Light-Debian-Core-Live-CD-Wheezy + Porteus-Wheezy

[saintless]

Hi, Fred.

Ah, I think I misunderstood, I thought you wanted to include edited /etc/sudoers in new iso release but your post in the how-to thread is just information, right?
So the same for the editing of wmpoweroff and wmreboot, no change in next release?
If it is like this it's perfectly alright for me, btw.

Yes, the post is just for information. No change in sudors, wmpoweroff and wmreboot for next release.
I just want to have the answer ready in case someone else asks the same question: How to remove user password prompt on shutdown?
Only Sancxjo asked me this in PM and seems he is the only one who runs DD as user for the moment. Maybe noone else will ask the same question but it is good we have the answer.

Let's keep it as a rule for system-wide changes to keep things the same in both versions, I have the feeling you'd agree with that

Yes, I agree

Toni

[saintless]

Hi, Fred.

I'll test your new setup in the next days for possible complications with porteus-boot (e.g. save on exit).

To save you some testing - save on exit still needs password and does not work if you don't type the password. Reboot/shutdown will continue without saving changes.
The solution is added as edit in the instruction post:
http://www.murga-linux.com/puppy/viewto ... 349#814349

Toni

[fredx181]

Hi Anikin,

I do test every release of both versions, but I don't build a remastered version of DD. I remaster because I don't use a save file and customize DD for my own needs. What makes you think I don't know what this thread is about?

Yes, I remember now you mentioned once that you do remastering instead of savefile.
I had the impression that you don't test every release because it looked like you didn't notice desktop-drive-icons as part of standard DD release.
But maybe I misunderstood (which I do sometimes more these days )
I know you know what this thread is about, it's not a big deal for me, btw. just wanted to mention it should be mostly about standard DD IMHO.

Fred

[fredx181]

Hi Toni,

To save you some testing - save on exit still needs password and does not work if you don't type the password. Reboot/shutdown will continue without saving changes.
The solution is added as edit in the instruction post:
http://www.murga-linux.com/puppy/viewto ... 349#814349

Thanks for testing, Toni!
I must say I have my doubts, isn't it a little to complicated, a how-to with several steps and editing files only for shutdown/reboot without password as normal user?
My full install (xfce) does shutdown/reboot without password out of the box.(I think, not sure, it's using dbus for that)
I guess it's the same for your Gnome install.

At this moment I don't know a good way (I think you don't want the "chmod +s" solution), maybe we can try to find?

Fred

[saintless]

Hi, Fred.

Yes, it seems complicated but I doubt more than few people will need shutdown without password for user account. It is not important subject for me.
I do not mind to add alternative "chmod +s" solution but I think it will not work for Jwm version using gsu with "xterm -e".
Is it enough just to add chmod +s for halt and shutdown?
Anyway I'm not planning to test more shutdown without password solutions.

Edit: Thinking more about this, Fred, making reboot/shutdown without password is very easy following the Debian documentation:
Create group wheel, add user to group wheel, edit /etc/sudoers.
And it works like that in DebianDog-Jwm live-boot.
It doesn't work with live-boot OpenBox version because obshutdown is installed (active) for all boot methods and sudo is replaced with gsu in the scripts.
What makes the instruction complicated is obshutdown scripts and gsu line (both not available in Debian). If I do not mistake for the first time Debian documentation doesn't work for DebianDog. The instruction post as it is now gives the needed steps to synchronize official Debian documentation with porteus-boot and obshutdown. This is good in my opinion.

Toni

[fredx181]

Hi Toni,

Edit: Thinking more about this, Fred, making reboot/shutdown without password is very easy following the Debian documentation:
Create group wheel, add user to group wheel, edit /etc/sudoers.
And it works like that in DebianDog-Jwm live-boot.
It doesn't work with live-boot OpenBox version because obshutdown is installed (active) for all boot methods and sudo is replaced with gsu in the scripts.
What makes the instruction complicated is obshutdown scripts and gsu line (both not available in Debian).

Yes, that's right, I will think of a good way to change wmpoweroff and wmreboot scripts then (remove the gsu line maybe, which probably will give other complications, but I'll see).

I've been searching for a way to use dbus-send for shutdown and reboot but couldn't make it work (it would need consolekit and policykit-1), it's rather complicated.
This is also official way but I don't think it fits with the way DD is setup (autologin from /etc/initab, startx).

Is it enough just to add chmod +s for halt and shutdown?

From what I tested halt and shutdown can be executed by any user then, even without using sudo.
Maybe some will call this insecure, I guess because any user can shutdown the system when other users are logged in.
I run DD always as root but if I would run it as normal use I would like to be able to shutdown without having to type password, so I am for for making that standard behaviour in DD.
Also it would be nice when pressing the power button the system would shutdown (or brings up a shutdown menu)
For openbox version adding this to ~/.config/openbox/rc.xml works for pressing power button:

Code: Select all

    <keybind key="XF86PowerOff">
      <action name="Execute">
        <command>obshutdown</command>
      </action>
    </keybind>

For Jwm version maybe info from here is useful:
http://www.murga-linux.com/puppy/viewtopic.php?t=19860

Fred

[saintless]

Hi, Fred.

Yes, that's right, I will think of a good way to change wmpoweroff and wmreboot scripts then (remove the gsu line maybe, which probably will give other complications, but I'll see).

I think it is better to leave it as it is. For anyone interested there is instruction post with working solution. And it works for all available for download old DD versions.
If you change wmpoweroff, wmreboot and save2flash I have to edit the instruction post according to your changes and the solution will not work anymore for older DebianDog versions. This is the same reason I'm trying to mod included in DD packages to be compatible with older DD versions. It was very easy to rename gsu to gksu in all scripts and add conflicting line with official gksu. Then to move all /opt/bin to /usr/local/bin and the packages will be compatible with standard Debian. But incompatible with older DebianDog. Changing obshutdown scripts now will bring the same incompatibility for older DD versions. I like to have full compatibility between any DD version. This includes installing packages and howto instruction posts to be the same for any DD version.

From what I tested halt and shutdown can be executed by any user then, even without using sudo.
Maybe some will call this insecure, I guess because any user can shutdown the system when other users are logged in.
I run DD always as root but if I would run it as normal use I would like to be able to shutdown without having to type password, so I am for for making that standard behaviour in DD.

I'm one of the people calling this insecure. No problem to shutdown without password if there is a warnning if another user is logged in at the same time and confirmation to shutdown in such case.
It is OK to have it as HowTo post if the user decides to do it, but changing permissions just because it is easier to skip password for user on reboot is not enough reason to do it. Especially when we have another solution for this. Note some WM like JWM will not give you even reboot/shutdown menu button. You have to add them manually. There are only Restart and Exit buttons available after installing JWM. To reboot and shutdown you need to use sudo in terminal.
My opinion is if user account is needed, then the user will set it up as he/she likes. If typing sudo password is a problem set it up according to the instruction post or simply run DebianDog as root.

Also it would be nice when pressing the power button the system would shutdown (or brings up a shutdown menu)
.............................................................................

For Jwm version maybe info from here is useful:
http://www.murga-linux.com/puppy/viewtopic.php?t=19860

Does not work from quick test. I will look at this later but such changes are not so simple as adding a line in .jwmrc. I have to add it in all files also in /opt/bin/jwm-themes. And I have to do it separate in 01-filesystem.squashfs and 021-apps-porteus.squashfs because of obshutdown line for porteus-boot. I also need to find the same solution for IceWM. Mistakes happen sometimes from such small configuration changes without enough testing. I will add it in changes for next version post for now and look at it later.

Toni

[fredx181]

Hi Toni,

Thanks for the detailed explanation of your opinion, I must say again you have larger view on things than me and you are sort of "guard" keeping DD as much as possible Debian compatible, which I have respect for, really.

As you wrote about obshutdown scripts:

If I do not mistake for the first time Debian documentation doesn't work for DebianDog.

I don't like that fact

Can you try these attached wmpoweroff and wmreboot scripts and consider if it's ok for you to replace them in new release?
The gsu line at start is commented out and at the end with variable "sudo_check_if_passwd_needed" it checks if password is needed for /sbin/shutdown, if it is: gsu will be used, if not: sudo is used (the latter is in case /etc/sudoers is edited as in your how-to).
I'm not sure yet of the compatibility with older DD versions but you could possibly edit how-to then that the last steps are only for older DD versions (just idea )

Fred

[anikin]

Hi Toni, Fred et al,

How do I make DD a single (root) user only system - uninstall sudo, I think, anything else?
http://igurublog.wordpress.com/2010/01/ ... -not-root/

Thank you in advance.

[saintless]

Hi, Fred.

As you wrote about obshutdown scripts:

If I do not mistake for the first time Debian documentation doesn't work for DebianDog.

I don't like that fact

I don't like it also. I will check in the next days new wmreboot and wmpoweroff. From quick reading I think save on exit will not work for user without "sudo save2flash" but maybe you did something else to make save on exit work without password. save2flash has gsu line also.

I'm not sure yet of the compatibility with older DD versions but you could possibly edit how-to then that the last steps are only for older DD versions (just idea )

Maybe it will work better if we make new obshutdown.deb with the changes. Then the isntruction post will be:
"For older DebianDog install this obshutdown.deb first and follow the instruction".

Toni

[saintless]

Hi Toni, Fred et al,

How do I make DD a single (root) user only system - uninstall sudo, I think, anything else?
http://igurublog.wordpress.com/2010/01/ ... -not-root/

Thank you in advance.

Hi, Anikin.

Remove puppy user account:

Code: Select all

userdel -r puppy

Check if /home is empty. If it is not empty delete /home/puppy folder.
Delete all files and folders from /etc/skel
Remove sudo:

Code: Select all

apt-get purge sudo

To make sure no new user will be made by mistake remove also /opt/bin/addnewuser from Fred and the menu entry in /usr/share/menu and /usr/share/applications.
Remove xdm:

Code: Select all

apt-get purge xdm

Delete /etc/inittab-auto, /etc/inittab-noauto, /etc/X11/autologin, /etc/X11/no-autologin, /opt/bin/xdm-start, /opt/bin/xdm-stop

Edit: Also ktsuss could be removed if user account is not available anymore:

Code: Select all

apt-get purge ktsuss

Toni

[stemsee]

maybe a short script should be written to do this automatically.

[saintless]

Hi, Stemsee.

Script for automatic breaking the multiuser function in DebianDog is not something I will provide or recommend.

Toni

[stemsee]

@ saintless

aH Ha! I see....

I am not as cautious as you. And just as an exercies I tried to script it!

Code: Select all

#!/bin/bash
Yad --text "This script will make DD single root user.
                  Proceed?"
userdel -r puppy
rm -r /etc/skel
rox /home/puppy
yad --text "Save any files from /home/puppy then click ok."
rox -D /home/puppy
rm -r /home/puppy
rm -f /opt/bin/addnewuser
apt-get purge sudo
apt-get purge xdm
rm -f /etc/inittab-auto
rm -f /etc/X11/autologin
rm -f /opt/bin/xdm-start
rm -f /opt/bin/xdm-stop
xmessage "Finished"
exit
****The End****

[saintless]

Hi, Fred.

From quick reading I think save on exit will not work for user without "sudo save2flash" but maybe you did something else to make save on exit work without password. save2flash has gsu line also.

First test shows I'm wrong. Changes on exit works without removing the gsu line from save2flash. The first part of the instruction post (valid for live-boot Jwm version) needs only adding /usr/bin/save2flash in wheel line in sudoers. Then official Debian documentation works for obshutdown and all boot methods in both DD versions.
Great job again, Fred!
I think more testing is needed but looks like obshutdown is compatible with Debian methods.

