Linux Format - UK (2020-03)

(Antfer) #1
http://www.techradar.com/pro/linux March 2020 LXF260 13

ANSWERS


Q


Restricted root
For complicated reasons I need a
user to be able to install packages, but
not have write access to the host’s file.
One method would be to install software
without root, but that looks beyond
my abilities or is likely to cause some
additional glitchiness.
I had another idea involving
permissions but I am not terribly clear
on how permissions work. Would I be
able to assign write permissions for
/etc/hosts to a user that is not root and
then restrict root (and by extension the
system) to only being able to read the
file and not write to it? Is it even possible
to restrict root’s access to things? I am
using Ubuntu 19.10.
Luna

A


You cannot restrict root with
permissions, that’s why they are
called the superuser. Even if a file has no
permissions set, root can still read and
write it. The program you need is the one
you already use to administer the system
yourself, sudo. This gives root access to
users to carry out certain tasks. Ubuntu
gives full sudo rights to the first user
created so they can administer the system.
However, sudo gives far more fine-grained
control than that and can allow specific
users to only run certain programs as root.
The file that controls this behaviour is
/etc/sudoers. This can only be edited as

root, but you should not edit it directly. The
reason for that is that if you make a
mistake when editing it, you could lock
yourself out of sudo, leaving you with no
way to correct the situation except to
reboot from a live CD. You should use the
visudo command in a terminal:
$ sudo visudo
This makes a copy of sudoers and passes
that to your preferred editor. When you exit
the editor it checks that the syntax of the
file is correct before replacing the original
/etc/sudoers file with the edited copy.
You need to add
user2 ALL = /usr/sbin/synaptic, /usr/bin/
apt
This allows user2 to run Synaptic or apt,
but nothing else. Commands are listed,
separated by commas. Sudo requires the
full path to be specified in /etc/sudoers.
This is a security feature, otherwise you
could put anything you want in a script
called apt in your user’s path and run it
with root privileges. If that script contained
/bin/bash you’d have full root access.
You can restrict things further if you
wish by specifying more than just the
command name. For example
user2 ALL = /usr/sbin/synaptic, /usr/bin/
apt install
would only allow apt to be run with the
install option. You cannot add this sort of
restriction to Synaptic, so if you wanted to
limit things to this extent, you would need
to exclude the use of Synaptic.

All of this applies to installing software
from the package manager, but you can
also use it to allow software to be installed
from source; using the standard
$ ./configure && make && sudo make
install
by using this line in /etc/sudoers:
user2 ALL = /usr/bin/apt install, /usr/bin/
make install
However, this would allow the user to
install anything they want, including
something to circumvent your controls, so
use with care unless you completely trust
the user – and if that was the case why
would you be restricting them from /etc/
hosts in the first place?

Q


Missing modem
I bought a second-hand ADSL
modem/router. I connected my
computer to it but I cannot connect to
the router’s web interface. I have tried
a variety of IP addresses, all the usual
ones, but none of them work. I did hear
that some of these modems are locked
to a specific ISP, would that be the cause
of my problem?
Dale

A


Some ISPs do supply hardware that
is locked to their system, so that
they can remote manage it when you call
support with a problem. That may be the
case here, but it has nothing to do with
being unable to connect to the LAN side of
the router.
The first thing to do with a used device
like this is to do a full reset to get rid of the
previous settings. For routers, a 30-30-
reset it recommended. To do this you hold
down the reset button for 30 seconds,
then unplug the power source for another
30 seconds. You then power it back on,
with the reset button held in for a further
30 seconds.
Now connect your computer to it using
a wired connection, as wireless won’t be
set up after a reset. In many cases, the IP
address to use is printed on the bottom of
the router, otherwise search the web for a
manual for the device and check that. If all
else fails, your computer will usually have
connected using DHCP – if you are
currently using static settings, switch to
DHCP for the time being. When the
computer sends out a DHCP query, the
response includes more than an address
for it to use. Among other things it includes
the gateway address, the address through
which to send all traffic destined for
outside of the network. This will be the
address of the modem, so run
$ sudo route -n
in a terminal and look for the gateway
address in the line starting 0.0.0.0. This

A QUICK REFERENCE TO RANDOM CRASHES


Nothing’s more infuriating than random
computer crashes. If it is reproducible,
you have somewhere to start looking,
but if it happens at any time and using
any software, where do you begin?
If it happens regardless of the
software you are using, it may be a
hardware problem. If you have a spare
PSU, try swapping that. Desktop PSUs
can vary greatly in quality, and the
cheaper ones can cause the sort of
power glitches that will crash a
computer. They can also damage
components that cost several times
more than a new PSU. If it’s a laptop, the
battery may be on the way out. If the
computer doesn’t run reliably on
battery power alone, look for a
replacement battery.
The other common culprit is faulty
memory – not all of it, just a few bytes.
Most of the time things work fine, until
something uses those bytes and boom!
Testing memory on a running system is
unreliable as you cannot test anything

the system needs, so use Memtest86+.
This is a bootable system that uses the
absolute minimum of RAM for itself,
leaving the rest available for testing.
Memtest86+ runs a comprehensive
series of tests and takes a while to run,
but even that is not enough. Because
such problems can be transient, there is
a chance of faulty memory passing on a
single run, so let it run for at least two
passes and preferably overnight.
If neither of these show anything,
you may have a problem with some core
software. If you use a popular distro,
that is unlikely without others also being
affected. One other possibility is a dirty
mains supply – voltage spikes or drops
can trigger a reboot. Some sort of
power smoothing, like a UPS
(uninterruptible power supply) can
eradicate such issues. A UPS is a wise
investment if you use your computer for
any sort of work, as such crashes seem
to always happen just before you were
about to save or back up!

1112March 0 h2rGotbhGtunigq March 2020 LXF260 13


ANSWERS


Q


Restricted root
For complicated reasons I need a
user to be able to install packages, but
not have write access to the host’s file.
One method would be to install software
without root, but that looks beyond
my abilities or is likely to cause some
additional glitchiness.
I had another idea involving
permissions but I am not terribly clear
on how permissions work. Would I be
able to assign write permissions for
/etc/hosts to a user that is not root and
then restrict root (and by extension the
system) to only being able to read the
file and not write to it? Is it even possible
to restrict root’s access to things? I am
using Ubuntu 19.10.
Luna


A


You cannot restrict root with
permissions, that’s why they are
called the superuser. Even if a file has no
permissions set, root can still read and
write it. The program you need is the one
you already use to administer the system
yourself, sudo. This gives root access to
users to carry out certain tasks. Ubuntu
gives full sudo rights to the first user
created so they can administer the system.
However, sudo gives far more fine-grained
control than that and can allow specific
users to only run certain programs as root.
The file that controls this behaviour is
/etc/sudoers. This can only be edited as


root, but you should not edit it directly. The
reason for that is that if you make a
mistake when editing it, you could lock
yourself out of sudo, leaving you with no
way to correct the situation except to
reboot from a live CD. You should use the
visudo command in a terminal:
$ sudo visudo
This makes a copy of sudoers and passes
that to your preferred editor. When you exit
the editor it checks that the syntax of the
file is correct before replacing the original
/etc/sudoers file with the edited copy.
You need to add
user2 ALL = /usr/sbin/synaptic, /usr/bin/
apt
This allows user2 to run Synaptic or apt,
but nothing else. Commands are listed,
separated by commas. Sudo requires the
full path to be specified in /etc/sudoers.
This is a security feature, otherwise you
could put anything you want in a script
called apt in your user’s path and run it
with root privileges. If that script contained
/bin/bash you’d have full root access.
You can restrict things further if you
wish by specifying more than just the
command name. For example
user2 ALL = /usr/sbin/synaptic, /usr/bin/
apt install
would only allow apt to be run with the
install option. You cannot add this sort of
restriction to Synaptic, so if you wanted to
limit things to this extent, you would need
to exclude the use of Synaptic.

All of this applies to installing software
from the package manager, but you can
also use it to allow software to be installed
from source; using the standard
$ ./configure && make && sudo make
install
by using this line in /etc/sudoers:
user2 ALL = /usr/bin/apt install, /usr/bin/
make install
However, this would allow the user to
install anything they want, including
something to circumvent your controls, so
use with care unless you completely trust
the user – and if that was the case why
would you be restricting them from /etc/
hostsinthefirstplace?

Q


Missing modem
I bought a second-hand ADSL
modem/router. I connected my
computer to it but I cannot connect to
the router’s web interface. I have tried
a variety of IP addresses, all the usual
ones, but none of them work. I did hear
that some of these modems are locked
to a specific ISP, would that be the cause
of my problem?
Dale

A


Some ISPs do supply hardware that
is locked to their system, so that
they can remote manage it when you call
support with a problem. That may be the
case here, but it has nothing to do with
being unable to connect to the LAN side of
the router.
The first thing to do with a used device
like this is to do a full reset to get rid of the
previous settings. For routers, a 30-30-
reset it recommended. To do this you hold
down the reset button for 30 seconds,
then unplug the power source for another
30 seconds. You then power it back on,
with the reset button held in for a further
30 seconds.
Now connect your computer to it using
a wired connection, as wireless won’t be
set up after a reset. In many cases, the IP
address to use is printed on the bottom of
the router, otherwise search the web for a
manual for the device and check that. If all
else fails, your computer will usually have
connected using DHCP – if you are
currently using static settings, switch to
DHCP for the time being. When the
computer sends out a DHCP query, the
response includes more than an address
for it to use. Among other things it includes
the gateway address, the address through
which to send all traffic destined for
outside of the network. This will be the
address of the modem, so run
$ sudo route -n
in a terminal and look for the gateway
address in the line starting 0.0.0.0. This

AQUICKREFERENCETORANDOMCRASHES


Nothing’smoreinfuriatingthanrandom
computercrashes.Ifitisreproducible,
youhavesomewheretostartlooking,
butifithappensatanytimeandusing
anysoftware,wheredoyoubegin?
Ifithappensregardlessofthe
softwareyouareusing,itmaybea
hardwareproblem.Ifyouhaveaspare
PSU,tryswappingthat.DesktopPSUs
canvarygreatlyinquality,andthe
cheaperonescancausethesortof
powerglitchesthatwillcrasha
computer.Theycanalsodamage
componentsthatcostseveraltimes
morethananewPSU.Ifit’salaptop,the
batterymaybeonthewayout.Ifthe
computerdoesn’trunreliablyon
batterypoweralone,lookfora
replacementbattery.
Theothercommonculpritisfaulty
memory–notallofit,justafewbytes.
Mostofthetimethingsworkfine,until
somethingusesthosebytesandboom!
Testingmemoryonarunningsystemis
unreliableasyoucannottestanything

thesystemneeds,souseMemtest86+.
Thisisabootablesystemthatusesthe
absoluteminimumofRAMforitself,
leavingtherestavailablefortesting.
Memtest86+runsacomprehensive
seriesoftestsandtakesawhiletorun,
buteventhatisnotenough.Because
suchproblemscanbetransient,thereis
achanceoffaultymemorypassingona
singlerun,soletitrunforatleasttwo
passesandpreferablyovernight.
Ifneitheroftheseshowanything,
youmayhaveaproblemwithsomecore
software.Ifyouuseapopulardistro,
thatisunlikelywithoutothersalsobeing
affected.Oneotherpossibilityisadirty
mainssupply–voltagespikesordrops
cantriggerareboot.Somesortof
powersmoothing,likeaUPS
(uninterruptiblepowersupply)can
eradicatesuchissues.AUPSisawise
investmentifyouuseyourcomputerfor
anysortofwork,assuchcrashesseem
toalwayshappenjustbeforeyouwere
abouttosaveorbackup!
Free download pdf