Another rkhunter question

[Gene Heskett]

Greetings all;

What is /dev/shm?

I've given up on rkhunter ever shutting up about the group and passwd files, 
but fussing about this is new.
-- Start Rootkit Hunter Scan --
Warning: Suspicious file types found in /dev:
 /dev/shm/sem.ADBE_REL_root: data
 /dev/shm/sem.ADBE_WritePrefs_root: data
 /dev/shm/sem.ADBE_ReadPrefs_root: data

And indeed, these files that I nuked friday are back:
[r...@coyote linux-2.6.30-rc6]# ls -l /dev/shm
total 24
-r 1 root root 67108904 2009-05-16 02:37 pulse-shm-3724332759
-rw-rw-rw- 1 root root   16 2009-05-16 20:33 sem.ADBE_ReadPrefs_root
-rw-rw-rw- 1 root root   16 2009-05-16 20:33 sem.ADBE_REL_root
-rw-rw-rw- 1 root root   16 2009-05-16 20:33 sem.ADBE_WritePrefs_root

Anything with 'pulse' in its name has been nuked by an 'rpm -e', and I 
actually have working audio now, so can someone please explain this?  A 67 
megabyte file in /dev for an shm device is for what purpose?

I looked at it with mc's hex viewer, and the first 10 or so megabytes are all 
$00.  I got tired of standing on the page down key.

-- 
Cheers, Gene
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
... bacteriological warfare ... hard to believe we were once foolish
enough to play around with that.
-- McCoy, "The Omega Glory", stardate unknown

-- 
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines

Re: Another rkhunter question

[Georgi Hristozov]

Hi,

On 17/05/09 16:35, Gene Heskett wrote:
> Greetings all;
> 
> What is /dev/shm?
> 
> I've given up on rkhunter ever shutting up about the group and passwd files, 
> but fussing about this is new.
> -- Start Rootkit Hunter Scan --
> Warning: Suspicious file types found in /dev:
>  /dev/shm/sem.ADBE_REL_root: data
>  /dev/shm/sem.ADBE_WritePrefs_root: data
>  /dev/shm/sem.ADBE_ReadPrefs_root: data
> 
> And indeed, these files that I nuked friday are back:
> [r...@coyote linux-2.6.30-rc6]# ls -l /dev/shm
> total 24
> -r 1 root root 67108904 2009-05-16 02:37 pulse-shm-3724332759
> -rw-rw-rw- 1 root root   16 2009-05-16 20:33 sem.ADBE_ReadPrefs_root
> -rw-rw-rw- 1 root root   16 2009-05-16 20:33 sem.ADBE_REL_root
> -rw-rw-rw- 1 root root   16 2009-05-16 20:33 sem.ADBE_WritePrefs_root
> 
> Anything with 'pulse' in its name has been nuked by an 'rpm -e', and I 
> actually have working audio now, so can someone please explain this?  A 67 
> megabyte file in /dev for an shm device is for what purpose?
> 
> I looked at it with mc's hex viewer, and the first 10 or so megabytes are all 
> $00.  I got tired of standing on the page down key.
> 

About /dev/shm -
http://www.cyberciti.biz/tips/what-is-devshm-and-its-practical-usage.html (btw,
the first result in google). In a few words - it's better not to mess
with it :)
About the audio - It's not necessary for the player to use pulse. How do
you test it?



signature.asc
Description: OpenPGP digital signature
-- 
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines

Re: Another rkhunter question

[Paulo Cavalcanti]

On Sun, May 17, 2009 at 10:35 AM, Gene Heskett wrote:

> Greetings all;
>
> What is /dev/shm?
>
> I've given up on rkhunter ever shutting up about the group and passwd
> files,
> but fussing about this is new.
> -- Start Rootkit Hunter Scan --
> Warning: Suspicious file types found in /dev:
> /dev/shm/sem.ADBE_REL_root: data
> /dev/shm/sem.ADBE_WritePrefs_root: data
> /dev/shm/sem.ADBE_ReadPrefs_root: data
>
> And indeed, these files that I nuked friday are back:
> [r...@coyote linux-2.6.30-rc6]# ls -l /dev/shm
> total 24
> -r 1 root root 67108904 2009-05-16 02:37 pulse-shm-3724332759
> -rw-rw-rw- 1 root root   16 2009-05-16 20:33 sem.ADBE_ReadPrefs_root
> -rw-rw-rw- 1 root root   16 2009-05-16 20:33 sem.ADBE_REL_root
> -rw-rw-rw- 1 root root   16 2009-05-16 20:33 sem.ADBE_WritePrefs_root
>
> Anything with 'pulse' in its name has been nuked by an 'rpm -e', and I


You should have not, but it is your choice.


>
> actually have working audio now, so can someone please explain this?  A 67
> megabyte file in /dev for an shm device is for what purpose?
>
> I looked at it with mc's hex viewer, and the first 10 or so megabytes are
> all
> $00.  I got tired of standing on the page down key.
>
>
Just add these rules to /etc/rkhunter.conf, in the appropriate place:

 # Allow the specified files to be present in the /dev directory,
# and not regarded as suspicious. One file per line (use multiple
# ALLOWDEVFILE lines).
#
#ALLOWDEVFILE=/dev/abc
#ALLOWDEVFILE=/dev/shm/pulse-shm-*
# Adobe Reader (acroread) 9.x
ALLOWDEVFILE=/dev/shm/sem.ADBE_ReadPrefs_[a-zA-Z]*
ALLOWDEVFILE=/dev/shm/sem.ADBE_REL_[a-zA-Z]*
ALLOWDEVFILE=/dev/shm/sem.ADBE_WritePrefs_[a-zA-Z]*


-- 
Paulo Roma Cavalcanti
LCG - UFRJ
-- 
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines

Re: Another rkhunter question

[John Horne]

On Sun, 2009-05-17 at 09:35 -0400, Gene Heskett wrote:
> Greetings all;
> 
> What is /dev/shm?
> 
> I've given up on rkhunter ever shutting up about the group and passwd files, 
>
What is it saying about the files? If necessary disable the relevant
passwd/group tests (use 'rkhunter --list test' to see the test names).


> but fussing about this is new.
> -- Start Rootkit Hunter Scan --
> Warning: Suspicious file types found in /dev:
>  /dev/shm/sem.ADBE_REL_root: data
>  /dev/shm/sem.ADBE_WritePrefs_root: data
>  /dev/shm/sem.ADBE_ReadPrefs_root: data
> 
Items in /dev/shm that are genuine can be whitelisted in rkhunter.conf.
There is an example of the pulse file whitelisted in the supplied
rkhunter.conf file. It is easy enough to do the same for the ADBE files.
No need to remove any packages.




John.

-- 
---
John Horne, University of Plymouth, UK  Tel: +44 (0)1752 587287
E-mail: john.ho...@plymouth.ac.uk   Fax: +44 (0)1752 587001

-- 
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines

Re: Another rkhunter question

[Gene Heskett]

On Sunday 17 May 2009, John Horne wrote:
>On Sun, 2009-05-17 at 09:35 -0400, Gene Heskett wrote:
>> Greetings all;
>>
>> What is /dev/shm?
>>
>> I've given up on rkhunter ever shutting up about the group and passwd
>> files,
>
>What is it saying about the files? If necessary disable the relevant
>passwd/group tests (use 'rkhunter --list test' to see the test names).

I would rather not, I would rather rkhunter's bug was fixed.  I have also 
copied those files manually into rkhunters db, but that made no diff.
>From an email from rkhunter:
Warning: Unable to check for passwd file differences: no copy of the passwd 
file exists.
Warning: Unable to check for group file differences: no copy of the group file 
exists.
---
But they do exist:
[r...@coyote ~]# locate group|grep rkhunter
/var/lib/rkhunter/db/group
/var/lib/rkhunter/tmp/group
/var/run/rkhunter/group
[r...@coyote ~]# locate passwd|grep rkhunter
/var/lib/rkhunter/db/passwd
/var/lib/rkhunter/tmp/passwd
/var/run/rkhunter/passwd

I'd druther rkhunter was fixed.  --propupd, which is supposed to record the 
systems 'clean' state if I understand it correctly, doesn't fix this.

>> but fussing about this is new.
>> -- Start Rootkit Hunter Scan --
>> Warning: Suspicious file types found in /dev:
>>  /dev/shm/sem.ADBE_REL_root: data
>>  /dev/shm/sem.ADBE_WritePrefs_root: data
>>  /dev/shm/sem.ADBE_ReadPrefs_root: data
>
>Items in /dev/shm that are genuine can be whitelisted in rkhunter.conf.
>There is an example of the pulse file whitelisted in the supplied
>rkhunter.conf file. It is easy enough to do the same for the ADBE files.
>No need to remove any packages.

I realize that John & thank you for the reply, but that doesn't tell me IF 
they are _genuine_ or what the heck they are doing.

And considering that most files in /dev don't get out of the inode they were 
created on, what the heck is a 67+ megabyte file full of $00 named pulse-some-
hash-number being used for?  If there was data in it, I maybe could see it had 
a use, but if I wanted 67+ megabytes of /dev/zero for something, I'd call dd 
and make it.  So would most programmers except I'd sure pick some place 
besides /dev to store it.

I did find out who owns /dev/shm though, its kded4, and even with x stopped, 
or a fresh reboot to runlevel 3, /dev/shm can be emptied, but cannot be 
deleted as its 'busy'.  So I suppose the other files will reappear at some 
point in the course of my daily activities.

What are the ADBE files?  They actually do contain data, but only in the first 
2-3 bytes of the 16 they occupy, the rest are $00.

IMO this is stuff that probably belongs in /tmp, and it makes me nervous when 
some app decides to use just any old location where a rootkit might hide, for 
67+megabytes of /dev/zero.  Boggles the mind.  FWIW, Since I posted this 
originally, I attempted to remove the shm stuff (crypto related?? damnifiknow) 
from the kernel, and the boot locks up at the end of the drive scan.  
Repeatedly.

Thanks John

-- 
Cheers, Gene
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
Sweater, n.:
A garment worn by a child when its mother feels chilly.


-- 
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines

Re: Another rkhunter question

[John Horne]

On Sun, 2009-05-17 at 13:41 -0400, Gene Heskett wrote:
> On Sunday 17 May 2009, John Horne wrote:
> >On Sun, 2009-05-17 at 09:35 -0400, Gene Heskett wrote:

> >>
> >> I've given up on rkhunter ever shutting up about the group and passwd
> >> files,
> >
> >What is it saying about the files? If necessary disable the relevant
> >passwd/group tests (use 'rkhunter --list test' to see the test names).
> 
> I would rather not, I would rather rkhunter's bug was fixed.  I have also 
> copied those files manually into rkhunters db, but that made no diff.
> >From an email from rkhunter:
> Warning: Unable to check for passwd file differences: no copy of the passwd 
> file exists.
> Warning: Unable to check for group file differences: no copy of the group 
> file 
> exists.
>
Okay, can you run:

rkhunter --debug --enable "passwd_changes group_changes"

This will create a file in the /tmp directory named something like
'rkhunter_debug'. Can you email that to me please (it will be big, so do
not email to this list).

Secondly, did you install rkhunter from source or via an RPM from a
repository?

> 
> I'd druther rkhunter was fixed.  --propupd, which is supposed to record the 
> systems 'clean' state if I understand it correctly, doesn't fix this.
> 
No, the propupd option has nothing to do with passwd/group files. It
records file properties (mode, permissions, hash values etc). running
rkhunter with --propupd will make no difference in that respect.


> >> but fussing about this is new.
> >> -- Start Rootkit Hunter Scan --
> >> Warning: Suspicious file types found in /dev:
> >>  /dev/shm/sem.ADBE_REL_root: data
> >>  /dev/shm/sem.ADBE_WritePrefs_root: data
> >>  /dev/shm/sem.ADBE_ReadPrefs_root: data
> >
> >Items in /dev/shm that are genuine can be whitelisted in rkhunter.conf.
> >There is an example of the pulse file whitelisted in the supplied
> >rkhunter.conf file. It is easy enough to do the same for the ADBE files.
> >No need to remove any packages.
> 
> I realize that John & thank you for the reply, but that doesn't tell me IF 
> they are _genuine_ or what the heck they are doing.
> 
Ah, yes. Whether they are genuine or not is, I'm afraid, for you to
decide. I too have just upgraded acrobat to version 9, and have seen
these files created. I suspect a lot of people running rkhunter will get
caught out by them.

> 
> I did find out who owns /dev/shm though, its kded4, and even with x stopped, 
> or a fresh reboot to runlevel 3, /dev/shm can be emptied, but cannot be 
> deleted as its 'busy'.  So I suppose the other files will reappear at some 
> point in the course of my daily activities.
> 
I think if you run 'mount' you will see that /dev/shm is mounted as a
tmpfs. Basically it resides in memory (AFAIK), so the files will be
recreated when necessary after each reboot.



John.

-- 
---
John Horne, University of Plymouth, UK  Tel: +44 (0)1752 587287
E-mail: john.ho...@plymouth.ac.uk   Fax: +44 (0)1752 587001

-- 
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines

Re: Another rkhunter question

[Bill Davidsen]

Paulo Cavalcanti wrote:



On Sun, May 17, 2009 at 10:35 AM, Gene Heskett > wrote:


Greetings all;

What is /dev/shm?

I've given up on rkhunter ever shutting up about the group and
passwd files,
but fussing about this is new.
-- Start Rootkit Hunter Scan --
Warning: Suspicious file types found in /dev:
/dev/shm/sem.ADBE_REL_root: data
/dev/shm/sem.ADBE_WritePrefs_root: data
/dev/shm/sem.ADBE_ReadPrefs_root: data

And indeed, these files that I nuked friday are back:
[r...@coyote linux-2.6.30-rc6]# ls -l /dev/shm
total 24
-r 1 root root 67108904 2009-05-16 02:37 pulse-shm-3724332759
-rw-rw-rw- 1 root root   16 2009-05-16 20:33 sem.ADBE_ReadPrefs_root
-rw-rw-rw- 1 root root   16 2009-05-16 20:33 sem.ADBE_REL_root
-rw-rw-rw- 1 root root   16 2009-05-16 20:33
sem.ADBE_WritePrefs_root

Do you have some Adobe stuff installed? And might you ever accidentally have 
used it as root? Just looking at the name, I know you're old enough to know 
better. ;-)



Anything with 'pulse' in its name has been nuked by an 'rpm -e', and I


You should have not, but it is your choice.
 
Is there a better way to get rid of PulseAudio? Some install option which 
prevents infecting the system in the first place?



actually have working audio now, so can someone please explain this?
 A 67
megabyte file in /dev for an shm device is for what purpose?

I looked at it with mc's hex viewer, and the first 10 or so
megabytes are all
$00.  I got tired of standing on the page down key.


Just add these rules to /etc/rkhunter.conf, in the appropriate place:

 # Allow the specified files to be present in the /dev directory,
# and not regarded as suspicious. One file per line (use multiple
# ALLOWDEVFILE lines).
#
#ALLOWDEVFILE=/dev/abc
#ALLOWDEVFILE=/dev/shm/pulse-shm-*
# Adobe Reader (acroread) 9.x
ALLOWDEVFILE=/dev/shm/sem.ADBE_ReadPrefs_[a-zA-Z]*
ALLOWDEVFILE=/dev/shm/sem.ADBE_REL_[a-zA-Z]*
ALLOWDEVFILE=/dev/shm/sem.ADBE_WritePrefs_[a-zA-Z]*


--
Paulo Roma Cavalcanti
LCG - UFRJ




--
Bill Davidsen 
  "We have more to fear from the bungling of the incompetent than from
the machinations of the wicked."  - from Slashdot

--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines

Re: Another rkhunter question

[Gene Heskett]

On Monday 18 May 2009, Bill Davidsen wrote:
>Paulo Cavalcanti wrote:
>> On Sun, May 17, 2009 at 10:35 AM, Gene Heskett > > wrote:
>>
>> Greetings all;
>>
>> What is /dev/shm?
>>
>> I've given up on rkhunter ever shutting up about the group and
>> passwd files,
>> but fussing about this is new.
>> -- Start Rootkit Hunter Scan
>> -- Warning: Suspicious file types found in /dev:
>> /dev/shm/sem.ADBE_REL_root: data
>> /dev/shm/sem.ADBE_WritePrefs_root: data
>> /dev/shm/sem.ADBE_ReadPrefs_root: data
>>
>> And indeed, these files that I nuked friday are back:
>> [r...@coyote linux-2.6.30-rc6]# ls -l /dev/shm
>> total 24
>> -r 1 root root 67108904 2009-05-16 02:37 pulse-shm-3724332759
>> -rw-rw-rw- 1 root root   16 2009-05-16 20:33
>> sem.ADBE_ReadPrefs_root -rw-rw-rw- 1 root root   16 2009-05-16 20:33
>> sem.ADBE_REL_root -rw-rw-rw- 1 root root   16 2009-05-16 20:33
>> sem.ADBE_WritePrefs_root
>
>Do you have some Adobe stuff installed? And might you ever accidentally have
>used it as root? Just looking at the name, I know you're old enough to know
>better. ;-)
>
:-) KNOW better?  For me, its an arguable point.  I learned most of principles 
of a multi-user/multitasking system from os9 (now called nitros9 & I had a 
small hand in the rewrite) back in the 80's, and while it may seem to be an 
excuse to you, I have never gotten used to the permissions restrictions placed 
on the user by modern versions.  Since I learned without that, one could say I 
learned wrong I suppose.  OTOH, it IS my system.  Much of what runs and is 
exposed to attack, also runs as an unpriviledged user, with a looong passwd.  
I do what I think needs to be done to maintain a reasonable level of security, 
like using rkhunter or chkrootkit, and I use a router (dd-wrt)that has so far 
passed the test of time vis-a-vis the attackers, watched carefully since I log 
those attempts here.  The only thing missing in the router is a facility to 
blacklist and drop on the floor or better yet tarpit, those addresses that 
continue to play dictionary attack name games, some of them hundreds of times 
an hour.  Yeah, I use passwds I can remember, but they are also relatively 
secure just because of the length used.

>> Anything with 'pulse' in its name has been nuked by an 'rpm -e', and I
>>
>>
>> You should have not, but it is your choice.
>
>Is there a better way to get rid of PulseAudio? Some install option which
>prevents infecting the system in the first place?

That would be very nice.  But from fedora?  Tain't gonna happen...  It is not 
only part of the 'branding', its also the fence between the paid up seat 
version and the freebie, so we scream & holler and get generally ignored or 
given just enough we don't all jump ship & they lose their guinea pigs, 
something they can't afford, so its a grand and glorious but frustrating 
experience, running all this bleeding edge stuff.  I even invite more 
bloodshed by running the latest snapshots of amanda, and linus's latest 
kernel, currently 2.6.30-rc6.  And generally, its fun to boot.

Get used to it.

-- 
Cheers, Gene
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
"All language designers are arrogant.  Goes with the territory..."
(By Larry Wall)

-- 
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines

Re: Another rkhunter question

[Tim]

On Mon, 2009-05-18 at 16:34 -0400, Bill Davidsen wrote:
> And might you ever accidentally have used it as root? Just looking at
> the name, I know you're old enough to know better. ;-)

Harrumph!  ;-)  We *know* he does things as root, *we* know that's a bad
idea in general, *we* also know that the system's designed against that
sort of thing, and that using a system contrary to the design tends to
cause problems, LOTS of unforeseen problems.

If you want to use a system aberrantly, you need to put in a lot of work
to circumvent the restrictions, all over the place, and you'll forever
be picking up the pieces.  None of which would be accepted as being
bugs, because it's not meant to be used that way.

Gene do you leave the interlocks shorted on the transmitter doors when
it's not *absolutely* necessary to do that for service work?  That's
what you're doing when you go around doing everything as root.  You're
going to get RF burns, and find your screwdrivers embedded in the wall
behind you.

Beyond some configuration work, the only time I've ever had to run as
root is to undo the damage caused by something else that was erroneously
done as root.

-- 
[...@localhost ~]$ uname -r
2.6.27.21-78.2.41.fc9.i686

Don't send private replies to my address, the mailbox is ignored.  I
read messages from the public lists.



-- 
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines

Re: Another rkhunter question

[Gene Heskett]

On Monday 18 May 2009, Tim wrote:
>On Mon, 2009-05-18 at 16:34 -0400, Bill Davidsen wrote:
>> And might you ever accidentally have used it as root? Just looking at
>> the name, I know you're old enough to know better. ;-)
>
>Harrumph!  ;-)  We *know* he does things as root, *we* know that's a bad
>idea in general, *we* also know that the system's designed against that
>sort of thing, and that using a system contrary to the design tends to
>cause problems, LOTS of unforeseen problems.
>
>If you want to use a system aberrantly, you need to put in a lot of work
>to circumvent the restrictions, all over the place, and you'll forever
>be picking up the pieces.  None of which would be accepted as being
>bugs, because it's not meant to be used that way.
>
>Gene do you leave the interlocks shorted on the transmitter doors when
>it's not *absolutely* necessary to do that for service work?

I learned that particular lesson 4 decades ago when I discovered that someone 
else before me had bypassed it when I opened the door to adjust the coupling 
on an antique Standard Electronics tv transmitter.  That takes about an 8" 
crescent wrench, which got shortened about 1/2" on the handle end by the 
handle swinging around and coming in contact with the plate fins of one of the 
4 5924's it use as finals.  There was about 5500 volts in the 32 microfarads 
of filter capacitors, and it all went to ground thru the 3.125" coax line 
feeding a 330 foot liberty tower with a TF-3-AL antenna on it.  I never felt a 
thing, but I'll bet that vhf 'click' was heard over a good percentage of the 
planet.

Its also a lesson I haven't forgotten in the ensuing years.  Interlocks around 
me WORK.  Period.  And I still don't trust them.

>That's
>what you're doing when you go around doing everything as root.  You're
>going to get RF burns, and find your screwdrivers embedded in the wall
>behind you.

The last rf burn I got was probably in 1959.  The last screwdriver I damaged 
electrically was in 1985.  I've worn many out though.  That doesn't mean I 
stay at arms length from this stuff, I once taped up the handle of a 24" 
crescent wrench, and put another split bolt, about a pound of solid bronze, 
alongside one that was in the process of burning itself up on a pair of 750MCM 
cables, and only shut the transmitter off for about 4 minutes so I didn't have 
contact arcing as I placed it.  The circuit wasn't capable of being rendered 
safe without cutting the 750MCM feedlines from the pole mounted substation.  
When I inherited that transmitter site, it had no main entrance breaker, and 
still doesn't.  After June 12th, who cares, we are outta there.

One does what he needs to do to get the job done.  However I've never 
subscribed to the theory that one shouldn't drive any faster than ones 
guardian angel can fly.  I no darned well I've outrun that angel more than 
once. :)

>Beyond some configuration work, the only time I've ever had to run as
>root is to undo the damage caused by something else that was erroneously
>done as root.

And I'd remind you that I am still here.  I now occasionally consider the end, 
since I'm 74, diabetic & allergic to the cholesterol drugs.  So I will 
eventually go away, but then who are you gonna pick on?  :)

>--
>[...@localhost ~]$ uname -r
>2.6.27.21-78.2.41.fc9.i686
uname -r?  Try 2.6.30-rc6.
>
>Don't send private replies to my address, the mailbox is ignored.  I
>read messages from the public lists.


-- 
Cheers, Gene
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
To avoid criticism, do nothing, say nothing, be nothing.
-- Elbert Hubbard

-- 
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines