Page 3 of 4 FirstFirst 1234 LastLast
Results 21 to 30 of 36

Thread: Unable to access Yast

  1. #21

    Default Re: Unable to access Yast

    Quote Originally Posted by robin_listas View Post
    During the install, you can just tell the installer to use the entire
    disk if you so wish.

    Besides that, you can choose any mount point in the list or just write
    up a new one entirely of your choice, because those in the list have
    specific uses.
    I believe there was no option in the installer to use/overwrite the entire disk. I could perform operations on the partition but it would still exist as a separate Windows partition, which is why I then chose to format it inside the installer.

    I also see now that encrypting the disk was not such a great idea because first it needs a password on each reboot (which is great for security but not so much when I am booting it multiple times).

    Quote Originally Posted by robin_listas View Post
    But that is probably from the inside of your network, so not dangerous.
    To close it, you have to enter your router configuration, either by
    telnet or by its web page.

    What is dangerous is whatever your router has open to the outside (some
    have some by default). If your router is suspect, then what I would do
    is take notes of its configs, and do a full hardware reset to factory
    defaults - while disconnected from internet. Each router has its own
    method for doing this. Then you have to reconfigure it from scratch,
    making sure it does not have any configuration ports allowed from
    outside (not even by your ISP). And of course, change the default
    password to a strong one. If it has wifi, disable it.

    Only after all this is done I would reconnect it to the outside network.

    Notice that while you do all this, if you do, you have no internet and
    no help. If you fail to finish it, you might have to call in someone or
    buy another router... so be careful.

    There are web pages and forums dedicated to help with home routers. Here
    we can not help you much on that.
    I have updated the router's firmware to dd-wrt, but I need to get a bit more comfortable with its capabilities. I agree with you on this, there is indeed a whole lot of information available in the specific forums. In addition to your advice, it requires more research before I can actually get to configuring it the way I would prefer, and I will post back with results once I have some.

    Quote Originally Posted by robin_listas View Post

    It is by default done from install.
    Thank you for clarifying these doubts
    --
    Cheers / Saludos,

    Carlos E. R.
    (from 12.3 x86_64 "Dartmouth" at Telcontar)[/QUOTE]

  2. #22

    Default Re: Unable to access Yast

    Quote Originally Posted by wolfi323 View Post
    Yes. With "paranoid" settings a user is not able to gain root privileges.

    Try switching this back to "secure" or "easy" in /etc/sysconfig/permissions.
    Use "sudo vim /etc/sysconfig/permissions" to edit the file and change the "PERMISSION_SECURITY" value to "secure local" or "easy local" (the default, best suited for desktop use).
    Then run "chkstat" again and YaST should work as user again.
    I am locked out again...
    I checked manually in the /etc/sysconfig folder and couldn't find the "permissions" file!

    Code:
    zen@linux-3g7l:~> sudo chkstat --system
    root's password:
    Checking permissions and ownerships - using the permissions files
        /etc/permissions
        /etc/permissions.paranoid
        /etc/permissions.d/mail-server
        /etc/permissions.d/mail-server.paranoid
        /etc/permissions.d/postfix
        /etc/permissions.d/postfix.paranoid
        /etc/permissions.local
    setting /usr/bin/sudo to root:root 0755. (wrong permissions 6755)
    zen@linux-3g7l:~> sudo vim /etc/sysconfig/permissions
    sudo: effective uid is not 0, is sudo installed setuid root?
    zen@linux-3g7l:~> sudo chkstat --system
    sudo: effective uid is not 0, is sudo installed setuid root?

  3. #23
    Join Date
    Feb 2009
    Location
    Spain
    Posts
    25,547

    Default Re: Unable to access Yast

    On 2014-01-21 18:16, RoadRunner2014 wrote:

    >> Besides that, you can choose any mount point in the list or just write
    >> up a new one entirely of your choice, because those in the list have
    >> specific uses.

    >
    > I believe there was no option in the installer to use/overwrite the
    > entire disk. I could perform operations on the partition but it would
    > still exist as a separate Windows partition, which is why I then chose
    > to format it inside the installer.


    Believe me, the option is there, but not in the front page. I know I
    posted the procedure not long ago, but I can't find a link to it just
    now. I have to try an install to get a photo.


    > I also see now that encrypting the disk was not such a great idea
    > because first it needs a password on each reboot (which is great for
    > security but not so much when I am booting it multiple times).


    Encryption is a safety that works only when the computer is off. If it
    is running, the entire data set is available. Yes, of course it is a
    nuisance if you boot many times.

    --
    Cheers / Saludos,

    Carlos E. R.
    (from 12.3 x86_64 "Dartmouth" at Telcontar)

  4. #24
    Join Date
    Feb 2009
    Location
    Spain
    Posts
    25,547

    Default Re: Unable to access Yast

    On 2014-01-21 17:36, RoadRunner2014 wrote:

    > Code:
    > --------------------
    > zen@linux-3g7l:~> sudo chkstat --system
    > root's password:
    > Checking permissions and ownerships - using the permissions files
    > /etc/permissions
    > /etc/permissions.paranoid


    whoa!

    > --------------------
    >
    >
    > I think I went overboard with the "paranoid" restriction!


    Indeed. It is very difficult to use the machine in this mode. That's the
    cause of your problems, most probably :-)

    --
    Cheers / Saludos,

    Carlos E. R.
    (from 12.3 x86_64 "Dartmouth" at Telcontar)

  5. #25

    Default Re: Unable to access Yast

    Quote Originally Posted by RoadRunner2014 View Post
    I am locked out again...
    I checked manually in the /etc/sysconfig folder and couldn't find the "permissions" file!
    Oops, sorry!
    It's /etc/sysconfig/security. I wanted to change this before submitting the post, but forgot...

    The "chkstat" has now set back sudo's permissions to the paranoid ones, therefore it doesn't work anymore.

    You have to do the "chmod +s /usr/bin/sudo" again.

  6. #26

    Default Re: Unable to access Yast

    Quote Originally Posted by wolfi323 View Post
    Oops, sorry!
    It's /etc/sysconfig/security. I wanted to change this before submitting the post, but forgot...

    The "chkstat" has now set back sudo's permissions to the paranoid ones, therefore it doesn't work anymore.

    You have to do the "chmod +s /usr/bin/sudo" again.
    No problem at all! I got a bit alarmed but then thought okay I am going to kill the router now =)

    Still no luck, I have restarted the system twice just in case..

    Code:
     #zen@linux-3g7l:~> 
    zen@linux-3g7l:~> sudo chkstat --system
    root's password:
    Checking permissions and ownerships - using the permissions files
        /etc/permissions
        /etc/permissions.paranoid
        /etc/permissions.d/mail-server
        /etc/permissions.d/mail-server.paranoid
        /etc/permissions.d/postfix
        /etc/permissions.d/postfix.paranoid
        /etc/permissions.local
    setting /usr/bin/sudo to root:root 0755. (wrong permissions 6755)
    zen@linux-3g7l:~> sudo  vim /etc/sysconfig/security
    sudo: effective uid is not 0, is sudo installed setuid root?
    zen@linux-3g7l:~>

  7. #27

    Default Re: Unable to access Yast

    Quote Originally Posted by tsu2 View Post
    Just a comment on encrypting drives.
    Remember, you're only securing data <at rest>.
    When your system is up and running and can/needs to gain access to data on the disk, the data is completely accessible.

    So, you should consider your reasons for encrypting.
    If the data on the disk is generic and contains no sensitive information, there is no need to encrypt.
    If the drive is physically secured/securable, then there is no need to encrypt (eg in a locked room when no one is present).

    Encrypting drives is useful if in a portable device (eg laptop) or securing highly sensitive data someone would try to physically break in and steal the physical disks.
    Thank you for putting in lay terms. I have come to openSUSE after a horrid experience having passwords for my accounts changed and my router being made inaccessible, and having to deal with a buggy Vista Home system. So I wanted to be extra sure I was protecting my system, but now that I understand it, I may not need that layer of protection.

  8. #28

    Default Re: Unable to access Yast

    Quote Originally Posted by robin_listas View Post
    On 2014-01-21 18:16, RoadRunner2014 wrote:

    Believe me, the option is there, but not in the front page. I know I
    posted the procedure not long ago, but I can't find a link to it just
    now. I have to try an install to get a photo.
    No issues at all, this means there dos exist a way which is superb. I will post back once I do the fresh install again.
    Quote Originally Posted by robin_listas View Post

    Encryption is a safety that works only when the computer is off. If it
    is running, the entire data set is available. Yes, of course it is a
    nuisance if you boot many times.
    Yes as Tsu was also explaining earlier and I understand this is not for me, I will stick to no encryption.
    --
    Cheers / Saludos,

    Carlos E. R.
    (from 12.3 x86_64 "Dartmouth" at Telcontar)[/QUOTE]

  9. #29

    Default Re: Unable to access Yast

    Quote Originally Posted by RoadRunner2014 View Post
    Still no luck, I have restarted the system twice just in case..
    Hm, chkstat is still using the "paranoid" settings.
    Are you sure you edited the correct file (on your hard disk)?

    Just to be clear: you should change the existing PERMISSION_SECURITY="xxx" line, not add a new one.

  10. #30

    Default Re: Unable to access Yast

    Quote Originally Posted by wolfi323 View Post
    Hm, chkstat is still using the "paranoid" settings.
    Are you sure you edited the correct file (on your hard disk)?

    Just to be clear: you should change the existing PERMISSION_SECURITY="xxx" line, not add a new one.
    No I never got to that step. This is after I ran the "chmod" command, then I switched to the GUI, and then this is the output you see. I have not been able to get into /etc/sysconfig/security.

Page 3 of 4 FirstFirst 1234 LastLast

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •