Re: user perms
On Tue 14 Jun 2022 at 18:20:15 (-0400), gene heskett wrote:
> On 6/14/22 13:25, David Wright wrote:
> > On Mon 13 Jun 2022 at 19:03:47 (-0400), gene heskett wrote:
> > > On 6/13/22 14:36, Greg Wooledge wrote:
> > > > On Mon, Jun 13, 2022 at 01:56:12PM -0400, gene heskett wrote: >>
> > > > I appear as user 1000 seem to be stuck behind some sort of a >>
> > > permissions wall. > > SHOW. US.
> > >
> > > I got tired of fighting with it Greg, so I did install #32 and installed
> > > gnome_desktop (that was new) and xfce4 during the install, and
> > > now things including the screen colors are back to normal,
> > >
> > > I've installed the brother printers and scanner drivers and I can modify t
> > > them by the usual rules. I also set a root pw in addition to adding myself
> > > to /etc/group in the appropriate places. I created an /sshnet tree with the
> > > other 5 machines here, did a root chown -R me:me on that path and just now
> > > mounted all of them as me, so I own the path to me on the other 5 machines.
> > "adding myself to /etc/group in the appropriate places" sounds just
> > like the sort of thing that might have caused /etc/passwd to become
> > screwed up in installation #31.
> >
> > > And my working environment is getting close to completed, something
> > > that only been workable occasionally since that last Seagate 2T drive
> > > went tits down in the night last Dec 8th.
> > >
> > > Kmail5 is buggier than road kill in June, but t-bird is more like
> > > August, so
> > > I'm looking for a mailer that actually works. tbirds sort filters
> > > don't, and
> > > they think everybody uses only html, so word wrap doesn't work So I'm
> > > doing this by hand..
> > >
> > > So my only instant question is when will the developers understand that
> > > stuff that runs as a $USER, needs one of two changes, either a .conf file
> > > someplace readable by the $USER that tells things like t-bird, running as
> > > the user, can have write privs to /var/log, /or/ an entry in that *.conf so
> > > logging can be done instead of just gobbling up the denial w/o bothering
> > > to tell the user it can't open the log. Its trivial to fix logrotate
> > > to service
> > > the logs in /home/$USER/logs where there's no perms problem because
> > > the $USER owns the whole path.
> > No idea what this is all about, sorry.
> >
> > > Same perms story for heyu and nut,
> > > but some somebody, thinking security as opposed to usability, insists
> > > on building /dev/ttyUSB*, with 0600 perms. Neither nut, nor heyu can
> > > get past that to get their job done. And IF I reset those two devices
> > > to 0777,
> > > re reboot fixes that.
> > >
> > > I must have asked 15 or 20 times in the last decade, how to fix this in
> > > permanently in /lib/udev, and have been ignored when I ask that for
> > > several years. Usability, letting a computer actually DO its job simply
> > > isn't on the menu. With a record like that, can you blame me for being
> > > frustrated? Frustrated by asking for advice so I do do it right, and being
> > > ignored.
> > The trouble with writing this is that people can look back.
> >
> > There was a thread in May 2020 on this topic, where all your posts
> > have followups except for the two that sign out just like this one
> > does below; ie "Now I know how but my editing foo is burned out for
> > today", and "I'll see about it tomorrow, having used up my creative
> > juices on another project today".
> >
> > In that thread, there is a working set of rules showing how udev
> > runs a script when a USB stick is inserted or removed, the scripts
> > themselves, and the data files that the scripts read¹. The scripts
> > have no problem performing mkdir and rmdir in the /media directory:
> >
> > $ ls -ld /media
> > drwxr-xr-x 3 root root 4096 Jun 14 08:30 /media
> > $
> >
> > > [...]
> > >
> > > > You're a goddamned 20+ year Linux veteran. You should be able to
> > > > handle something as ridiculously simple as this.
> > > I just did,
> > As usual, we don't know what you actually did to handle it.
> >
> yes I did, but you snipped that part. How convenient...
Get a grip: your entire post was quoted in mine, apart from your signature.
> So I write it again:
> As soon as it rebooted from the install, and I had gained root,
> I nano'd /etc/group and added me to group lp, so I could configure
> my 2 printers.
I see; so messing about with /etc/group was "handling it". Well then,
I'll repeat myself too:
> > "adding myself to /etc/group in the appropriate places" sounds just
> > like the sort of thing that might have caused /etc/passwd to become
> > screwed up in installation #31.
> The catted group listing today, from install #32, now has
> me all over that file 12 times where the previous 31 installs only had
> me in
> sudo.
>
> Is that because I finally gave up and defined a root pw during the install?
> In that event IMNSHO the installer is broken in 2 ways. In ways not
> apparently
> related to to the auto install of all the brltty and orca crap that
> drives a
> sighted person into screaming fits. It stalls the machine while it
> trying to
> speak every keypress, fails because it hasn't learned how to speak English
> and can't be turned off w/o destroying the uptime.
>
> I've met your blind person. He is running OpenSCAD, the gfx composer
> from that synth. I'd have to assume it speaks a lot better german than
> it does English. I have to admire his determination,
> he has a quadruple share of it to run OpenSCAD blind.
>
> If that's not changeable, then it should advertise the diff, but it
> does not.
I have no idea what this is all about, sorry.
> > > but haven't changed the perms of /dev/ttyUSB* yet.
> > Of course, the idea was that /you/ don't have to do that: udev should
> > do it when you boot up the machine or plug in the items. That's what
> > makes it permanent. And by reading their distinctive serial numbers,
> > FTDHG45D and FTOOS09N, it also prevents the names of the two devices
> > being swapped around by a race, or the order of insertion.
> I've noted that that does seem to be stable now, but why does
> it have to be owned by root:root, and 0600 perms? I have rather
> diligently searched thru /lib/udev/rules.d without finding where or
> how the perms are applied. And questions asking about it are snipped
> and never replied to. Why?????????
A rebuttal is already in your quoted material, above.
On the subject of /lib/udev/rules.d, I have no idea what's in there,
or what's meant to be in there, that would apply to your particular
devices: I don't know anything about them.
But you can write your own rules in /etc/udev/rules.d/, as I have
done, and tailor them to your specific requirements. Don't touch
the ones in /lib/udev/rules.d/, but use them as a pattern. (You
can also override them by using the same filename.)
$ grep '\<MODE\>' /lib/udev/rules.d/* | less
shows that dozens of them set permissions, and would show you
how it's done.
> > > Only so
> > > much time in one 24 hour day. Up since 4:40 my time, by 20:00 I'm burned
> > > out for the day.
> > ¹
> > https://lists.debian.org/debian-user/2020/05/msg00510.html
> Is my answer as to how to fix this perms problem actually
> contained in that post and I'm not reading between the lines
> well enough to grok it? Could happen you know...
No it isn't. My example is for how you configure udev so that
it performs things for you, with the necessary privilege, the
idea (one of them) being that you don't have to chmod 777
every darn thing to make them work.
> > Unlike the email posts, the web version doesn't show that
> > "usgs1g" (the mount point) is the contents of an attached file
> > called "2017-0403" (the USB stick's UUID), and likewise "cdrom3"
> > in file "KZ3E2DH0440" (the portable DVD Writer's serial number).
> today, usb-devices does not show the most valuable info, it does
> not show the mount point
/My/ example is for usb-devices that are mass-storage (sticks,
cards and drives), and so it deals in mount points. Your devices
aren't. /lib/udev/rules.d/ unsurprisingly contains examples of
almost every sort of device.
> Now, the weather has quieted, and I have a 1/4" square pcb to design
> and make for
> one of my cnc'd machines, on that same machine. I'm adding an air
> pressure controller
> to the mister nozzles air supply.
Can't help with that.
BTW your previous post was doublespaced, and this one had all the
blank lines taken out, making it difficult to see where replies
begin and end. I'm not sure why. (Anyway, I've inserted them again.)
Cheers,
David.
Reply to: