|
RFC2324 posted:Never heard of this, but if you can create a file in the root then you should be able to do a sudo - passwd root and change it. xzzy posted:No, if you blank out the root password in shadow you'll never be able to log into that account again. anthonypants fucked around with this message at 20:33 on Apr 21, 2017 |
# ? Apr 21, 2017 20:30 |
|
|
# ? Apr 20, 2024 06:36 |
|
anthonypants posted:If some automated process changed the root password to a random string, wouldn't that also mean you'd never be able to log into that account again? Yep! Which makes me think it's some kind of daemon someone wrote that looks for a special file, and if one is found, prompts on boot for a password reset.
|
# ? Apr 21, 2017 20:54 |
|
xzzy posted:Yep!
|
# ? Apr 21, 2017 21:45 |
|
anthonypants posted:What happens when you use sudo su - to log into a Linux account that doesn't have a password filled out in /etc/shadow, like any of your service accounts (postgres, apache, sshd, etc.) su will prompt for the password, which doesn't exist. You can sudo su over to root tho
|
# ? Apr 21, 2017 21:49 |
|
RFC2324 posted:su will prompt for the password, which doesn't exist.
|
# ? Apr 21, 2017 21:51 |
|
anthonypants posted:Uh, on every Linux system I've worked on, sudo gets you root, with your password, and then with those sudo-ed permissions you can su to whoever you want. Correct. sudo allows you to execute commands as root with your password, including launching a new shell. su requires the password of the user you are switching to, instead of yours. sudo su - would switch you to root with your password. su - will require the root password. If you sudo or su as root to use another account, you will not be prompted for a password at all because you are root. Taking all these things, if you use sudo to become root, you will succeed because your account has a valid password. If you try to use su to become root it will fail because the root account does not have a valid password set.
|
# ? Apr 21, 2017 21:56 |
|
You can't su to accounts (even as root) that have an invalid binary for its shell (/sbin/nologin or /bin/false are common for these cases).
|
# ? Apr 21, 2017 21:57 |
|
xzzy posted:You can't su to accounts (even as root) that have an invalid binary for its shell (/sbin/nologin or /bin/false are common for these cases). I've always understood this to be the only real way to completely lock shell access, but what if I do a 'su --command=/bin/bash <user>' ? I just thought of it, and wonder if it would work. Or even the much simpler 'su --shell=/bin/bash <user>'
|
# ? Apr 21, 2017 22:03 |
|
RFC2324 posted:I've always understood this to be the only real way to completely lock shell access, but what if I do a 'su -c /bin/bash -u <user>' ? I just thought of it, and wonder if it would work. -c won't get you in (it runs the command in a shell owned by the user), but -s will.
|
# ? Apr 21, 2017 22:06 |
|
xzzy posted:You can't su to accounts (even as root) that have an invalid binary for its shell (/sbin/nologin or /bin/false are common for these cases).
|
# ? Apr 21, 2017 22:08 |
|
anthonypants posted:Okay, so, first of all, the password field in /etc/shadow is absolutely not the same thing as the shell in /etc/passwd. Second of all, those are two separate files. This wasn't always true, and you can change it back to the old way of only having a passwd file! But, if you change the shell in passwd to something invalid, it will prevent shell logins while still leaving the account enabled, which can be useful for things like having samba accounts managed in your passwd/shadow file without allowing those people the ability to gain a shell.
|
# ? Apr 21, 2017 22:27 |
|
During the last couple of days deploying multiple CentOS guest systems I've noticed the tzdata always seems to be the heftiest update after install. https://access.redhat.com/articles/1187353 Just out of curiosity what's it for? I gather it's something to do with collating all of the timestamps of various package updates, so it has to go through the entire range of packages in the repo or something like that?
|
# ? Apr 22, 2017 21:13 |
|
tzdata is IANA's timezone database that updates about every two months.
|
# ? Apr 22, 2017 21:20 |
|
apropos man posted:During the last couple of days deploying multiple CentOS guest systems I've noticed the tzdata always seems to be the heftiest update after install. Its just there so that your system knows how to handle timezones. As to why it gets so big, watch this video. https://www.youtube.com/watch?v=-5wpm-gesOY
|
# ? Apr 22, 2017 21:22 |
|
Hehe. Globalisation hasn't quite overtaken local tradition yet. I'm subscribed to that channel. He has some educational stuff about floating point rounding errors and other general cryptography stuff.
|
# ? Apr 22, 2017 22:51 |
|
RFC2324 posted:Its a documented thing I'm using a standard bridge interface. Not the macvtap or anything, no NAT, nothing special. There is no guest isolation or anything going on. Just always the way I've done it with the system using KVM. Bridge interface config: code:
code:
|
# ? Apr 24, 2017 17:12 |
|
Dear god I missed something simple. Time to start trying to rebuild my entire lab network.
|
# ? Apr 24, 2017 20:25 |
|
RFC2324 posted:Correct. and this is why you never use 'sudo !!'
|
# ? Apr 25, 2017 00:31 |
|
Roargasm posted:and this is why you never use 'sudo !!' 'sudo !!' is fine if you have the shell set to expand history references before executing and check it. Def agreed if you don't set that, but why would you?
|
# ? Apr 25, 2017 00:48 |
|
Coming in as a windows admin, I never differentiated between running with root and running as admin. Pretty important distinction and worth a reminder for anyone just learning sudo
|
# ? Apr 25, 2017 01:38 |
|
I'm trying to setup something simple. I took me 5 minutes under CentOS but I can't understand why I can't get it to work on Ubuntu. I want to run AWStats through nginx on Ubuntu Server 16.04. I'm using fast_cgi and PHP7 FPM. But when I try to reach the page it just takes abnormally long and it just times out. Is there any up-to-date guide for this somewhere? I just could find any (they usually use Apache) and this is bugging me to no end. E: I should note that the php7-fpm process takes 99.9% of the CPU when this happens so I'm not sure if the timeout is simply due to something taking a lot of resources for some time or if it's just going through some endless loop. Furism fucked around with this message at 09:20 on Apr 26, 2017 |
# ? Apr 26, 2017 08:29 |
|
Furism posted:I'm trying to setup something simple. I took me 5 minutes under CentOS but I can't understand why I can't get it to work on Ubuntu.
|
# ? Apr 26, 2017 14:42 |
|
Vulture Culture posted:Isn't AWStats a Perl program? Yes, but that's why he's using fast_cgi?
|
# ? Apr 26, 2017 17:03 |
|
LochNessMonster posted:Yes, but that's why he's using fast_cgi? Correct! Or trying to, really.
|
# ? Apr 27, 2017 09:54 |
|
LochNessMonster posted:Yes, but that's why he's using fast_cgi?
|
# ? Apr 27, 2017 15:02 |
|
I think these would still be relevant. The php back end version shouldn't have any impact really: http://kamisama.me/2013/03/20/install-configure-and-protect-awstats-for-multiple-nginx-vhost-on-debian/ https://wiki.archlinux.org/index.php/awstats I'm just surprised awstats still exists.
|
# ? Apr 27, 2017 15:58 |
|
These are the exact guides I've used (including their cgi-bin.php code) but the FGM just hangs, hogging 100% of the process until it times out. I like awstats because, since it just reads the logs, it's 100% "passive" ; ie; visitors can't block it (like they might with Google Analytics or even Piwik). But if there are any newer software similar in its approach as awstats, I'm all ears!
|
# ? Apr 27, 2017 16:28 |
|
mike12345 posted:Is imagemagick still the go-to program for batch-processing? Or maybe there's something better/leaner nowadays, haven't looked at that stuff for years.
|
# ? Apr 28, 2017 01:02 |
|
I have a dedi box with server4you and ordered an extra IP. I want to use this for running a small kvm guest. Adding the IP to the server works fine, but adding it to the guest is less successful. Apparently my provider's network doesn't support bridging. So the usual approach to setup a bridge on the host and adding the IP in the guest's config won't work. Is there a way of doing this without hacking at NAT and stuff? I tried using macvtap but I'm presumably doing it wrong because I still can't get the network on the guest working.
|
# ? Apr 28, 2017 02:11 |
|
Experto Crede posted:I have a dedi box with server4you and ordered an extra IP. I want to use this for running a small kvm guest. Adding the IP to the server works fine, but adding it to the guest is less successful. What about the provider network prevents bridging? Do you just have to ensure STP is off on the bridge or will their switchport freak out if it sees more than one incoming MAC or what?
|
# ? Apr 28, 2017 02:41 |
|
Handbrake is already in the Ubuntu 16.04/Xenial repositories but it's an ancient 0.10.2 release. I added the stebbins/handbrake-releases PPA, did apt-get update, and "apt-cache show handbrake" is still showing the 0.10.2 release. How do I force apt to prefer the PPA over the master repo? edit: I was looking at the wrong package (handbrake instead of handbrake-cli) but pinning repo priority would appear to be the fix. Paul MaudDib fucked around with this message at 04:01 on Apr 28, 2017 |
# ? Apr 28, 2017 03:52 |
|
Is there still a modern Ubuntu or similarly easy to use distro that still fits on a CD with either Firefox or Chrom(ium) and runs from CD? This is for my dad who needs a virus-free OS with browser, so it should have a graphical OS and be fiddle-free (I can't be there to to fiddle with it). That would be great.
|
# ? Apr 28, 2017 13:21 |
|
lllllllllllllllllll posted:Is there still a modern Ubuntu or similarly easy to use distro that still fits on a CD with either Firefox or Chrom(ium) and runs from CD? This is for my dad who needs a virus-free OS with browser, so it should have a graphical OS and be fiddle-free (I can't be there to to fiddle with it). That would be great. Does it have to be a CD though? You could probably use a read-only SD card or a USB drive.
|
# ? Apr 28, 2017 13:40 |
|
other people posted:What about the provider network prevents bridging? Do you just have to ensure STP is off on the bridge or will their switchport freak out if it sees more than one incoming MAC or what? Not sure, but every sort of fiddling with bridging I've done hasn't worked. Bridge device works fine just on its own, but can't get it to let servers accept the new IP. I tried undoing the bridge and setting a VM to use passthrough to the ethernet device but that just crashes networking, as well as all the other methods I tried just not working. So not sure what I can do to get this VM on this IP.
|
# ? Apr 28, 2017 20:16 |
|
Furism posted:Does it have to be a CD though? You could probably use a read-only SD card or a USB drive. \/ e: Thanks, apropos man. I appreciate the effort. lllllllllllllllllll fucked around with this message at 07:34 on Apr 29, 2017 |
# ? Apr 28, 2017 21:27 |
|
If you're running a Linux environment yourself it's really easy to make a bootable USB from a stick you have lying around. No need to order something, just download an iso image, put the USB in and find out where it's mounted with this: $ lsblk Let's say that it's mounted at /dev/sdb1 and your iso file is in Downloads directory: Do: $ sudo unmount /dev/sdb1 $ sudo dd if=Downloads/isofile.iso of=/dev/sdb bs=1M Leave it for a good length of time (10 minutes) and unmount or just pull it out. Whichever iso you use is up to you. There are plenty that run from USB. Probably best to use an 8GB stick, though you might get away with a 4GB one. Edit: the second line of bash should read: $ sudo umount /dev/sdb1 I was posting on my phone: foiled by autocorrect! apropos man fucked around with this message at 06:25 on Apr 29, 2017 |
# ? Apr 29, 2017 01:18 |
|
I don't even think you can buy 8GB usb sticks anymore.
|
# ? Apr 29, 2017 01:21 |
|
anthonypants posted:I don't even think you can buy 8GB usb sticks anymore. I still see random poo poo-tier flash drives in the checkout line at the grocery store or Best Buy or whatever. Or as conference swag from vendors who aren't even trying that goes directly into the trash. As a geriatric who grew up on 5 1/4" floppies, it's kind of amusing to think of how many feet tall the stack of disks would be to match the 4GB USB stick I unthinkingly toss aside.
|
# ? Apr 29, 2017 01:41 |
|
I remember thinking a 32mb usb drive was insane.
|
# ? Apr 29, 2017 01:42 |
|
|
# ? Apr 20, 2024 06:36 |
|
I still have a usable 32mb flash drive, it has freedos on it and we use it to run dos only tools on our servers (usually raid controllers dumping diag info for the vendor because of course they'd never want to make linux friendly tools, no one ever uses linux in server environments).
|
# ? Apr 29, 2017 01:46 |