[SOLVED] Allowing root ssh?
Do you guys think it would be a good idea if I allowed root ssh on a system that only allows key authentication? I gave the root user a 4096 byte (or at least I think it was byte) long key, just because I want an even smaller chance of someone getting in. Is it possible to run two instances of sshd on boot-up, both using different configs?
Basically, this is what I would like to do https://wiki.archlinux.org/index.php/Pa … cman_cache using sshfs. During my first attempt, I had the issue of all of my ownership rights being changed from root:root to frosty:users. Then I moved to giving root access, and I haven't moved really on (I've only done basic testing) because I want to know your guys' opinion on whether or not this is a good idea, and if it's possible to make it even more secure. I know allowing root login over ssh is a big taboo in the *nix world, but it is the only solution that I could find to fixing this and clearing some needed disc space.
my basic(ish) config (with non-related settings to login mostly stripped out):
port 4000 # i'm hoping to use a different port for root access over only the LAN
protocol 2
addressfamily any
listenaddress 0.0.0.0:4000 # same as above comment
usepam 1
serverkeybits 1024
logingracetime 120
keyregenerationinterval 3600
permitrootlogin yes # would be disabled on the normal port
rsaauthentication yes
pubkeyauthentication yes
kerberosauthentication no
kerberosorlocalpasswd yes
kerberosticketcleanup yes
gssapiauthentication no
gssapicleanupcredentials yes
passwordauthentication no
kbdinteractiveauthentication no
challengeresponseauthentication no
strictmodes yes
tcpkeepalive yes
permitemptypasswords no
useprivilegeseparation yes
*heads off to bed for the night*
Last edited by frostyfrog (2012-04-22 04:01:20)
I think it would be better to just have the packages owned by a seperate user used for this job only.
Since the packages are actually readable by any user, packages put there by the remote machine would be owned by that user, sure, and packages put there by the local machine are owned by root.
Both could still read from it, and it's not like you usually want a package to be overwritten - since the point of it is to share the downloaded packages
Thinking about this even further, I personally would give every machine its own user, so I can a) see which package came from which machine, and b) easily lock single machines out even in a DHCP LAN environment.
Plus, it would keep the remote machines to delete the packages from the local machine.
So basically it boils down to how you want to really manage things: Which machine gets what kind of access etc.
Similar Messages
-
[Solved] Non-root user cannot access mounted ntfs filesystem
Hi -,
i have a dualboot system (arch/xfce + win7) and i use a ntfs partition /dev/sda2 to store files i use with both operating systems. I added the partition to fstab and it gets mounted, but i cannot access it with my non-root user. With root it works fine...
My fstab:
# cat /etc/fstab
# /etc/fstab: static file system information
# <file system> <dir> <type> <options> <dump> <pass>
tmpfs /tmp tmpfs nodev,nosuid 0 0
LABEL=home /home ext4 defaults 0 1
LABEL=root / ext4 defaults 0 1
LABEL=swap swap swap defaults 0 0
/dev/sda2 /media/sda2 ntfs defaults 0 2
Is there any option that allows all users to use the mounted device? Or how is this usually done ...
Last edited by muzzel (2012-05-30 20:39:58)See: NTFS-3G for important setup information.
My fstab line looks like:
/dev/sdb1 /media/Win_USB ntfs-3g uid=1000,gid=users,fmask=113,dmask=0022 0 0
This sets up some important parameters which the NTFS-3G Wiki Page covers. Basically, "ntfs" is only a basic driver and is built into the kernel. "ntfs-3g" is a much better, and less disk-eating, driver that you should install and use if you need the drive in Linux any more than occasionally. My fstab line makes my user (1000) the owner and the masks lets me write and etc to it. When you install NTFS-3G it is automatically used when you use the mount command to mount NTFS drives. In fstab, as above, you would specify it explicitly.
You can find your own user number by entering "id" at a terminal. -
[solved] allow a systemd user service to shutdown the pc (mythtv)
Hi,
I have a problem with my mythtv htpc. What I want is to shutdown the PC if the PC idles.
Mythtv (a pvr htpc software) recognizes if nobody is watching something and starts to shutdown the PC. This is not working ;(
By default, mythtv is running als a system service with a "User=xxx" line in his .service file. I managed to configure mythtv to run as user service, so the user can start/stop it with "systemctl --user start/stop mythbackend" ... but this doesn't solve the problem.
I installed polkit and now the user is able to shutdown the pc (systemctl poweroff) but this also doesn't help.
I already asked in the german forum but nobody has a idea.
Here is the german thread: https://bbs.archlinux.de/viewtopic.php?id=25290
in the first post, you can see my journald output.
can somebody help me? google can't
I don't think this is a mythtv related problem, I think user services are just not allowed to shutdown the pc.
thx for your help!
Last edited by muh3 (2014-01-10 13:26:36)To handle power from XBMC polkit rule is needed. It is probably the same with mythtv.
polkit.addRule(function(action, subject) {
if (action.id.match("org.freedesktop.login1.") && subject.isInGroup("mythtv")) {
return polkit.Result.YES;
Save this as /etc/polkit-1/rules.d/10-mythtv.rules and add user to mythtv group. -
[SOLVED] iptables preventing ssh within local network
I have updated my machines and removed tcp_wrappers. I have iptables set to reject as default on my input chain. I can ssh from one machine to another no problem as long as I stop iptables on the client first. I tried adding a rule to my iptables script as mentioned in
https://bbs.archlinux.org/viewtopic.php?id=122651
modifying only as needed for my own local network:
iptables -A INPUT -p tcp -s 192.168.1.0/100 --dport ssh -j ACCEPT
but still I can ssh to the client only if I stop iptables.
Is there something wrong with the above rule? How do I set up iptables to allow ssh from 192.168.1.0/100?
Thanks.
Last edited by kekules_dream (2011-07-24 19:18:05)Thanks for that info I understand now the points about CIDR masks. However, my iptables configuration is still preventing ssh locally, with:
ssh: connect to host 192.168.1.148 port 22: Protocol not available
netstat -tnlp | grep ssh
shows that ssh is running and listening. The problem must be in my iptables setup script since I still have no problems with ssh if I stop iptables.
Could there be something wrong with my script? It is now completely up to date with the Simple Stateful Firewall wiki and contains the line for allowing all local ssh, yet still it is blocking. I make sure to stop iptables when I clear the rules or reload new ones. Iptables is current, too, 1.4.11.1-1. I have tried 100/32 also and this too blocks.
#!/bin/sh
iptables -N TCP
iptables -N UDP
iptables -P FORWARD DROP
iptables -P OUTPUT ACCEPT
iptables -P INPUT DROP
iptables -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -m conntrack --ctstate INVALID -j DROP
iptables -A INPUT -p icmp --icmp-type 8 -m conntrack --ctstate NEW -j ACCEPT
iptables -A INPUT -p udp -m conntrack --ctstate NEW -j UDP
iptables -A INPUT -p tcp --syn -m conntrack --ctstate NEW -j TCP
iptables -A INPUT -p udp -j REJECT --reject-with icmp-port-unreach
iptables -A INPUT -p tcp -j REJECT --reject-with tcp-rst
iptables -A INPUT -j REJECT --reject-with icmp-proto-unreach
iptables -I TCP -p tcp -m recent --update --seconds 60 --name TCP-PORTSCAN -j REJECT --reject-with tcp-rst
iptables -D INPUT -p tcp -j REJECT --reject-with tcp-rst
iptables -A INPUT -p tcp -m recent --set --name TCP-PORTSCAN -j REJECT --reject-with tcp-rst
iptables -I UDP -p udp -m recent --update --seconds 60 --name UDP-PORTSCAN -j REJECT --reject-with port-unreach
iptables -D INPUT -p udp -j REJECT --reject-with icmp-port-unreach
iptables -A INPUT -p udp -m recent --set --name UDP-PORTSCAN -j REJECT --reject-with icmp-port-unreach
iptables -A INPUT -p tcp -s 192.168.1.0/24 --dport ssh -j ACCEPT
/etc/rc.d/iptables save -
[SOLVED] Partition (/root too small)
I have a 7gig partition for my /root ...unfortunately this seems too small... Are there any safe / easy ways to beef that partition up..(say to 15gig) without going through the whole install processa gain.....I have plenty of free space on my main partition....hopefully I can borrow some room from that...
Last edited by BarefootSoul83 (2009-10-15 17:18:49)Ehm, do you mean your root-Partition with the mount-point "/" or the home-directory of the user "root" with the mount-point "/root"? If it's the second one I'd reccommend to you not to save this much data in your root-account. If it's the first one, Gparted is your choice. Don't forget to backup before and take your time, resizing partitions can be very slow.
Edit: Oh I see that your problem is solved now, so my post is obsolete now...
Last edited by Samuel from beteigeuze (2009-10-15 18:30:10) -
[SOLVED] Allow to run some programs in sudo witout password
Hello!
The problem i have is due to some commands I wish to run without having to write the password every time, as hibernate-ram, poweroff, or a custom script to change the brightness (I use a Samsung R530, and the fn keys don't work by themselves). I googled the problem, and did as it is said on the sudoers file (using visudo), but even if i think the syntax is correct, there are not any changes; it continues asking me for password. How can I fix that?
I include a copy of my sudoers file, maybe my lack of experience with sudo don't allow me to see a syntax error.
# This is /etc/sudoers file.
# This file MUST be edited with the 'visudo' command as root.
# Failure to use 'visudo' may result in syntax or file permission errors
# that prevent sudo from running.
# See the sudoers man page for the details on how to write a sudoers file.
# Root is allowed to run all commands:
root ALL=(ALL) ALL
alvarez ALL=(ALL) ALL
alvarez ALL =(root) NOPASSWD: /usr/bin/controlbrillo
# Allow members of group wheel to run all commands:
%wheel ALL=(ALL) ALL
# Allow members of group power to shutdown and reboot the computer:
%power ALL = NOPASSWD: /sbin/shutdown,/sbin/halt,/sbin/reboot
# Allow members of group power to use hibernate and suspend:
%power ALL = NOPASSWD: /usr/sbin/pm-hibernate,/usr/sbin/pm-suspend
# Allow members of group power to change CPU frequenzy scaling governor:
%power ALL = NOPASSWD: /usr/bin/cpufreq-set
# Allow members of group network to use wvdial for call-up network connection:
%network ALL = NOPASSWD: /usr/bin/wvdial,/usr/bin/killall wvdial,/usr/bin/poff
# Allow members of group video to change screen settings catalyst driver:
%video ALL = NOPASSWD: /usr/bin/amdcccle
Thanks in advance
Last edited by vladimir_1922 (2011-10-19 23:13:45)Here's what I use (single user mode), which is a little different than yours, OP:
root ALL=(ALL) ALL
dspider ALL=(ALL) ALL
dspider ALL=NOPASSWD: /bin/mount, /bin/umount
dspider arch=NOPASSWD: /sbin/reboot, /sbin/poweroff
I'm guessing instead of "/sbin/poweroff" you could add your own command/script (path included).
"dspider@arch" -- obviously replace the user and hostname accordingly... Probably something like this:
alvarez your_hostname=NOPASSWD: /usr/bin/controlbrillo
Hope this helps.
Last edited by DSpider (2011-10-18 22:34:54) -
[SOLVED] Encrypted root, /boot on USB, cryptkey issue
Well to the topic. Followed this guide.
Usb flash drive with GRUB and a keyfile on it. Encrypted root.
grub.cfg
linux /vmlinuz-linux root=UUID=<uuid> ro cryptdevice=/dev/disk/by-id/<id>:luks cryptkey=/dev/disk/by-uuid/<uuid>:ext2:/key ipv6.disable=1 quiet
echo 'Loading initial ramdisk ...'
initrd /initramfs-linux.img
mkinitcpio.conf
MODULES="ata_generic ata_piix nls_cp437 ext2 i915"
HOOKS="base udev autodetect modconf block encrypt filesystems keyboard fsck consolefont"
Result: "Meh can't read a keyfile. Please input a passphrase om nom nom."
Tried:
1. Quadruple-checked UUID's, used /dev/sdX instead of them.
2. Using different modules, like nls_utf8, removing ata_* stuff.
3. Playing with <path> and <keyfile> strings, slashes, e t c.
4. A barrel roll.
Is it actually possible to make that filesystem key reading work? If not, how can I get physical offset of keyfile in a filesystem?
UPDATE:
Trouble in device detection speed. Any other usb media get's recognized instantly, while the one I booted from is slow like hell.
Last edited by wfoojjaec (2013-08-14 14:37:11)Marked as solved.
It seems that origin of a bug was somewhere in a kernel. After a recent update, done today of a 'linux' package a /boot usb device is properly recognized after about 5 seconds passed from poweron (instead of a full initialization at ~270 sec and hanging udev before).
A hack with fstab & noauto is not required now. <_< -
[SOLVED] Encrypted root on USB drive problem
Hi,
I have encrypted root on external USB harddrive. On one machine it works just fine, LUKS ask for password and system starts.
On second it does not work. I tryed nearly all possible combinations of modules and hooks. I can also access my usb drive if I use break=y. I am using current kernel & utils, I definitely use right paths...
Machine is an Dell with Intel chipset. My USB drive is like this:
/dev/sdb1 - big fat32
/dev/sdb2 - ext2 boot with Grub, kernel and initrd image
/dev/sdb3 - root fs, reiserfs encrypted with LUKS
I made little debuging and it seems that encrypt hook was launched, but did not make anything. Before I digg deeper I wonder that someone had same problem, or can give me advice.
Kernel panic screenshot:
PS: how can I put busybox to initrd image? echo * sucks.
Thanks
Last edited by Trained.Monkey (2007-10-10 09:42:13)I solved, problem is that encrypt is running BEFORE usb drive is fully initialized. Encrypted partition is not found and not used.
Solotion:
put sleep 5 at beggining of encrypt hook. You must also add sleep binary at installer. -
Prime Collaboration Assurance 10.6 root ssh login
I am not able to login to PCA 10.6 using root over ssh I believe I have the password correct. It just fails authentication. I can ssh to admin fine and I can use the "root" command and then authenticate to the bash shell, but don't seem to have access to all the commands. Any way to troubleshoot this or a little more insight would be great.
Hi Stephen,
root access to the CLI has been disabled (for security reasons) in Prime Collaboration Assurance 10.6.
This Information can be found here (look for the heading 'General'):
http://www.cisco.com/c/en/us/td/docs/net_mgmt/prime/collaboration/10-6/assurance/advanced/guide/Cisco_Prime_Collaboration_Assurance_Guide_Advanced_10_6/Cisco_Prime_Collaboration_Assurance_Guide_Advanced_10_6_chapter_01.html#concept_8004BC83C1C34B81A6F7C1B270DE453B
There is a hidden page that you can use for viewing logs, etc.:
https://<FQDN or IP-Address of Prime>/emsam/index.html#pageId=com_cisco_emsam_page_diag_links
Best regards
Igor -
[SOLVED] Disable root; possible error in the wiki
The wiki states that to disable root, one could lock it with
# passwd -l root
However, the man page suggests something different.
$ man passwd
-l, --lock
Lock the password of the named account. This option disables a password by changing it to a value which
matches no possible encrypted value (it adds a '!' at the beginning of the password).
Note that this does not disable the account. The user may still be able to login using another authentication
token (e.g. an SSH key). To disable the account, administrators should use usermod
--expiredate 1 (this set the account's expire date to Jan 2, 1970).
Should the wiki suggest this strategy instead?
Also, it seems like a recent update changed the default formatting of /etc/shadow, using "x" instead of "!" to denote no matching password? I haven't seen this documented anywhere.
Last edited by Salkay (2014-08-03 06:54:54)WonderWoofy wrote:The system will still need to run certain things as root in order for the machine to function properly.
Ah yes, this makes sense. The wording of the man page is a little confusing to me. It says after `passwd -l`, users can still log in. Then, it suggests disabling the account instead. Hence, I interpreted "disable" to mean "unable to login", whereas it seems that you are suggesting "disable" means "unable to do anything at all".
I've also tried to search more about using "x" instead of "!" in /etc/shadow, but can't find anything. I presume "x" is a better alternative since the new config files ship with it? -
[solved] can't ssh AWS EC2 anymore - iptables flushed
Hi,
I killed a AWS's EC2 connexion by flushing iptables on server side, can't connect anymore.
I connect to an Amazon's EC2 instance (with Ubuntu) mainly as a proxy, from a linux system based laptop, to go through an university's firewall.
(For a heads up, I do have some experience with sysadmin on linux, however not that much with network (close to none). I could be qualified as an "aware beginner". As a mean to get some experience with network, a friend of mine, who is most skilled, suggested to use, and helped me to set up an Amazon EC2 instance.
I get a connexion by pulling a ssh tunnel on a terminal:
ssh -i key.pem -D 8080 -p 443 -o 'IdentitiesOnly yes' [email protected]
However for the tricky part, the university's firewall blocking ssh too.
I could get over it when I eventually setup "stunnel4" to encrypt the whole connection with ssl (found it myself, with some luck in research).
(Installed it when I had the chance to find a proper connexion, which are rare: I found most of hotspot restrictive in that case).
So, it worked well for a while, until I wanted to set up a p2p system (don't laugh guys! It is mostly for study purpose: I needed to down/upload geology maps, which are huge, the firewall always shut our long transfers down, my professors and me).
I tried rtorrent on the server, it worked well.
But because the EC2's 8GB were not big enough, I needed to setup another p2p tool from the laptop (went with Deluge), going through the EC2. For this reason, I opened a range of ports on the Amazon board's security groups (56880-56890, tcp and udp), and added them to iptables, both on ubuntu and laptop, and setup the software accordingly.
# iptables -A INPUT -p tcp --dport 56881:56889 -j ACCEPT
# iptables -A INPUT -p udp --dport 56881:56889 -j ACCEPT
However, because it still did not work, I asked for help to this friend. He told me I set up the software wrong, and suggested me to flush iptables. So, I did it recklessly, on both laptop and EC2'ubuntu.
# iptables --flush
Of course, doing so killed the connexion to the EC2. There, I could not connect to the server anymore:
ssh: connect to host xx.xxx.xxx.xxx port 443: Connection timed out
Trying to fix it, I found this post, but I faced two difficulties I can not get over with during the process.
1st, on the Amazon EC2 board, after I created a temporary instance, I went to stop the broken instance (i-08091d4b: ok),
detached the broken EBS volume (ok) ,
in order to attach it to the temporary instance (i-64402427: not ok).
I couldn't because the two EBS are supposed to be on the same avaibility zone, which I couldn't setup.
Therefore I couldn't attach the broken EBS on the temp instance.
(I tried then create 2 others temporary instances, in order to check if I could set this avaibility zone).
2nd, I anticipate the fact that the temporary instance doesn't have the "stunnel4" system deployed (software, settings and key), then I won't be able to connect to it anyway.
Is anybody faced similar situation? What can I do to fix the situation?
Last edited by OlaffTheGreat (2014-08-17 23:11:21)Thanks for your reply.
Unfortunaly, I can't have a physical acces as it is a virtual hard drive somewhere.
As the tuto suggested, I tried also to just reboot the session, hopping the iptables would just reset afterward. It could have looked like what you say about "only partialy resetted the firewall". But it seems really out of order.
Edit: well, it is back online... but I don't know why.
I played randomly with the EBS volumes: detach/reattach them, and when I tried to ssh again to the broken session, I get the connexion...
Last edited by OlaffTheGreat (2014-08-17 23:10:53) -
[Solved] Only root (or using sudo) can start wbar 2.3.4-1
Since the update from 2.3.0-1 to 2.3.4-1 wbar can only be started using either the root account or starting it with sudo. Due to this its (normal user) config file is ignored.
I have taken a peek at the wbar site and seen that there have been newer versions before this last one but it is only this one that popped up in pacman. Therefore I do not know if this problem already started with any of these.
I have downgraded to the previous version I used and all works as it should (and has always done). Anyone else has experienced this?
Last edited by root (2012-09-27 22:50:24)@WorMzy
When I try to run wbar as regular user I only get a blank line and back to 'console command line' so to speak. I tried to debug it using
LD_DEBUG=files wbar > wbar.log 2>&1
but, suprisingly as it always had worked before in other cases, got a 'permission denied' message for the wbar.log file.
Right now I checked again and, again suprisingly, it (the debug procedure) worked with the following output,
14214:
14214: file=libImlib2.so.1 [0]; needed by wbar [0]
14214: file=libImlib2.so.1 [0]; generating link map
14214: dynamic: 0xb77a2ea0 base: 0xb774b000 size: 0x0006c690
14214: entry: 0xb7750b40 phdr: 0xb774b034 phnum: 7
14214:
14214:
14214: file=libX11.so.6 [0]; needed by wbar [0]
14214: file=libX11.so.6 [0]; generating link map
14214: dynamic: 0xb7747d88 base: 0xb7615000 size: 0x00135b38
14214: entry: 0xb7629280 phdr: 0xb7615034 phnum: 7
14214:
14214:
14214: file=libstdc++.so.6 [0]; needed by wbar [0]
14214: file=libstdc++.so.6 [0]; generating link map
14214: dynamic: 0xb760c91c base: 0xb752d000 size: 0x000e7614
14214: entry: 0xb7573620 phdr: 0xb752d034 phnum: 8
14214:
14214:
14214: file=libm.so.6 [0]; needed by wbar [0]
14214: file=libm.so.6 [0]; generating link map
14214: dynamic: 0xb752bea8 base: 0xb74ed000 size: 0x0003f080
14214: entry: 0xb74f1490 phdr: 0xb74ed034 phnum: 9
14214:
14214:
14214: file=libgcc_s.so.1 [0]; needed by wbar [0]
14214: file=libgcc_s.so.1 [0]; generating link map
14214: dynamic: 0xb74ec330 base: 0xb74d0000 size: 0x0001c670
14214: entry: 0xb74d2020 phdr: 0xb74d0034 phnum: 6
14214:
14214:
14214: file=libc.so.6 [0]; needed by wbar [0]
14214: file=libc.so.6 [0]; generating link map
14214: dynamic: 0xb74cad7c base: 0xb7324000 size: 0x001aaac4
14214: entry: 0xb733d760 phdr: 0xb7324034 phnum: 10
14214:
14214:
14214: file=libfreetype.so.6 [0]; needed by /usr/lib/libImlib2.so.1 [0]
14214: file=libfreetype.so.6 [0]; generating link map
14214: dynamic: 0xb7322e90 base: 0xb7288000 size: 0x0009b360
14214: entry: 0xb728fea0 phdr: 0xb7288034 phnum: 7
14214:
14214:
14214: file=libz.so.1 [0]; needed by /usr/lib/libImlib2.so.1 [0]
14214: file=libz.so.1 [0]; generating link map
14214: dynamic: 0xb7286ec8 base: 0xb7271000 size: 0x000160fc
14214: entry: 0xb72729f0 phdr: 0xb7271034 phnum: 7
14214:
14214:
14214: file=libbz2.so.1.0 [0]; needed by /usr/lib/libImlib2.so.1 [0]
14214: file=libbz2.so.1.0 [0]; generating link map
14214: dynamic: 0xb7270060 base: 0xb7261000 size: 0x0000fe44
14214: entry: 0xb7262030 phdr: 0xb7261034 phnum: 6
14214:
14214:
14214: file=libXext.so.6 [0]; needed by /usr/lib/libImlib2.so.1 [0]
14214: file=libXext.so.6 [0]; generating link map
14214: dynamic: 0xb725fefc base: 0xb724e000 size: 0x000126c8
14214: entry: 0xb7250a10 phdr: 0xb724e034 phnum: 7
14214:
14214:
14214: file=libdl.so.2 [0]; needed by /usr/lib/libImlib2.so.1 [0]
14214: file=libdl.so.2 [0]; generating link map
14214: dynamic: 0xb724ceb8 base: 0xb7249000 size: 0x00004074
14214: entry: 0xb7249ad0 phdr: 0xb7249034 phnum: 9
14214:
14214:
14214: file=libxcb.so.1 [0]; needed by /usr/lib/libX11.so.6 [0]
14214: file=libxcb.so.1 [0]; generating link map
14214: dynamic: 0xb7246f00 base: 0xb7226000 size: 0x000211d0
14214: entry: 0xb722e650 phdr: 0xb7226034 phnum: 7
14214:
14214:
14214: file=libXau.so.6 [0]; needed by /usr/lib/libxcb.so.1 [0]
14214: file=libXau.so.6 [0]; generating link map
14214: dynamic: 0xb7224f20 base: 0xb7222000 size: 0x00003090
14214: entry: 0xb7222a70 phdr: 0xb7222034 phnum: 7
14214:
14214:
14214: file=libXdmcp.so.6 [0]; needed by /usr/lib/libxcb.so.1 [0]
14214: file=libXdmcp.so.6 [0]; generating link map
14214: dynamic: 0xb7220f20 base: 0xb721b000 size: 0x00006078
14214: entry: 0xb721bf10 phdr: 0xb721b034 phnum: 7
14214:
14214:
14214: calling init: /usr/lib/libc.so.6
14214:
14214:
14214: calling init: /usr/lib/libXdmcp.so.6
14214:
14214:
14214: calling init: /usr/lib/libXau.so.6
14214:
14214:
14214: calling init: /usr/lib/libxcb.so.1
14214:
14214:
14214: calling init: /usr/lib/libdl.so.2
14214:
14214:
14214: calling init: /usr/lib/libX11.so.6
14214:
14214:
14214: calling init: /usr/lib/libXext.so.6
14214:
14214:
14214: calling init: /usr/lib/libbz2.so.1.0
14214:
14214:
14214: calling init: /usr/lib/libz.so.1
14214:
14214:
14214: calling init: /usr/lib/libfreetype.so.6
14214:
14214:
14214: calling init: /usr/lib/libgcc_s.so.1
14214:
14214:
14214: calling init: /usr/lib/libm.so.6
14214:
14214:
14214: calling init: /usr/lib/libstdc++.so.6
14214:
14214:
14214: calling init: /usr/lib/libImlib2.so.1
14214:
14214:
14214: initialize program: wbar
14214:
14214:
14214: transferring control: wbar
14214:
14214:
14214: file=/usr/lib/imlib2/loaders/zlib.so [0]; dynamically loaded by /usr/lib/libImlib2.so.1 [0]
14214: file=/usr/lib/imlib2/loaders/zlib.so [0]; generating link map
14214: dynamic: 0xb77d2ee0 base: 0xb77d1000 size: 0x00002060
14214: entry: 0xb77d17e0 phdr: 0xb77d1034 phnum: 7
14214:
14214:
14214: calling init: /usr/lib/imlib2/loaders/zlib.so
14214:
14214: opening file=/usr/lib/imlib2/loaders/zlib.so [0]; direct_opencount=1
14214:
14214: /usr/lib/imlib2/loaders/zlib.so: error: symbol lookup error: undefined symbol: save (fatal)
14214:
14214: file=/usr/lib/imlib2/loaders/xpm.so [0]; dynamically loaded by /usr/lib/libImlib2.so.1 [0]
14214: file=/usr/lib/imlib2/loaders/xpm.so [0]; generating link map
14214: dynamic: 0xb77cfedc base: 0xb77cc000 size: 0x0000406c
14214: entry: 0xb77cc8c0 phdr: 0xb77cc034 phnum: 7
14214:
14214:
14214: calling init: /usr/lib/imlib2/loaders/xpm.so
14214:
14214: opening file=/usr/lib/imlib2/loaders/xpm.so [0]; direct_opencount=1
14214:
14214: /usr/lib/imlib2/loaders/xpm.so: error: symbol lookup error: undefined symbol: save (fatal)
14214:
14214: file=/usr/lib/imlib2/loaders/tiff.so [0]; dynamically loaded by /usr/lib/libImlib2.so.1 [0]
14214: file=/usr/lib/imlib2/loaders/tiff.so [0]; generating link map
14214: dynamic: 0xb77caed4 base: 0xb77c7000 size: 0x0000407c
14214: entry: 0xb77c7a00 phdr: 0xb77c7034 phnum: 7
14214:
14214:
14214: file=libtiff.so.5 [0]; needed by /usr/lib/imlib2/loaders/tiff.so [0]
14214: file=libtiff.so.5 [0]; generating link map
14214: dynamic: 0xb6ff8e64 base: 0xb6f88000 size: 0x00073204
14214: entry: 0xb6f8d760 phdr: 0xb6f88034 phnum: 7
14214:
14214:
14214: file=liblzma.so.5 [0]; needed by /usr/lib/libtiff.so.5 [0]
14214: file=liblzma.so.5 [0]; generating link map
14214: dynamic: 0xb6f86e94 base: 0xb6f61000 size: 0x000260f0
14214: entry: 0xb6f62f00 phdr: 0xb6f61034 phnum: 7
14214:
14214:
14214: file=libjpeg.so.8 [0]; needed by /usr/lib/libtiff.so.5 [0]
14214: file=libjpeg.so.8 [0]; generating link map
14214: dynamic: 0xb6f4fd00 base: 0xb6f0a000 size: 0x000561a4
14214: entry: 0xb6f0cb70 phdr: 0xb6f0a034 phnum: 7
14214:
14214:
14214: file=libpthread.so.0 [0]; needed by /usr/lib/liblzma.so.5 [0]
14214: file=libpthread.so.0 [0]; generating link map
14214: dynamic: 0xb6f06e98 base: 0xb6eef000 size: 0x0001a1fc
14214: entry: 0xb6ef4b50 phdr: 0xb6eef034 phnum: 9
14214:
14214:
14214: calling init: /usr/lib/libpthread.so.0
14214:
14214:
14214: calling init: /usr/lib/libjpeg.so.8
14214:
14214:
14214: calling init: /usr/lib/liblzma.so.5
14214:
14214:
14214: calling init: /usr/lib/libtiff.so.5
14214:
14214:
14214: calling init: /usr/lib/imlib2/loaders/tiff.so
14214:
14214: opening file=/usr/lib/imlib2/loaders/tiff.so [0]; direct_opencount=1
14214:
14214:
14214: file=/usr/lib/imlib2/loaders/tga.so [0]; dynamically loaded by /usr/lib/libImlib2.so.1 [0]
14214: file=/usr/lib/imlib2/loaders/tga.so [0]; generating link map
14214: dynamic: 0xb77c5ee0 base: 0xb77c3000 size: 0x00003044
14214: entry: 0xb77c3690 phdr: 0xb77c3034 phnum: 7
14214:
14214:
14214: calling init: /usr/lib/imlib2/loaders/tga.so
14214:
14214: opening file=/usr/lib/imlib2/loaders/tga.so [0]; direct_opencount=1
14214:
14214:
14214: file=/usr/lib/imlib2/loaders/pnm.so [0]; dynamically loaded by /usr/lib/libImlib2.so.1 [0]
14214: file=/usr/lib/imlib2/loaders/pnm.so [0]; generating link map
14214: dynamic: 0xb77c1ee0 base: 0xb77bf000 size: 0x00003050
14214: entry: 0xb77bf7a0 phdr: 0xb77bf034 phnum: 7
14214:
14214:
14214: calling init: /usr/lib/imlib2/loaders/pnm.so
14214:
14214: opening file=/usr/lib/imlib2/loaders/pnm.so [0]; direct_opencount=1
14214:
14214:
14214: file=/usr/lib/imlib2/loaders/png.so [0]; dynamically loaded by /usr/lib/libImlib2.so.1 [0]
14214: file=/usr/lib/imlib2/loaders/png.so [0]; generating link map
14214: dynamic: 0xb77bded4 base: 0xb77ba000 size: 0x000040c4
14214: entry: 0xb77baed0 phdr: 0xb77ba034 phnum: 7
14214:
14214:
14214: file=libpng15.so.15 [0]; needed by /usr/lib/imlib2/loaders/png.so [0]
14214: file=libpng15.so.15 [0]; generating link map
14214: dynamic: 0xb6eedeb8 base: 0xb6ebf000 size: 0x0002f20c
14214: entry: 0xb6ec35b0 phdr: 0xb6ebf034 phnum: 7
14214:
14214:
14214: calling init: /usr/lib/libpng15.so.15
14214:
14214:
14214: calling init: /usr/lib/imlib2/loaders/png.so
14214:
14214: opening file=/usr/lib/imlib2/loaders/png.so [0]; direct_opencount=1
14214:
14214:
14214: file=/usr/lib/imlib2/loaders/lbm.so [0]; dynamically loaded by /usr/lib/libImlib2.so.1 [0]
14214: file=/usr/lib/imlib2/loaders/lbm.so [0]; generating link map
14214: dynamic: 0xb7016ee0 base: 0xb7014000 size: 0x00003048
14214: entry: 0xb70146c0 phdr: 0xb7014034 phnum: 7
14214:
14214:
14214: calling init: /usr/lib/imlib2/loaders/lbm.so
14214:
14214: opening file=/usr/lib/imlib2/loaders/lbm.so [0]; direct_opencount=1
14214:
14214: /usr/lib/imlib2/loaders/lbm.so: error: symbol lookup error: undefined symbol: save (fatal)
14214:
14214: file=/usr/lib/imlib2/loaders/jpeg.so [0]; dynamically loaded by /usr/lib/libImlib2.so.1 [0]
14214: file=/usr/lib/imlib2/loaders/jpeg.so [0]; generating link map
14214: dynamic: 0xb7012ed8 base: 0xb7010000 size: 0x00003078
14214: entry: 0xb7010a70 phdr: 0xb7010034 phnum: 7
14214:
14214:
14214: calling init: /usr/lib/imlib2/loaders/jpeg.so
14214:
14214: opening file=/usr/lib/imlib2/loaders/jpeg.so [0]; direct_opencount=1
14214:
14214:
14214: file=/usr/lib/imlib2/loaders/id3.so [0]; dynamically loaded by /usr/lib/libImlib2.so.1 [0]
14214: file=/usr/lib/imlib2/loaders/id3.so [0]; generating link map
14214: dynamic: 0xb700eed4 base: 0xb700b000 size: 0x000040b8
14214: entry: 0xb700bd90 phdr: 0xb700b034 phnum: 7
14214:
14214:
14214: file=libid3tag.so.0 [0]; needed by /usr/lib/imlib2/loaders/id3.so [0]
14214: file=libid3tag.so.0 [0]; generating link map
14214: dynamic: 0xb6ea1ef0 base: 0xb6e8d000 size: 0x00015228
14214: entry: 0xb6e90e10 phdr: 0xb6e8d034 phnum: 7
14214:
14214:
14214: calling init: /usr/lib/libid3tag.so.0
14214:
14214:
14214: calling init: /usr/lib/imlib2/loaders/id3.so
14214:
14214: opening file=/usr/lib/imlib2/loaders/id3.so [0]; direct_opencount=1
14214:
14214: /usr/lib/imlib2/loaders/id3.so: error: symbol lookup error: undefined symbol: save (fatal)
14214:
14214: file=/usr/lib/imlib2/loaders/gif.so [0]; dynamically loaded by /usr/lib/libImlib2.so.1 [0]
14214: file=/usr/lib/imlib2/loaders/gif.so [0]; generating link map
14214: dynamic: 0xb6ebded8 base: 0xb6ebb000 size: 0x00003044
14214: entry: 0xb6ebb6a0 phdr: 0xb6ebb034 phnum: 7
14214:
14214:
14214: file=libgif.so.4 [0]; needed by /usr/lib/imlib2/loaders/gif.so [0]
14214: file=libgif.so.4 [0]; generating link map
14214: dynamic: 0xb7009f00 base: 0xb7001000 size: 0x0000953c
14214: entry: 0xb70026c0 phdr: 0xb7001034 phnum: 7
14214:
14214:
14214: calling init: /usr/lib/libgif.so.4
14214:
14214:
14214: calling init: /usr/lib/imlib2/loaders/gif.so
14214:
14214: opening file=/usr/lib/imlib2/loaders/gif.so [0]; direct_opencount=1
14214:
14214: /usr/lib/imlib2/loaders/gif.so: error: symbol lookup error: undefined symbol: save (fatal)
14214:
14214: file=/usr/lib/imlib2/loaders/bz2.so [0]; dynamically loaded by /usr/lib/libImlib2.so.1 [0]
14214: file=/usr/lib/imlib2/loaders/bz2.so [0]; generating link map
14214: dynamic: 0xb6fffee0 base: 0xb6ffe000 size: 0x0000205c
14214: entry: 0xb6ffe7e0 phdr: 0xb6ffe034 phnum: 7
14214:
14214:
14214: calling init: /usr/lib/imlib2/loaders/bz2.so
14214:
14214: opening file=/usr/lib/imlib2/loaders/bz2.so [0]; direct_opencount=1
14214:
14214: /usr/lib/imlib2/loaders/bz2.so: error: symbol lookup error: undefined symbol: save (fatal)
14214:
14214: file=/usr/lib/imlib2/loaders/bmp.so [0]; dynamically loaded by /usr/lib/libImlib2.so.1 [0]
14214: file=/usr/lib/imlib2/loaders/bmp.so [0]; generating link map
14214: dynamic: 0xb6eb9ee0 base: 0xb6eb6000 size: 0x00004044
14214: entry: 0xb6eb66f0 phdr: 0xb6eb6034 phnum: 7
14214:
14214:
14214: calling init: /usr/lib/imlib2/loaders/bmp.so
14214:
14214: opening file=/usr/lib/imlib2/loaders/bmp.so [0]; direct_opencount=1
14214:
14214:
14214: file=/usr/lib/imlib2/loaders/argb.so [0]; dynamically loaded by /usr/lib/libImlib2.so.1 [0]
14214: file=/usr/lib/imlib2/loaders/argb.so [0]; generating link map
14214: dynamic: 0xb6eb4ee0 base: 0xb6eb3000 size: 0x0000203c
14214: entry: 0xb6eb36b0 phdr: 0xb6eb3034 phnum: 7
14214:
14214:
14214: calling init: /usr/lib/imlib2/loaders/argb.so
14214:
14214: opening file=/usr/lib/imlib2/loaders/argb.so [0]; direct_opencount=1
14214:
14214:
14214: calling fini: wbar [0]
14214:
14214:
14214: calling fini: /usr/lib/libstdc++.so.6 [0]
14214:
14214:
14214: calling fini: /usr/lib/libgcc_s.so.1 [0]
14214:
14214:
14214: calling fini: /usr/lib/imlib2/loaders/zlib.so [0]
14214:
14214:
14214: calling fini: /usr/lib/imlib2/loaders/xpm.so [0]
14214:
14214:
14214: calling fini: /usr/lib/imlib2/loaders/tiff.so [0]
14214:
14214:
14214: calling fini: /usr/lib/libtiff.so.5 [0]
14214:
14214:
14214: calling fini: /usr/lib/liblzma.so.5 [0]
14214:
14214:
14214: calling fini: /usr/lib/libpthread.so.0 [0]
14214:
14214:
14214: calling fini: /usr/lib/imlib2/loaders/tga.so [0]
14214:
14214:
14214: calling fini: /usr/lib/imlib2/loaders/pnm.so [0]
14214:
14214:
14214: calling fini: /usr/lib/imlib2/loaders/png.so [0]
14214:
14214:
14214: calling fini: /usr/lib/libpng15.so.15 [0]
14214:
14214:
14214: calling fini: /usr/lib/imlib2/loaders/lbm.so [0]
14214:
14214:
14214: calling fini: /usr/lib/imlib2/loaders/jpeg.so [0]
14214:
14214:
14214: calling fini: /usr/lib/libjpeg.so.8 [0]
14214:
14214:
14214: calling fini: /usr/lib/imlib2/loaders/id3.so [0]
14214:
14214:
14214: calling fini: /usr/lib/libid3tag.so.0 [0]
14214:
14214:
14214: calling fini: /usr/lib/imlib2/loaders/gif.so [0]
14214:
14214:
14214: calling fini: /usr/lib/libgif.so.4 [0]
14214:
14214:
14214: calling fini: /usr/lib/imlib2/loaders/bz2.so [0]
14214:
14214:
14214: calling fini: /usr/lib/imlib2/loaders/bmp.so [0]
14214:
14214:
14214: calling fini: /usr/lib/imlib2/loaders/argb.so [0]
14214:
14214:
14214: calling fini: /usr/lib/libImlib2.so.1 [0]
14214:
14214:
14214: calling fini: /usr/lib/libXext.so.6 [0]
14214:
14214:
14214: calling fini: /usr/lib/libfreetype.so.6 [0]
14214:
14214:
14214: calling fini: /usr/lib/libbz2.so.1.0 [0]
14214:
14214:
14214: calling fini: /usr/lib/libz.so.1 [0]
14214:
14214:
14214: calling fini: /usr/lib/libm.so.6 [0]
14214:
14214:
14214: calling fini: /usr/lib/libX11.so.6 [0]
14214:
14214:
14214: calling fini: /usr/lib/libxcb.so.1 [0]
14214:
14214:
14214: calling fini: /usr/lib/libXdmcp.so.6 [0]
14214:
14214:
14214: calling fini: /usr/lib/libXau.so.6 [0]
14214:
14214:
14214: calling fini: /usr/lib/libdl.so.2 [0]
14214: -
[SOLVED] Non-interactive SSH login and shell startup files
I have a problem getting git-annex connecting to my arch box because of
PATH not being correctly set. When diagnosing this problem I noticed that
~/.bashrc seems to be ignored for non-interactive SSH logins. More specifically,
ssh myhost env
Shows that when connecting to my other computer running gentoo, or to a
separate server (probably running some flavor of Debian, I am not sure),
environment variables defined in ~/.bashrc are present, but when connecting
to my arch box, they are not. All three computers have identical ~/.bashrc
files and ~/.bash_profile is set to read ~/.bashrc, and in all cases the file is
sourced for an interactive login (i.e., 'ssh myhost' followed by 'env'). I tried to
search through the various bash files in /etc, but didn't find anything related.
Is there some bash or SSH setting that controls this behavior?
Solution:
I looked into this a bit more and found BASH_ENV which can be used to point to
a file which is sourced for non-interactive shells. So I set
BASH_ENV=~/.bashrc
in /etc/environment, and now ~/.bashrc is sourced even for non-interactive
shells and thus my PATH is correctly set. What I still don't know is why
arch behaves differently in this respect, but I guess that will remain a mystery.
Last edited by Nuteater (2012-07-27 18:59:30)try creating a .login file and put exec bash in there.
Not _super_ familiar with csh, but I *think* csh loads .login only on login shells (as apposed to always loading .cshrc).
Barring that, the following should work.
if (! $?prompt) goto cshrc_end
exec bash
cshrc_end: -
[SOLVED] /dev/root is not a valid block device
After trying to boot my system after a few days of it remaining off, it fails to boot with:
Booting the kernel.
ERROR: resume: hibernation device '/dev/sda9' not found
mount: /dev/root is not a valid block device
You are now being dropped into an emergency shell.
sh: can't access tty; job control turned off.
[rootfs /]#
The sda9 error has been around for quite some time, even back when it was working and I've been ignoring it all these days.
Last edited by SgrA (2013-03-28 18:00:35)I did try that. Now after a few suggestions on #archlinux, I'm using LABEL's instead of device names, and SYSLINUX. The scene isn't much different, now it complains that it can't find "LABEL=Arch" instead. Here's the current fstab:
# <file system> <dir> <type> <options> <dump> <pass>
LABEL=Boot /boot ext2 defaults 0 1
UUID=c9e24897-af78-4768-bf67-2302ebf17a2b /mnt/Algenib ext4 defaults 0 1
LABEL=Arch / ext4 defaults 0 1
UUID=2cc33548-62ef-4c22-a2c8-13bb5a979273 /mnt/Acrux ext4 defaults 0 1
UUID=cd53f792-f142-45b2-aa0c-ab314950b53b /mnt/Mimosa ext4 defaults 0 1
UUID=122606f2-7ef7-4746-a688-806caaacc86f /mnt/Gacrux ext4 defaults,noauto 0 1
UUID=5b4c6ccb-b90c-488b-aa5d-135a2e98eaf0 swap swap defaults 0 0
and here's syslinux.cfg:
# Config file for Syslinux -
# /boot/syslinux/syslinux.cfg
# Comboot modules:
# * menu.c32 - provides a text menu
# * vesamenu.c32 - provides a graphical menu
# * chain.c32 - chainload MBRs, partition boot sectors, Windows bootloaders
# * hdt.c32 - hardware detection tool
# * reboot.c32 - reboots the system
# * poweroff.com - shutdown the system
# To Use: Copy the respective files from /usr/lib/syslinux to /boot/syslinux.
# If /usr and /boot are on the same file system, symlink the files instead
# of copying them.
# If you do not use a menu, a 'boot:' prompt will be shown and the system
# will boot automatically after 5 seconds.
# Please review the wiki: [url]https://wiki.archlinux.org/index.php/Syslinux[/url]
# The wiki provides further configuration examples
DEFAULT arch
PROMPT 0 # Set to 1 if you always want to display the boot: prompt
TIMEOUT 50
# You can create syslinux keymaps with the keytab-lilo tool
#KBDMAP de.ktl
# Menu Configuration
# Either menu.c32 or vesamenu32.c32 must be copied to /boot/syslinux
UI menu.c32
#UI vesamenu.c32
# Refer to [url]http://syslinux.zytor.com/wiki/index.php/Doc/menu[/url]
MENU TITLE Arch Linux
#MENU BACKGROUND splash.png
MENU COLOR border 30;44 #40ffffff #a0000000 std
MENU COLOR title 1;36;44 #9033ccff #a0000000 std
MENU COLOR sel 7;37;40 #e0ffffff #20ffffff all
MENU COLOR unsel 37;44 #50ffffff #a0000000 std
MENU COLOR help 37;40 #c0ffffff #a0000000 std
MENU COLOR timeout_msg 37;40 #80ffffff #00000000 std
MENU COLOR timeout 1;37;40 #c0ffffff #00000000 std
MENU COLOR msg07 37;40 #90ffffff #a0000000 std
MENU COLOR tabmsg 31;40 #30ffffff #00000000 std
# boot sections follow
# TIP: If you want a 1024x768 framebuffer, add "vga=773" to your kernel line.
LABEL arch
MENU LABEL Arch Linux
LINUX ../vmlinuz-linux
APPEND root=LABEL=Arch ro
INITRD ../initramfs-linux.img
LABEL archfallback
MENU LABEL Arch Linux Fallback
LINUX ../vmlinuz-linux
APPEND root=LABEL=Arch ro
INITRD ../initramfs-linux-fallback.img
LABEL algenib
MENU LABEL Algenib
LINUX ../vml-alg
APPEND root=UUID=c9e24897-af78-4768-bf67-2302ebf17a2b
INITRD ../ini-alg
#LABEL windows
# MENU LABEL Windows
# COM32 chain.c32
# APPEND hd0 1
LABEL hdt
MENU LABEL HDT (Hardware Detection Tool)
COM32 hdt.c32
LABEL reboot
MENU LABEL Reboot
COM32 reboot.c32
LABEL off
MENU LABEL Power Off
COMBOOT poweroff.com
This is what happens:
http://i.imgur.com/cVh1l1l.jpg
Last edited by SgrA (2013-03-28 13:20:22) -
[SOLVED] Ask root password automatically [question]
Hi, everybody.
Is there any way for console apps that need to be run as root to ask root password when we type the command?
Ex:
[user@localhost ~]$ pacman -Syu
You cannot perform this operation unless you are root. Please, insert the root password:
I know that there is "sudo", but i really dont like it because i have allways to type "sudo command".
Thanks in advance.
Last edited by eldarion (2007-10-06 18:46:50)Alias them to whatever you like.
alias pacman='su -c /usr/bin/pacman'
alias pacman='sudo /usr/bin/pacman'
Maybe you are looking for
-
Recent Itunes Upgrade screwed up computer?
We recently upgraded to iTunes 6.0.4.3. We lost all our dock settings, and now Safari and IE crash when we try and browse the net. Any ideas? Could something else have caused this?
-
HT1725 i tunes cany download a purchase i have it keeps saying it is corrupt
i tunes cant download a purchase i have made the last track on the album it says is corrupt check for other downloads and then did the same and would not download
-
I want to create folders on my iPhone and sync to PC
I really want to find a way to be able to sync photos to my PC but keep a folder structure around them. Some case: I take pics on my phone Photostream copy moves up to icloud and down to my PC I can organize them into client names(or other) Any itune
-
Inconsistency in Data Replication to the Data Base MEREP_207 (SAP Mobile)
Hello I have the following problem in WAS 7.00 SP16 (Usage type Mobile Infrastructure): Scanario: Backend driven replication (T51, Server Driven), SyncBO = Reservation Case A: When modifying data in the backend with transaction MB22, in some cases (R
-
What is meant by an Activity in Business One
Hi All, What is meant by an Activity in Business One.I studied it in Business One Help,but it is not much helpful.I want a brief description regarding Activities(help me by taking an example).Where this activity used(only in Sales Opportunities