The officially official Devuan Forum!

You are not logged in.

#1 2023-01-27 17:40:08

nahkhiirmees
Member
Registered: 2022-07-24
Posts: 261  

sudo and slim

Thinking aloud:

i'm working on making my own version of Devuan livecd. Remove packages i don't need, add some that i need, change keyboard settings and so on.
One thing is that i don't actually need to run every command with no password as user "devuan". But on the other hand it would be very nice to be able to log in and out of slim. So first i thought that i'll remove user "devuan" from group sudo. After that i couldn't log in.
Removing file "live" under /etc/sudoers.d or removing "@includedir /etc/sudoers.d" from /etc/sudoers on the other hand doesn't seem to restrict superuser-capabilities from devuan.

So how should i approach this thing? Is it absolutely necessary for "devuan" to belong in group "sudo" to be able to log in with slim?

Offline

#2 2023-01-27 17:52:51

Head_on_a_Stick
Member
From: London
Registered: 2019-03-24
Posts: 3,125  
Website

Re: sudo and slim

nahkhiirmees wrote:

So first i thought that i'll remove user "devuan" from group sudo. After that i couldn't log in.

I cannot reproduce that with devuan_chimaera_4.0.2_amd64_desktop-live.iso.

I used

sudo gpasswd -d devuan sudo

Then logged out and was able to log in again via SLiM with no problems.

What were the exact commands you used? Was this with a stock ISO image?


Brianna Ghey — Rest In Power

Offline

#3 2023-01-27 18:09:48

nahkhiirmees
Member
Registered: 2022-07-24
Posts: 261  

Re: sudo and slim

Head_on_a_Stick wrote:
nahkhiirmees wrote:

So first i thought that i'll remove user "devuan" from group sudo. After that i couldn't log in.

I cannot reproduce that with devuan_chimaera_4.0.2_amd64_desktop-live.iso.

I used

sudo gpasswd -d devuan sudo

Then logged out and was able to log in again via SLiM with no problems.

What were the exact commands you used? Was this with a stock ISO image?

First i used "sudo usermod -G devuan,cdrom,floppy,audio,dip,video,plugdev,netdev devuan" . After that i locked out and i could not back log in as "devuan" .
Also tried commenting out "%sudo    ALL=(ALL:ALL) ALL" in /etc/sudoers . That locked me out too.
The livecd i tried is modified devuan chimaera. I'll soon test an unmodified chimaera dvd too, just in case.

Offline

#4 2023-01-27 18:37:06

Head_on_a_Stick
Member
From: London
Registered: 2019-03-24
Posts: 3,125  
Website

Re: sudo and slim

nahkhiirmees wrote:

First i used "sudo usermod -G devuan,cdrom,floppy,audio,dip,video,plugdev,netdev devuan" . After that i locked out and i could not back log in as "devuan" .

Just tried that. Was able to log in again fine afterwards.

nahkhiirmees wrote:

The livecd i tried is modified devuan chimaera.

Can you be more specific? Looks like you broke it big_smile

EDIT: and please don't full-quote unnecessarily. It makes the thread harder to follow.

Last edited by Head_on_a_Stick (2023-01-27 18:39:28)


Brianna Ghey — Rest In Power

Offline

#5 2023-01-27 19:24:39

nahkhiirmees
Member
Registered: 2022-07-24
Posts: 261  

Re: sudo and slim

I tried with an unmodified devuan chimaera live dvd. I removed devuan from group sudo with usermod. And was able to log in after logging out.
Also removed /etc/sudoers.d/live and logged out. Still was able to log in.

So it seems that the modifications are to blame.

Offline

#6 2023-01-27 19:30:41

nahkhiirmees
Member
Registered: 2022-07-24
Posts: 261  

Re: sudo and slim

Head_on_a_Stick wrote:
nahkhiirmees wrote:

The livecd i tried is modified devuan chimaera.

Can you be more specific? Looks like you broke it big_smile

I guess i have to upload the .iso image somewhere to be precise enough with what i mean by "modifications".

Offline

#7 2023-01-27 19:45:28

nahkhiirmees
Member
Registered: 2022-07-24
Posts: 261  

Re: sudo and slim

Any ideas how to fix logging in with slim? What kind of information is needed to fix the aforementioned situation?

grep -v '#' /etc/slim.conf 
default_path        /usr/local/bin:/usr/bin:/bin:/usr/local/games:/usr/games
default_xserver     /usr/bin/X11/X
xserver_arguments   -nolisten tcp

halt_cmd            /sbin/shutdown -h now
reboot_cmd          /sbin/shutdown -r now
console_cmd         /usr/bin/xterm -C -fg white -bg black +sb -T "Console login" -e /bin/sh -c "/bin/cat /etc/issue.net; exec /bin/login"

xauth_path         /usr/bin/X11/xauth

authfile           /var/run/slim.auth

login_cmd           exec /bin/bash -login /etc/X11/Xsession %session

sessionstart_cmd exec 	/usr/bin/sessreg -a -l "$DISPLAY" %user
sessionstop_cmd exec 	/usr/bin/sessreg -d -l "$DISPLAY" %user

sessiondir            /usr/share/xsessions/

screenshot_cmd      scrot /root/slim.png

welcome_msg         Welcome to %host

shutdown_msg       The system is halting...
reboot_msg         The system is rebooting...

default_user devuan

default_user devuan

auto_login yes

current_theme       desktop-slim-theme

lockfile            /var/run/slim.lock

logfile             /var/log/slim.log

Chimaera's /etc/slim.conf is a bit messy so i grepped out lines containing "#". How should the owner and rights of /var/log be? And how about /usr/bin or /etc/X11 ?
I think i have broken the contents of filesystem.squashfs somehow so either i find out how to fix the situation or start from scratch. Former seems better for me. I'm not a teenage nerd anymore so i don't have endless supply of energy to tinker.

Offline

#8 2023-01-27 20:35:52

Head_on_a_Stick
Member
From: London
Registered: 2019-03-24
Posts: 3,125  
Website

Re: sudo and slim

The original version of SLiM was broken in respect of login sessions but it looks like the new "SLiMski" (lol) version has fixed that.

It's really not worth bothering with though because it runs X under the root user. My live ISO images used startx from a console login to get X running under the normal user and remove a layer of needless bloat.

No idea how to configure SLiM though, sorry. I wouldn't touch that software with your 10 foot barge pole big_smile


Brianna Ghey — Rest In Power

Offline

#9 2023-01-27 20:37:19

nahkhiirmees
Member
Registered: 2022-07-24
Posts: 261  

Re: sudo and slim

I know for a fact that there are some problems with the modified filesystem.squashfs . When i chrooted into the directory that contained extracted contents, and tried to do stuff(removing and installing packages for example), i received enormous amount of complaints from sudo. I got them fixed, for example owners and rights of /usr/bin/sudo and contents of /etc/hosts . But either there's still some things unfixed or collateral damage caused by the commands i used to fix sudo.

It seems that i have a tendency to break slim smile
It would be very useful to find out how to fix it also.

Last edited by nahkhiirmees (2023-01-27 20:38:34)

Offline

#10 2023-01-27 20:43:29

Head_on_a_Stick
Member
From: London
Registered: 2019-03-24
Posts: 3,125  
Website

Re: sudo and slim

So are you just unsquashing the filesystem, editing things, then re-packing?

Why not build an ISO from scratch instead? I think Refracta has tools for that. I use Debian's live-build myself, which works really well.


Brianna Ghey — Rest In Power

Offline

#11 2023-01-27 20:45:46

nahkhiirmees
Member
Registered: 2022-07-24
Posts: 261  

Re: sudo and slim

Head_on_a_Stick wrote:

It's really not worth bothering with though because it runs X under the root user. My live ISO images used startx from a console login to get X running under the normal user and remove a layer of needless bloat.

No idea how to configure SLiM though, sorry. I wouldn't touch that software with your 10 foot barge pole big_smile

It happens that i have been considering to use devuan minimal live as a base for modifications. So now i have a good reason for that move.
It just takes time and effort.

Offline

#12 2023-01-27 20:54:43

golinux
Administrator
Registered: 2016-11-25
Posts: 3,316  

Re: sudo and slim

Just an FYI . . . SLiM is being revamped by Rob Pearce. Email conversation here.

Offline

#13 2023-01-27 20:57:48

nahkhiirmees
Member
Registered: 2022-07-24
Posts: 261  

Re: sudo and slim

Head_on_a_Stick wrote:

Why not build an ISO from scratch instead? I think Refracta has tools for that. I use Debian's live-build myself, which works really well.

I have noticed that GRUB can loop mount files. So i can dump my "/" into a file and use grub-mkrescue to make an .iso which contains that file.
Unfortunately something happened to my old computer so that it became non-compatible with GRUB. So i have been stuck with isolinux and pre-existing distros.
My current computer should be in better shape so i would like to think that using GRUB is an option. Maybe i try that Refracta-thing some day.

Offline

#14 2023-01-27 20:58:09

Head_on_a_Stick
Member
From: London
Registered: 2019-03-24
Posts: 3,125  
Website

Re: sudo and slim

@golinux: I think antiX is using https://gitlab.com/antix-contribs/slimski. I thought Devuan was as well tbh.

Last edited by Head_on_a_Stick (2023-01-27 20:58:28)


Brianna Ghey — Rest In Power

Offline

#15 2023-01-27 20:59:31

Head_on_a_Stick
Member
From: London
Registered: 2019-03-24
Posts: 3,125  
Website

Re: sudo and slim

nahkhiirmees wrote:

Unfortunately something happened to my old computer so that it became non-compatible with GRUB

Sounds unlikely. Feel free to open a new thread about that.


Brianna Ghey — Rest In Power

Offline

#16 2023-01-27 21:11:43

golinux
Administrator
Registered: 2016-11-25
Posts: 3,316  

Re: sudo and slim

Head_on_a_Stick wrote:

@golinux: I think antiX is using https://gitlab.com/antix-contribs/slimski. I thought Devuan was as well tbh.

Nope. First I've heard of slimski . . . that I can remember . . . LOL!

Offline

#17 2023-01-28 14:42:08

nahkhiirmees
Member
Registered: 2022-07-24
Posts: 261  

Re: sudo and slim

I tried again today. It seems that with these contents as /etc/sudoers:

#
# This file MUST be edited with the 'visudo' command as root.
#
# Please consider adding local content in /etc/sudoers.d/ instead of
# directly modifying this file.
#
# See the man page for details on how to write a sudoers file.
#
Defaults	env_reset
Defaults	mail_badpass
Defaults	secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"

# Host alias specification

# User alias specification

# Cmnd alias specification

# User privilege specification
root	ALL=(ALL:ALL) ALL

# Allow members of group sudo to execute any command
%sudo	ALL=(ALL:ALL) ALL

# See sudoers(5) for more information on "@include" directives:

@includedir /etc/sudoers.d

i am able to rm /etc/sudoers.d/live and still log in to slim. Even remove user devuan from group sudo with usermod and still log in.
So it's either wrong contents in /e/sudoers or something else. The problem is:i need to say sudo /sbin/{ifup,ifdown,shutdown} but sudoers seem too fragile to alter.

I guess i should spend some time with "man sudo".

Offline

#18 2023-01-28 14:44:02

nahkhiirmees
Member
Registered: 2022-07-24
Posts: 261  

Re: sudo and slim

So i'm the only one here who has broken slim?-)

Offline

#19 2023-01-28 15:01:26

nahkhiirmees
Member
Registered: 2022-07-24
Posts: 261  

Re: sudo and slim

Head_on_a_Stick wrote:
nahkhiirmees wrote:

Unfortunately something happened to my old computer so that it became non-compatible with GRUB

Sounds unlikely. Feel free to open a new thread about that.

With AMD's 3-core Phenom, built in 2009 it is a possibility that in 2020'ies the hardware starts to break down. One day i had complaints from every https site i tried to visit. The reason was:the hardware decided that current time is january 2002. Combine that with the fact that suddendly booting .iso images made with grub-mkrescue was not an option anymore, at least under VirtualBox. Changing the motherboard's battery won't help much if BIOS/UEFI decides to forget how to boot at all.

Bit off-topic though.

Offline

#20 2023-01-28 16:05:24

fsmithred
Administrator
Registered: 2016-11-25
Posts: 2,485  

Re: sudo and slim

I read through this thread quickly and may have missed something, but it sounds like you're trying to make changes in a running live session. Or maybe you're surgically modifying the iso file and then booting the result. Those ways sound difficult to me. Easier is to install devuan into a spare partition or into a virtual machine, configure it the way you want, and then run refractasnapshot.

To boot the live isos without autologin, add the word noautologin to the boot command.

To boot the live isos without sudo, add nocomponents=sudo to the boot command.

Read man live-config for more.

Online

#21 2023-02-01 18:00:08

nahkhiirmees
Member
Registered: 2022-07-24
Posts: 261  

Re: sudo and slim

nahkhiirmees wrote:

i am able to rm /etc/sudoers.d/live and still log in to slim. Even remove user devuan from group sudo with usermod and still log in.
So it's either wrong contents in /e/sudoers or something else. The problem is:i need to say sudo /sbin/{ifup,ifdown,shutdown} but sudoers seem too fragile to alter.

I guess i should spend some time with "man sudo".

From "man sudoers" i found an example which mostly fits my needs. As i suspected, i have to say the needed commands before "%sudo". And i can also restrict group sudo to rm and /usr/sbin/usermod . It is not everyday that i need to edit /e/sudoers so it took a while. Maybe i shouldn't quit my day-job.

Offline

#22 2023-02-16 22:31:47

nahkhiirmees
Member
Registered: 2022-07-24
Posts: 261  

Re: sudo and slim

I managed to find a new way to break slim. Time to look for alternatives. I wonder why on earth slim is the default display manager in Devuan?

Offline

#23 2023-02-16 22:42:53

nahkhiirmees
Member
Registered: 2022-07-24
Posts: 261  

Re: sudo and slim

Fortunately there are many dm:s available even in Devuan. But there's another thing:
i would like to continue using xfce but it's dependencies are starting to bother me. When i install xfce by saying "apt-get install xfce" , some package draws in avahi and libavahi. I did some googling and noticed that it is recommended to remove avahi because it is considered as a security risk.
And then there's also libcups3. When most of things i do with a computer are reading email and watching Netflix and youtube videos, why do i have to run a print server also? OK i'm exaggerating a bit , libcups is not same thing as cups but i wonder why it is needed?

Last edited by nahkhiirmees (2023-02-16 23:11:15)

Offline

#24 2023-02-16 23:07:33

alexkemp
Member
Registered: 2018-05-14
Posts: 357  

Re: sudo and slim

I was surprised to find at the GitHub site that CUPS has a dependency upon systemD. I'm not sure how Devuan handles that. I run SLiM myself.

Offline

#25 2023-02-16 23:27:09

golinux
Administrator
Registered: 2016-11-25
Posts: 3,316  

Re: sudo and slim

Just an FYI . . . SLiM is in the process of an upgrade. Discussion starts here.

Offline

Board footer