|
how to su -
the best way to get the full paths and such as root is.
be root. edit /etc/sudoers and put user ALL=(ALL) NOPASSWD: ALL then instead of sudo gainroot, just do su - and the password is rootme. |
Quote:
Of course, it's going to be hard to break out of the "good sysadmin practice" and think "Hey - this isn't a server... just a tablet." |
ya, and its your tablet, its not like there are 50 people loggin everyday.
|
NOT running as ROOT is religion. True disciples of the faith automatically sense a ROOT console and are compelled to vi /etc/inittab, making the default runlevel 6 to cause the unbeliever's system to reboot in perpetuity...
On a more serious note, I haven't seen anybody suggesting changing the ROOT password. I can suggest a couple of simple alternatives to opening the 770 like a ... (well you may get the idea.) 1. create an alternative to gainroot that doesn't check R & D mode. 2. add the alternative to sudoers. or 3. install dropbear-server and make it run at startup and use ssh (or puTTY from windows) to do "programming things." If you're hanging in windows, I highly recommend enabling scp (after installing the three dropbear packages... ln -sf /var/lib/install/usr/bin/scp /usr/bin/scp) and use WinSCP as a console to the 770. $.02 |
i have been using linux for around 11 years now, and its all i run, i have 0 window machines at home and work. so i know all about the ins and outs. and im a system administrator so i know about security. and changing the root pass was the first thing i did, after getting root. and i have openssh running instead of dropbear.. anyone know of a vncserver ?
|
I started on Slack in '96... :) Have you experimented with ARMedSlack?
|
i have looked at it. but havent had time to fire it up .
|
Quote:
The day will come when the 770 or the next version will become vulnerable to some kind of port-scan attack, and you don't want your tablet running as root when it happens. The best way to ensure that is to form good habits now. |
Quote:
Running as ROOT.. 770 specific answer? When I do xterm/ whoami, I get user (when r&d mode is enabled) When I signon as root from SSH on another machine, I am root. When I sudo gainroot, whoami indicates root. Here's what happens then: "#!/bin/sh -e trap exit SIGHUP SIGINT SIGTERM PATH=/bin:/usr/bin:/sbin:/usr/sbin MODE=`/usr/sbin/chroot /mnt/initfs cal-tool --get-rd-mode` if [ x$MODE = xenabled ] then echo "Root shell enabled" /bin/sh else echo "Enable RD mode if you want to break your device" fi" This looks like a check to the "flash" part of the 770 to see if we're in R & D mode. Then "if r & D mode," we run sh How is a port-scan attack more effective when the tablet is "running" as root? sudo has been two things: 1. a way to limit who does what 2. a way to log who does what I haven't seen any logs retained on my 770. |
ok, so I corrupted sudoers and sudo gainroot fails. with
>>> SUDOERS file: parse error line 22 <<< >>> SUDOERS file: parse error line 23 <<< sudo: parse error in /etc/sudoers near line 22 gainroot is the trimmed down version w/o the check for r & d. The lines effected are NOT the lines that allow gainroot. sshd is intsalled. Brick? or do I have options? Bricks not a problem. I can redo everything with much less hunt and peck. I just want to know what my options are. -Jason |
Not sure I can help you here, Jason. Have you tried to ssh into it as root? I think the password is rootme. You should then be able to edit the sudoers file.
|
visudo
Anyone know if visudo has been ported to the 770? It would have helped prevent Jason's problem.
|
Quote:
I reflashed. Then I set out to get visudo working. I installed vim-tiny from ftp://ftp.debian.org/debian/pool/main/v/vim/ then linked vim-tiny to /usr/bin/editor at that point visudo now works. Fun times. -Jason |
Quote:
export VISUAL=/var/lib/install/usr/bin/vim visudo (change the path to suit your personal needs ;-)) Brad. |
visudo /Root/swapfile
Quote:
btw, i'm using the extrootfs and swapfile method from the maemo.org howto wiki. UPDATE: I did it! I'll post a quick step by step here now: Following the suggestions of someone in the "What's on your 770" I completed the following: Edit 'ld.so.conf' and add a line for '/var/lib/install/usr/lib', then run 'ldconfig'. This means you'll always have access to libraries you install (and actually corrects a maemo bug [1.1rc5] for user installed home plugins) Then, I created a .profile file in /Root/home/user with the line 'export PATH=$PATH:/Root/var/lib/install/usr/bin' and put it in /home/user (with owner/group user/users) i skipped his suggestion of inserting this in /root because there already was a .profile file and I didn't want to mess with said file. so then I could launch visudo from /usr/sbin/visudo (i think that's the directory, you can find it with 'find / -name visudo' (make sure you 'export VISUAL=/var/lib/install/usr/bin/vi' first!) I just do this every time I launch visudo, not sure if that's necessary, but it worked for the few times I went in to mess with things until I got the lines edited appropriately. then I added the lines: 'user ALL = NOPASSWD: /sbin/swapoff user ALL = NOPASSWD: /sbin/swapon' That's it! Now my load-plugin will turn /Root/swapfile on and off without needing x-term or root access. Sweet. Keep in mind this was with the extrootfs installed, as well as x-term and vim-tiny. Most of my directories include /Root in front after installing and running the extrootfs script, like /Root/var/lib/install/usr/bin instead of /var/lib/install/usr/bin ps-this device rocks. I have not learned so much about *nix commands so quickly and easily. Partly this is due to the great community here on the forums, and the knowledgable people to keep us noobs from bricking our device everyday. I only had to reflash twice so far! |
| All times are GMT. The time now is 20:35. |
vBulletin® Version 3.8.8