You are not logged in.
- Topics: Active | Unanswered
#1951 Re: Installation » Services start issue » 2018-09-03 13:24:58
Any time you create a user, there is a corresponding group of the same name created, and that is the primary group for the user. This is configured in /etc/adduser.conf. (I think if you add your user with 'useradd' instead of 'adduser' you won't get that behavior and will have to define group, shell, home and whatever else yourself.) Sudo will not be confused by this.
The % before sudo in /etc/sudoers is to identify sudo as a group. Groups are prefaced with %. (See man sudoers)
I just want the user to be able to use sudo for some (inocuous) commands
The rest, run with su.
Then get your user out of the sudo group, and if you want more than shutdown commands available, add those other commands to sudoers.d/user_shutdown. (The name is just a name - what's inside the file determines what it does.)
deluser groucho sudo will remove the user groucho from the sudo group. If you want the user to enter a password for sudo, then remove NOPASSWD: from the line in user_shutdown.
I don't know why smartmontools won't start from command line, but I'm sure there's a good reason for it. You can still use smartctl on the command line - it doesn't need to be running as a service for that. If you want it to run tests automatically and/or notify you by email if there's a problem, then you need to turn it on in /etc/default/smartmontools and configure /etc/smartd.conf to do what you want.
Back around 2000, you were probably using ext2 filesystems, which are not journaled and take a lot longer to do a filesystem check. Be glad you're not seeing those messages. The filesystem is being checked at boot, but the message probably goes by too fast for you to see it. Install bootlogd, and you can find those messages in /var/log/boot.
You can change how frequently the filesystem checks are done by running tune2fs.
#1952 Re: Installation » Services start issue » 2018-09-02 19:58:36
Yes, I can start and stop services. Everything seems to be working fine here. I keep apache2 and samba turned off, and I start them on those rare occasions that I need them.
If you don't want the user to be able to use sudo for all commands, then remove that user from the sudo group. You'll still be able to shutdown, etc., becuase of sudoers.d/user_shutdown. And you don't need visudo to edit that file; just edit it as root.
To start smartmontools/smartd, edit /etc/default/smartmontools to uncomment #start_smartd=yes.
You don't have to start the sudo service. Use sudo if you want, or don't use it. It's obviously working correctly on your system.
I don't know what checkroot-bootclean.sh does. It doesn't show up in sysv-rc-conf as a service to start/stop, but there is a symlink for it to start in runlevel 1. I see no reason to mess with it.
#1953 Re: Installation » Services start issue » 2018-09-01 21:42:16
Looking at /etc/init.d/sudo, it looks like all that script does is change the time stamp on /var/lib/sudo. The only command it takes is 'start'. All the others (stop|restart|whatever) do nothing. Anything else gives you the standard error message for init scripts that says you should use start|stop|restart...
If your user is in the sudo group, you should be able to use sudo with your password for all commands. Try something safe like sudo blkid to see if that works. What I don't understand is why user_shutdown works when the includedir directive in /etc/sudoers is commented out. It's commented out in mine, too, but I can shutdown using sudo without password. I'm also getting the same results as you for 'service --status-all' - it doesn't change when I try to start sudo. Maybe that's because sudo runs and then exits after it changes the time stamp.
Edit: 'man sudoers' just answered my question.
The pound sign (‘#’) is used to indicate a comment (unless it is part of a #include directive... (and more)
#1954 Re: Devuan Derivatives » Can't boot to live Refracta 9 disc » 2018-09-01 14:04:02
Yes, (alt) means alternate. I wouldn't consider it experimental. It just starts synaptic from an xterm that asks for the root password. (which is 'root').
In a live session, all of the following methods will start synaptic, but only after you install it. The default method, which uses synaptic-pkexec, doesn't work properly. In the refracta ascii builds, it starts synaptic without asking for a password. That's ok in a live session, where sudo with no password is enabled, but it's not ok in an installation. That's why I removed synaptic from the beta2 isos.
