Mystery intruder!

I recently did an upgrade install to 42.3. This was not without hitches, as mentioned in my thread in “soapbox”… However, now up and running and all is more or less well…
One baffling new development in particular is bugging me!

In konsole, as my user ‘sp’, all is well, new install has even inherited my prompt…

sp 16:58:~>

BUT! When I become root, I get this…

PartedMagic:~ #

!!!

What the Crimmuns???

Now I used a USB stick which had previously had a live PartedMagic OS on it. But I ‘prepared’ the stick using dd to copy the 42.3 iso, which surely should have obliterated all traces?
I also, during my troubles, IIRC booted to PartedMagic using another stick. But I am sure that I did not do anything whilst there…

Can anyone explain please? Does this raise any possible troubles? And how do I change this to what it should be…

So, what happens if you pull the USB stick out of your machine before you elevate to root?
And, exactly what command or method are you using to elevate to root?

TSU

O the stick is not in the machine! The OS is installed, etc…

I use

su -

in konsole…

Whilst I can’t help with your intruder, I’m sure others will.

I’ve found from past experience that whenever one “re-uses” a USB stick it is advisable to write zeros to the start first.

Use:

# dd if=/dev/zero of=/dev/sdX count=100

Make sure that “X” is the correct device! Use “sudo fdisk -l” or “df” to find out.

Don’t know enough about PartedMagic,
But first…
Simply copying <some> disk blocks won’t guarantee whatever existed before is gone (this might be a good lesson).

To obliterate what was there before, you need to “zero” the device.
This can be accomplished by

• Using dd, write zeros to the <entire> disk before re-using.
• Less complete, but oftentimes sufficient is to <change the partitions> before re-using. Of course, if you’re using the entire “disk” always, you’re re-using the disk geometry and old data can magically re-appear.
• Re-formatting the <entire> partition(s) can also be sufficient.

The only sure way is the first option.

On solid state memory (including USB drives) you have a slightly different issue as well, memory isn’t written to magnetic surfaces, the data is written to “traps”(aka cells) which must undergo an extra “erase” step before the trap can be re-used for writing. Unless and until that trap is erased, the data <shouldn’t> be accessible but who knows for sure? The only way to be sure is to execute the command to clear all the traps on the device (Research your device’s manufacturer to determine the command). Or, you can execute the trim/discard command in the new system before using the contents of the USB stick.

TSU

Thanks Tsu!. How do I ‘reclaim’ this? Where would the string “PartedMagic” be?

Thanks Tsu!. How do I ‘reclaim’ this? Where would the string “PartedMagic” be?

Yast-Network settings is where is is normally set under hostname/DNS. Maybe changing it there may fix it.

Since you booted PartedMagic during the process, might your router/DHCP server have remembered a hostname?

As root (when you see that output) try:

id
echo $HOME
echo ~
pwd

This is just to check that the uid is 0, and that the home directory is “/home”.

If everything is as it should be, then look at “.profile” and at files with name starting “.bash” in the root home directory. Those could have changed the root prompt.

Hmm, on second thoughts – if I login at the terminal as root, the prompt that I see is of the form:
hostname:~ #

So maybe your system has a hostname of “PartedMagic”.

Maybe you ran the PartedMagic CD, and somehow your router picked up that the hostname is “PartedMagic”. And maybe your system then got its hostname from your router (via DHCP).

Okay, lots of guessing there.

Thanks @nrickert, I ran the commands as suggested…

sp 07:47:~>
su -
Password:
PartedMagic:~ # id
uid=0(root) gid=0(root) groups=0(root)
PartedMagic:~ # echo $HOME
/root
PartedMagic:~ # echo ~
/root
PartedMagic:~ # pwd
/root

I am guessing that these are not the expected results?

Also as root:

PartedMagic:~ # echo $HOST
PartedMagic
PartedMagic:~ # echo $HOSTNAME
PartedMagic

And as user SP:

sp 07:55:~>
echo $HOST
PartedMagic
sp 07:55:~>
echo $HOSTNAME
PartedMagic
sp 07:55:~>

And…
http://paste.opensuse.org/images/8766358.png

Beautiful.

It looks as if the only “problem” is that your hostname is “PartedMagic”.

If you don’t like that, then change the hostname in Yast network settings. And change that “Set Hostname via DHCP” to “no”.

Reason you only saw it as root is that apparently sometime in the past you changed your personal prompt which is in your home. While roots settings are in /root and got changed with the upgrade maybe.

I do not think anything (in .prifile or .bashrc) is changed in the home directory of root (/root), the hostname itself was changed (see post #11 and #12). And the default prompt shows the hostname.

boven:~ # echo $PS1
\$(ppwd)\]\\]\h:\w #\\]
boven:~ #

In my case the hostname is “boven”.

Thanks guys, for the replies. Can someone point to to some reading resources… Where does this “string” (PartedMagic) actually reside?

sp 18:06:~>
cat /etc/hostname
linux-walo.site

And the

“Set Hostname via DHCP” to “no”.
is greyed out and not changeable in YAST2.

As far as I know, it resides on the PartedMagic CD.

My guess is that your system was, at some time, boot with that CD (or its USB version). And it told your router that’s its hostname is “PartedMagic”. And now that router is telling your system what its hostname is.

And the “Set Hostname via DHCP” to “no” is greyed out and not changeable in YAST2.

You are probably using NetworkManager. It is not grayed out here (using “wicked”).

I’m not sure, but I think you can override that in “/etc/dhclient.conf”.

You can temp change to wicked then change the setting then back to NM though maybe NM has it’s own settings.

Might it be related to the problems in this thread?
https://forums.opensuse.org/showthread.php/526659-two-different-host-names