On 7/30/24 22:30, candycanearter07 wrote:
> John McCue <jmccue@hairball.jmcunx.com> wrote at 13:49 this Saturday (GMT):
>> followups trimmed to comp.os.linux.misc
>>
>> In comp.os.linux.misc yeti <yeti@tilde.institute> wrote:
>>> "26yh.0712" <26yh.0713@e6t5y.net> writes:
>>>
>>>> Ah ... wunnerful Winders :-)
>>>>
>>>> It should be banned as a socioeconomic WMD ...
>>>
>>> Imagine systemd swallowing package management, doing automagic
>>> security updates and such a "MSLinux" monoculture.
>>
>> I can see this happening, I think they just swallowed sudo.
>
> You mean polkit?

No he means "sudo" is going to be replaced with "run0."
<https://www.howtogeek.com/will-linux-run0-command-run-sudo-out-of-town/>
Not right away but sooner or later unless it causes even
more problems. "Sudo" is a bad implementation which replaced "su".
which invoked superuser privileges. You had to use your root
account password but Ubuntu decided that was dangerous so to invoke
the same privileges you can use your user accont passwork.
Canonical thought apparently that it was asking too
much of their projected userbase to remember User account
password and root password.

>
>>> Wouldn't that be similarly vulnerable?
>>
>> Maybe, any complex solution is open to vulnerabilities. I
>> think (hope) these changes would be tested better than
>> crowdstrike was. But as things get more complex, the harder
>> to test :(
>>
>> I still think these changes Red Hat is pushing is their way
>> to make things easier for admins, but to me, eventually you
>> end up with a Windows clone. Now I wonder if they will "AI"
>> systemd, I think it is possible since IBM seems to be
>> getting into AI.
>
> That sounds like a nightmare. AI Systems...

Nightmare or some one's wet dream.
>
>>> IMO "MSLinux" everywhere would have the same problem.
>>>
>>> I think redundancy, diversity and reducing complexity is the right
>>> answer.
>>
The system on my computer uses SysV.init and "su".

bliss- Dell Precision 7730- PCLOS 2024.07- Linux 6.6.42- 5.27.11

--
b l i s s - S F 4 e v e r at D S L E x t r e m e dot com

On Tue, 30 Jul 2024 22:58:28 -0700, Bobbie Sellers wrote:

> No he means "sudo" is going to be replaced with "run0."
> <https://www.howtogeek.com/will-linux-run0-command-run-sudo-out-of-town/

sudo has been a running saga of security vulnerabilities. Poettering is
offering a much simpler design with a smaller attack surface. He actually
wants to do away with the whole idea of set-user-ID executables.

On 31/07/2024 06:58, Bobbie Sellers wrote:
> "Sudo" is a bad implementation which replaced "su".
> which invoked superuser privileges.  You had to use  your root
> account password but Ubuntu decided that was dangerous so to invoke
> the same privileges you can use your user accont passwork.
>     Canonical thought apparently that it was asking too
> much of their projected userbase to remember User account
> password and root password.

Sudo allowed tailored access by certain users to certain root
privileges, that su did not.

It's a reasonable admin tool for a multiuser system.

But who tuns a true multiuser system these days especially one where
users can do simple admin?

--
“The fundamental cause of the trouble in the modern world today is that
the stupid are cocksure while the intelligent are full of doubt."

- Bertrand Russell

The Natural Philosopher <tnp@invalid.invalid> writes:
> On 31/07/2024 06:58, Bobbie Sellers wrote:
>> "Sudo" is a bad implementation which replaced "su".
>> which invoked superuser privileges.  You had to use  your root
>> account password but Ubuntu decided that was dangerous so to invoke
>> the same privileges you can use your user accont passwork.
>>     Canonical thought apparently that it was asking too
>> much of their projected userbase to remember User account
>> password and root password.
>
> Sudo allowed tailored access by certain users to certain root
> privileges, that su did not.
>
> It's a reasonable admin tool for a multiuser system.
>
> But who tuns a true multiuser system these days especially one where
> users can do simple admin?

Even disregarding hobbyists, more than zero but I expect the number is
indeed rather small.

There’s a few points here:

* You can still set a root password and use ‘su’ on Ubuntu systems if
that’s what you want. Canonical are not enforcing a policy here, just
setting a default.

* The ‘sudo instead of su’ model is common everwhere, not just Ubuntu; I
expect the motivation for the default setup on Ubuntu is
simplification, not any theories about who can remember how many
passwords.

* Trusting sudo to enforce the a tailored access model is somewhat
optimistic given its CVE record, and the general record of the setuid
model that underpins it.

* By escaping the setuid model run0 may improve on this issue, though it
brings other kinds of complexity with it; how it balances out is
probably a question for a few years time.

* In the single-user context, sudo effectively creates the model that
your single user account has privileges equivalent to root, but that
you must explicitly mark any privileged operation. The former is just
acknowledging reality, the latter is a useful guard against accidents.

--
https://www.greenend.org.uk/rjk/

On 31/07/2024 10:23, Richard Kettlewell wrote:
> The Natural Philosopher <tnp@invalid.invalid> writes:
>> On 31/07/2024 06:58, Bobbie Sellers wrote:
>>> "Sudo" is a bad implementation which replaced "su".
>>> which invoked superuser privileges.  You had to use  your root
>>> account password but Ubuntu decided that was dangerous so to invoke
>>> the same privileges you can use your user accont passwork.
>>>     Canonical thought apparently that it was asking too
>>> much of their projected userbase to remember User account
>>> password and root password.
>>
>> Sudo allowed tailored access by certain users to certain root
>> privileges, that su did not.
>>
>> It's a reasonable admin tool for a multiuser system.
>>
>> But who tuns a true multiuser system these days especially one where
>> users can do simple admin?
>
> Even disregarding hobbyists, more than zero but I expect the number is
> indeed rather small.
>
> There’s a few points here:
>
> * You can still set a root password and use ‘su’ on Ubuntu systems if
> that’s what you want. Canonical are not enforcing a policy here, just
> setting a default.
>
> * The ‘sudo instead of su’ model is common everwhere, not just Ubuntu; I
> expect the motivation for the default setup on Ubuntu is
> simplification, not any theories about who can remember how many
> passwords.
>
> * Trusting sudo to enforce the a tailored access model is somewhat
> optimistic given its CVE record, and the general record of the setuid
> model that underpins it.
>
> * By escaping the setuid model run0 may improve on this issue, though it
> brings other kinds of complexity with it; how it balances out is
> probably a question for a few years time.
>
> * In the single-user context, sudo effectively creates the model that
> your single user account has privileges equivalent to root, but that
> you must explicitly mark any privileged operation. The former is just
> acknowledging reality, the latter is a useful guard against accidents.
>
+1 to all of that.

I use sudo if its just one thing I need to do, but if its messing with
config files and restarting daemons, I use su -

--
Microsoft : the best reason to go to Linux that ever existed.

Bobbie Sellers <blissInSanFrancisco@mouse-potato.com> wrote:
> On 7/30/24 22:30, candycanearter07 wrote:
>> John McCue <jmccue@hairball.jmcunx.com> wrote at 13:49 this Saturday (GMT):
>>> followups trimmed to comp.os.linux.misc
>>>
>>> In comp.os.linux.misc yeti <yeti@tilde.institute> wrote:
>>>> "26yh.0712" <26yh.0713@e6t5y.net> writes:
>>>>
>>>>> Ah ... wunnerful Winders :-)
>>>>>
>>>>> It should be banned as a socioeconomic WMD ...
>>>>
>>>> Imagine systemd swallowing package management, doing automagic
>>>> security updates and such a "MSLinux" monoculture.
>>>
>>> I can see this happening, I think they just swallowed sudo.
>>
>> You mean polkit?
>
> No he means "sudo" is going to be replaced with "run0."
> <https://www.howtogeek.com/will-linux-run0-command-run-sudo-out-of-town/>
> Not right away but sooner or later unless it causes even
> more problems. "Sudo" is a bad implementation which replaced "su".
> which invoked superuser privileges.

su still exists, even on Ubuntu systems. It's just that Ubuntu's 'user
docs' (as they are) only talk about sudo, and you know the old saying:

Learn Ubuntu and you learn Ubuntu, learn Slackware and you learn Unix.

> You had to use your root account password but Ubuntu decided that
> was dangerous so to invoke the same privileges you can use your user
> accont passwork.

sudo long predates Ubuntu <https://en.wikipedia.org/wiki/Sudo> (initial
release "around 1980").

> Canonical thought apparently that it was asking too
> much of their projected userbase to remember User account
> password and root password.

For traditional Unix systems (multiple users all logged on to the same
system at the same time) the /premise/ of sudo provides some value add.
You can grant individual, more trusted, users rights to do things as
root, without having to share the root password with them in order to
do so.

For typical Ubuntu setups (single user who is system owner and the only
user) sudo adds no value add over just becoming root via su (other
than, as you say, not having to remember a 'root' password).

On 7/31/2024 3:17 AM, The Natural Philosopher wrote:
> On 31/07/2024 10:23, Richard Kettlewell wrote:
>> The Natural Philosopher <tnp@invalid.invalid> writes:
>>> But who tuns a true multiuser system these days especially one where
>>> users can do simple admin?
>>
>> Even disregarding hobbyists, more than zero but I expect the number is
>> indeed rather small.

