[Novalug] .dmrc question

DonJr djr1952@hotpop.com
Tue Aug 14 14:02:51 EDT 2007


Got LOST in a Mail-Que somewhere so I'm resending

On Tue, 2007-08-14 at 07:36 -0700, Beartooth wrote:
> On Mon, 13 Aug 2007, DonJr wrote:
> 
> > On Mon, 2007-08-13 at 07:51 -0700, Beartooth wrote:
> >> On Sun, 12 Aug 2007, DonJr wrote:
> [...]
> >>  	I was guessing that; thanks for the confirmation. Is this 
> >> a SELinux thing, or is it old?
> >
> > It's older/younger.
> >
> > It's a feature of gdm the x-display-manager or graphic login 
> > manager.
> >
> > See the following LinuxQuestion.org threads for more information:
> > <http://www.linuxquestions.org/questions/showthread.php?t=546104>
> > and
> > <http://www.linuxquestions.org/questions/showthread.php?t=543505>
> 
>  	I read those, thanks! What do you think of the "chmod 
> 700" that some of them use (but never explain)? Should I be 
> fiddling (under F7, not Ubuntu) with /gdm/custom.conf, or 
> whatever it is??

What 'chmod 700 $HOME' or in your case 'chmod 700 /home/btth' would do
is set the access permissions of your $HOME directory to:
   dxxx------
Or READ,WRITE.EXECUTE{get listing} access is allowed to the OWNER of the
directory only all others denied. As a security feature on a multi-user
system it can be useful, but has little effect if you{the Owner} are the
only user-id that accesses the system.

>  	I have :
> 
> [root@localhost ~]# cd /etc/gdm
> [root@localhost gdm]# ls
> custom.conf   modules      PreSession           Xsession
> Init          PostLogin    securitytokens.conf
> locale.alias  PostSession  XKeepsCrashing
> [root@localhost gdm]#
> 
>  	I had a quick look at custom.conf, and it's going to 
> require considerable study to tackle ...

All that's right you are using Fedora {7}.
  The file "custom.conf" should contain a section bracketed by the
following:
     [Security]          <- you could search for this string.

     [ {next section} ]  <- There is no predefined order of sections.

>  	(I skipped doing the part about Ubuntu's recovery mode : 
> since nobody else ever touches my machines, I keep one tab on my 
> gnome terminal su'd to root -- with a blue background, which 
> alerts me to the fact I'm doing it.)

One of those that might like the idea of using RED TEXT on a BRIGHT
WHITE background for a ROOT {x-}terminal.

  {Funny thing, I also don't like staring at a lite bulb either. <GRIN>}
The only thing different about a root-terminal on my systems is the
prompt(#).

>  	Incidentally, I've also tried removing .dmrc and letting 
> the other thing re-create it.
> 
> >>  	I ssh'd into one of the problem machines, did only chmod 
> >> 0600 .dmrc, and logged out. Then logging back in, I first told 
> >> it to change session to Gnome -- and the error message popped 
> >> up yet again. So I rebooted -- and got the same results. Just 
> >> to check, I shut it down instead of finishing the login, and 
> >> tried another time, without mentioning sessions. Got the error 
> >> message yet again.
> >
> > ssh'ing into a system shouldn't have any effect one way or the 
> > other. With systems{ie local servers} that will be always 
> > live/exists behind my primary firewall, I normally even enable 
> > ssh'ing in as ROOT with known key(s), at least while in the 
> > configuration/setup phrase.
> 
>  	It has one effect I've refrained so far from mentioning 
> -- sometimes, on the problem machines, I can't get gnome-terminal 
> to accept input. (I don't have any idea what sort of 
> half-functional window manager or general GUI they're making 
> do with.) But ssh always does take input.

I seen that effect in the past, but the FIXs has always been different
each time it has happened to me.
  {-: IOW without a whole lot of digging, I couldn't be of any help. :-}

> >>  	Stray thought. Suppose (as btth, not root) I delete 
> >> /home/btth/.dmrc entirely? Will the first yum command 
> >> re-create it? Or suppose I delete it and do mkdir .dmrc (still 
> >> as btth, not root), and then a yum command?
> >
> > If you just DELETE /home/btth/.dmrc, 'gdm' will then create a 
> > NEW one with proper permission(s) once you select a default 
> > X-manger again.
> >
> >
> > BTW
> >  What is the permissions of user 'btth's $HOME directory?
> > IE what does the following return:
> >  ls -l /home
> 
>  	drwxrwxr-x
> 

OK that means your current access rights are:
   OWNER is  Read, Write, Execute* {who owns this directory rights}
   GROUP is  Read, Write, Execute* {the group this directory belongs to}
   OTHER is  Read,        Execute*
       {The rest of the WORLD can read and search only.}

 {* Or for a directory as in this case "getting a listing is permitted"}

> > Is user 'btth' home directory set to allow OTHERS to WRITE to it?
> > If so then do as user 'btth':
> >  chmod o-w $HOME
> 
>  	I tried that both literally (with "$HOME") and with 
> "/home/btth" -- and got an error saying : "chown: `o-w': invalid 
> user"

It's NOT 'chown' {change owner}  it's 'chmod' {change mode}.

The 'o-w' option of the command is the symbolic way to tell 'chmod' to
unset the 'OTHER' write acccess if it is currently set, while leaving
all other access flags/settings alone.
 See the man{-:page:-} at 'man chmod' for further details.


--  
-- 
 Don E. Groves, Jr. 

$ /usr/games/fortune : 
Hell is empty and all the devils are here.
  -- Wm. Shakespeare, "The Tempest" 




More information about the Novalug mailing list