On 07/27/2011 05:34 PM, 夜神　岩男 wrote:

PS: If anyone knows anything better than the above sort of commands, please pipe up. I've been doing a *lot* of gconftool-2 scripted customizations lately and some of the options are pretty hard to research. Things like setting default colors for gnome-terminal or changing icons defaults, etc. are a fruitful source of irritating mistakes. Any better ideas are welcome -- thanks in advance.

Welcome to the config wasteland created by the Gnome devs. Why have a gui when you can remove options or the entire gui and hide the good stuff in the darkest & deepest Gnome basement only to be seen when singing magical gconf incantations? :) I am not sure if there is any appreciation for pre-configured mass deployment of Gnome based desktops.

Afaik there is no other way then to venture into gconf/dconf land. I have been trying to figure out how to make Gnome 3 on Fedora 15 less annoying and return some of the Gnome 2 goodness. Some of the config options only seem to show up in gconf while others only show up in dconf. It's a config hell probably only surpassed by Window's DLL hell.

Some of the gnome-terminal color stuff I have been using for F14:

# gnome-terminal: don't use theme colors gconftool-2 --direct --config-source=xml:readwrite:/etc/gconf/gconf.xml.defaults -s -t bool /apps/gnome-terminal/profiles/Default/use_theme_colors false

# gnome-terminal: set background color to black gconftool-2 --direct --config-source=xml:readwrite:/etc/gconf/gconf.xml.defaults -s -t string /apps/gnome-terminal/profiles/Default/background_color "#000000000000"

# gnome-terminal: set foreground color to white gconftool-2 --direct --config-source=xml:readwrite:/etc/gconf/gconf.xml.defaults -s -t string /apps/gnome-terminal/profiles/Default/foreground_color "#FFFFFFFFFFFF"

# gnome-terminal: unlimited scrollback gconftool-2 --direct --config-source=xml:readwrite:/etc/gconf/gconf.xml.defaults -s -t bool /apps/gnome-terminal/profiles/Default/scrollback_unlimited true

# gnome-terminal: disable F10 so you can quit mc gconftool-2 --direct --config-source=xml:readwrite:/etc/gconf/gconf.xml.defaults -s -t bool /apps/gnome-terminal/global/use_menu_accelerators false

Hope this helps.

Good luck. We will need it :)

Regards, Patrick

On 07/27/2011 08:58 PM, 夜神　岩男 wrote:

...

Some of the gnome-terminal color stuff I have been using for F14:

Very helpful -- splitting it up makes more sense I was trying recently to get things done through the /blah/blahblah/Default/palette key for gnome-terminal and its behaving oddly. Do I need to be escaping any characters or making more use of quotes for the color indicators?

Not sure. I don't recall having to escape anything. If you use gconf-editor and go to apps/gnome-terminal/profiles/Default and click on background_color then at the bottom there is an explanation. It seems to suggest that text needs to be quoted ("red") but hex values for the color not. I quoted the hex values in F14 and they all worked.

I think there is also some gconf info on freedesktop.org. Maybe it has the answer. Or just do it by trial-and-error :)

PS: As far as Gnome2 goes... there was so much promise with the gconf system (customize *everything* in a script, if you just learn the incantations) that I am really frustrated that Gnome3 didn't turn out to be a refactoring effort instead of a "let's make everyone's multi-head systems into a huge iPad" disaster. Meh... That argument has been had elsewhere enough that I am actually pretty eager to see how 3.2 or so turns out.

Agreed. I am looking forward to 3.2 too. Hopefully gconf/dconf will be more unified.

Regards, Patrick

On 07/28/2011 12:47 AM, Jerry Geis wrote:

...

Anyway, I'm just being silly above. The gconf key for this is:

/apps/gnome-session/options/show_root_warning

Thats awesome... I new the rest about setting values - I just didnt know the name. Thanks,

I've become a wizard at finding those things.

Unfortunately you didn't write back with what I was hoping for -- something along the lines of:

"gconftool-2 customizations? pheh, bonehead, everybody knows that's just: # read-your-mind-for-preferences.sh --exec 'gconftool-2' duh"

But no luck there, eh? (>.<)

-Iwao

In other news, the Practical Joke of the Year is dconf! (or maybe that's 2nd place to systemd error output...)

On Wed, 27 Jul 2011, Marko Vojinovic wrote:

What never happens again? The message doesn't appear on subsequent root X logins (this is a bug that should be reported), or you subsequently never try to login as root again (this is a good idea to be practiced)?

Nah, you get the option of disabling that message in future when it appears.

Not a bug, just a sensible flexible behaviour.

jh

On Wednesday 27 July 2011 11:15:32 Les Mikesell wrote:

Things like that always remind me of seeing 'rough road' warnings on the highway. Wouldn't it be better to fix the underlying problem if X isn't suitable for administrative use or make better text mode tools than to spend the time putting out warning signs?

If you need to get into X as root means that *you* are doing something *wrong*. It has nothing to do with an "underlying problem".

Regards,

Marc Deop

--On Wednesday, July 27, 2011 11:57:51 AM -0500 Les Mikesell lesmikesell@gmail.com wrote:

On 7/27/2011 11:45 AM, Marc Deop wrote:

...

If you need to get into X as root means that *you* are doing something *wrong*. It has nothing to do with an "underlying problem".

So why do GUI administrative tools exist? Or did you mean window manager or desktop instead of X?

The point is not that X, or the window manager, or some tool is flawed. (In general, *all* software has flaws.)

The point is that UNIX has unprivileged users to help protect itself despite program flaws (as well as other reasons). Some things *have* to run privileged and, knowing that, their developers are historically a lot more paranoid about writing and testing such software.

Window managers and graphical programs are complex beasts, and have complex interactions with other complex beasts. That, combined with the fact that they weren't developed with the intent as running as root means that you're running more risks than is really necessary.

See the whole MS Windows (NT, XP, whatever) users need to run as administrator to make their programs work mess, especially when you couple it with attacks through email, web browsers, etc.

In the particular case of GUI administrative tools (and depending on how they're written), they don't necessarily have to run as root even though they ask for root credentials. (For example, they could "su - /some/command" to make changes). If they do run as root, then hopefully their developers are being sufficiently paranoid. But even then, that is better than running the window manager as root and, by extension, all the *other* programs that are launched (or are launchable) from the window manager.

The principle of least privilege applies. Sure, you can ignore it, but you won't get much sympathy if you do.

Devin

--On Wednesday, July 27, 2011 02:20:48 PM -0500 Les Mikesell lesmikesell@gmail.com wrote:

OK, now look at that from the other direction. I'm as concerned about the security of my own account as anything else (and in fact there may be root ssh keys accessible to my account). If something is not suitable to be run as root, why should I believe that it is suitable to run under my account?

Sure, that's fine if we're talking about known defects. Absolutely they should be fixed. If people report them, they usually are.

However, where those recommendations come from are more having to do with unknown defects, which will always be there regardless of what software your're running (or at least often enough that the few cases of proven-correct programs aren't worth considering).

The difference is that if you're using an unprivelged account and you hit a defect, likely the worst thing that will happen is the program will core dump. (Yes, the worst thing may actually be that it tromps everything in your home directory, but that is in some sense less likely to occur in the general case.)

But if you're running that program as root your worst case is crashing the whole machine (instead of just the program), or wiping out all data on the machine (instad of just your home directory).

Sympathy isn't what I'm looking for.

And FWIW my comment wasn't intended to be offensive.

I'd rather have some assurance that a tool is safe to run under any circumstance

And anyone who offers such assurance is generally selling you a pig in a poke. Such proofs are generally NP-hard (IIRC; I'm sure someone will correct me if I used the wrong classification).

Short version: Programs that are intended to be run in a high risk environment get more scrutiny, are less likely to cause a problem, but can cost _significantly_ more to build. Run other stuff in a high risk environment and you're gambling. That principle applies throughout the industry, not just here.

Devin

On Wed, 27 Jul 2011, Les Mikesell wrote:

To: CentOS mailing list centos@centos.org From: Les Mikesell lesmikesell@gmail.com Subject: Re: [CentOS] running X as root in centos 6

On 7/27/2011 10:53 AM, Marko Vojinovic wrote:

...

I believe that the system is designed to warn you with that message, *every* *time* you try to login as root into X.

Things like that always remind me of seeing 'rough road' warnings on the highway. Wouldn't it be better to fix the underlying problem if X isn't suitable for administrative use or make better text mode tools than to spend the time putting out warning signs?

IIRC, SuSE Linux had a desktop background with warning messages and round cannonball type bombs on it, with short fuses that were alight. Maybe trying to tell you something - like you might blow your system up?

Kind Regards,

Keith Roberts

----------------------------------------------------------------- Websites: http://www.karsites.net http://www.php-debuggers.net http://www.raised-from-the-dead.org.uk

All email addresses are challenge-response protected with TMDA [http://tmda.net] -----------------------------------------------------------------