Not sure what you mean by "hobbyist". To me, a "linux hobbyist" is
someone like me, who deliberately runs a system at home that is more
complex and "professional" than necessary, to keep alive some skills
acquired decades ago when we managed a Unix system used by our department.
But I also use those skills in the small company that still writes me a
paycheck in my semi-retirement.

>> There’s a few points here:
>>
>> * You can still set a root password and use ‘su’ on Ubuntu systems if
>>    that’s what you want. Canonical are not enforcing a policy here, just
>>    setting a default.

My Linux systems are Fedora rather than Ubuntu; Fedora also promotes sudo.

>> * The ‘sudo instead of su’ model is common everwhere, not just Ubuntu; I
>>    expect the motivation for the default setup on Ubuntu is
>>    simplification, not any theories about who can remember how many
>>    passwords.
>>
>> * Trusting sudo to enforce the a tailored access model is somewhat
>>    optimistic given its CVE record, and the general record of the setuid
>>    model that underpins it.
>>
>> * By escaping the setuid model run0 may improve on this issue, though it
>>    brings other kinds of complexity with it; how it balances out is
>>    probably a question for a few years time.
>>
>> * In the single-user context, sudo effectively creates the model that
>>    your single user account has privileges equivalent to root, but that
>>    you must explicitly mark any privileged operation. The former is just
>>    acknowledging reality, the latter is a useful guard against accidents.
>>
> +1 to all of that.
>
> I use sudo if its just one thing I need to do, but if its messing with
> config files and restarting daemons, I use su -

Is that because you do not know about "sudo -i" ?

Note that run0 - which is built on polkit - still relies on setuid
executables within polkit. I don't see them as all that different.

The grace period in sudo is a convenience. It probably does add a bit of
risk. There is probably a way to turn it off --- yes:
timestamp_timeout=0 in /etc/sudoers (apparently per-user)

Lars Poulsen <lars@beagle-ears.com> writes:
> On 7/31/2024 3:17 AM, The Natural Philosopher wrote:
>> On 31/07/2024 10:23, Richard Kettlewell wrote:
>>> The Natural Philosopher <tnp@invalid.invalid> writes:
>>>> But who tuns a true multiuser system these days especially one where
>>>> users can do simple admin?
>>>
>>> Even disregarding hobbyists, more than zero but I expect the number is
>>> indeed rather small.
>
> Not sure what you mean by "hobbyist". To me, a "linux hobbyist" is
> someone like me, who deliberately runs a system at home that is more
> complex and "professional" than necessary, to keep alive some skills
> acquired decades ago when we managed a Unix system used by our
> department.
> But I also use those skills in the small company that still writes me
> a paycheck in my semi-retirement.

The relevant point is that there are (at least a few) large
organizations running multi-user Unix systems, and care about isolation
between users.

> Note that run0 - which is built on polkit - still relies on setuid
> executables within polkit. I don't see them as all that different.

That’s a shame.

--
https://www.greenend.org.uk/rjk/

In article <wwv1q39valn.fsf@LkoBDZeT.terraraq.uk>,
invalid@invalid.invalid (Richard Kettlewell) wrote:

> The relevant point is that there are (at least a few) large
> organizations running multi-user Unix systems, and care about
> isolation between users.

For example, my workplace. Most of our Linux and macOS machines are not
people's personal systems, but dedicated build/test machines with fairly
full-time jobs. I am not a skilled sysadmin, but being able to use sudo
for simple tasks gets them done a lot faster than opening a helpdesk
ticket.

John

On 31/07/2024 14:41, Rich wrote:

>
> For typical Ubuntu setups (single user who is system owner and the only
> user) sudo adds no value add over just becoming root via su (other
> than, as you say, not having to remember a 'root' password).
>
I say it does. Fat finger proofing.

If I HAVE to type sudo every time I want to do something sysadmin-ish it
forces me to stop and think just a little. And sometimes prevents me
from doing what I really didnt want to do

Anyqay, as with most of these religious arguments, you have the choice.
I choose to use both.

Like I used the command line AND the GUI.

--
Renewable energy: Expensive solutions that don't work to a problem that
doesn't exist instituted by self legalising protection rackets that
don't protect, masquerading as public servants who don't serve the public.

On 31/07/2024 16:34, Richard Kettlewell wrote:
> The relevant point is that there are (at least a few) large
> organizations running multi-user Unix systems, and care about isolation
> between users.

There are, but they are rare birds.

Most 'multi-user' machines run pure web applications.
I cant offhand think of anything outside say a research super computer
where true multiuser exists

Anyway their sysdamins are free to set them up how they like, as are we
on our single user machines

--
No Apple devices were knowingly used in the preparation of this post.

On Wed, 31 Jul 2024 17:45 +0100 (BST), John Dallman wrote:

> For example, my workplace. Most of our Linux and macOS machines are not
> people's personal systems, but dedicated build/test machines with fairly
> full-time jobs. I am not a skilled sysadmin, but being able to use sudo
> for simple tasks gets them done a lot faster than opening a helpdesk
> ticket.

At one time (25 years ago) the Linux boxes were our personal machines and
the build/test machines were RS6000/AIX boxes that we shared. The same
code base built on both although some of the data had to be converted
between big and little endian.

IBM priced themselves out of competition and our clients went to Windows.
We use the MKS NutCracker environment on Windows so for the most part the
code builds on Linux or Windows. The Linux boxes are still our personal
machines, with shared Windows systems for build/testing.

The shared AIX resources sometimes had problems like a newbie programmer
deleting what amounts to /usr/bin to free up disk space. Screw-ups on that
level meant you bought the donuts.

We had a homegrown thing called 'gosu' which was essentially sudo without
the training wheels.

The Natural Philosopher <tnp@invalid.invalid> writes:
> On 31/07/2024 16:34, Richard Kettlewell wrote:
>> The relevant point is that there are (at least a few) large
>> organizations running multi-user Unix systems, and care about isolation
>> between users.
>
> There are, but they are rare birds.
>
> Most 'multi-user' machines run pure web applications.
> I cant offhand think of anything outside say a research super computer
> where true multiuser exists

The example I hear about most is more or less that, specifially a
compute farm used for genomics research. You don’t get to log into the
compute nodes, but the ‘head nodes’ used for uploading data sets and
submitting jobs have logins for all.

I’m less clear on the details of the other example I’m aware of, we only
really got to hear about how it interacts with attributes of our
product.

We have a few in-principle shared Unix machines at work but in practice
they can go months between anyone logging in.

--
https://www.greenend.org.uk/rjk/

On 01/08/2024 09:39, Richard Kettlewell wrote:
> The Natural Philosopher <tnp@invalid.invalid> writes:
>> On 31/07/2024 16:34, Richard Kettlewell wrote:
>>> The relevant point is that there are (at least a few) large
>>> organizations running multi-user Unix systems, and care about isolation
>>> between users.
>>
>> There are, but they are rare birds.
>>
>> Most 'multi-user' machines run pure web applications.
>> I cant offhand think of anything outside say a research super computer
>> where true multiuser exists
>
> The example I hear about most is more or less that, specifially a
> compute farm used for genomics research. You don’t get to log into the
> compute nodes, but the ‘head nodes’ used for uploading data sets and
> submitting jobs have logins for all.
>
> I’m less clear on the details of the other example I’m aware of, we only
> really got to hear about how it interacts with attributes of our
> product.
>
> We have a few in-principle shared Unix machines at work but in practice
> they can go months between anyone logging in.
>
A friend of mine who does very advanced mathematical matrix research has
a login to a vast array of CPU power somewhere in the States, where he
uploads code and data, compiles the code and then crunches huge amounts
of data. No root level access needed or wanted.

Real old school

--
The higher up the mountainside
The greener grows the grass.
The higher up the monkey climbs
The more he shows his arse.

Traditional

On Tue, 30 Jul 2024 22:58:28 -0700, Bobbie Sellers
<blissInSanFrancisco@mouse-potato.com> wrote in
<v8cjq4$1f67q$1@dont-email.me>:

> On 7/30/24 22:30, candycanearter07 wrote:
>> John McCue <jmccue@hairball.jmcunx.com> wrote at 13:49 this Saturday (GMT):
>>> followups trimmed to comp.os.linux.misc
>>>
>>> In comp.os.linux.misc yeti <yeti@tilde.institute> wrote:
>>>> "26yh.0712" <26yh.0713@e6t5y.net> writes:
>>>>
>>>>> Ah ... wunnerful Winders :-)
>>>>>
>>>>> It should be banned as a socioeconomic WMD ...
>>>>
>>>> Imagine systemd swallowing package management, doing automagic
>>>> security updates and such a "MSLinux" monoculture.
>>>
>>> I can see this happening, I think they just swallowed sudo.
>>
>> You mean polkit?
>
> No he means "sudo" is going to be replaced with "run0."
> <https://www.howtogeek.com/will-linux-run0-command-run-sudo-out-of-town/>
> Not right away but sooner or later unless it causes even
> more problems. "Sudo" is a bad implementation which replaced "su".
> which invoked superuser privileges. You had to use your root
> account password but Ubuntu decided that was dangerous so to invoke
> the same privileges you can use your user accont passwork.
> Canonical thought apparently that it was asking too
> much of their projected userbase to remember User account
> password and root password.

Actually, sudo(8) isn't a bad implementation of su(8), it's
just "different".

You can set sudo to use the root password, which is what I do
for my personal systems. Requiring the user password is default,
and works better for systems with shared administration where
you have to control what the person runs.

For cases where you have multiple (remote) administrators that need
"root" access, that's better handled with ssh keys and
clever key management on the target host. Another way to
handle it is separate usernames (e.g. "suvallor") that have
their own home directory, but uid/gid 0.

Quite a few of our systems are multi-user. Even used to have
a customer shell server until demand for that dried up. Right
now, one system is used by employees who need to run tools that
interface with our back end systems. Login credentials are handled
with Active Directory, the domain of which is joined with sssd(8).

> The system on my computer uses SysV.init and "su".
>
> bliss- Dell Precision 7730- PCLOS 2024.07- Linux 6.6.42- 5.27.11

Nice! I've said for a few years now that Linux _is_ ready for
most home users, as well as enterprise desktops.

For example, we use MS Teams at work -- I'm not happy about
it, but I can use it from Linux through the web site. Same
goes for MS Office.

The problem is you can't take your Linux laptop to (say) Best
Buy and expect them to help with a problem. The legendary
"year of the Linux desktop" won't happen until there's some
kind of _local_ support network in place. And a lot of folks
will get help with their Windows systems from a relative, who
is more likely to have Windows experience than Linux chops.

--
-v System76 Thelio Mega v1.1 x86_64 NVIDIA RTX 3090 Ti
OS: Linux 6.11.0-rc1 Release: Mint 21.3 Mem: 258G

On Wed, 31 Jul 2024 06:23:14 -0000 (UTC), Lawrence D'Oliveiro
<ldo@nz.invalid> wrote in <v8cl8i$1fhag$1@dont-email.me>:

> On Tue, 30 Jul 2024 22:58:28 -0700, Bobbie Sellers wrote:
>
>> No he means "sudo" is going to be replaced with "run0."
>> <https://www.howtogeek.com/will-linux-run0-command-run-sudo-out-of-town/
>
> sudo has been a running saga of security vulnerabilities. Poettering is
> offering a much simpler design with a smaller attack surface. He actually
> wants to do away with the whole idea of set-user-ID executables.

From the very beginning of our company (1994), we had no setuid
executables on our shell server. (We finally discontinued the service at the
end of June -- the end of an era!)

I see now on this system (Mint 21.3) that ping is no longer setuid.
(Nowadays, it uses Linux capabilities.) Back in the day, it was setuid,
but we replaced it with a client that reached out to a "ping server" that
did the job.

--
-v System76 Thelio Mega v1.1 x86_64 NVIDIA RTX 3090 Ti
OS: Linux 6.11.0-rc1 Release: Mint 21.3 Mem: 258G
"Couldn't myself have better it said."

On 8/4/24 05:35, vallor wrote:
> On Tue, 30 Jul 2024 22:58:28 -0700, Bobbie Sellers
> <blissInSanFrancisco@mouse-potato.com> wrote in
> <v8cjq4$1f67q$1@dont-email.me>:
>
>> On 7/30/24 22:30, candycanearter07 wrote:
>>> John McCue <jmccue@hairball.jmcunx.com> wrote at 13:49 this Saturday (GMT):
>>>> followups trimmed to comp.os.linux.misc
>>>>
>>>> In comp.os.linux.misc yeti <yeti@tilde.institute> wrote:
>>>>> "26yh.0712" <26yh.0713@e6t5y.net> writes:
>>>>>
>>>>>> Ah ... wunnerful Winders :-)
>>>>>>
>>>>>> It should be banned as a socioeconomic WMD ...
>>>>>
>>>>> Imagine systemd swallowing package management, doing automagic
>>>>> security updates and such a "MSLinux" monoculture.
>>>>
>>>> I can see this happening, I think they just swallowed sudo.
>>>
>>> You mean polkit?
>>
>> No he means "sudo" is going to be replaced with "run0."
>> <https://www.howtogeek.com/will-linux-run0-command-run-sudo-out-of-town/>
>> Not right away but sooner or later unless it causes even
>> more problems. "Sudo" is a bad implementation which replaced "su".
>> which invoked superuser privileges. You had to use your root
>> account password but Ubuntu decided that was dangerous so to invoke
>> the same privileges you can use your user accont passwork.
>> Canonical thought apparently that it was asking too
>> much of their projected userbase to remember User account
>> password and root password.
>
> Actually, sudo(8) isn't a bad implementation of su(8), it's
> just "different".
>
> You can set sudo to use the root password, which is what I do
> for my personal systems. Requiring the user password is default,
> and works better for systems with shared administration where
> you have to control what the person runs.
>
> For cases where you have multiple (remote) administrators that need
> "root" access, that's better handled with ssh keys and
> clever key management on the target host. Another way to
> handle it is separate usernames (e.g. "suvallor") that have
> their own home directory, but uid/gid 0.
>
> Quite a few of our systems are multi-user. Even used to have
> a customer shell server until demand for that dried up. Right
> now, one system is used by employees who need to run tools that
> interface with our back end systems. Login credentials are handled
> with Active Directory, the domain of which is joined with sssd(8).
>
>> The system on my computer uses SysV.init and "su".
>>
>> bliss- Dell Precision 7730- PCLOS 2024.07- Linux 6.6.42- 5.27.11
>
> Nice! I've said for a few years now that Linux _is_ ready for
> most home users, as well as enterprise desktops.
>
> For example, we use MS Teams at work -- I'm not happy about
> it, but I can use it from Linux through the web site. Same
> goes for MS Office.
>
> The problem is you can't take your Linux laptop to (say) Best
> Buy and expect them to help with a problem. The legendary
> "year of the Linux desktop" won't happen until there's some
> kind of _local_ support network in place. And a lot of folks
> will get help with their Windows systems from a relative, who
> is more likely to have Windows experience than Linux chops.
>
Well that Local Support group is available all over
the place. It is called the Internet and Linux Users Groups.
I used to be the placeholder whe went into a local cafe
and held down space for the other users attending. Nearly
all Metropolitan areas have local Computer Users Groups
and I living in San Francisco am a member more or less
of SF-LUG ,but I write a Linux News Column for the Champaign-
Urbana Users Group, CUCUG. Aslo in online support we have
a very good PCLinuxOS Users Forum where we users converge
with coders and with packagers for help and to help where
we are competent with our problems on our Laptops and
other machines. One of the now-passed members even had
his own brand of desktop to sell to anyone who could not
run for whatever reason PCLinuxOS on the machines available
to them. At SF-LUG we had a capable hardware person before
Covid-19 Restrictions went into play. We have had one real
life meeting since then just before the Delta Wave.
Maybe SF-LUG will go back to in person meetings
at some point in the future but I started in my 60s and
now I am 87 and plagued with many long-term problems. So
if it happens soon enough maybe one more in person event
for me before I abandon Usenet and PCLinuxOS along with
the rest of the joys of life.

bliss-as old as sin.

--
b l i s s - S F 4 e v e r at D S L E x t r e m e dot com

On Sun, 4 Aug 2024 08:42:50 -0700, Bobbie Sellers
<blissInSanFrancisco@mouse-potato.com> wrote in
<v8o7hq$45kh$1@dont-email.me>:

> On 8/4/24 05:35, vallor wrote:
>> On Tue, 30 Jul 2024 22:58:28 -0700, Bobbie Sellers
>> <blissInSanFrancisco@mouse-potato.com> wrote in
>> <v8cjq4$1f67q$1@dont-email.me>:
>>
>>> On 7/30/24 22:30, candycanearter07 wrote:
>>>> John McCue <jmccue@hairball.jmcunx.com> wrote at 13:49 this Saturday
>>>> (GMT):
>>>>> followups trimmed to comp.os.linux.misc
>>>>>
>>>>> In comp.os.linux.misc yeti <yeti@tilde.institute> wrote:
>>>>>> "26yh.0712" <26yh.0713@e6t5y.net> writes:
>>>>>>
>>>>>>> Ah ... wunnerful Winders :-)
>>>>>>>
>>>>>>> It should be banned as a socioeconomic WMD ...
>>>>>>
>>>>>> Imagine systemd swallowing package management, doing automagic
>>>>>> security updates and such a "MSLinux" monoculture.
>>>>>
>>>>> I can see this happening, I think they just swallowed sudo.
>>>>
>>>> You mean polkit?
>>>
>>> No he means "sudo" is going to be replaced with "run0."
>>> <https://www.howtogeek.com/will-linux-run0-command-run-sudo-out-of-
town/>
>>> Not right away but sooner or later unless it causes even
>>> more problems. "Sudo" is a bad implementation which replaced "su".
>>> which invoked superuser privileges. You had to use your root account
>>> password but Ubuntu decided that was dangerous so to invoke the same
>>> privileges you can use your user accont passwork.
>>> Canonical thought apparently that it was asking too
>>> much of their projected userbase to remember User account password and
>>> root password.
>>
>> Actually, sudo(8) isn't a bad implementation of su(8), it's just
>> "different".
>>
>> You can set sudo to use the root password, which is what I do for my
>> personal systems. Requiring the user password is default, and works
>> better for systems with shared administration where you have to control
>> what the person runs.
>>
>> For cases where you have multiple (remote) administrators that need
>> "root" access, that's better handled with ssh keys and clever key
>> management on the target host. Another way to handle it is separate
>> usernames (e.g. "suvallor") that have their own home directory, but
>> uid/gid 0.
>>
>> Quite a few of our systems are multi-user. Even used to have a
>> customer shell server until demand for that dried up. Right now, one
>> system is used by employees who need to run tools that interface with
>> our back end systems. Login credentials are handled with Active
>> Directory, the domain of which is joined with sssd(8).
>>
>>> The system on my computer uses SysV.init and "su".
>>>
>>> bliss- Dell Precision 7730- PCLOS 2024.07- Linux 6.6.42- 5.27.11
>>
>> Nice! I've said for a few years now that Linux _is_ ready for most
>> home users, as well as enterprise desktops.
>>
>> For example, we use MS Teams at work -- I'm not happy about it, but I
>> can use it from Linux through the web site. Same goes for MS Office.
>>
>> The problem is you can't take your Linux laptop to (say) Best Buy and
>> expect them to help with a problem. The legendary "year of the Linux
>> desktop" won't happen until there's some kind of _local_ support
>> network in place. And a lot of folks will get help with their Windows
>> systems from a relative, who is more likely to have Windows experience
>> than Linux chops.
>>
> Well that Local Support group is available all over
> the place. It is called the Internet and Linux Users Groups. I used to
> be the placeholder whe went into a local cafe and held down space for
> the other users attending. Nearly all Metropolitan areas have local
> Computer Users Groups and I living in San Francisco am a member more or
> less of SF-LUG ,but I write a Linux News Column for the Champaign-
> Urbana Users Group, CUCUG. Aslo in online support we have a very good
> PCLinuxOS Users Forum where we users converge with coders and with
> packagers for help and to help where we are competent with our problems
> on our Laptops and other machines. One of the now-passed members even
> had his own brand of desktop to sell to anyone who could not run for
> whatever reason PCLinuxOS on the machines available to them. At SF-LUG
> we had a capable hardware person before Covid-19 Restrictions went into
> play. We have had one real life meeting since then just before the
> Delta Wave.
> Maybe SF-LUG will go back to in person meetings
> at some point in the future but I started in my 60s and now I am 87 and
> plagued with many long-term problems. So if it happens soon enough maybe
> one more in person event for me before I abandon Usenet and PCLinuxOS
> along with the rest of the joys of life.
>
> bliss-as old as sin.

At least you're young at heart. :)

When I think of the average computer user, I think of my folks.
(Dad just turned 84.) I'd love to get them on Linux, but they
have a good chunk of their personal organizing locked up
in MS Access databases. (I guess I could try to get Access running
in WINE or proton...and you know what? I should investigate that.)

Regarding support: you're right about online help, and I could
set up bookmarks for the requisite support forums on their system,
as well as teach them some of the basics of administration.
A lot can be done these days on Linux Mint, even without
the command line.

Just set up my wife's new Linux workstation, and I don't
think I touched a command line getting her configured.
(Wifi drivers were another matter, which I should post about
separately.)

Much different nowadays than way back when, trying to
get the printer working, or setting up modelines for X.

--
-v System76 Thelio Mega v1.1 x86_64 NVIDIA RTX 3090 Ti
OS: Linux 6.11.0-rc1 Release: Mint 21.3 Mem: 258G

On 4 Aug 2024 12:45:53 GMT, vallor wrote:

> I see now on this system (Mint 21.3) that ping is no longer setuid.
> (Nowadays, it uses Linux capabilities.)

Whaddaya know ...

root@theon:~ # getcap /usr/bin/ping
/usr/bin/ping cap_net_raw=ep

And here I thought capabilities are a process-level thing, there was no
equivalent of set-user-id for them.

By the way, the “capabilities” idea comes from an old DEC OS called VMS,
where it was just called “privilege masks”.

On 4 Aug 2024 17:54:40 GMT, vallor wrote:

> When I think of the average computer user, I think of my folks. (Dad
> just turned 84.) I'd love to get them on Linux, but they have a good
> chunk of their personal organizing locked up in MS Access databases.

How about converting to SQLite and using LibreOffice Base as a frontend?
That gets you away from the limitations of Microsoft Access.

On Sun, 4 Aug 2024 22:30:47 -0000 (UTC), Lawrence D'Oliveiro
<ldo@nz.invalid> wrote in <v8ovem$8t63$7@dont-email.me>:

> On 4 Aug 2024 17:54:40 GMT, vallor wrote:
>
>> When I think of the average computer user, I think of my folks. (Dad
>> just turned 84.) I'd love to get them on Linux, but they have a good
>> chunk of their personal organizing locked up in MS Access databases.
>
> How about converting to SQLite and using LibreOffice Base as a frontend?
> That gets you away from the limitations of Microsoft Access.

That would mean throwing away umpteen databases and reports, developed
over the span of decades. I don't think that's practicable.

As I said, I'd like to try Access on Linux using WINE or proton.

Went to buy a copy at Amazon, and MS Access 2010 seems to be
the latest version. That can't be the latest version,
can it? Is Microsoft abandoning Access?

--
-v System76 Thelio Mega v1.1 x86_64 NVIDIA RTX 3090 Ti
OS: Linux 6.11.0-rc1 Release: Mint 21.3 Mem: 258G

On 5 Aug 2024 02:34:37 GMT, vallor wrote:

> On Sun, 4 Aug 2024 22:30:47 -0000 (UTC), Lawrence D'Oliveiro
> <ldo@nz.invalid> wrote in <v8ovem$8t63$7@dont-email.me>:
>
>> On 4 Aug 2024 17:54:40 GMT, vallor wrote:
>>
>>> When I think of the average computer user, I think of my folks. (Dad
>>> just turned 84.) I'd love to get them on Linux, but they have a good
>>> chunk of their personal organizing locked up in MS Access databases.
>>
>> How about converting to SQLite and using LibreOffice Base as a
>> frontend? That gets you away from the limitations of Microsoft Access.
>
> That would mean throwing away umpteen databases and reports, developed
> over the span of decades. I don't think that's practicable.

Unless, of course ...

> Is Microsoft abandoning Access?

.... you have no choice.

On 5 Aug 2024 02:34:37 GMT, vallor <vallor@cultnix.org> wrote:

>On Sun, 4 Aug 2024 22:30:47 -0000 (UTC), Lawrence D'Oliveiro
><ldo@nz.invalid> wrote in <v8ovem$8t63$7@dont-email.me>:
>
>> On 4 Aug 2024 17:54:40 GMT, vallor wrote:
>>
>>> When I think of the average computer user, I think of my folks. (Dad
>>> just turned 84.) I'd love to get them on Linux, but they have a good
>>> chunk of their personal organizing locked up in MS Access databases.
>>
>> How about converting to SQLite and using LibreOffice Base as a frontend?
>> That gets you away from the limitations of Microsoft Access.
>
>That would mean throwing away umpteen databases and reports, developed
>over the span of decades. I don't think that's practicable.
>
>As I said, I'd like to try Access on Linux using WINE or proton.
>
>Went to buy a copy at Amazon, and MS Access 2010 seems to be
>the latest version. That can't be the latest version,
>can it? Is Microsoft abandoning Access?

"Microsoft Access 2021 is the latest version of Access available as a one-time
purchase. Previous versions include Access 2019, Access 2016, Access 2013,
Access 2010, Access 2007, and Access 2003."

https://www.microsoft.com/en-us/microsoft-365/access

I've never really used Access but it looks like it's still around.

On Sun, 04 Aug 2024 22:39:44 -0500, Char Jackson wrote:

> "Microsoft Access 2021 is the latest version of Access available as a
> one-time purchase. Previous versions include Access 2019, Access 2016,
> Access 2013, Access 2010, Access 2007, and Access 2003."
>
> https://www.microsoft.com/en-us/microsoft-365/access
>
> I've never really used Access but it looks like it's still around.

That seems very old. Is this because newer versions are cloud-only?

In article <lhas1sFire7U2@mid.individual.net>, vallor wrote...
>
> On Sun, 4 Aug 2024 22:30:47 -0000 (UTC), Lawrence D'Oliveiro
> <ldo@nz.invalid> wrote in <v8ovem$8t63$7@dont-email.me>:
>
> > On 4 Aug 2024 17:54:40 GMT, vallor wrote:
> >
> >> When I think of the average computer user, I think of my folks. (Dad
> >> just turned 84.) I'd love to get them on Linux, but they have a good
> >> chunk of their personal organizing locked up in MS Access databases.
> >
> > How about converting to SQLite and using LibreOffice Base as a frontend?
> > That gets you away from the limitations of Microsoft Access.
>
> That would mean throwing away umpteen databases and reports, developed
> over the span of decades. I don't think that's practicable.
>
> As I said, I'd like to try Access on Linux using WINE or proton.
>
> Went to buy a copy at Amazon, and MS Access 2010 seems to be
> the latest version. That can't be the latest version,
> can it? Is Microsoft abandoning Access?

It seems very unlikely that MS would abandon Access - there are just too many
databases out there. I use Access as part of Microsoft 365.
Version: Microsoft® Access® for Microsoft 365 MSO (Version 2406 Build
16.0.17726.20078) 32-bit

There may be a perpetual license version available directly from Microsoft.

--

Phil, London