * Configuring sudo? No I have not done that explicitly, not more than > what the install program did itself. I have looked at /etc/sudoers and > what I think the important lines are: > # User privilege specification > root ALL=(ALL:ALL) ALL > # Allow members of group sudo to execute any command > %sudo ALL=(ALL:ALL) ALL > #includedir /etc/sudoers.d > In /etc/sudoers.d there are no more files than README. > There is no /etc/sudo.conf file. > * Regarding access to my user directory: During my search I did in fact > find some files and directories owned by user root or group root. These > are changed to be owned by my user id and group id, but this did not > help. By the way, On this computer I have always had just one user, > mine, and hence got the user id 1000 and group id 1000. This is the case > now too. > uid 1000 is a member of the sudo group. > * As I wrote I have always used this method of not setting any password > to the root account, and this is for quite many years now. My Linux path > has gone via Ubuntu, well to be honest a couple of years after the > Microsoft era I ran in Suse, but was not fully satisfied. And when > Ubuntu and Canonical introduced Unity, I left that ship for Linux Mint > Debian edition (LMDE) until I took the last(?) step into Debian a couple > of years ago where the entrance point was jessie. The empty root > password has always worked fine until now. Possibly Ubuntu has patched > the sudologin but should LMDE? And jessie? I do not think so. > Hope someone can find something significant in this and give a hint on > what to do. > Kaj
Re: How to gain control over the system? [a security-side-note]
On 09-07-17, Eike Lantzsch wrote: > On Sunday, 9 July 2017 14:54:02 -04 Kaj Persson wrote: > > > > * Configuring sudo? No I have not done that explicitly, not more than > > what the install program did itself. I have looked at /etc/sudoers and > > what I think the important lines are: > > > > # User privilege specification > > rootALL=(ALL:ALL) ALL > > > > # Allow members of group sudo to execute any command > > %sudo ALL=(ALL:ALL) ALL > There the "security" went out of the building ... > Please have a look here: > https://blather.michaelwlucas.com/archives/2266 It does not matter really ( though it is really nice lecture about sudo ), because it is personal machine. Settings like that on personal machine are really fine. > > > > #includedir /etc/sudoers.d > > > > In /etc/sudoers.d there are no more files than README. > >
Re: How to gain control over the system? [a security-side-note]
On Sunday, 9 July 2017 14:54:02 -04 Kaj Persson wrote: > Thank you all for thoughts and viewpoints on what can be wrong in my > installation of Debian 9. I have looked through places I might expect > can contain some explanation, but so far I have not been able to exclaim > an "Ah, that's it!". Here are some of my observations: > > * First source of install: Well, I do know I wrote that used the live > image, but to be honest, for now I am not sure, I do not remember. I had > downloaded the live image as well as the install image, and most > probable choice would be the later. But I do not know. Anyway the > install process itself went without any problems. > > * At the install I made it fully new from the bottom. The only directory > I kept unchanged was my home directory. This is situated on an own > partition. All the others were reformatted: /, /boot, /usr, /var and > /tmp. All these are on individual partitions while e.g. /etc is > contained in the root partition. At earlier installations I have noticed > that the home directory can contain wrong configuration files, so as a > test I moved all hidden files i.e. files starting with a dot to a new > created directory "hidden". This was however after the install. So at a > subsequent cold start the system had no configuration files there but > created new ones with default values. This however had no positive > impact on my problem. > > * Configuring sudo? No I have not done that explicitly, not more than > what the install program did itself. I have looked at /etc/sudoers and > what I think the important lines are: > > # User privilege specification > rootALL=(ALL:ALL) ALL > > # Allow members of group sudo to execute any command > %sudo ALL=(ALL:ALL) ALL There the "security" went out of the building ... Please have a look here: https://blather.michaelwlucas.com/archives/2266 > > #includedir /etc/sudoers.d > > In /etc/sudoers.d there are no more files than README. > > There is no /etc/sudo.conf file. > > * Regarding access to my user directory: During my search I did in fact > find some files and directories owned by user root or group root. These > are changed to be owned by my user id and group id, but this did not > help. By the way, On this computer I have always had just one user, > mine, and hence got the user id 1000 and group id 1000. This is the case > now too. > > uid 1000 is a member of the sudo group. > > * As I wrote I have always used this method of not setting any password > to the root account, and this is for quite many years now. My Linux path > has gone via Ubuntu, well to be honest a couple of years after the > Microsoft era I ran in Suse, but was not fully satisfied. And when > Ubuntu and Canonical introduced Unity, I left that ship for Linux Mint > Debian edition (LMDE) until I took the last(?) step into Debian a couple > of years ago where the entrance point was jessie. The empty root > password has always worked fine until now. Possibly Ubuntu has patched > the sudologin but should LMDE? And jessie? I do not think so. > I didn't try this myself (didn't ever have to) but this might help for now: https://unix.stackexchange.com/questions/205799/how-to-create-root-user-account-in-debian > > Hope someone can find something significant in this and give a hint on > what to do. I'd first try to go through the installation with the netinstall and without reusing any home partition in a virtual machine. See if the problem is there too. If yes: place a bug-report. If not: take a snapshot for later put back the home partition, see if the problem is there or not. If yes: restore the snapshot. And start putting back the config files for LMDE. ... gradually testing out what can be reused and what not. ... on second thought: I wouldn't invest the time ... If the install in the virtual machine is doing allright, I'd just do the exact same install on the real hardware and be happy. Have a nice day Eike
Re: How to gain control over the system?
Thank you all for thoughts and viewpoints on what can be wrong in my installation of Debian 9. I have looked through places I might expect can contain some explanation, but so far I have not been able to exclaim an "Ah, that's it!". Here are some of my observations: * First source of install: Well, I do know I wrote that used the live image, but to be honest, for now I am not sure, I do not remember. I had downloaded the live image as well as the install image, and most probable choice would be the later. But I do not know. Anyway the install process itself went without any problems. * At the install I made it fully new from the bottom. The only directory I kept unchanged was my home directory. This is situated on an own partition. All the others were reformatted: /, /boot, /usr, /var and /tmp. All these are on individual partitions while e.g. /etc is contained in the root partition. At earlier installations I have noticed that the home directory can contain wrong configuration files, so as a test I moved all hidden files i.e. files starting with a dot to a new created directory "hidden". This was however after the install. So at a subsequent cold start the system had no configuration files there but created new ones with default values. This however had no positive impact on my problem. * Configuring sudo? No I have not done that explicitly, not more than what the install program did itself. I have looked at /etc/sudoers and what I think the important lines are: # User privilege specification rootALL=(ALL:ALL) ALL # Allow members of group sudo to execute any command %sudo ALL=(ALL:ALL) ALL #includedir /etc/sudoers.d In /etc/sudoers.d there are no more files than README. There is no /etc/sudo.conf file. * Regarding access to my user directory: During my search I did in fact find some files and directories owned by user root or group root. These are changed to be owned by my user id and group id, but this did not help. By the way, On this computer I have always had just one user, mine, and hence got the user id 1000 and group id 1000. This is the case now too. uid 1000 is a member of the sudo group. * As I wrote I have always used this method of not setting any password to the root account, and this is for quite many years now. My Linux path has gone via Ubuntu, well to be honest a couple of years after the Microsoft era I ran in Suse, but was not fully satisfied. And when Ubuntu and Canonical introduced Unity, I left that ship for Linux Mint Debian edition (LMDE) until I took the last(?) step into Debian a couple of years ago where the entrance point was jessie. The empty root password has always worked fine until now. Possibly Ubuntu has patched the sudologin but should LMDE? And jessie? I do not think so. Hope someone can find something significant in this and give a hint on what to do. Kaj
Re: How to gain control over the system?
On 07/09/2017 05:08 AM, Fungi4All wrote: From: david...@freevolt.org To: debian-user@lists.debian.org As they say[1],[2],[3], do not use a live image for installs. 1. https://lists.debian.org/debian-user/2017/06/msg00723.html 2. https://lists.debian.org/debian-user/2017/06/msg00740.html 3. https://lists.debian.org/debian-user/2017/06/msg00755.html My experience with live images is that they include the installer and a live image. The gui within the live system most usually runs into errors, while the installer from the initial grub-like menu works just like the netinstall system. I suspect the installer without booting the live system has maximum resources available, while the live system even as idle requires 15-20% of resources to run the installation gui. I see you can't be bothered reading relevant info before posting. There *WAS* a bug in the live version of 9.0. It was fixed in a 9.01 release of the live edition.
Re: How to gain control over the system?
> From: david...@freevolt.org > To: debian-user@lists.debian.org > As they say[1],[2],[3], do not use a live image for installs. > 1. https://lists.debian.org/debian-user/2017/06/msg00723.html > 2. https://lists.debian.org/debian-user/2017/06/msg00740.html > 3. https://lists.debian.org/debian-user/2017/06/msg00755.html My experience with live images is that they include the installer and a live image. The gui within the live system most usually runs into errors, while the installer from the initial grub-like menu works just like the netinstall system. I suspect the installer without booting the live system has maximum resources available, while the live system even as idle requires 15-20% of resources to run the installation gui.
Re: How to gain control over the system?
On 09-07-17, Anders Andersson wrote: > On Sun, Jul 9, 2017 at 12:51 AM, Fungi4Allwrote: > > > On Sat, 2017-07-08 at 23:57 +0200, Kaj Persson wrote: > > > > > But now I discovered an issue, I cannot manage my desktop. I have > > > always at the previous installations, and they are quite many now, been > > > advised to, for security reason, leave the root password unset, which > > causes > > > the root account go passive, and for all tasks where I need root > > > authority I go via su/sudo. > > > > > > It is a bad idea despite of what security gurus may advise. You may lose > > your system > > and never get it back. > > > > > It's an even worse idea to listen to people on the internet who ignore > "security gurus" based on rumours. You can easily restore or change the > root password if it's lost or unset. Leaving root password unassigned for "security" reasons is silly. Heaving, or not heaving root account assigned does not make your system any more secure. For some things you do need root account. Those systems that use sudo only approach ( read Ubuntu and derivates ) have sulogin patched to allow single user mode, for example. And it is made so on Ubuntu out of fear that new users attracted to Linux will mess up things more if they have access to root account. Not that it stopped people to be people and to mess things up equally successful with sudo account. As for those "security gurus", who are they? Real gurus? Or just people repeating what they've read somewhere with little to no understanding what they've read?
Re: How to gain control over the system?
On Sun, Jul 9, 2017 at 12:51 AM, Fungi4Allwrote: > On Sat, 2017-07-08 at 23:57 +0200, Kaj Persson wrote: > > > But now I discovered an issue, I cannot manage my desktop. I have > > always at the previous installations, and they are quite many now, been > > advised to, for security reason, leave the root password unset, which > causes > > the root account go passive, and for all tasks where I need root > > authority I go via su/sudo. > > > It is a bad idea despite of what security gurus may advise. You may lose > your system > and never get it back. > It's an even worse idea to listen to people on the internet who ignore "security gurus" based on rumours. You can easily restore or change the root password if it's lost or unset.
Re: How to gain control over the system?
On Sat, 8 Jul 2017, Kaj Persson wrote: Hi all, Anyone having an idea how to get back the command over my desktop, including the panels? Until two weeks ago I ran Debian 8 ("jessie"), but after a unsuccessful clean-up operation the whole system became totally corrupted, and I decided to to a complete new install of the new Debian 9 ("stretch") and Mate (which I was using in jessie too). I was using the live DVD put on a memory stick. As they say[1],[2],[3], do not use a live image for installs. 1. https://lists.debian.org/debian-user/2017/06/msg00723.html 2. https://lists.debian.org/debian-user/2017/06/msg00740.html 3. https://lists.debian.org/debian-user/2017/06/msg00755.html -- "Jesus! Where will it end? How low do you have to stoop in this country to be President?" Hunter S Thompson, 1972
Re: How to gain control over the system?
> From: oflam...@gmail.com > To: Kaj Persson <70147pers...@telia.com>, debian-user@lists.debian.org > Did you remember to reconfigure sudo? What Desktop Environment are you > using? He said Mate > On Sat, 2017-07-08 at 23:57 +0200, Kaj Persson wrote: >> But now I discovered an issue, I cannot manage my desktop. I have >> always at the previous installations, and they are quite many now, been >> advised to, for security reason, leave the root password unset, which causes >> the root account go passive, and for all tasks where I need root >> authority I go via su/sudo. It is a bad idea despite of what security gurus may advise. You may lose your system and never get it back. >> But I cannot control the panels, I have two of them, one on >> top >> A user should not need sudo rights to edit the conf files in the desktop. It is all stored in the /home/*user* subdirectory, while as root your home is /root. Chances are the access rights in your home directory have been restricted, so you need to give yourself as a user the rights back. As a su you should not be able to alter the /home/user directories. What I suspect you've done is copy the /home from an old system which transfered the rights of that system and from a different user. Let's say in that system your username was mate99 and so it is in the new system. But the user id in that system was user 1003 and now you are user 1001. 1001 will not be able to adjust conf. files for user 1003. If you open the filemanager and your desktop folder is owned by a user 1003 (or some number) then you need to switch the rights of all your home/user stuff to be owned by mate99
Re: How to gain control over the system?
