Re: What to do when a command isn't found?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 




Message: 7
Date: Thu, 06 Jul 2006 14:03:20 -0500
From: Les Mikesell <lesmikesell@xxxxxxxxx>
Subject: Re: What to do when a command isn't found?
To: For users of Fedora Core releases <fedora-list@xxxxxxxxxx>
Message-ID: <1152212601.20191.16.camel@xxxxxxxxxxxxxxxxxxxxxx>
Content-Type: text/plain

On Thu, 2006-07-06 at 14:54 -0400, starcycle@xxxxxxxxx wrote:
> On 7/6/06, fedora-list-request@xxxxxxxxxx
> <fedora-list-request@xxxxxxxxxx> wrote:
> >

Do you log in in some way that avoids running /etc/profile?  Mine
(in a stock install) adds /sbin, /usr/sbin, and /user/local/sbin
if your uid is 0.

i was logging in through ssh. but the problem was not using the dash.
all workie now. see what i mean about difficult for newbies? :D

s.c.


--
  Les Mikesell
   lesmikesell@xxxxxxxxx




------------------------------

Message: 8
Date: Thu, 6 Jul 2006 16:03:16 -0300
From: "Jacques B." <jjrboucher@xxxxxxxxx>
Subject: Re: Lock homepage in firefox for normal users?[Scanned]
To: "For users of Fedora Core releases" <fedora-list@xxxxxxxxxx>
Message-ID:
        <a937d2190607061203h6db44e05o1679d2d4ebe325a9@xxxxxxxxxxxxxx>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed

A quick Google search for:

firefox lock homepage

comes up with the following: http://ilias.ca/blog/2005_03_01_archive.html

I would think you could create that lock_pref() configuration file as
noted in the article, set it to read only for your users, and Bob's
your uncle.

Jacques B.

On 7/6/06, Tim <ignored_mailbox@xxxxxxxxxxxx> wrote:
> Tim:
> >> Sure about that?  You only have to list a file to see whether it's a
> >> link, or not.
>
>
> Dotan Cohen:
> > Allright. So /usr/bin/firefox is a bash script that calls "qwerty
> > http://homepage.com";, where qwerty is the firefox executable.
>
> Now all they have to do is look at the contents of that file.  That's
> the sort of thing I've done to trace what start's what.  Various things
> are started from scripts, and I know I can customise things to suit
> myself by reading them.
>
> If I wanted to subvert a system, the methods suggested so far aren't
> going to stop a mildly concerned user.  If you'd suggested compiling a
> program that simply passed over to something else, that would have been
> a bit more convincing.  It'll take more nouse from a would-be subverter
> to check what that's really going to do.
>
> Thus far I've not seen any suggestions that really "lock" the homepage.
>
> --
> (Currently running FC4, in case that's important to the thread)
>
> Don't send private replies to my address, the mailbox is ignored.
> I read messages from the public lists.
>
> --
> fedora-list mailing list
> fedora-list@xxxxxxxxxx
> To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
>



------------------------------

Message: 9
Date: Thu, 6 Jul 2006 15:07:12 -0400
From: Matthew Miller <mattdm@xxxxxxxxxx>
Subject: Re: What to do when a command isn't found?
To: For users of Fedora Core releases <fedora-list@xxxxxxxxxx>
Message-ID: <20060706190712.GA31062@xxxxxxxxxxxxx>
Content-Type: text/plain; charset=us-ascii

On Thu, Jul 06, 2006 at 08:50:58PM +0200, nigel henry wrote:
> It would make sense for /bin /sbin /usr/bin /usr/sbin being in
> ~/.bash_profile as default. /usr/local/bin, and /usr/local/sbin probably

I disagree. Most of the commands in these paths aren't really meant to be
executed by _anyone_ directly (httpd, for example).

For the rest, most people really don't need to use them, so they'd just be
clutter. This is particularly annoying if you use tab completion a lot (and
if you use the command line a lot, you *should*).



--
Matthew Miller           mattdm@xxxxxxxxxx          <http://mattdm.org/>
Boston University Linux      ------>              <http://linux.bu.edu/>



------------------------------

Message: 10
Date: Thu, 6 Jul 2006 16:20:31 -0300
From: "Jacques B." <jjrboucher@xxxxxxxxx>
Subject: Re: Lock homepage in firefox for normal users?[Scanned]
To: "For users of Fedora Core releases" <fedora-list@xxxxxxxxxx>
Message-ID:
        <a937d2190607061220n38cbea79l7a8be6d0083db80b@xxxxxxxxxxxxxx>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed

On 7/6/06, Jacques B. <jjrboucher@xxxxxxxxx> wrote:
> A quick Google search for:
>
> firefox lock homepage
>
> comes up with the following: http://ilias.ca/blog/2005_03_01_archive.html
>
> I would think you could create that lock_pref() configuration file as
> noted in the article, set it to read only for your users, and Bob's
> your uncle.
>
> Jacques B.
>
> On 7/6/06, Tim <ignored_mailbox@xxxxxxxxxxxx> wrote:
I guess I was too quick on the draw.  That's for Windows verion.  I
tried to figure out how to do the same in FC5 but no luck.  In the
meantime I didn't plug away at it much, 5-10 minutes.  Someone else
may have more time/knowledge to figure out how to do it in Linux.

Jacques B.



------------------------------

Message: 11
Date: Thu, 6 Jul 2006 12:21:20 -0700
From: "jdow" <jdow@xxxxxxxxxxxxx>
Subject: Re: What to do when a command isn't found?
To: "For users of Fedora Core releases" <fedora-list@xxxxxxxxxx>
Message-ID: <07c901c6a131$5d32fd50$0225a8c0@Wednesday>
Content-Type: text/plain; format=flowed; charset="UTF-8";
        reply-type=original

From: "nigel henry" <cave.dnb@xxxxxxxxxx>

> On Thursday 06 July 2006 18:58, Timothy Alberts wrote:
>> So I get this every now and then and haven't found a smooth method of
>> dealing with it.  I have my desktop upgraded from FC4 to FC5 and the
>> command 'ifconfig' comes back with 'bash: ifconfig: command not found.'
>> Additionally, I have been through tutorials on the web and different
>> books on running commands that more often than not, the bash shell comes
>> back with the same message.
>>
>> My first question is, are the shell commands and features standardized
>> somewhere so that I know what commands I can expect to have no matter
>> what machine I'm sitting at or what type of installation I have?  My
>> second question is, if these commands are supposed to be there, but the
>> shell comes back and says they aren't, what is the procedure for finding
>> the commands or installing the packages required for them?
>>
>> I understand the 'which xxx' command will tell me the location of the
>> executable that is being used when I call a command.  However it doesn't
>> help me find a missing command.  I also understand that typically shell
>> commands are in /bin /usr/bin /usr/local/bin among others.  If it helps,
>> when I type 'which ifconfig' the following is the result:
>>
>> /usr/bin/which: no ifconfig in
>> (/usr/kerberos/sbin:/usr/kerberos/bin:/usr/local/bin:/usr/bin:/bin:
>> /usr/X11R6/bin:/home/talberts/bin)
>>
>> Sorry these are fairly general questions so if it's easier to just focus
>> on the 'ifconfig' command that would be helpful.  Thank you for any
>> response.
>
> Hi Tim. Just for a start ifconfig is in /sbin/ifconfig . Darned annoying isn't
> it.

The /sbin and /usr/sbin directories are generally commands that users
should not use and which may not work at all for users. It is a basic
part of the security of the system. Unfettered access to ifconfig gives
a really nice way to perform nastiness on your system by bringing up
or down various interfaces. It's somewhat handy if commands users are
not expected to use are not on the user's path.

{^_^}



------------------------------

Message: 12
Date: Thu, 6 Jul 2006 20:38:12 +0100
From: Chris Jones <jonesc@xxxxxxxxxxxxxxxxx>
Subject: Re: kernel-2.6.17-1.2139_FC5 broke ACPI S3 on thinkpad T42p
To: fedora-list@xxxxxxxxxx
Message-ID: <200607062038.13057.jonesc@xxxxxxxxxxxxxxxxx>
Content-Type: text/plain;  charset="utf-8"

On Thursday 06 July 2006 10:34 am, Chris Jones wrote:
> > https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=196835
>
> Thanks, I am already watching that bug, but as yet I have not had chance to
> try out all the suggestions so have not added my own comments. Will do as
> soon as I get time...

Update. I've since updated to the 2.6.17-1.2145_FC5 kernel, and with this
hibernate works fine again. Looking at the release notes I'm not sure what
change fixed it, but something did.

Chris
>
> Chris

--
+--------------------------------------------------------------+
| Dr Chris R Jones         work   : +44 (0)1223 337324         |
| HEP Group  (rm 882)      fax    : +44 (0)1223 353920         |
| Cavendish Laboratory,    home   : +44 (0)1223 510711         |
| Madingley Road,          mobile : +44 (0)7723 327477         |
| Cambridge, CB3 0HE       email  : jonesc@xxxxxxxxxxxxxxxxx   |
+--------------------------------------------------------------+



------------------------------

Message: 13
Date: Thu, 06 Jul 2006 12:40:26 -0700
From: Jonathan Ryshpan <jonrysh@xxxxxxxxxxx>
Subject: More mplayer installation problems
To: Fedora List <fedora-list@xxxxxxxxxx>
Message-ID: <1152214826.2615.2.camel@xxxxxxxxxxxxxxxxxxxxx>
Content-Type: text/plain

Installing mplayer using yumex, I get these errors:
        Missing Dependency: mplayer = 1.0-0.43.pre8.lvn5 is needed by package mencoder
        Missing Dependency: mplayer = 1.0-0.43.pre8.lvn5 is needed by package mplayer-gui

But it looks like this version of mplayer is installed:
        # rpm -q mplayer
        mplayer-1.0-0.43.pre8.lvn5

Any ideas what's going on?

Thanks - jon



------------------------------

Message: 14
Date: Thu, 6 Jul 2006 12:53:28 -0700 (PDT)
From: Al Sparks <data345@xxxxxxxxx>
Subject: Re: What to do when a command isn't found?
To: For users of Fedora Core releases <fedora-list@xxxxxxxxxx>
Message-ID: <20060706195328.46750.qmail@xxxxxxxxxxxxxxxxxxxxxxxxxxx>
Content-Type: text/plain; charset=iso-8859-1

--- jdow <jdow@xxxxxxxxxxxxx> wrote:
>
> The /sbin and /usr/sbin directories are generally commands that users
> should not use and which may not work at all for users. It is a basic
> part of the security of the system. Unfettered access to ifconfig gives
> a really nice way to perform nastiness on your system by bringing up
> or down various interfaces. It's somewhat handy if commands users are
> not expected to use are not on the user's path.

I tried to execute
   ifconfig eth0 down
on my system as non-root, and got permission denied.

If you're going to restrict access to the commands in /sbin, you
should also change the permissions on the /sbin directory so
unauthorized personnel can't reach it.  As things stand now, you
simply have security through obscurity, since users can change their
own $PATH.

Actually, if you're going to restrict users, you default their shell
to /bin/rbash, set their $PATH to a small amount of directories, and
make their .bashrc and .bash_profiles inaccessible.
   === Al



------------------------------

Message: 15
Date: Thu, 06 Jul 2006 14:55:27 -0500
From: "Mikkel L. Ellertson" <mikkel@xxxxxxxxxxxxxxxx>
Subject: Re: More mplayer installation problems
To: For users of Fedora Core releases <fedora-list@xxxxxxxxxx>
Message-ID: <44AD6AAF.7090408@xxxxxxxxxxxxxxxx>
Content-Type: text/plain; charset=ISO-8859-1

Jonathan Ryshpan wrote:
> Installing mplayer using yumex, I get these errors:
>         Missing Dependency: mplayer = 1.0-0.43.pre8.lvn5 is needed by package mencoder
>         Missing Dependency: mplayer = 1.0-0.43.pre8.lvn5 is needed by package mplayer-gui
>
> But it looks like this version of mplayer is installed:
>         # rpm -q mplayer
>         mplayer-1.0-0.43.pre8.lvn5
>
> Any ideas what's going on?
>
> Thanks - jon
>
It is telling you that you can not upgrade mplayer without upgrading
 the mencoder and mplayer-gui packages because they depend on the
mplayer-1.0-0.43.pre8.lvn5 package. It looks like the requirements
are set so that a newer version of mplayer, or one from a different
source besides Livna are not acceptable.

Mikkel
--

  Do not meddle in the affairs of dragons,
for thou art crunchy and taste good with Ketchup!



------------------------------

Message: 16
Date: Thu, 6 Jul 2006 16:02:21 -0400
From: Matthew Miller <mattdm@xxxxxxxxxx>
Subject: Re: What to do when a command isn't found?
To: For users of Fedora Core releases <fedora-list@xxxxxxxxxx>
Message-ID: <20060706200221.GA1387@xxxxxxxxxxxxx>
Content-Type: text/plain; charset=us-ascii

On Thu, Jul 06, 2006 at 12:53:28PM -0700, Al Sparks wrote:
> I tried to execute
>    ifconfig eth0 down
> on my system as non-root, and got permission denied.

Try adding

USERCTL=yes

to

/etc/sysconfig/network-scripts/ifcfg-eth0

(One of several arguments for moving ifconfig to /bin.)


But yeah, having programs in sbin isn't a security thing. It's an
organizational thing.


--
Matthew Miller           mattdm@xxxxxxxxxx          <http://mattdm.org/>
Boston University Linux      ------>              <http://linux.bu.edu/>



------------------------------

Message: 17
Date: Thu, 06 Jul 2006 15:05:46 -0500
From: "Mikkel L. Ellertson" <mikkel@xxxxxxxxxxxxxxxx>
Subject: Re: What to do when a command isn't found?
To: For users of Fedora Core releases <fedora-list@xxxxxxxxxx>
Message-ID: <44AD6D1A.5070901@xxxxxxxxxxxxxxxx>
Content-Type: text/plain; charset=ISO-8859-1

Al Sparks wrote:
>
> I tried to execute
>    ifconfig eth0 down
> on my system as non-root, and got permission denied.
>
> If you're going to restrict access to the commands in /sbin, you
> should also change the permissions on the /sbin directory so
> unauthorized personnel can't reach it.  As things stand now, you
> simply have security through obscurity, since users can change their
> own $PATH.
>
> Actually, if you're going to restrict users, you default their shell
> to /bin/rbash, set their $PATH to a small amount of directories, and
> make their .bashrc and .bash_profiles inaccessible.
>    === Al
>
What happens if you run "/sbin/ifconfig eth0" instead of
"/sbin/ifconfig eth0 down"? Is the permission denied message about
running ifconfig or about trying to bring down eth0? There are times
when the information presented by ifconfig is useful to a normal
user, even though you can not change the settings.

One thing I think you are missing is that keeping these commands off
a normal user's path is not really a security measure. It is more a
matter of keeping them out of the way of people that would not
normally need access to them. Chances are, they are not going to
stumble across them by accident, but they are there if you do need
to use them. The security is that most actions by the commands
require root permissions. The information function of the commands
still works for normal users.

Mikkel
--

  Do not meddle in the affairs of dragons,
for thou art crunchy and taste good with Ketchup!



------------------------------

--
fedora-list mailing list
fedora-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-list

End of fedora-list Digest, Vol 29, Issue 57
*******************************************



[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux