Random Debian Questions...

[UNLTuba]

I'm sort of working on a How-To (mostly for myself so I can do it on my regualar machine) for Debian on a Laptop. I'm using VMware to load it onto a virtual machine under my Windows XP operating system.

My first question is this:
What is the first thing that you would suggest a person do once they have Debian completely installed/configured and are logged into root for the first time? Do they immediately go for XFree86, or do you upgrade/update the rest of the system first? Any specific command that you would do first? I'm just looking for a first direction to take with the How-To now that I'm through the instal/config process...

Thanks!

 

[n0cmonkey]

I don't know the exact commands offhand, but here is a general guide I would follow. Some of these commands can be done in parrallel:

1. Update.
2. Create an unprivledged user.
3. Install sudo.
4. Forget root password.
5. Reboot.
6. Install all necessary software using sudo and the apt frontend (or apt) of your choice.

 

[Nothinman]

Depends. If I'm switching trees (like going from stable to unstable or testing) I'd do that before configuring X, just because it's less pacakges to download and X upgrades have more of a chance of something going wrong requireing a reinstall of X anyway.

3. Install sudo.
4. Forget root password.

If you install sudo and configure it so you can run any commands (thus allowing the loss of the root password) what's the point? It's just as dangerous as leaving a root shell open and now an attacker has 1 less password to steal.

 

[Barnaby W. Füi]

3. Install sudo.
4. Forget root password.

If you install sudo and configure it so you can run any commands (thus allowing the loss of the root password) what's the point? It's just as dangerous as leaving a root shell open

Not really, the whole thing about logging in as root is that you may forget to log out, and accidentally run something, or you may just make a typo and kill everything, or whatever. With sudo, you have to consciously run something with sudo, and depending on your setup, enter a password. You only run things as root when it's needed.

and now an attacker has 1 less password to steal.

Depends on alot of things. First, they would have to break into your account (i.e. if they hack apache, they're not going to be able to run sudo, if only your username is allowed in sudoers), second, they would have to break into your account by finding out your password (so they could type it again when they run sudo). Personally if anyone ever hacked into a machine of mine even with user-level privelages, I would wipe it clean anyways.

 

[Nothinman]

Not really, the whole thing about logging in as root is that you may forget to log out, and accidentally run something, or you may just make a typo and kill everything, or whatever. With sudo, you have to consciously run something with sudo, and depending on your setup, enter a password. You only run things as root when it's needed.

I understand how sudo works, but it seems pointless on a home machine. IMO you have the same chance of mistyping commands or other 'bad things' with sudo as you do with plain su.

second, they would have to break into your account by finding out your password (so they could type it again when they run sudo)

Doesn't sudo cache passwords for a period of time? Then if the timing is right, you don't even need that password.

 

[Haden]

1. Compile/install custom kernel
2. Update
3. Install lattest XFree/KDE
4. Configure X
5. Install nvidia drivers
6. Run X
7. Get some dev packages to compile mplayer etc...

 

[n0cmonkey]

Originally posted by: Nothinman

Not really, the whole thing about logging in as root is that you may forget to log out, and accidentally run something, or you may just make a typo and kill everything, or whatever. With sudo, you have to consciously run something with sudo, and depending on your setup, enter a password. You only run things as root when it's needed.

I understand how sudo works, but it seems pointless on a home machine. IMO you have the same chance of mistyping commands or other 'bad things' with sudo as you do with plain su.

second, they would have to break into your account by finding out your password (so they could type it again when they run sudo)

Doesn't sudo cache passwords for a period of time? Then if the timing is right, you don't even need that password.

Default is about 5 minutes.

 

[Barnaby W. Füi]

Originally posted by: n0cmonkey

Originally posted by: Nothinman

Not really, the whole thing about logging in as root is that you may forget to log out, and accidentally run something, or you may just make a typo and kill everything, or whatever. With sudo, you have to consciously run something with sudo, and depending on your setup, enter a password. You only run things as root when it's needed.

I understand how sudo works, but it seems pointless on a home machine. IMO you have the same chance of mistyping commands or other 'bad things' with sudo as you do with plain su.

second, they would have to break into your account by finding out your password (so they could type it again when they run sudo)

Doesn't sudo cache passwords for a period of time? Then if the timing is right, you don't even need that password.

Default is about 5 minutes.

I think it's 15. And yeah, if they timed it well, they wouldn't need to type in a password, or if you use NOPASSWD, then they would never need the password. Really though, on home machines it doesn't matter a whole lot, it's just one of those things I suppose - logging in as root is considered something that you should get used to not doing unless it's needed.

 

[Spyro]

Originally posted by: Haden
1. Compile/install custom kernel
2. Update
3. Install lattest XFree/KDE
4. Configure X
5. Install nvidia drivers
6. Run X
7. Get some dev packages to compile mplayer etc...

LOL, nice list, but steps 1 and 7 don't quite seem necessary.

My list basically consists of the following:

1. Set apt.sources to testing
2. Update distro
3. apt-get install x-window-system
4. startx
5. synaptic
6. party all night long

 

[civad]

First and foremost, prepare a hardware list and write down the partition table.
Then prepare a checklist for hardware (e.g. sound card works/doesnt work/tweaking or configuration required; additional drivers downloaded, site downloaded from, etc...-->you get the idea)
Also, prepare a list of apt sources other than the defaults. Also, which source for what packages..


This is all I can think as far as configuration is concerned. You can prepare a log/list of other things such as games, multimedia apps, etc.
For a nice reference, you can take a look at
linux-laptop How-To

 

[Barnaby W. Füi]

Originally posted by: wizardLRU

Originally posted by: Haden
1. Compile/install custom kernel
2. Update
3. Install lattest XFree/KDE
4. Configure X
5. Install nvidia drivers
6. Run X
7. Get some dev packages to compile mplayer etc...

LOL, nice list, but steps 1 and 7 don't quite seem necessary.

My list basically consists of the following:

1. Set apt.sources to testing
2. Update distro
3. apt-get install x-window-system
4. startx
5. synaptic
6. party all night long

I would say 1 is definitely recommended, the debian kernels are HUGE. The 2.4.20 k7-smp debian kernel is the biggest freaking kernel I've ever seen in my life. it fills up the whole top row of my screen, and then 1/3 of the next with the .'s when it's decompressing. I built my own 2.4.20/k7/smp and it had about 1/6th the number of dots.

-rw-r--r-- 1 root root 892720 Mar 19 22:01 vmlinuz-2.4.20

vs.

-rw-r--r-- 1 root root 716199 Jan 13 09:09 vmlinuz-2.4.20-k7-smp
-rw-r--r-- 1 root root 2981888 Mar 17 00:27 initrd.img-2.4.20-k7-smp

:Q

Anyways, my list is something like:

Install

log in as root

add regular user

apt-get install sudo

visudo

log out, log in under regular user

configure anything that needs to be configured (/etc/hosts, /etc/resolv.conf, network interfaces, kernel modules, etc)

edit sources.list and change to testing

apt-get update
apt-get dist-upgrade

edit sources.list and add unstable lines

Remove ppp and a few other packages I never use

apt-get install vim screen ssh irssi links lynx wget ncftp mpg321 aumix nmap netcat perl (already installed?) python figlet figfonts netris

Once all of that stuff is ok,

go to apt-get.org and get apt line for x 4.3, add to sources.list, apt-get update

apt-get install x-window-system-core waimea xterm aterm Eterm gaim gimp-1.3 mozilla-psm xfonts-artwiz gtk-theme-switch 'gtk-engines-*' 'gtk2-engines-*'

Then proceed to restore all of my dot files and tweak things here and there to get everything working nicely.

 

[Spyro]

Originally posted by: BingBongWongFooey

Originally posted by: wizardLRU

Originally posted by: Haden
1. Compile/install custom kernel
2. Update
3. Install lattest XFree/KDE
4. Configure X
5. Install nvidia drivers
6. Run X
7. Get some dev packages to compile mplayer etc...

LOL, nice list, but steps 1 and 7 don't quite seem necessary.

My list basically consists of the following:

1. Set apt.sources to testing
2. Update distro
3. apt-get install x-window-system
4. startx
5. synaptic
6. party all night long

I would say 1 is definitely recommended, the debian kernels are HUGE. The 2.4.20 k7-smp debian kernel is the biggest freaking kernel I've ever seen in my life. it fills up the whole top row of my screen, and then 1/3 of the next with the .'s when it's decompressing. I built my own 2.4.20/k7/smp and it had about 1/6th the number of dots.

-rw-r--r-- 1 root root 892720 Mar 19 22:01 vmlinuz-2.4.20

vs.

-rw-r--r-- 1 root root 716199 Jan 13 09:09 vmlinuz-2.4.20-k7-smp
-rw-r--r-- 1 root root 2981888 Mar 17 00:27 initrd.img-2.4.20-k7-smp

:Q

Anyways, my list is something like:

Install

log in as root

add regular user

apt-get install sudo

visudo

log out, log in under regular user

configure anything that needs to be configured (/etc/hosts, /etc/resolv.conf, network interfaces, kernel modules, etc)

edit sources.list and change to testing

apt-get update
apt-get dist-upgrade

edit sources.list and add unstable lines

Remove ppp and a few other packages I never use

apt-get install vim screen ssh irssi links lynx wget ncftp mpg321 aumix nmap netcat perl (already installed?) python figlet figfonts netris

Once all of that stuff is ok,

go to apt-get.org and get apt line for x 4.3, add to sources.list, apt-get update

apt-get install x-window-system-core waimea xterm aterm Eterm gaim gimp-1.3 mozilla-psm xfonts-artwiz gtk-theme-switch 'gtk-engines-*' 'gtk2-engines-*'

Then proceed to restore all of my dot files and tweak things here and there to get everything working nicely.

BBWF thats not a list thats a tutorial . Seriously though, that *almost* sounds exactly like what I do. The list needs "apt-get install nethack powermanga frozen-bubble mozilla kpovray pan wmaker" to make it complete. BTW as for the custom kernel I excluded it because it might prove a bit difficult for newbies, but I suppose as long as one has something like this to reference it shouldn't be too much of a big deal. The sad fact of the matter is though, that I haven't done this myself because I'm currently buried under the weight of the almighty schedule.

 

[Barnaby W. Füi]

BBWF thats not a list thats a tutorial

I kept remembering stuff and editing it In fact I just remembered some more, gcc, g++, make, autoconf, libncurses5-dev...

The list needs "apt-get install nethack powermanga frozen-bubble mozilla kpovray pan wmaker" to make it complete.

mozilla-browser gets pulled in by mozilla-psm (psm is personal security manager, the ssl stuff that lets you use https)

BTW as for the custom kernel I excluded it because it might prove a bit difficult for newbies,

Yeah agreed, but you might as well learn early... I did, and it wasn't so tough. My first kernel actually booted and worked too. :Q

but I suppose as long as one has something like this to reference it shouldn't be too much of a big deal.

I just wrote the world's smallest kernel howto lately

 

[Spyro]

but I suppose as long as one has something like this to reference it shouldn't be too much of a big deal.

I just wrote the world's smallest kernel howto lately

LOL, and the best thing about it is that it would probably work too

[i[Edit: Grammar....[/i]

 

[pitupepito2000]

Hi,

I was reading the sudo manual, but I don't really understand its benefits over using su.

 

[cleverhandle]

Originally posted by: pitupepito2000
I was reading the sudo manual, but I don't really understand its benefits over using su.

Control.

Sudo lets you be very specific about what you allow users to do, and doesn't require the real root password. With su, you need the root password, and once you give that out, the user can do whatever they want.

 

[drag]

I never realy used sudo, it's just kinda annoying to me, I always "su"'ed into root. I just make sure the prompt says "root" on it and/or is different colors, so I don't forget to loggout when I am finished.

 

[TheOmegaCode]

Originally posted by: drag
I never realy used sudo, it's just kinda annoying to me, I always "su"'ed into root. I just make sure the prompt says "root" on it and/or is different colors, so I don't forget to loggout when I am finished.

Then there's me, who sits at the opposite side of the spectrum. Typing sudo has become second nature to me which is a damn good thing. No matter what I did/do I almost always forget to exit out of su. Then I'd do something stupid like run irc or a myriad of other programs as root, which is not a smart thing to do...

 

[Nothinman]

I just got used to always having screen running, with seperate windows for root and myself. sudo seems pointless on a 1 man box.

 

[n0cmonkey]

Originally posted by: Nothinman
I just got used to always having screen running, with seperate windows for root and myself. sudo seems pointless on a 1 man box.

It keeps me in practice for the multiuser boxes I manage.

Over all, it may be pointless, but it does not hurt.

 

[Nothinman]

It keeps me in practice for the multiuser boxes I manage.

Over all, it may be pointless, but it does not hurt.

I can understand it for multi-user boxes where you want someone to be able to do something administrative but not give them the root password. But you have to be extremely carefull what commands you give them access to use, there's so many ways to 'stuff' in your own commands to things and get root.

 

[n0cmonkey]

Originally posted by: Nothinman

It keeps me in practice for the multiuser boxes I manage.

Over all, it may be pointless, but it does not hurt.

I can understand it for multi-user boxes where you want someone to be able to do something administrative but not give them the root password. But you have to be extremely carefull what commands you give them access to use, there's so many ways to 'stuff' in your own commands to things and get root.

Yeah, we are getting ready to set something like this up.

 

[civad]

Speaking of Debian,
Bdale Garbee, Debian Project Leader, is scheduled to give a talk on April 6th at Northford,CT courtesy Southern CT Open Source User Group.
Link

Is anybody else from nearby areas attending??