Did you remember to reconfigure sudo? What Desktop Environment are you using? On Sat, 2017-07-08 at 23:57 +0200, Kaj Persson wrote: > Hi all, > > Anyone having an idea how to get back the command over my desktop, > including the panels? Until two weeks ago I ran Debian 8 ("jessie"), > but > after a unsuccessful clean-up operation the whole system became > totally > corrupted, and I decided to to a complete new install of the new > Debian > 9 ("stretch") and Mate (which I was using in jessie too). I was > using > the live DVD put on a memory stick. All went fine, and the system > started without problems. I was happy to notice that I could now use > the > Nouveau driver for the screen. Until now I have had to use the > nVidia > driver certainly without problems, but it is good being able to use > free > software. > > But now I discovered an issue, I cannot manage my desktop. I have > always > at the previous installations, and they are quite many now, been > advised > to, for security reason, leave the root password unset, which causes > the > root account go passive, and for all tasks where I need root > authority I > go via su/sudo. It has always worked fine, and this using su/sudo > still > does. But I cannot control the panels, I have two of them, one on > top > intended for icons of my most used programs, as a kind of favourite > menu, and one at bottom where the active programmes appear as > buttons. > The bottom panel is working mostly as I want, but I cannot add new > apps > to it, e.g. the window switch, I used to have. And I cannot add the > program icons to top panel. Via a right click on a program menu item > I > have the option "Put this to the panel" (well, possibly not the > correct > words, this is a home made translation from my Swedish version), > but, > when trying to select that, nothing happens. > > However the related options to save icon to the desktop works fine, > and > I can also sort the icons to what I find useful, but it does not > survive > a cold start. All the icons come back in some kind of default order, > which I have not been able found out. It is at least not alphabetic. > > So can someone help me get the command back, or do I have to make a > new > reinstall, hoping for better luck. Possibly setting a password on > the > Admin, hence activating that account, which I would prefer not having > to. > > Thank you in advance > Kaj >
How to gain control over the system?
Hi all, Anyone having an idea how to get back the command over my desktop, including the panels? Until two weeks ago I ran Debian 8 ("jessie"), but after a unsuccessful clean-up operation the whole system became totally corrupted, and I decided to to a complete new install of the new Debian 9 ("stretch") and Mate (which I was using in jessie too). I was using the live DVD put on a memory stick. All went fine, and the system started without problems. I was happy to notice that I could now use the Nouveau driver for the screen. Until now I have had to use the nVidia driver certainly without problems, but it is good being able to use free software. But now I discovered an issue, I cannot manage my desktop. I have always at the previous installations, and they are quite many now, been advised to, for security reason, leave the root password unset, which causes the root account go passive, and for all tasks where I need root authority I go via su/sudo. It has always worked fine, and this using su/sudo still does. But I cannot control the panels, I have two of them, one on top intended for icons of my most used programs, as a kind of favourite menu, and one at bottom where the active programmes appear as buttons. The bottom panel is working mostly as I want, but I cannot add new apps to it, e.g. the window switch, I used to have. And I cannot add the program icons to top panel. Via a right click on a program menu item I have the option "Put this to the panel" (well, possibly not the correct words, this is a home made translation from my Swedish version), but, when trying to select that, nothing happens. However the related options to save icon to the desktop works fine, and I can also sort the icons to what I find useful, but it does not survive a cold start. All the icons come back in some kind of default order, which I have not been able found out. It is at least not alphabetic. So can someone help me get the command back, or do I have to make a new reinstall, hoping for better luck. Possibly setting a password on the Admin, hence activating that account, which I would prefer not having to. Thank you in advance Kaj