Toni

[saintless]

Hi, Fred.

For openbox version adding this to ~/.config/openbox/rc.xml works for pressing power button:

Code: Select all

    <keybind key="XF86PowerOff">
      <action name="Execute">
        <command>obshutdown</command>
      </action>
    </keybind>

I think I have it working as root for Jwm and iceWm. I will test it for puppy user later. It will be added in next version.
Maybe you will like also PrintScreen to start scrotdlg? I have this also working for Jwm and IceWM.

Code: Select all

<Key key="Print">exec: scrotdlg</Key>

Code: Select all

key "Print"       scrotdlg

Toni

[saintless]

Hi, Fred.

I run DD always as root but if I would run it as normal use I would like to be able to shutdown without having to type password, so I am for for making that standard behaviour in DD.

I suggest a compromise if you agree.
We add group wheel in DebianDog next version:

Code: Select all

sudo groupadd wheel

Then we add wheel line in sudoers:

Code: Select all

sudo visudo

Code: Select all

%wheel ALL= NOPASSWD: /sbin/shutdown, /sbin/reboot, /sbin/poweroff, /usr/bin/save2flash

And stop here.

Then all needed for user puppy (and any other user) to shutdown without password will be:

Code: Select all

sudo adduser puppy wheel

Edit: Maybe we can make menu entry to activate/deactivate shutdown without password for the user.
Then the instruction post will be only for older DD versions.

Toni

[anikin]

Remove puppy user account: ...

Thank you, Toni.
An excellent tutorial!
Would be nice to have in the howto section.

[fredx181]

Hi Toni,

I suggest a compromise if you agree.
We add group wheel in DebianDog next version:

Great, loving you even more now Toni

Edit: Maybe we can make menu entry to activate/deactivate shutdown without password for the user.

Yes, good idea.

First test shows I'm wrong. Changes on exit works without removing the gsu line from save2flash. The first part of the instruction post (valid for live-boot Jwm version) needs only adding /usr/bin/save2flash in wheel line in sudoers.

Let me understand, Do you mean when shutting down as user and the gsu line is on top of save2flash the gsu prompt for password will appear?
If so then save2falsh is not needed on wheel line in sudoers, I think.
I'm working already on similar way of check-for-password-needed as in wmpoweroff or wmreboot for save2flash but I first need to understand why you think it's ok already like it is now.

Fred

[saintless]

First test shows I'm wrong. Changes on exit works without removing the gsu line from save2flash. The first part of the instruction post (valid for live-boot Jwm version) needs only adding /usr/bin/save2flash in wheel line in sudoers.

Let me understand, Do you mean when shutting down as user and the gsu line is on top of save2flash the gsu prompt for password will appear?
If so then save2falsh is not needed on wheel line in sudoers, I think.
I'm working already on similar way of check-for-password-needed as in wmpoweroff or wmreboot for save2flash but I first need to understand why you think it's ok already like it is now.

Hi, Fred.
Tested only in Jwm version yet but just checked again now to be sure. Here is what I do:
Login as puppy user and changes=EXIT:/live/.
Copy/paste your new wmreboot and wmpoweroff in /usr/bin.

Code: Select all

sudo groupadd wheel

Code: Select all

sudo visudo

Adding this line:

Code: Select all

%wheel ALL= NOPASSWD: /sbin/shutdown, /sbin/reboot, /sbin/poweroff, /usr/bin/save2flash

Code: Select all

sudo adduser puppy wheel

The changes are not active before logout and login again.
Now before I do anything else I check reboot and shutdown from menu and typing in terminal save2flash. I get sudo password prompt for all.
Then logout and login and typing again in terminal save2flash does not ask for password and saves changes. See the picture:



I think this is what we need. But much more testing we have to do.

Edit: Tested also with xdm activated and seems to work with changes=EXIT:
I remember you wrote xdm creates some problems before but I don't see problem yet. I will test more with active xdm.

Toni