Unable to access Yast

I am not sure if this is the right place for this thread, I apologise if I’ve got it wrong. I am a very fresh Opensuse convert (just installed it today) and trying to protect myself from a hacker inside my building complex, please be kind

So, I have just moved from a very buggy Vista Home Basic system after having myriad issues with internet speeds and especially after most of my social media accounts had their passwords changed. (I know, I know, they are not related but please bear with me). After my passwords were changed it sent me on a wild hunt to secure my system and network. Initially I wanted to have a dual-boot system (Vista and openSUSE) so I could ease into the transition but it was next to impossible to stabilize the system, anything I would download to install would be damaged or corrupted. Even the ISO files for the distro were damaged and I had to ask a friend to make the LiveUSB.

So as of now the system is running openSUSE 13.1. As soon as I installed it and after I updated the packages through Install/Remove software, I wanted to secure my machine. I also ran Yast a few other times when I was going through different articles, so I know that it was working. But, all of a sudden now it is inaccessible.

I am using Gnome desktop. When I search for it, I can see it, but clicking on it brings me back to the browser window. Trying to access it from the terminal, and I paste the output here:

zen@linux-3g7l:~> yast
Absolute path to ‘yast’ is ‘/sbin/yast’, so running it may require superuser privileges (eg. root).
zen@linux-3g7l:~> sudo yast
sudo: effective uid is not 0, is sudo installed setuid root?

I searched around for why I would be locked out of sudo (if that’s the right way to put it), and I found that you might need the output of the following command to help:

zen@linux-3g7l:~> mount | grep ‘/’
devtmpfs on /dev type devtmpfs (rw,relatime,size=1537720k,nr_inodes=210371,mode=755)
tmpfs on /dev/shm type tmpfs (rw,relatime)
tmpfs on /run type tmpfs (rw,nosuid,nodev,relatime,mode=755)
devpts on /dev/pts type devpts (rw,relatime,gid=5,mode=620,ptmxmode=000)
/dev/mapper/system-root on / type btrfs (rw,relatime,space_cache)
proc on /proc type proc (rw,relatime)
sysfs on /sys type sysfs (rw,nosuid,nodev,noexec,relatime)
securityfs on /sys/kernel/security type securityfs (rw,nosuid,nodev,noexec,relatime)
tmpfs on /sys/fs/cgroup type tmpfs (rw,nosuid,nodev,noexec,mode=755)
cgroup on /sys/fs/cgroup/systemd type cgroup (rw,nosuid,nodev,noexec,relatime,xattr,release_agent=/usr/lib/systemd/systemd-cgroups-agent,name=systemd)
pstore on /sys/fs/pstore type pstore (rw,nosuid,nodev,noexec,relatime)
cgroup on /sys/fs/cgroup/cpuset type cgroup (rw,nosuid,nodev,noexec,relatime,cpuset)
cgroup on /sys/fs/cgroup/cpu,cpuacct type cgroup (rw,nosuid,nodev,noexec,relatime,cpuacct,cpu)
cgroup on /sys/fs/cgroup/memory type cgroup (rw,nosuid,nodev,noexec,relatime,memory)
cgroup on /sys/fs/cgroup/devices type cgroup (rw,nosuid,nodev,noexec,relatime,devices)
cgroup on /sys/fs/cgroup/freezer type cgroup (rw,nosuid,nodev,noexec,relatime,freezer)
cgroup on /sys/fs/cgroup/net_cls type cgroup (rw,nosuid,nodev,noexec,relatime,net_cls)
cgroup on /sys/fs/cgroup/blkio type cgroup (rw,nosuid,nodev,noexec,relatime,blkio)
cgroup on /sys/fs/cgroup/perf_event type cgroup (rw,nosuid,nodev,noexec,relatime,perf_event)
cgroup on /sys/fs/cgroup/hugetlb type cgroup (rw,nosuid,nodev,noexec,relatime,hugetlb)
systemd-1 on /proc/sys/fs/binfmt_misc type autofs (rw,relatime,fd=29,pgrp=1,timeout=300,minproto=5,maxproto=5,direct)
hugetlbfs on /dev/hugepages type hugetlbfs (rw,relatime)
mqueue on /dev/mqueue type mqueue (rw,relatime)
debugfs on /sys/kernel/debug type debugfs (rw,relatime)
tmpfs on /var/run type tmpfs (rw,nosuid,nodev,relatime,mode=755)
tmpfs on /var/lock type tmpfs (rw,nosuid,nodev,relatime,mode=755)
/dev/mapper/system-home on /home type btrfs (rw,relatime,space_cache)
/dev/sda1 on /usr/local type ext4 (rw,relatime,data=ordered)
/dev/sda2 on /boot type ext4 (rw,relatime,data=ordered)
vmware-vmblock on /var/run/vmblock-fuse type fuse.vmware-vmblock (rw,nosuid,nodev,relatime,user_id=0,group_id=0,default_permissions,allow_other)
vmware-vmblock on /run/vmblock-fuse type fuse.vmware-vmblock (rw,nosuid,nodev,relatime,user_id=0,group_id=0,default_permissions,allow_other)
fusectl on /sys/fs/fuse/connections type fusectl (rw,relatime)
gvfsd-fuse on /run/user/1000/gvfs type fuse.gvfsd-fuse (rw,nosuid,nodev,relatime,user_id=1000,group_id=100)
gvfsd-fuse on /var/run/user/1000/gvfs type fuse.gvfsd-fuse (rw,nosuid,nodev,relatime,user_id=1000,group_id=100)