Run (as root or with sudo) apt-get update and then apt-get install synaptic
From the menu, choose the regular synaptic entry or the alt. (You'll have both after you install synaptic.)
From a terminal, run gksu synaptic or su -c synaptic or sudo synaptic or synaptic-pkexec or su to get root and then just synaptic.
#1955 Re: Devuan Derivatives » Can't boot to live Refracta 9 disc » 2018-08-30 02:19:58
If you had installed it to hard drive and got this, I'd say edit /etc/default/grub and put "quiet" back into the linux line. Then run 'update-grub'. I think that will suppress it. But that won't work in a live session.
That iso should boot into xfce. When you reboot, take a look in /var/log/live/boot and /var/log/live/config for clues. Post them here if they're short. (They usually are.) Also look in /var/log/Xorg.0.log for lines starting with EE.
You could also try running startx at the command line.
Run this, too - ps ax | grep lxdm to see if the display manager is running.
Maybe ctrl-alt-F7 will bring you to the desktop. Try that first. (ctrl-alt-F1 will bring you back to the prompt.)
One more... if it keeps trying to get an address forever, ctrl-c should stop it.
#1956 Re: Hardware & System Configuration » what starts the eudev service? [SOLVED] » 2018-08-30 02:11:24
Here's a picture of Ralph, in case anyone was wondering what he looks like.
#1957 Re: Hardware & System Configuration » /etc/udev/rules.d/70-persistent-net.rules not regenerating [SOLVED] » 2018-08-29 12:19:01
IF the hotplug event is due to the (possibly faked) addition of a net device adapter, and the NAME attribute has not been set for it, and the environment does not contain an net.ifnames variable with value 1, and the initial kernel name pattern is one of some few (including eth* and wlan*), and some few more specialized conditions,
THEN make up a name for the device adapter, and run /lib/udev/write_net_rules to generate /etc/udev/rules.d/70-persistent-net.rules.
FWIW - on the system that had the 70-persistent-net.rules file that I removed, I added a usb wireless interface.
Addition of new device adapter - check
NAME attribute not set - check
No net.ifnames variable - check
Kernel name wlan1 - check
Specialized conditions - ?????
When I plug in the usb wireless dongle, I get a message saying that wlx<hwaddr> was renamed from wlan1.
No 70-persistent-net.rules gets generated. Same if I boot with the dongle plugged in.
So who is renaming wlan1? What are those specialized conditions that were mentioned?
#1958 Re: Installation » Feature Request:Include a loopback.cfg in the iso » 2018-08-29 11:03:23
I've done it this way, without a loopback.cfg in the iso.
menuentry 'Live ISO Boot' {
insmod part_msdos
insmod part_gpt
insmod ext2
set isofile='(hd0,gpt13)/isos/refracta8_xfce_i386-20161014_1432.iso'
loopback loop "$isofile"
linux (loop)/live/vmlinuz boot=live findiso="$isofile" noeject
initrd (loop)/live/initrd.img
}It looks like the advantage of using the loopback.cfg is the ability to just drop the isos into a directory and get a list of them at the boot screen. But that requires the isodetect.lua script from Super GRUB2, which only works if grub is compiled with lua support. I don't know if debian's grub can use that.
Most times, I just boot isos in virtualbox or qemu, so I don't have to reboot.
#1959 Re: Installation » Installing devuan to lvm partitions within dm-crypt container » 2018-08-28 16:49:43
I guess it will work in jessie or ascii. The devuan bug report is on ascii, and I tested it on ascii (with cryptsetup 1.7). The debian bug report is from 2013 and is for cryptsetup 1.6. You might need to apply it manually on jessie if the files aren't exactly the same in jessie and ascii.
#1960 Re: Hardware & System Configuration » /etc/udev/rules.d/70-persistent-net.rules not regenerating [SOLVED] » 2018-08-28 13:54:59
I moved 70-persistent-net.rules and rebooted. It was not regenerated.
I don't know where that file came from. This system started out in June as a debootstrap install, then added openbox (without dbus). The one that doesn't have that file started out in April as a netinstall with standard system utilities only, then added parts of xfce. Neither were upgrades from jessie, so it can't be a leftover.
#1961 Re: Hardware & System Configuration » /etc/udev/rules.d/70-persistent-net.rules not regenerating [SOLVED] » 2018-08-28 12:40:20
It's generated by udevd via /lib/udev/rules.d/75-persistent-net-generator.rules when net.ifnames!=1.
Huh. Other than when net.ifnames=1, when else would it not be generated? I have two ascii installs on the same computer; one has 70-persistent-net.rules and the other does not. Interfaces get the old names on both.
#1962 Re: Hardware & System Configuration » /etc/udev/rules.d/70-persistent-net.rules not regenerating [SOLVED] » 2018-08-28 10:56:54
This situation made me realize some gaps in my knowledge:
1. What is the function of this file normally?
2. Why is the file absent/empty? It used to be generated automatically, but not anymore. Is something broken on these machines?
70-persistent-net.rules was used to make sure that each network interface kept the same name after reboot. Apparently, it still works if you create the file yourself. In ascii, you usually don't need it - eudev reverts to the old names.
The new method names them according to where they are plugged in on the motherboard. Some people believe that being able to predict the interface name is more important than being able to remember it. Longer, more complex names go along with the longer, more complex commands that have been created in recent years.
https://www.freedesktop.org/wiki/Softwa … faceNames/
#1963 Re: Installation » Installing devuan to lvm partitions within dm-crypt container » 2018-08-27 13:03:05
A patch was submitted for the slow shutdowns. (Thanks, Jan!)
https://bugs.devuan.org//cgi/bugreport.cgi?bug=237
I just tested it and can shut down with no delay and no "failed" message.
It's not one of our packages, and upstream already has marked it "Wontfix".
https://bugs.debian.org/cgi-bin/bugrepo … bug=720340
------------------------patch------------------------------------------------------
--- /lib/cryptsetup/cryptdisks.functions.orig 2018-08-14 17:12:31.543227705 +0200
+++ /lib/cryptsetup/cryptdisks.functions 2018-08-23 16:36:23.849064962 +0200
@@ -763,9 +763,17 @@
# Removes all mappings in crypttab
do_stop () {
- local dst src key opts opencount major minor
+ local dst src key opts opencount major minor vgs vg
dmsetup mknodes
+ if [ -x /sbin/lvm ]; then
+ vgs="$(/sbin/lvm vgscan | sed -n '/"/s/^.*"\([^'\'']*\)".*$/\1/p')"
+ if [ -n "${vgs}" ]; then
+ for vg in ${vgs}; do
+ /sbin/lvm vgchange -a n ${vg} >/dev/null 2>&1
+ done
+ fi
+ fi
log_action_begin_msg "Stopping $INITSTATE crypto disks"
egrep -v "^[[:space:]]*(#|$)" "$TABFILE" | while read dst src key opts; do
------------------------patch/-----------------------------------------------------#1964 Re: Hardware & System Configuration » I can not run software-properties-kde » 2018-08-25 13:03:32
The templates for the .info and .mirrors files are part of python-apt-common. Here are a couple of sample devuan files you can test. This is my best guess based on the existing files for debian, ubuntu, gnewsense and tanglu. I only included ascii. Both of these go in /usr/share/python-apt/templates/
Devuan.info
ChangelogURI: http://packages.debian.org/changelogs/pool/%s/%s/%s/%s_%s/changelog
Suite: ascii
RepositoryType: deb
BaseURI: http://deb.devuan.org/merged
MatchURI: deb.devuan.org/merged
MirrorsFile: mirror_list.txt
Description: Devuan 2.0 'ascii'
Component: main
CompDescription: Officially supported
Component: contrib
CompDescription: DFSG-compatible Software with Non-Free Dependencies
Component: non-free
CompDescription: Non-DFSG-compatible Software
Suite: ascii-updates
RepositoryType: deb
ParentSuite: ascii
Description: Recommended updates
Suite: ascii-security
RepositoryType: deb
ParentSuite: ascii
Description: Security updatesDevuan.mirrors
#LOC:any
http://deb.devuan.org/merged#1965 Re: Installation » Intel Management Engine module in Devuan ASCII » 2018-08-25 12:04:26
But what I'd like to know is why the Devuan maintainers build the kernel with mei in it.
There are no devuan kernels. We use the debian kernels, unchanged. The only packages from debian that get changed are the ones that depend on systemd.
#1966 Re: Off-topic » [SOLVED] refractainstaller: confused about sudo options » 2018-08-23 12:18:07
Sorry for the late reply. I didn't see this one until now.
If you chose 2 and 3, you got both. (but 3 gets 2 anyway).
2 adds the user to the sudo group
3 adds the user to the sudo group, disables the root password and edits a couple files in the user's home.
To re-enable the root account, run
sudo su
passwdYou might also need to change sudo-mode and super-user-command in these files if you have them. (It might also be safe to delete/move these. I've never tried that.)
~/.gconf/apps/gksu/%gconf.xml
~/.*/share/config/*desurc
#1967 Re: Documentation » LVM and/or RAID with refractainstaller » 2018-08-20 20:22:25
RAID - LUKS - LVM
This method uses one encrypted raid array with lvm on top of it, so you only have to enter one password to unlock the encrypted volume.
Partition two disks, each with a small partition for boot and a large partition for the array.
If you use gpt with bios boot, add a third partition, greater than 1M, unformatted, with EF02 or bios_grub flag.
If you use uefi, add a third partition, 100-500M, fat32, EF00 or esp and boot flags.
This example uses the first partition for the boot array and the second partition for the system array.
(The second array for /boot is optional. See notes on full-disk encryption at the end of this post.)
Create the arrays.
Don't use names like /dev/md0, /dev/md1... If you do, cryptsetup will complain during update-initramfs. Use names like /dev/md/mdroot1 and /dev/md/mdboot1. (Note: the digit at the end is for refractainstaller, and it's really only needed on the unencrypted /boot. Any logical partitions in the lvm will have mapper names, and you can end those with a digit.)
mdadm --create -v /dev/md/mdroot1 -l1 -n2 /dev/sda2 /dev/sdb2
mdadm --create -v /dev/md/mdboot1 -l1 -n2 /dev/sda1 /dev/sdb1Encrypt the root array, /dev/md/mdroot1, then open it and give it a name, like crypt
cryptsetup luksFormat /dev/md/mdroot1
cryptsetup luksOpen /dev/md/mdroot1 cryptSet up LVM on the encrypted volume. The lv name sould end in a digit to make the installer happy.
pvcreate /dev/mapper/crypt
vgcreate vol0 /dev/mapper/crypt
lvcreate -L 5G vol0 -n lvroot1
lvcreate -l +100%FREE vol0 -n lvhome1Run refractainstaller.
Enter the following devices when the installer asks for the locations of /boot, operating system and /home.
/boot /dev/md/mdboot1
/ /dev/mapper/vol0-lvroot1
/home /dev/mapper/vol0-lvhome1
At the pause, switch to another console or terminal and do the following:
# save md detail to /etc/mdadm/mdadm.conf
mdadm --detail --scan /dev/md/mdboot1 >> /target/etc/mdadm/mdadm.conf
mdadm --detail --scan /dev/md/mdroot1 >> /target/etc/mdadm/mdadm.conf
# edit /target/etc/crypttab to add the following line:
crypt /dev/md/mdroot1 none luks
# edit /target/etc/cryptsetup-initramfs/conf-hook so it says:
CRYPTSETUP=y
# rebuild the initramfs:
chroot /target update-initramfs -uReturn to installer and proceed.
RAID1 - LUKS - LVM with FULL DISK ENCRYPTION (no separate unencrypted boot)
This is the same as the above,except for the following:
- don't make a separate array for /boot
- don't enter a partition for /boot in the installer
- at the pause, edit /target/etc/default/grub and add the following line:
GRUB_ENABLE_CRYPTODISK=yRun update-initramfs after you have edited all the files.
When you reboot, you should be asked for the password twice - once before you see the grub menu and once when the system is booting. Grub is slow to recognize the password. Be patient. Don't press ENTER a second time, or your boot menu will disappear too fast for you to select anything other than the default boot.
Slow Shutdown Fix
When you get tired of waiting for your encrypted system to shut down, see this post for a fix:
https://dev1galaxy.org/viewtopic.php?pid=8289#p8289
#1968 Re: Installation » Installation without Session management and policykit backends » 2018-08-20 12:45:03
Yes, you may send me email.
#1969 Re: Documentation » LVM and/or RAID with refractainstaller » 2018-08-19 20:03:02
LVM on RAID1
Partition disks as in the first post.
mdadm --create --verbose /dev/md0 --level=1 --raid-devices=2 /dev/sda1 /dev/sdb1
pvcreate /dev/md0
vgcreate vol0 /dev/md0
lvcreate -L 5G vol0 -n lvroot1
lvcreate -l +100%FREE vol0 -n lvhome2Run refractainstaller
Choose a partition for the operating system: /dev/mapper/vol0-lvroot1
Choose a partition for /home: /dev/mapper/vol0-lvhome2
At pause, before installing bootloader
go to another vt and run:
chroot /target
mdadm --detail --scan /dev/md0 >> /etc/mdadm/mdadm.conf
update-initramfs -u
exitProceed with installer. (install GRUB)
#1970 Re: Documentation » LVM and/or RAID with refractainstaller » 2018-08-19 19:36:55
INSTALL TO LVM
Create the physical volume and volume group.
You can use a whole disk or you can use a partition. This example uses a whole disk.
pvcreate /dev/sda
pvscan # or pvdisplay # This is just to see what you did.
vgcreate vol0 /dev/sda
vgscan # or vgdisplayCreate the logical volumes (the partition scheme for your filesystem).
The next commands will create a 25G partition named lvroot and a second partition that uses the rest of the space, named lvhome.
lvcreate -L 25G vol0 -n lvroot
lvcreate -l +100%FREE vol0 -n lvhomeRun refractainstaller.
Choose a partition for the operating system: /dev/mapper/vol0-lvroot
Choose a partition for /home: /dev/mapper/vol0-lvhome
Note: When the installer asks if you want the partition encrypted, you could say yes, but you will have to enter a password for each encrypted partition. Also, the encrypted root and home partitions will be named /dev/mapper/root_fs and /dev/mapper/home_fs in /etc/fstab.
When the installer is finished, remove the live media and reboot.
NEXT: LVM on RAID1
#1971 Documentation » LVM and/or RAID with refractainstaller » 2018-08-19 19:36:29
- fsmithred
- Replies: 3
The cli version of refractainstaller has a couple of characteristics that make it possible to use it in non-standard ways.
1. You have to type in the device name when choosing partitions.
2. The installer pauses before installing the bootloader. This allows you to chroot the installed system to make changes manually.
While lvm and raid are not explicitly supported by the installer, it is possible to do either or both. Here are some examples. These examples use /dev/sda and /dev/sdb. You must change that if you use different drives.
In all cases, I installed the grub bootloader to the mbr of /dev/sda.
Important note regarding encryption: If you encrypt a raid array or lvm and your root partition or home partition is contained within that volume, tell the installer "no" when it asks if you want to encrypt that partition.
INSTALL TO RAID1 (mirrored)
Partitioning
There are several ways to do this. You can create the array from whole disks (/dev/sda and /dev/sdb) or you can create it from two partitions (/dev/sda1 and /dev/sdb1). If you use whole disks, there will be no room at the beginning of the disk for grub, and you will need another disk for the bootloader. Also, if you use whole disks, you can then partition the array, and you will use partitions like /dev/md0p1, /dev/md0p2 during the installation.
For this example, partition two disks with at least one partition on each. Make them the same size. You can use either gpt or msdos partition tables. If you have uefi hardware, you need an efi partition somewhere. We'll install the whole system into one partition.
(Note: gpt with bios boot requires an unformatted partition, at least 1MB in size with bios_grub flag, or ef02)
(Note 2: refractainstaller can only recognize separate /boot, /home and / (root) partitions. There's a way to have more, but I haven't tested it with this. See /etc/refractainstaller.conf.)
(Note 3: refractainstaller asks for a partition and then tests to see that it ends in a non-zero digit. That means if you call your array /dev/md0 and try to use that as a single partition, it will fail. Call it /dev/md1 instead.
Create the raid (use the partitions, not the whole device.)
mdadm --create --verbose /dev/md1 --level=1 --raid-devices=2 /dev/sda1 /dev/sdb1
cat /proc/mdstat # this is just to let you see that it workedRun refractainstaller (please use the -d option for a better error log)
refractainstaller -dThe installer will ask where to put the operating system. Enter /dev/md1
(Note: we only made one partition, so don't enter anything for /boot or /home)
The installer will ask if you want the partition encrypted. You can say yes if you want, and it will work. (You don't need a separate /boot partition. See the notes on full-disk encryption at the end of this post.)
The installer will pause when the installed system is ready for chroot. That pause looks something like this:
The installed system is ready for chroot. (proc, sys, dev are mounted)
If you want, you may work in another virtual terminal.
Make a selection when you are ready to proceed.${bios_boot_warning}
Choices (enter number)
1 or 2) (Install bootloader or copy files and install bootloader)
3) Continue without a bootloader.
4) Abort the installation and exit.
Do not choose anything yet. Go to another console or another tab in your terminal and get root. Then run the following commands.
chroot /target
mdadm --detail --scan /dev/md1 >> /etc/mdadm/mdadm.conf
update-initramfs -u
exitReturn to the console or terminal where the installer is running, and make the appropriate choice. (usually, you want to install a bootloader.) Continue until the installer is finished. Reboot (remember to remove the live media).
References:
https://www.digitalocean.com/community/ … untu-16-04
https://dev1galaxy.org/viewtopic.php?pid=10954#p10954 (Thanks for trying it first, stroudmw.)
https://www.howtoforge.com/linux_lvm
https://wiki.archlinux.org/index.php/LVM
https://wiki.archlinux.org/index.php/Dm … VM_on_LUKS
Next: LVM
#1972 Re: Installation » Installation without Session management and policykit backends » 2018-08-19 16:04:39
Thanks for the reply. Your English is good enough that I think I understand everything you said. And I agree with you.
a lot of software was created (mainly by freedesktop.org), in my opinion, very complicated and difficult to manage.
You're too polite! I won't put my version of that statment in print, because it's not safe for work.
I've spent a good part of the morning looking at dependencies of different display managers and session managers in jessie and ascii. It's a big rat's nest. It looks like the problem comes from a change in the dependencies of libpolkit-gobject-1-0 and libpolkit-backend-1-0.
I will discuss this with the appropriate devs, and we should be able to sort it out for beowulf.
#1973 Re: Installation » Installation without Session management and policykit backends » 2018-08-18 15:20:48
A simple solution would be to move those dependencies to Recommends. Then anyone who wanted a minimalist xfce could install without recommends. (Many of them already do this.)
campus, can you list the functions that are lost by installing without consolekit?
#1974 Re: Desktop and Multimedia » VLC and Kaffeine won't install on Ascii [SOLVED] » 2018-08-17 17:35:39
Once you get your sources straightened out, just install kaffeine. You should not need to tell it to install vlc - the package manager will pull in any dependencies automatically.
#1975 Re: Forum Feedback » Yandex [solved] » 2018-08-17 17:32:46
Something from this list probably does what you want.
$ apt-cache search yandex
rclone - rsync for commercial cloud storage
translate-shell - Command-line translator using Google Translate, etc.
git-annex-remote-rclone - rclone-based git annex special remote
youtube-dl - downloader of videos from YouTube and other sitesBoard footer
