[Novalug] .dmrc question
DonJr
djr1952@hotpop.com
Tue Aug 14 14:02:51 EDT 2007
Got LOST in a Mail-Que somewhere so I'm resending
On Tue, 2007-08-14 at 07:36 -0700, Beartooth wrote:
> On Mon, 13 Aug 2007, DonJr wrote:
>
> > On Mon, 2007-08-13 at 07:51 -0700, Beartooth wrote:
> >> On Sun, 12 Aug 2007, DonJr wrote:
> [...]
> >> I was guessing that; thanks for the confirmation. Is this
> >> a SELinux thing, or is it old?
> >
> > It's older/younger.
> >
> > It's a feature of gdm the x-display-manager or graphic login
> > manager.
> >
> > See the following LinuxQuestion.org threads for more information:
> > <http://www.linuxquestions.org/questions/showthread.php?t=546104>
> > and
> > <http://www.linuxquestions.org/questions/showthread.php?t=543505>
>
> I read those, thanks! What do you think of the "chmod
> 700" that some of them use (but never explain)? Should I be
> fiddling (under F7, not Ubuntu) with /gdm/custom.conf, or
> whatever it is??
What 'chmod 700 $HOME' or in your case 'chmod 700 /home/btth' would do
is set the access permissions of your $HOME directory to:
dxxx------
Or READ,WRITE.EXECUTE{get listing} access is allowed to the OWNER of the
directory only all others denied. As a security feature on a multi-user
system it can be useful, but has little effect if you{the Owner} are the
only user-id that accesses the system.
> I have :
>
> [root@localhost ~]# cd /etc/gdm
> [root@localhost gdm]# ls
> custom.conf modules PreSession Xsession
> Init PostLogin securitytokens.conf
> locale.alias PostSession XKeepsCrashing
> [root@localhost gdm]#
>
> I had a quick look at custom.conf, and it's going to
> require considerable study to tackle ...
All that's right you are using Fedora {7}.
The file "custom.conf" should contain a section bracketed by the
following:
[Security] <- you could search for this string.
[ {next section} ] <- There is no predefined order of sections.
> (I skipped doing the part about Ubuntu's recovery mode :
> since nobody else ever touches my machines, I keep one tab on my
> gnome terminal su'd to root -- with a blue background, which
> alerts me to the fact I'm doing it.)
One of those that might like the idea of using RED TEXT on a BRIGHT
WHITE background for a ROOT {x-}terminal.
{Funny thing, I also don't like staring at a lite bulb either. <GRIN>}
The only thing different about a root-terminal on my systems is the
prompt(#).
> Incidentally, I've also tried removing .dmrc and letting
> the other thing re-create it.
>
> >> I ssh'd into one of the problem machines, did only chmod
> >> 0600 .dmrc, and logged out. Then logging back in, I first told
> >> it to change session to Gnome -- and the error message popped
> >> up yet again. So I rebooted -- and got the same results. Just
> >> to check, I shut it down instead of finishing the login, and
> >> tried another time, without mentioning sessions. Got the error
> >> message yet again.
> >
> > ssh'ing into a system shouldn't have any effect one way or the
> > other. With systems{ie local servers} that will be always
> > live/exists behind my primary firewall, I normally even enable
> > ssh'ing in as ROOT with known key(s), at least while in the
> > configuration/setup phrase.
>
> It has one effect I've refrained so far from mentioning
> -- sometimes, on the problem machines, I can't get gnome-terminal
> to accept input. (I don't have any idea what sort of
> half-functional window manager or general GUI they're making
> do with.) But ssh always does take input.
I seen that effect in the past, but the FIXs has always been different
each time it has happened to me.
{-: IOW without a whole lot of digging, I couldn't be of any help. :-}
> >> Stray thought. Suppose (as btth, not root) I delete
> >> /home/btth/.dmrc entirely? Will the first yum command
> >> re-create it? Or suppose I delete it and do mkdir .dmrc (still
> >> as btth, not root), and then a yum command?
> >
> > If you just DELETE /home/btth/.dmrc, 'gdm' will then create a
> > NEW one with proper permission(s) once you select a default
> > X-manger again.
> >
> >
> > BTW
> > What is the permissions of user 'btth's $HOME directory?
> > IE what does the following return:
> > ls -l /home
>
> drwxrwxr-x
>
OK that means your current access rights are:
OWNER is Read, Write, Execute* {who owns this directory rights}
GROUP is Read, Write, Execute* {the group this directory belongs to}
OTHER is Read, Execute*
{The rest of the WORLD can read and search only.}
{* Or for a directory as in this case "getting a listing is permitted"}
> > Is user 'btth' home directory set to allow OTHERS to WRITE to it?
> > If so then do as user 'btth':
> > chmod o-w $HOME
>
> I tried that both literally (with "$HOME") and with
> "/home/btth" -- and got an error saying : "chown: `o-w': invalid
> user"
It's NOT 'chown' {change owner} it's 'chmod' {change mode}.
The 'o-w' option of the command is the symbolic way to tell 'chmod' to
unset the 'OTHER' write acccess if it is currently set, while leaving
all other access flags/settings alone.
See the man{-:page:-} at 'man chmod' for further details.
--
--
Don E. Groves, Jr.
$ /usr/games/fortune :
Hell is empty and all the devils are here.
-- Wm. Shakespeare, "The Tempest"
More information about the Novalug
mailing list