CentOS 8
I just skimmed through the deprecated, and there’s a *lot*. But one hit me in the face: if you make a change to /etc/nsswitch.conf, you need to REBOOT THE SERVER?
Ok, did this come from Redmond?*
Oh, and I note virt-manager replaced by cockpit. Can someone pass along a little note: Sybase has had, for a bunch of years, a required program… called cockpit. I think they’ve got the name by priority….
* I thought that “your cursor has moved; please reboot Windows to have this change take effect was a joke… until, about 5-6 years ago, I found in trying to set up samba at home on Win 8 that if I changed the workgroup name… it required Windows to be rebooted. So… really? nsswitch.conf, and reboot?
Now I think I’ll install C 7 to dual boot on my lady’s workstation, rather than 8.
mark “or my manager this I should go to ubuntu, which
I dislike….”
mark
18 thoughts on - CentOS 8
This is true, but the documentation states that it is possible to fix without a reboot:
“If a system reboot is not possible, restart the service that joins your system to Active Directory, which is the System Security Services Daemon
(SSSD) or winbind.”
I wonder if the same holds true for LDAP.
R’s, James
Note, that appears in the “known issues” section, and not deprecations.
And if you look at BZ 132608, you’ll see that this was reported as an issue in 2004. I would imagine that it has always been this way, and simply appears in the documentation now.
CentOS 7, for example, includes “files sss” in nsswitch.conf by default, so that if you enable integration with a directory server it’s not necessary to restart all of the running services.
The BZ entry for that issue seems to indicate that while changes to nsswitch.conf do still require restarting any daemons that need it (or a reboot), the change that caused that to impact a user has been reverted, and the issue has been resolved.
I have for CentOS 8 – totem and totem-pl-parser installed – but I cannot find the -devel packages for CentOS 8. Where are they ?
Thanks,
Jerry
Hello,
How do I allow root log in on GDM. The only people that have access are admins – so I am not worried about someone screwing things up.
Thanks,
Le 08/04/2021 à 18:58, Steve Clark via CentOS a écrit :
tl;dr: you don’t.
Log in as a non-root user, and when you do need root, either open up a terminal and use ‘su -‘ or (even better) setup your user by making your user a member of the wheel group and then use sudo.
Logging in to a GUI as root is *BAD* practice.
Cheers,
Niki
—
Microlinux – Solutions informatiques durables
7, place de l’église – 30730 Montpezat Site : https://www.microlinux.fr Blog : https://blog.microlinux.fr Mail : info@microlinux.fr Tél. : 04 66 63 10 32
Mob. : 06 51 80 12 12
into the user field.
Le 08/04/2021 à 18:58, Steve Clark via CentOS a écrit :
How do I allow root log in on GDM.
tl;dr: you don’t.
Log in as a non-root user, and when you do need root, either open up a terminal and use ‘su -‘ or (even better) setup your user by making your user a member of the wheel group and then use sudo.
Logging in to a GUI as root is *BAD* practice.
Cheers,
Niki
That said – you can do it, by clicking on “Not listed?” and typing root into the user field.
Yes I have done that and it immediately comes back to the login screen, I know I am typing the correct passwd, because if I botch the passwd I get a message to that effect.
I would not recommend ever using the GUI as the root user .. it creates keys and items that are very dangerous. (gnome key rings, etc)
You should be able to ‘su -‘ , then use visudo to create a sudo account for your user. You can even NOPASSWD your user for using sudo (you may or may not want to do that .. if someone gains access to your local account, they could then sudo with no passwd).
But, i have never, ever logged in as root on a GUI account directly on a machine that I cared about or was keeping live .. just advise, do with it what you will.
+1000
In the past I even avoided sudo. It yet one more SUID-ed binary on your machine. Which may add to your potential [local, in general]
vulnerability footprint. su, – making yourself root is more than enough for regular sysadmin.
+1
To OP: Do as you wish, and deal with consequences.
Valeri
—
++++++++++++++++++++++++++++++++++++++++
Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247
++++++++++++++++++++++++++++++++++++++++
Le 08/04/2021 à 18:58, Steve Clark via CentOS a écrit :
How do I allow root log in on GDM.
tl;dr: you don’t.
Log in as a non-root user, and when you do need root, either open up a terminal and use ‘su -‘ or (even better) setup your user by making your user a member of the wheel group and then use sudo.
Logging in to a GUI as root is *BAD* practice.
Cheers,
Niki
That said – you can do it, by clicking on “Not listed?” and typing root into the user field.
Yes I have done that and it immediately comes back to the login screen, I know I am typing the correct passwd, because if I botch the passwd I get a message to that effect.
I would not recommend ever using the GUI as the root user .. it creates keys and items that are very dangerous. (gnome key rings, etc)
You should be able to ‘su -‘ , then use visudo to create a sudo account for your user. You can even NOPASSWD your user for using sudo (you may or may not want to do that .. if someone gains access to your local account, they could then sudo with no passwd).
But, i have never, ever logged in as root on a GUI account directly on a machine that I cared about or was keeping live .. just advise, do with it what you will.
Could you enlighten me on the rationale behind that restriction? As, as you already noticed, my [ancient, maybe] reasoning makes me arrive at an opposite conclusion. (but mine is pure security consideration with full trust vested into sysadmin, see below…)
On a second guess: it is just for a separation of privileges, and accounting of who did what which sudo brings to the table… Right?
Thanks in advance.
Valeri
—
++++++++++++++++++++++++++++++++++++++++
Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247
++++++++++++++++++++++++++++++++++++++++
sudo brings into accounting and the ability to restrict a person to a single command. [That is hard to do well but it is possible.] It also allows for an easily auditable configuration file set so that you can see what should have been allowed and what shouldn’t. Versus the usual ‘oh lets make it setgid blah or setuid foo but restricted to this group..’ and people forgetting it was done that way or why.
That said it is like any tool can be used as a hammer when it should have remained a phillips head.
Finally sudo can allow for better RBAC rules where if that is needed you had to have multiple su commands that were aligned to each role so that people could not escape their jail. [My understanding is that this is where your chosen OS shines with sudo and this was lifted to other os’s laster.]
By 2005 most .gov/.mil baselines required su to be no longer allowed because of this.
Which one OS would be that?
Valeri
I suspect that it’s because you are known as the FreeBSD user on this list. :) (I also prefer it, and have been fortunate enough to be at a FreeBSD shop for yearse now.) Note that FreeBSD can also use OpenBSD’s doas command, though on FreeBSD, there is no persist option, so one must type the password each time–which in a production environment isn’t necessary a bad thing.
that should have been written as
your chosen OS, FreeBSD, shines …
my apology for dropping the packets as I thought i typed it but didn’t
Oh boy, I never could imagine I could be “known as…”. Who would ever even notice me?! ;-)
(I also prefer it, and have been fortunate enough to be at a
You learn something every day. Thanks!
Valeri
Ah, I couldn’t imagine someone remembers I use FreeBSD too. On servers that is. Number crunchers, workstations, and laptops of my users run CentOS (7), Ubuntu (laptops), and also Debian these days. Not mentioning MS Windows and MacOS, though probably should. As these are my choices too as well as those of my users.
No need to apologize. I was indeed a bit puzzled thinking this must be something obvious – derived from the fact this is CentOS list maybe –
still it was kind of escaping me so I asked ;-)
Yes, I did start rating sudo higher than I did in the past after this thread (hijacked – my apologies if it was my doing, didn’t mean though).
Thanks, everybody, for your insights !
Valeri