I installed nmap and Zenmap so I could monitor the network and look for open ports. The first time I ran nmap, the default telnet port was open, but subsequently it closed (didn’t show up on Zenmap on consequent runs, even though I have not done anything to close it).

I was looking into installing DenyHost to secure the ssh port, and then I was planning to work my way to closing all the extra open ports I could see on Zenmap (which I didn’t need, atleast as far as my basic knowledge tells me), when I encountered this problem with Yast.

My main question to you at this point is, is there anything I can do to secure my system before that hacker gets into it? He seems to be way more knowledgeable and even though I can work my way around, I am not a professional. I tried talking to my friend about it but he thinks I am being paranoid. Nobody believes me.

Please help, this is slowly driving me to despair.

Apparently some file permissions are incorrect.
What does “ls -l /usr/bin/sudo” say?
It should be this:

# ls -l /usr/bin/sudo
-rwsr-xr-x 1 root root 137736 28. Sep 10:45 /usr/bin/sudo

Does it work to switch to root with running “su”? If not, please log in as root, maybe in text mode if you prefer.
Run this and post the output if you get any:

chkstat --system

I installed nmap and Zenmap so I could monitor the network and look for open ports. The first time I ran nmap, the default telnet port was open, but subsequently it closed (didn’t show up on Zenmap on consequent runs, even though I have not done anything to close it).

Nothing is listening on the telnet port on a default installation.

Just a hint: if you run Zenmap on your local system to check the ports on that same system you might not get accurate results, because you do not even use the network. (you only connect via the loopback interface)
You would have to do this from a different system to really see which ports are open from the outside.

I was looking into installing DenyHost to secure the ssh port, and then I was planning to work my way to closing all the extra open ports I could see on Zenmap (which I didn’t need, atleast as far as my basic knowledge tells me), when I encountered this problem with Yast.

On a default installation, the ssh port is not even open in the Firewall, so no need to secure anything.
That you can still connect from localhost is because you don’t go through the Firewall because you don’t even use the network, see above.

If you want to make really sure that nobody can login via ssh, just disable the sshd service in YaST->System->Services Manager.

My main question to you at this point is, is there anything I can do to secure my system before that hacker gets into it? He seems to be way more knowledgeable and even though I can work my way around, I am not a professional. I tried talking to my friend about it but he thinks I am being paranoid. Nobody believes me.

Well, IMHO you are really too paranoid.
How are you connected to the Internet actually? If it’s via a router, nobody should be able to access your system from the outside anyway.
Better take care to not install any malware or similar. But the likelyhood of doing this in Linux is not as big as in Windows.

