[gentoo-user] Several questions -- various topics

[gentoo-user] Several questions -- various topics

[Timothy A. Holmes]

Good Morning All:

I have several little projects that I would like to sweep up as we
approach the holidays, and would like some input from the community.

1. On my laptop, I keep the nics off by default, and start them as I
need them.  The wired nic is started by /etc/init.d/net.eth0 start, and
the wireless uses wifi-radar.  Both have to be called from a root term.
While this is effective, its not necessarially efficient, or
particularlly good looking when im working with (non linux) people
around (I'm the director of our IT department, and perception that I
have it together is important -- even if its not all together true :)
).  I use fluxbox on my laptop, which runs extremely well, and I also
use the adesklets modubar.  I am wondering if there is a command that
could put into my gentoo menu, or my modubar that would allow me to run
either of those programs, (one entry for each) without having to either
start a root term, or sudo (which does not work for wifi-radar).  I have
tried a sudo command for a switch on the modubar and it seemed to fight
back, but its possible that I didn't get it set up right. Any
suggestions or pointers would be very helpful.


2. I am looking for recommendations on a multi network chat client.  I
have been using gaim for quite some time, however, there are some
problems in the latest version, and it does not seem that they will be
resolved for quite some time.  I have looked at kopete, but its irc
support is very lacking, especially compared to kvirc which I love.  I
am interested in hearing what other options might be out there.

I think that's all for now (im sure I'll think of more as time
progresses)

Have a great day

TIM

Timothy A. Holmes
IT Manager / Network Admin / Web Master / Computer Teacher / Science
Teacher
 
Medina Christian Academy
A Higher Standard...


-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] Several questions -- various topics

[Michael Crute]

On 11/20/06, Timothy A. Holmes <tholmes@mcaschool.net> wrote:
>
> I have tried a sudo command for a switch on the modubar
> and it seemed to fight back, but its possible that I didn't get
> it set up right. Any suggestions or pointers would be very helpful.
>
> I am looking for recommendations on a multi network chat client.  I
> have been using gaim for quite some time, however, there are some
> problems in the latest version, and it does not seem that they will be
> resolved for quite some time.  I have looked at kopete, but its irc
> support is very lacking, especially compared to kvirc which I love.  I
> am interested in hearing what other options might be out there.

To answer your first question, there are a few graphical sudo
applications. I personally use empower but if you are not comfortable
using stuff masked -* then there is also gksu.

As far as IM goes I use gaim for the normal IM networks and Xchat for
IRC both seem to work very well.

-Mike

-- 
________________________________
Michael E. Crute
http://mike.crute.org

God put me on this earth to accomplish a certain number of things.
Right now I am so far behind that I will never die. --Bill Watterson
-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] Several questions -- various topics

[Hans de Hartog]

[-- Attachment #1: Type: text/plain, Size: 1390 bytes --]

Timothy A. Holmes wrote:
> Good Morning All:
> 
> I have several little projects that I would like to sweep up as we
> approach the holidays, and would like some input from the community.
> 
> 1. On my laptop, I keep the nics off by default, and start them as I
> need them.  The wired nic is started by /etc/init.d/net.eth0 start, and
> the wireless uses wifi-radar.  Both have to be called from a root term.
> While this is effective, its not necessarially efficient, or
> particularlly good looking when im working with (non linux) people
> around (I'm the director of our IT department, and perception that I
> have it together is important -- even if its not all together true :)
(just answering what's above).

I've done a neat script for my laptop that distinguishes when I'm
using wifi (ifconfig "sees" the ath0 interface) and in that case
uses ath0 to get an ip-adress via dhcp and serves whatever systems
are on the wired side (eth0) as dhcpserver and do the masquerading for
them.
When my wifi card is not inserted (or switched off for built in
wifi's?), my laptop acts as a client on the eth0 side (getting an
ip-adress as dhcp-client).
All iptables-stuff is changed according to the situation. Run this
script in the boot level because it changes the default level stuff!
You problably have to change things w.r.t. ip-adresses and iptables
preferences.

Have fun with it!
Hans

[-- Attachment #2: myscript --]
[-- Type: text/plain, Size: 1323 bytes --]

#!/sbin/runscript

depend() {
	after bootmisc
}

start() {
	ebegin "Starting myscript"

	iptables -t filter -F
	iptables -t nat -F
	iptables -t filter -P INPUT DROP
	iptables -t filter -P FORWARD ACCEPT
	iptables -t filter -P OUTPUT ACCEPT
	iptables -t nat -P PREROUTING ACCEPT
	iptables -t nat -P POSTROUTING ACCEPT
	iptables -t nat -P OUTPUT ACCEPT
	iptables -t filter -A INPUT -i lo -j ACCEPT

	if ifconfig ath0 > /dev/null 2>&1
	then	echo 'config_eth0=( "10.0.0.1/24" )
config_ath0=( "dhcp" )
dhcp_ath0="nontp"' > /etc/conf.d/net
		[ -L /etc/runlevels/default/dhcpd ] || rc-update add dhcpd default
		[ -L /etc/runlevels/default/net.ath0 ] || rc-update add net.ath0 default
		iptables -t nat -A POSTROUTING -o ath0 -j MASQUERADE
		iptables -t filter -A INPUT -i ! ath0 -j ACCEPT
		iptables -t filter -A INPUT -i ath0 -m state --state ESTABLISHED,RELATED -j ACCEPT
	else	echo 'config_eth0=( "dhcp" )
dhcp_eth0="nontp"' > /etc/conf.d/net
		[ -L /etc/runlevels/default/dhcpd ] && rc-update del dhcpd default
		[ -L /etc/runlevels/default/net.ath0 ] && rc-update del net.ath0 default
		iptables -t filter -A INPUT -i eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT
		iptables -t filter -A INPUT -i eth0 -s 10.0.0.0/24 -j ACCEPT
	fi
	eend $?
	/etc/init.d/iptables save
}

stop() {
	ebegin "Stopping myscript"
	eend $?
}

Re: [gentoo-user] Several questions -- various topics

[Mick]

[-- Attachment #1: Type: text/plain, Size: 2706 bytes --]

On Monday 20 November 2006 13:59, Michael Crute wrote:
> On 11/20/06, Timothy A. Holmes <tholmes@mcaschool.net> wrote:
> > I have tried a sudo command for a switch on the modubar
> > and it seemed to fight back, but its possible that I didn't get
> > it set up right. Any suggestions or pointers would be very helpful.

As far as I know there are 3, maybe 4 ways of running a script as root:

  a)You launch a terminal as a plain user and then su to root; which 
unfortunately requires you to enter a password.

The menu entry could be something like:
===================================================
 [exec] (eth0 up) {xterm -e su -c '/etc/init.d/net.eth0 start'} 
</usr/kde/3.5/share/icons/hicolor/32x32/apps/knetattach.png>
===================================================

This will launch an xterm which will ask you for a password (root) before you 
can login and execute the init.d script.

  b)You have already defined the command in sudo in which case you can run it 
directly as a plain user.

The menu entry could look like this:
===================================================
 [exec] (eth0 down) {xterm -e sudo /etc/init.d/net.eth0 stop}
===================================================

The sudoers entry to allow the particular init.d script to run looks like so:
===================================================
# Host alias specification
Host_Alias      BOX1 = lappy
# User alias specification
User_Alias      ME = michael

# Shutting down the Internet
ME              BOX1 = NOPASSWD: /etc/init.d/net.eth0 stop
===================================================

  c)You set the root password to remain in memory for a set period of time 
after you enter it once, so that you do not have to enter it *every* time you 
su to root.  I can't remember where you set this . . . probably because I 
have never used it (for security purposes).  Someone else please fill in 
this?

  d)You can set the executable script as suid.  Then it will run with the 
owners permissions (root) as opposed to the person who's running it (plain 
user)

> > I am looking for recommendations on a multi network chat client.  I
> > have been using gaim for quite some time, however, there are some
> > problems in the latest version, and it does not seem that they will be
> > resolved for quite some time.  I have looked at kopete, but its irc
> > support is very lacking, especially compared to kvirc which I love.  I
> > am interested in hearing what other options might be out there.

ksirc?  Not as nice as kvirc, but probably lighter on resources.  There's also 
terminal based clients (but haven't used any).
-- 
Regards,
Mick

[-- Attachment #2: Type: application/pgp-signature, Size: 189 bytes --]

Re: [gentoo-user] Several questions -- various topics

[Mrugesh Karnik]

On Tuesday 21 November 2006 01:20, Mick wrote:
>   d)You can set the executable script as suid.  Then it will run with the
> owners permissions (root) as opposed to the person who's running it (plain
> user)
>

Can't run scripts suid on Linux afaik.

-- 
----------------------------------------
Mrugesh Karnik
GPG Key 0xBA6F1DA8
Public key on http://wwwkeys.pgp.net
----------------------------------------
-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] Several questions -- various topics

[Mick]

[-- Attachment #1: Type: text/plain, Size: 476 bytes --]

On Monday 20 November 2006 21:20, Mrugesh Karnik wrote:
> On Tuesday 21 November 2006 01:20, Mick wrote:
> >   d)You can set the executable script as suid.  Then it will run with the
> > owners permissions (root) as opposed to the person who's running it
> > (plain user)
>
> Can't run scripts suid on Linux afaik.

Hmm, shows I haven't tried it yet . . . Don't know if there's a way of 
bypassing the restriction (I think you can in Unix?). 

-- 
Regards,
Mick

[-- Attachment #2: Type: application/pgp-signature, Size: 189 bytes --]

Re: [gentoo-user] Several questions -- various topics

[Flophouse Joe]

On Mon, 20 Nov 2006, Mick wrote:
> On Monday 20 November 2006 21:20, Mrugesh Karnik wrote:
>> On Tuesday 21 November 2006 01:20, Mick wrote:
>> Can't run scripts suid on Linux afaik.
> Hmm, shows I haven't tried it yet . . . Don't know if there's a way of
> bypassing the restriction (I think you can in Unix?).

Linux purposefully ignores the setuid bit on shell scripts, so there's
no way to get around this restriction.  This is for the best.

There are-- or were-- other UNIXes that honored the setuid bit on shell
scripts by default, but I haven't come across any of them in the last five or so years.

If you really needed to run a shell script as root, you could try using
djb's "envuidgid" [1] available in Gentoo package
sys-process/daemontools .  But before you do so, remember that there's a
good reason why so many UNIXes have disabled this feature; you might
think of a better way to solve your problem.

[1] http://cr.yp.to/daemontools/envuidgid.html

Joe
-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] Several questions -- various topics

[Flophouse Joe]

On Mon, 20 Nov 2006, Flophouse Joe wrote:
> If you really needed to run a shell script as root, you could try using
> djb's "envuidgid" [1] available in Gentoo package
> sys-process/daemontools .

I spoke too soon.  Corrections:

(1) It's actually setuidgid that I was thinking of:
http://cr.yp.to/daemontools/setuidgid.html

(2) Quoting from the above URL, "setuidgid cannot be run by anyone other than root".  If you need to be root to run the utility in the first place, then there's no point in using it to gain root priveleges.

Joe
-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] Several questions -- various topics

[Neil Bothwick]

[-- Attachment #1: Type: text/plain, Size: 494 bytes --]

On Mon, 20 Nov 2006 08:09:55 -0500, Timothy A. Holmes wrote:

>  or sudo (which does not work for wifi-radar).  I have
> tried a sudo command for a switch on the modubar and it seemed to fight
> back, but its possible that I didn't get it set up right. Any
> suggestions or pointers would be very helpful.

Without knowing what you tried, or how it "fought back" it's difficult
to guess at what might be wrong.


-- 
Neil Bothwick

Employ teenagers - while they know everything.

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 189 bytes --]

RE: [gentoo-user] Several questions -- various topics

[Timothy A. Holmes]

 

> -----Original Message-----
> From: Neil Bothwick [mailto:neil@digimed.co.uk] 
> Sent: Wednesday, November 22, 2006 5:43 AM
> To: gentoo-user@lists.gentoo.org
> Subject: Re: [gentoo-user] Several questions -- various topics
> 
> On Mon, 20 Nov 2006 08:09:55 -0500, Timothy A. Holmes wrote:
> 
> >  or sudo (which does not work for wifi-radar).  I have tried a sudo 
> > command for a switch on the modubar and it seemed to fight 
> back, but 
> > its possible that I didn't get it set up right. Any suggestions or 
> > pointers would be very helpful.
> 
> Without knowing what you tried, or how it "fought back" it's 
> difficult to guess at what might be wrong.
> 
> 
> --
> Neil Bothwick
> 
> Employ teenagers - while they know everything.
> 
> 

Hi Neil:

Turns out that gksu has resolved all but one of the problems, and that
one is with the shutdown command.  

If I run gksu shutdown -h now, gksu interperates the -h as a command to
it, instead of connecting it to the shutdown command. The result is
either the help information being displayed, or an error of an
unrecognized command and the help output.

This one is not as big an issue as I can exit fluxbox neatly and
shutdown from gdm.

Thanks a TON


Timothy A. Holmes
IT Manager / Network Admin / Web Master / Computer Teacher / Science
Teacher
 
Medina Christian Academy
A Higher Standard...


-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] Several questions -- various topics

[Richard Fish]

On 11/22/06, Timothy A. Holmes <tholmes@mcaschool.net> wrote:
> If I run gksu shutdown -h now, gksu interperates the -h as a command to
> it, instead of connecting it to the shutdown command.

For gnu getopt, "--" is the standard argument to mark the end of
arguments.  So "gksu -- shutdown -h now" should do what you want.

-Richard
-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] Several questions -- various topics

[Mick]

[-- Attachment #1: Type: text/plain, Size: 862 bytes --]

On Wednesday 22 November 2006 18:39, Timothy A. Holmes wrote:
> > -----Original Message-----
> > From: Neil Bothwick [mailto:neil@digimed.co.uk]
> > Sent: Wednesday, November 22, 2006 5:43 AM
> > To: gentoo-user@lists.gentoo.org
> > Subject: Re: [gentoo-user] Several questions -- various topics

[snip]
>
> Hi Neil:
>
> Turns out that gksu has resolved all but one of the problems, and that
> one is with the shutdown command.
>
> If I run gksu shutdown -h now, gksu interperates the -h as a command to
> it, instead of connecting it to the shutdown command. The result is
> either the help information being displayed, or an error of an
> unrecognized command and the help output.

You can used -- after the last argument for gksu.  In your case there are no 
arguments for gksu, so stick it immediately after.

HTH
-- 
Regards,
Mick

[-- Attachment #2: Type: application/pgp-signature, Size: 189 bytes --]