[Media] 8.04 Servers - Wikipedia

Steve Lamb grey at dmiyu.org
Sun Oct 19 10:31:06 UTC 2008


Knapp wrote:
> Yes a bit. :-) But I will let this bit from the man sum it up. No one
> that is not a programmer is going to read this and say, "Oh, ya,
> obviously"

    Well, it is.  ;)

> Here we override some of the compiled in default values. We want sudo

[ Snippage]

    There they are going all out and showing what is possible.  Most of the
time I poke at sudoers I check the man page for an example, skim the rest, and
monkey poke it until it does what I want.

> I wanted to set it up so that users with sudo privilages that sign on
> using their own normal name and password, the same one they would use
> if sitting at the keyboard would not have Su or sudo privileges when
> signing in using ssh.

    Ok?  That it?

    Mind you I've not toyed with sudoers extensively at all nor touched mine
in about 2 years.  Personally my method of fixing that was to disllow port 22
from every machine save 2.  If I need ssh access from remote that's what
knockd is for.  A sequence of "knocks" on a pattern of ports I specified and
ssh opens up to the world for a whole 5 seconds.  I can script that sequence
and making ssh connect in about 4 different common scripting languages so no
worries there.  ;)

    I got about 8m into explaining what I found after a minute or two then it
dawned on me.  Ya can't do that.  You're asking sudo to restrict access based
on the machine whence the user came.  As far as I know this is of no relevance
to sudo.  It cares what you can do on the machine you're presently on
regardless of how you got there.  There's no mention of "incoming" or
"connection" in sudoer's man page at all.

    So what you need to do is something like I did above.  Lock down SSH to
specific known hosts and/or utilize knockd to open it up to selected people as
needed.


> If someone asks a question and someone writes back they are under no
> obligations to do or say anything or be nice, but that does not mean
> that it is nice or constructive to be rude, etc.

    Yes.  I am not defending Res' behavior here.  But the issue here is that
people have called other mailing lists rude, arrogant, so on and so forth.
Those are all largely subjective words.  I guarantee that in some cultures me
at my most polite would be downright rude.  Conversely in other cultures I
would be a stuck-up fish.  The baseline in both of those is the culture, not
me.  That is what people forget when they get into these discussions and
lament about other lists being "rude".  They're not!  They're just not what
these people expect.  Anything less than the answer, right now is rude to some
people.  There's a wide margin from universally accepted as rude and what many
people think is rude.

> My basic assumption is that if I ask a question, I expect someone 
> that can help and who
> wants to help, to do so. All the others should keep their mouths shut,
> if they just want to poke fun or show off etc. Obviously, we don't
> live in this Nirvana.

    True.  But that is why I said that as the person helping I get to choose
the manner in which I help.  Just because I chose to help in a manner that you
were not expecting does not automatically mean that:

a: I'm being unhelpful.
b: I'm being rude.

> I myself am good with Google, but not everyone is. I still have had
> times where I googled for like 2 hours and then asked a question only
> to be told that I should Google it (really, no exaggeration, this was
> on IRC).

    Ok.  Did you explain that you tried Googling on terms x, y and z or did
you just ask the question?  This is why every time this conversation comes up
in several different forums I monitor the same URL comes up time and again.
http://www.catb.org/~esr/faqs/smart-questions.html

    Relevant portion are points 3 and 4 below:

Be precise and informative about your problem

    * Describe the symptoms of your problem or bug carefully and clearly.
    * Describe the environment in which it occurs (machine, OS, application,
whatever). Provide your vendor's distribution and release level (e.g.: “Fedora
Core 7”, “Slackware 9.1”, etc.).
    * Describe the research you did to try and understand the problem before
you asked the question.
    * Describe the diagnostic steps you took to try and pin down the problem
yourself before you asked the question.
    * Describe any possibly relevant recent changes in your computer or
software configuration.

> I then asked what I should Google under. I got an answer that
> is nothing like what I was trying and it worked. The long and the
> short is that sometimes we all need help with things that sound stupid
> to others.

    I agree.  But we're talking about presentation on both sides here.  They
are not independent of one another in a large number of cases.  Ask like the
list is your personal slave and you'll get rude responses, justifiably so I
might add.  Show that you at least made an effort to try to noodle it out and
people are more receptive.  It's that simple.

> This list expects you to treat people just like you would at work. If
> you can't then don't write. As you said at work you must write but
> here, if you don't want to help then don't.

    True.  Like I said, I'm not defending Res by a long shot.  I am defending
a large portion of D-U.  IE, the norm.  Besides, say what to whom at work?  To
a coworker I am familiar enough with to have invited to my home for an
informal dinner several times?  To a coworker I have not seen outside of work
and am not familiar with?  My boss?  My boss's boss?  The Customer?  All of
those have different answers.  Personally I treat lists as a slight mixture of
the first two cases.  Simply put, everyone here is either a peer I am familiar
with (ask Cybe R. Wizard presuming I spelled that correctly) or a peer I am
not familiar with.  But I'm going to be casual because you're sure as hell not
my boss and you're definitely not my customer.

? For sure don't help and be
> rude about it because you know you can get away with it and you are
> not being payed. When people write open source software they don't do
> a half ass job just because they are working for free. Answering
> questions is the same!

    Yes, it is.  Which is why we also get FOSS software that does not always
meet our needs because the author is not beholden to us.  Read up on KDE4 on
the KUbuntu users lists for examples of that.  GNome's changes in Nautalis a
few years back is another good example.  IE, FOSS developers solve problems
how they want to solve them.  It also stands to reason we answer questions the
way we want to answer them.  That is not synonymous with half-assed just
because it isn't what you expect.  ;)

> How many times
> have you seen the Subject to be something like, "newbie question". Ya,
> lots and I think it is totally stupid but mostly I don't get up and
> tell the other person how stupid it is. I might suggest that next time
> they write something better and give them an example.

    Neither do I.  Neither do most people on the "rude" and "arrogant" lists,
either.

> My question to you is, why do you help people here at all? I do it
> because I like to help people and to promote Linux IE open source,
> something I believe will truly help the world to be a better place in
> some small way. In the end people on this list give because it makes
> them feel good. That is a sort of payment.

    This is true.  There is some gratification of helping someone else.  But
as I said, I don't think it is unreasonable that if a person expects others to
put time into helping them then that person has to put time into helping
himself.  That goes even in the world of paid support but goes infinitely more
when the support comes free.  Have you seen me on here blast someone for
presenting a question incorrectly or not up to some standard?  I can guarantee
not since I generally just delete those.  I may get down on someone when they
present something that is clearly wrong as correct.  Especially if it is
harmful (IE, Karl Larsen about 90% of the time).  But by and large it is
simple, if you're trying to help yourself I am more apt to help you.  It is
not a hypocritical standard by any means.  Just take a look at the times I
have asked for help to see how I have presented it and the follow-up I give
each issue:

http://ubuntuforums.org/search.php?searchid=49894551

-- 
         Steve C. Lamb         | But who can decide what they dream
       PGP Key: 1FC01004       |      and dream I do
-------------------------------+---------------------------------------------

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 252 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/ubuntu-users/attachments/20081019/78877473/attachment.sig>


More information about the ubuntu-users mailing list