PS: Don’t follow random guides on the Internet on how to secure your system by changing file permissions. Chances are that vital services don’t work anymore, as you already experienced.

On 2014-01-20 11:16, RoadRunner2014 wrote:

> I am using Gnome desktop. When I search for it, I can see it, but
> clicking on it brings me back to the browser window. Trying to access it
> from the terminal, and I paste the output here:

Just a detail. Please use code tags for printouts and commands (the ‘#’
button in the forum editor).
View this post and the next

It makes it easier for us to read what you post below:

> zen@linux-3g7l:~> yast
> Absolute path to 'yast' is '/sbin/yast', so running it may require
> superuser privileges (eg. root).
> zen@linux-3g7l:~> sudo yast
> sudo: effective uid is not 0, is sudo installed setuid root?

That’s strange.

You should see this:

minas-tirith:~ # l /usr/bin/sudo
-rwsr-xr-x 1 root root 137736 Sep 28 10:45 /usr/bin/sudo*
minas-tirith:~ #

I searched around for why I would be locked out of sudo (if that’s the
right way to put it), and I found that you might need the output of the
following command to help:

> zen@linux-3g7l:~> mount | grep '/'
> devtmpfs on /dev type devtmpfs (rw,relatime,size=1537720k,nr_inodes=210371,mode=755)
> tmpfs on /dev/shm type tmpfs (rw,relatime)
> tmpfs on /run type tmpfs (rw,nosuid,nodev,relatime,mode=755)
> devpts on /dev/pts type devpts (rw,relatime,gid=5,mode=620,ptmxmode=000)
> /dev/mapper/system-root on / type btrfs (rw,relatime,space_cache)
> proc on /proc type proc (rw,relatime)
> sysfs on /sys type sysfs (rw,nosuid,nodev,noexec,relatime)
> securityfs on /sys/kernel/security type securityfs (rw,nosuid,nodev,noexec,relatime)
> tmpfs on /sys/fs/cgroup type tmpfs (rw,nosuid,nodev,noexec,mode=755)
> cgroup  on /sys/fs/cgroup/systemd type cgroup  (rw,nosuid,nodev,noexec,relatime,xattr,release_agent=/usr/lib/systemd/systemd-cgroups-agent,name=systemd)
> pstore on /sys/fs/pstore type pstore (rw,nosuid,nodev,noexec,relatime)
> cgroup on /sys/fs/cgroup/cpuset type cgroup (rw,nosuid,nodev,noexec,relatime,cpuset)
> cgroup on /sys/fs/cgroup/cpu,cpuacct type cgroup (rw,nosuid,nodev,noexec,relatime,cpuacct,cpu)
> cgroup on /sys/fs/cgroup/memory type cgroup (rw,nosuid,nodev,noexec,relatime,memory)
> cgroup on /sys/fs/cgroup/devices type cgroup (rw,nosuid,nodev,noexec,relatime,devices)
> cgroup on /sys/fs/cgroup/freezer type cgroup (rw,nosuid,nodev,noexec,relatime,freezer)
> cgroup on /sys/fs/cgroup/net_cls type cgroup (rw,nosuid,nodev,noexec,relatime,net_cls)
> cgroup on /sys/fs/cgroup/blkio type cgroup (rw,nosuid,nodev,noexec,relatime,blkio)
> cgroup on /sys/fs/cgroup/perf_event type cgroup (rw,nosuid,nodev,noexec,relatime,perf_event)
> cgroup on /sys/fs/cgroup/hugetlb type cgroup (rw,nosuid,nodev,noexec,relatime,hugetlb)
> systemd-1 on /proc/sys/fs/binfmt_misc type autofs (rw,relatime,fd=29,pgrp=1,timeout=300,minproto=5,maxproto=5,direct)
> hugetlbfs on /dev/hugepages type hugetlbfs (rw,relatime)
> mqueue on /dev/mqueue type mqueue (rw,relatime)
> debugfs on /sys/kernel/debug type debugfs (rw,relatime)
> tmpfs on /var/run type tmpfs (rw,nosuid,nodev,relatime,mode=755)
> tmpfs on /var/lock type tmpfs (rw,nosuid,nodev,relatime,mode=755)
> /dev/mapper/system-home on /home type btrfs (rw,relatime,space_cache)
> /dev/sda1 on /usr/local type ext4 (rw,relatime,data=ordered)
> /dev/sda2 on /boot type ext4 (rw,relatime,data=ordered)
> vmware-vmblock  on /var/run/vmblock-fuse type fuse.vmware-vmblock  (rw,nosuid,nodev,relatime,user_id=0,group_id=0,default_permissions,allow_other)
> vmware-vmblock  on /run/vmblock-fuse type fuse.vmware-vmblock  (rw,nosuid,nodev,relatime,user_id=0,group_id=0,default_permissions,allow_other)
> fusectl on /sys/fs/fuse/connections type fusectl (rw,relatime)
> gvfsd-fuse on /run/user/1000/gvfs type fuse.gvfsd-fuse (rw,nosuid,nodev,relatime,user_id=1000,group_id=100)
> gvfsd-fuse on /var/run/user/1000/gvfs type fuse.gvfsd-fuse (rw,nosuid,nodev,relatime,user_id=1000,group_id=100)

The only thing strange is that you apparently created a “/usr/local”. It
is something atypical for a Linux novice, but it is not wrong. I also
have that partition.

You apparently also have installed vmware, but that makes sense if you
intend to use your old Windows that way.

Your home might be encrypted. Not sure.

Did you do all that yourself?

> I installed nmap and Zenmap so I could monitor the network and look for
> open ports. The first time I ran nmap, the default telnet port was
> open, but subsequently it closed (didn’t show up on Zenmap on
> consequent runs, even though I have not done anything to close it).

You should not even have the telnet daemon installed. The telnet client,
yes, maybe, but the daemon (server) certainly not.

sshd yes - if you have more computers, or if your friend does remote
maintenance on your machine.

> I was looking into installing DenyHost to secure the ssh port, and then
> I was planning to work my way to closing all the extra open ports I
> could see on Zenmap (which I didn’t need, atleast as far as my basic
> knowledge tells me), when I encountered this problem with Yast.

Just make sure that the firewall is up and secured, that closes
everything you don’t explicitly open.

> My main question to you at this point is, is there anything I can do to
> secure my system before that hacker gets into it? He seems to be way
> more knowledgeable and even though I can work my way around, I am not a
> professional. I tried talking to my friend about it but he thinks I am
> being paranoid. Nobody believes me.
>
> Please help, this is slowly driving me to despair.

I can understand.

–
Cheers / Saludos,

Carlos E. R.
(from 12.3 x86_64 “Dartmouth” at Telcontar)

This is my output:
zen@linux-3g7l:~> ls -l /usr/bin/sudo
-rwxr-xr-x 1 root root 139920 Sep 28 10:21 /usr/bin/sudo

Trying to log in as root gives me the output so:

zen@linux-3g7l:~> su
Password:
su: Authentication failure

Why would I not see it when I ran Zenmap next?

So Zenmap is actually running on the loopback interface which has no link to the Firewall; for example if Zenmap tells me that an xyz port is open in the TCP protocol, I am not to take it seriously, if I understand it correctly. My next question would be, how would you know a reliable external port-scanner?

I am going to try that. But I may have messed up the sshd_config file which is causing these issues. I edited the /etc/ssh/sshd_config file after reading such an article; basically I changed all the commands to comments by adding a hash in front of them (which looks like it wasn’t such a great idea). I did not realize it would have such a drastic consequence, if that is actually what has happened.

I am connected via a router, which I have flashed already with dd-wrt software. Yes it was a bad infestation which I did not realize until the passwords were changed.
My biggest concern is, the person (I feel) I am up against is a sys admin; he would have the requisite tools to break into the router? I am really sorry for this annoying question.

You are right, I think I might have done something to mess this up after reading an article. It is a relief though to join in the Forum. I cannot wait to start using my machine once I have rested my doubts

Thank you for leading the way robin_listas! I have taken note of the Forum decorum and will ensure I follow it.

Please see my reply to wolfi323, and my reply to you so:

I was trying to access Yast through the command line, I am not entirely clear if your suggestion would do the same?

That is a fluke! I wanted to overwrite all of the HDD space but the installer’s default partition settings wanted to keep the Windows partition. So I checked the option to format it, but then was not sure about where to mount it. So I chose a mount point just so I could retrieve all that HDD space later. About the encryption, that too was an option in the installer, I just checked it

That is exactly what has been bothering me all this while. I have not intentionally installed telnet as a server, which is what makes me suspicious. As I said I have a feeling the hacker neighbor has installed a script which maybe gets copied to my LiveUSB somehow (this is where I am lost). Nobody is actually accessing my machine remotely (not to my knowledge or my consent), which is what makes the appearance of telnet even more worrisome, and which I went a little overboard with the sshd_config file. Logically I have absolutely no use for any remote services (as I am not receiving any help through those channels).

A scan of the router shows port 23 open with telnet running on it as of now. How can I fix this?

So as wolfi323 advised, setting up the Firewall should technically be good.

Thanks

–
Cheers / Saludos,

Carlos E. R.
(from 12.3 x86_64 “Dartmouth” at Telcontar)[/QUOTE]

Sorry forgot to add - I have not installed the VMWare consciously as well (I don’t remember the installer having any option for that), since my intention is to move completely away from Windows.

Well, as I suspected, the permissions for sudo are wrong, so it cannot get root rights and therefore doesn’t work.
I’m sure su has the same problem, and that’s also the reason why YaST cannot be started.

So as you don’t have any other possibility to get root permissions to fix that, you have to log in as root, as already suggested.

Then run “chkstat --system” (as I also wrote already), that should fix your permissions.
And please post the output.
If some directories’ permissions are also wrong, you’ll have to fix them first.

If you don’t want to login to the GUI as root, just log into text mode as root and run this:

chmod +s /usr/bin/sudo

You should then be able to at least use sudo as normal user.

Then log in to your normal account (into the graphical session) and run:

sudo chkstat --system

I will try to answer your other questions later…

I tried getting into the root via Ctrl+Alt+Fn, but the password did not work there either. Had to forcibly restart the system. Then I entered my password at the login screen.

After that, I get a message on the screen so:
"Authentication Required

Authentication is required to create a color managed device.

Administrator

Incorrect permissions on /usr/lib/polkit-1/polkit-agent-helper-1(needs to be setuid root)."
There is a button to “Authenticate”, it takes me back to login screen.

I did change the sshd_config file and there was a warning I might be locked out of the system. Could this be because of it?

UPDATE
I hit “cancel” and I am into the system. I will report back about your suggested steps in a bit.

Well, as I suspected, the permissions for sudo are wrong, so it cannot get root rights and therefore doesn’t work.
I’m sure su has the same problem, and that’s also the reason why YaST cannot be started.

So as you don’t have any other possibility to get root permissions to fix that, you have to log in as root, as already suggested.

Then run “chkstat --system” (as I also wrote already), that should fix your permissions.
And please post the output.
If some directories’ permissions are also wrong, you’ll have to fix them first.

If you don’t want to login to the GUI as root, just log into text mode as root and run this:
Code:
chmod +s /usr/bin/sudo
You should then be able to at least use sudo as normal user.

Then log in to your normal account (into the graphical session) and run:
Code:
sudo chkstat --system
I will try to answer your other questions later…

This is what I have tried so far. Please bear with me:

1. Pressed Ctrl+Alt+F1 to get to the command line
2. Tried several times to enter with username: root, and the password, but no success.
3. Hard rebooted the system, tried again, and this time I was able to login.
4. Ran chkstat --system. No output. The command just went to the next prompt.
5. Tried to exit the text console by typing init5 but system crashed. Had to hard reboot again.

Still cannot get into sudo, Yast. Telnet port on router (not localhost) has opened up again, along with another unknown port with a red signal behind it.

Get any error with init 5??

What video card and what driver?

Did you try yast command line logged in or changed (su -) to root?

No, the system freezes totally. It does not do anything at all. And also there is no error.
My videocard details:
NVIDIA GeForce 9200
Driver: NVIDIA GeForce9200M Graphics Driver http://h10025.www1.hp.com/ewfrf/wc/softwareDownloadIndex?softwareitem=ob-67044-1&cc=us&dlc=en&lc=en&os=2093&product=3807972&sw_lang=

That is a Windows driver you need a Linux driver. I think you need the GO3 flavor but to be honest I have gotten lost in the NVIDIA naming conventions :’(

Not a problem at all. The display seems to be working fine so far, so it is alright. My main concern right now is that I cannot get into sudo, and consequently YaST, because of busted file permissions.

At this point I strongly doubt that I’ll be able to fix this with my skillset, even if you kind folk are more than willing to help me out =)

Let’s forget the router for a moment.
One problem at a time.

So, you cannot login as “root”?
Then your only chance is to either boot a LiveCD and change to the system via “chroot”.
Or try this:
At the boot prompt, type ‘e’, search for the line starting with “linux”, and append “init=/bin/sh”.
Press F10 to boot.

You should then get to a minimal text system without having to enter any password. Run the command I gave you before to get sudo going at least.

PS: you should be able to use the G03 driver…

On 2014-01-20 21:16, RoadRunner2014 wrote:

> 4. Ran chkstat --system. No output. The command just went to the next
> prompt.

Try:

chkstat --system --set

–
Cheers / Saludos,

Carlos E. R.
(from 12.3 x86_64 “Dartmouth” at Telcontar)

On 2014-01-20 17:06, RoadRunner2014 wrote:

> That is a fluke! I wanted to overwrite all of the HDD space but the installer’s default partition settings wanted to keep the Windows partition.
> So I checked the option to format it, but then was not sure about where to mount it. So I chose a mount point just so I could retrieve all that
> HDD space later. About the encryption, that too was an option in the installer, I just checked it

During the install, you can just tell the installer to use the entire
disk if you so wish.

Besides that, you can choose any mount point in the list or just write
up a new one entirely of your choice, because those in the list have
specific uses.

>> You should not even have the telnet daemon installed. The telnet client,
>> yes, maybe, but the daemon (server) certainly not.
>>
>> sshd yes - if you have more computers, or if your friend does remote
>> maintenance on your machine.

> That is exactly what has been bothering me all this while. I have not intentionally installed telnet as a server,
> which is what makes me suspicious. As I said I have a feeling the hacker neighbor has installed a script which
> maybe gets copied to my LiveUSB somehow (this is where I am lost). Nobody is actually accessing my machine remotely
> (not to my knowledge or my consent), which is what makes the appearance of telnet even more worrisome, and which
> I went a little overboard with the sshd_config file. Logically I have absolutely no use for any remote services
> (as I am not receiving any help through those channels).

I forgot that you were using nmap running from the same machine, and as
wolfi323 said, it has to be run from another computer. Running it
locally it tests the “lo” network interface, which is not protected from
external access as it has no plug to connect a cable to. It is a virtual
device only, so it is not dangerous to have ports open in there. Just
ignore whatever you found on that run.

> >
> > A scan of the router shows port 23 open with telnet running on it as of now. How can I fix this?

But that is probably from the inside of your network, so not dangerous.
To close it, you have to enter your router configuration, either by
telnet or by its web page.

What is dangerous is whatever your router has open to the outside (some
have some by default). If your router is suspect, then what I would do
is take notes of its configs, and do a full hardware reset to factory
defaults - while disconnected from internet. Each router has its own
method for doing this. Then you have to reconfigure it from scratch,
making sure it does not have any configuration ports allowed from
outside (not even by your ISP). And of course, change the default
password to a strong one. If it has wifi, disable it.

Only after all this is done I would reconnect it to the outside network.

Notice that while you do all this, if you do, you have no internet and
no help. If you fail to finish it, you might have to call in someone or
buy another router… so be careful.

There are web pages and forums dedicated to help with home routers. Here
we can not help you much on that.

>> Just make sure that the firewall is up and secured, that closes
>> everything you don’t explicitly open.
>
> So as wolfi323 advised, setting up the Firewall should technically be good.

It is by default done from install.

