How does SuSEfirewall knows which port belongs to service.

Hi everyone,
I was pocking around susefirewall and being used to RHEL/iptables way of doing things i got little bit confused. From documentation i understood that in /etc/sysconfig/SuSEfirewall2 config file we can define rules, forward/open ports etc. And (in the case of ports) the way we could do it was by specifying port number or service name, like FW_CONFIGURATIONS_EXT=“sshd” and firewall would open port 22 for me. I can’t find anywhere, though, reference of where SuSefirewall2 gets knowledge about which port belongs to service “sshd”?
Initially i thought that all service names with all corresponding information (ports etc) where defined in /etc/sysconfig/SuSEfirewall2.d/services/{“service-name”} directory. But when i took a look at content of sshd all it sad was: TCP=“sshd”- no port number… So please tell me where SuSefirewall2 gets knowledge aout which port belongs to services…

And i have another question not related to “networking”, but if i may, instead of creating new thread i ask it here. Superuser privileges - when i installed openSUSE (13.1 very intuitive and easy install procedure btw) i was asked if (first/non-root) user should get administrative rights. I checked that and autologin buttons. After installation was complete, system rebooted and logged me in as was expected without greeting me first with login screen. And i could do “sudo su -” using my user passwd to become superuser. But then another confusion moment… i expected my user to be in group “wheel”, but i was not. So question - where does openSUSE defines its superuser users?

PS please do not direct me to yast, i have found out that i can do almost anything system related with this tool. What i’m really interested in is cli way of doing things.
thnx a bunch

On Mon 06 Jan 2014 03:56:02 PM CST, nmaziashvili wrote:
<snip>

PS please do not direct me to yast, i have found out that i can do
almost anything system related with this tool. What i’m really
interested in is cli way of doing things.
thnx a bunch

Hi
The services are defined in the /etc/services file.

You can run the visudo command to edit the sudoers file.


Cheers Malcolm °¿° SUSE Knowledge Partner (Linux Counter #276890)
openSUSE 13.1 (Bottle) (x86_64) GNOME 3.10.2 Kernel 3.11.6-4-desktop
If you find this post helpful and are logged into the web interface,
please show your appreciation and click on the star below… Thanks!

Nothwithstanding the fact that you got an answer to your second, very hidden, question , you should understand that it is not very productive from your point of view. That is, if you want your question seen by as many members as may possibly know the anwser. When there is no seperate thread with a good title, no one that glances through the titles of new threads, will detect your subject.

On 1/6/2014 9:56 AM, nmaziashvili wrote:
>
> Hi everyone,
> I was pocking around susefirewall and being used to RHEL/iptables way of
> doing things i got little bit confused. From documentation i understood
> that in /etc/sysconfig/SuSEfirewall2 config file we can define rules,
> forward/open ports etc. And (in the case of ports) the way we could do
> it was by specifying port number or service name, like
> FW_CONFIGURATIONS_EXT=“sshd” and firewall would open port 22 for me. I
> can’t find anywhere, though, reference of where SuSefirewall2 gets
> knowledge about which port belongs to service “sshd”?
> Initially i thought that all service names with all corresponding
> information (ports etc) where defined in
> /etc/sysconfig/SuSEfirewall2.d/services/{“service-name”} directory. But
> when i took a look at content of sshd all it sad was: TCP=“sshd”- no
> port number… So please tell me where SuSefirewall2 gets knowledge aout
> which port belongs to services…
>
> And i have another question not related to “networking”, but if i may,
> instead of creating new thread i ask it here. Superuser privileges -
> when i installed openSUSE (13.1 very intuitive and easy install
> procedure btw) i was asked if (first/non-root) user should get
> administrative rights. I checked that and autologin buttons. After
> installation was complete, system rebooted and logged me in as was
> expected without greeting me first with login screen. And i could do
> “sudo su -” using my user passwd to become superuser. But then another
> confusion moment… i expected my user to be in group “wheel”, but i
> was not. So question - where does openSUSE defines its superuser users?
>
> PS please do not direct me to yast, i have found out that i can do
> almost anything system related with this tool. What i’m really
> interested in is cli way of doing things.
> thnx a bunch
>
>
nmaziashvili;

Port numbers are defined in /etc/services. There is no reason to avoid YaST in the CLI. YaST runs just fine in ncurses
(aka text) mode. As root, just enter yast or YaST on the command line. Navigate with the <tab> and <arrow> keys. e.g.


su -
YaST


P.V.
“We’re all in this together, I’m pulling for you” Red Green

thnx :slight_smile: i don’ know how could’ve i missed that, right after i posted i asked myself “could openSUSE too have services file?”… and there it was <facepalm>… thank you nevertheless :slight_smile:

You can run the visudo command to edit the sudoers file.

Well… i can edit it, and put myself into wheel group, but right from installation i am not in wheel. So i still don’t understand where first user gets his superuser rights…

very true… was lazy on my part… maybe i should start new thread… you know what, i will just do it.
thnx all.

openSUSE is not different in this from all other Unix/Linux systems.

openSUSE does not realy use the wheel group. It is in /etc/group, but I do not realy know why.

The default sudoers config in openSUSE tries to be friendly to the former users of some other distributions. And thus tt is a bit silly confoguration which has not much use then doing just that: making it easy for people to use:

sudo allmost-everything

and it will then ask for root’s password. This being the same as when you would use

su - almost-everything

and works allways the same. Without the need of using sudo, where you allways have to be carefull about it’s configuration.

Yeah… was kind of silly of me to flip out like that - “uuh it’s all different, what kind of linux is this? tastes weird…” :slight_smile: I guess different approach/way of doing to things got me confused… shame on me.

openSUSE does not realy use the wheel group. It is in /etc/group, but I do not realy know why.
The default sudoers config in openSUSE tries to be friendly to the former users of some other distributions. And thus tt is a bit silly confoguration which has not much use then doing just that: making it easy for people to use:

sudo allmost-everything

and it will then ask for root’s password. This being the same as when you would use

su - almost-everything

and works allways the same. Without the need of using sudo, where you allways have to be carefull about it’s configuration.

I got this now, during install yast asks me if i want to be admin, if “yes” yast sets first non-root user password to be “root” password as well, so i would be able to do sudo (su) with my own password, thus making group “wheel” in this situation irrelevant.
It is quit simple actually… when you know what’s what :slight_smile:

thanks Henk