On Monday 27 November 2006 20:59, Craig White wrote: >On Mon, 2006-11-27 at 17:27 -0800, Wolfgang S. Rupprecht wrote: >> Gordon Messmer <yinyang@xxxxxxxxx> writes: >> > xhost +localhost >> >> Although one should probably mention that "xhost" could more >> descriptively be called: >> >> allow_keylogging_from +hostname >> >> It basically turns off what little protection X had. Anyone with an >> account at the xhost-ed host can record all the keys you typed from >> that point on. > >---- >I vaguely recall that Gordon suggested that wasn't the preferred method >of dealing with this but considering that the OP routinely logs in as >root and constantly runs gui as root, it's not as if OP is demonstrating >concerns about security. > >Craig Thats one of the beauties of linux, you can delegate things. In this case, outside security is delegated to the x86 version of DD-WRT. Secure against my stupidity, now thats something else. If this install would have Just Worked(TM) from the gitgo, much of this would not now be a PITA for all concerned. Such niggling little things as the initially missing /etc/crontab file for instance. Then yesterday there was a whole gaggle of selinux related stuff that yum updated, and now I can't get cron to run amanda at all even though selinux is set to permissive. Decode this please, from /var/log/cron, since the selinux troubleshooter shows me a blank slate, apparently freezing with the progress bar showing the load percentage stuck at about 40% regardless of what log I load for analisys: ---------- Nov 27 20:25:01 coyote crond[16717]: Authentication service cannot retrieve authentication info Nov 27 20:25:01 coyote crond[16717]: CRON (amanda) ERROR: failed to open PAM security session: Success Nov 27 20:25:01 coyote crond[16717]: CRON (amanda) ERROR: cannot set security context ---------- Which was my latest attempt to make cron do a backup by calling my wrapper script that runs amanda to do the heavy lifting. That /var/spool/cron/amanda cats like this: root@coyote /]# cat /var/spool/cron/amanda ------------ shell=/bin/sh PATH=/GenesAmandaHelper-0.5:$PATH MAILTO=amanda 25 20 * * * /GenesAmandaHelper-0.5/backup.sh # This file was written by KCron. Copyright (c) 1999, Gary Meyer # Although KCron supports most crontab formats, use care when editing. # Note: Lines beginning with "#\" indicates a disabled task. ------------ I built and installed the 20061127 version of amanda-2.5.1p2 today, and the amcheck test run disclosed that yesterdays running of it as root had managed to make all the indice files owned by root, so I had another few minutes worth of doing a chown -R amanda:disk on the indice tree. I also installed, but am about to rip out, another 6 or so pam modules but that made no difference, the above was done after installing them. And, typical, calling up a 'man pam' gets me something entirely different that has nothing to do with Password Authentification Module, which is what I think "pam" stands for. If thats not the case, point me at the tutorials as I'd really like to do a backup by some means other than 'su amanda -c "./backup.sh"', which works well and I'll do it if cron cannot be co-erced by a cowboy on each front fender swinging a cat-o-9-tails or some such. Now get this! I just totally disabled selinux (It was set permissive) and cron runs my script. WTF? I'm going after a beer. -- Cheers, Gene "There are four boxes to be used in defense of liberty: soap, ballot, jury, and ammo. Please use in that order." -Ed Howdershelt (Author) Yahoo.com and AOL/TW attorneys please note, additions to the above message by Gene Heskett are: Copyright 2006 by Maurice Eugene Heskett, all rights reserved.