ssh -X shop problem...
Gene Heskett
gene.heskett at verizon.net
Tue Nov 28 04:13:57 UTC 2006
On Monday 27 November 2006 20:59, Craig White wrote:
>On Mon, 2006-11-27 at 17:27 -0800, Wolfgang S. Rupprecht wrote:
>> Gordon Messmer <yinyang at eburg.com> writes:
>> > xhost +localhost
>>
>> Although one should probably mention that "xhost" could more
>> descriptively be called:
>>
>> allow_keylogging_from +hostname
>>
>> It basically turns off what little protection X had. Anyone with an
>> account at the xhost-ed host can record all the keys you typed from
>> that point on.
>
>----
>I vaguely recall that Gordon suggested that wasn't the preferred method
>of dealing with this but considering that the OP routinely logs in as
>root and constantly runs gui as root, it's not as if OP is demonstrating
>concerns about security.
>
>Craig
Thats one of the beauties of linux, you can delegate things. In this
case, outside security is delegated to the x86 version of DD-WRT. Secure
against my stupidity, now thats something else.
If this install would have Just Worked(TM) from the gitgo, much of this
would not now be a PITA for all concerned. Such niggling little things
as the initially missing /etc/crontab file for instance.
Then yesterday there was a whole gaggle of selinux related stuff that yum
updated, and now I can't get cron to run amanda at all even though
selinux is set to permissive.
Decode this please, from /var/log/cron, since the selinux troubleshooter
shows me a blank slate, apparently freezing with the progress bar showing
the load percentage stuck at about 40% regardless of what log I load for
analisys:
----------
Nov 27 20:25:01 coyote crond[16717]: Authentication service cannot
retrieve authentication info
Nov 27 20:25:01 coyote crond[16717]: CRON (amanda) ERROR: failed to open
PAM security session: Success
Nov 27 20:25:01 coyote crond[16717]: CRON (amanda) ERROR: cannot set
security context
----------
Which was my latest attempt to make cron do a backup by calling my wrapper
script that runs amanda to do the heavy lifting.
That /var/spool/cron/amanda cats like this:
root at coyote /]# cat /var/spool/cron/amanda
------------
shell=/bin/sh
PATH=/GenesAmandaHelper-0.5:$PATH
MAILTO=amanda
25 20 * * * /GenesAmandaHelper-0.5/backup.sh
# This file was written by KCron. Copyright (c) 1999, Gary Meyer
# Although KCron supports most crontab formats, use care when editing.
# Note: Lines beginning with "#\" indicates a disabled task.
------------
I built and installed the 20061127 version of amanda-2.5.1p2 today, and
the amcheck test run disclosed that yesterdays running of it as root had
managed to make all the indice files owned by root, so I had another few
minutes worth of doing a chown -R amanda:disk on the indice tree.
I also installed, but am about to rip out, another 6 or so pam modules but
that made no difference, the above was done after installing them. And,
typical, calling up a 'man pam' gets me something entirely different that
has nothing to do with Password Authentification Module, which is what I
think "pam" stands for. If thats not the case, point me at the tutorials
as I'd really like to do a backup by some means other than 'su
amanda -c "./backup.sh"', which works well and I'll do it if cron cannot
be co-erced by a cowboy on each front fender swinging a cat-o-9-tails or
some such.
Now get this! I just totally disabled selinux (It was set permissive) and
cron runs my script. WTF? I'm going after a beer.
--
Cheers, Gene
"There are four boxes to be used in defense of liberty:
soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
Yahoo.com and AOL/TW attorneys please note, additions to the above
message by Gene Heskett are:
Copyright 2006 by Maurice Eugene Heskett, all rights reserved.
More information about the users
mailing list