–
Cheers / Saludos,

Carlos E. R.
(from 12.3 x86_64 “Dartmouth” at Telcontar)

Agreed.

I took a break after yesterday and started fresh today, and here are my results:

LiveUSB route

1. I needed the partition information, but the Terminal would not allow fdisk
   , saying it needed root permissions. I found out the partitions via System Monitor>File Systems (not sure if this was the right way). This is what was displayed:/dev/dm-2 / btrfs 42.9GB
   /dev/sda2 /boot ext4 397.8 MB
   /dev/mapp/ /home btrfs 53.7 GB
   /dev/sda1/ /usr/local ext4 99.4 GB
2. Then logged in via LiveUSB.
3. I created a mount point, then tried to mount /dev/dm-2 (which I believe is the partition with the filesystems), but the error was “special device /dev/dm-2 does not exist”.

I read up further on this and realise this is due to the encryption I set during install, and to fix this would require be a time-intensive process.

Editing the Boot Loader

1. I got into the Edit mode by pressing ‘esc’ and then ‘e’, and followed the steps as outlined.
2. Then I pressed F10 to boot, but the system spewed out code and then got stuck. I forcibly shutdown the machine and then started again.

**Logging in as root
Attempt 1
**

1. I tried this again after facing issues with the other two methods.
2. I pressed Ctrl+Alt+F1, then successfully logged in to root.
3. Typed chkstat --system
   . Output follows:

 # Checking permissions and ownerships - using the permission files
    /etc/permissions
    /etc/permissions.paranoid
    /etc/permissions.d/mail-server
    /etc/permissions.d/mail-server.paranoid
    /etc/permissions.d/postfix
    /etc/permissions.d/postfix.paranoid
    /etc/permissions.local
setting /home to root:root 0755 (wrong owner/group root:users)
setting /boot to root:root 0755 (wrong owner/group root:users)
setting /var/run/utmp to root:utmp 0664 (wrong owner/group root:users permission 0664)

1. **But **
   I typed init 5 again and the system crashed. So restarted again.

Attempt 2

1. Chkstat did not work.
2. I typed chmod +s /usr/bin/sudo
3. Then pressed Ctrl+Alt+F7 and got to the GUI.
4. Opened a Terminal window, and output follows

zen@linux-3g7l:~> sudo chkstat --system
root's password:
Checking permissions and ownerships - using the permissions files
    /etc/permissions
    /etc/permissions.paranoid
    /etc/permissions.d/mail-server
    /etc/permissions.d/mail-server.paranoid
    /etc/permissions.d/postfix
    /etc/permissions.d/postfix.paranoid
    /etc/permissions.local
setting /usr/bin/sudo to root:root 0755. (wrong permissions 6755) 

I think I went overboard with the “paranoid” restriction!

I ran an update for packages via Yast as soon as I finished installing the system, so I believe I am using the GO3 drivers (unless I need look for them manually).
The link to the Windows drivers yesterday was my overanxious brain, my bad.

For now it looks like encrypting the whole disk was not such a great idea. It is especially painful while booting multiple times during trouble-shooting for example. I think I may have to do a fresh install at some point (without the encryption this time).

Sorry the command I typed here was** chkstat --system --set**

Just a comment on encrypting drives.
Remember, you’re only securing data <at rest>.
When your system is up and running and can/needs to gain access to data on the disk, the data is completely accessible.

So, you should consider your reasons for encrypting.
If the data on the disk is generic and contains no sensitive information, there is no need to encrypt.
If the drive is physically secured/securable, then there is no need to encrypt (eg in a locked room when no one is present).

Encrypting drives is useful if in a portable device (eg laptop) or securing highly sensitive data someone would try to physically break in and steal the physical disks.

IMO,
TSU

Yes. With “paranoid” settings a user is not able to gain root privileges.

Try switching this back to “secure” or “easy” in /etc/sysconfig/permissions.
Use “sudo vim /etc/sysconfig/permissions” to edit the file and change the “PERMISSION_SECURITY” value to “secure local” or “easy local” (the default, best suited for desktop use).
Then run “chkstat” again and YaST should work as user again.