What to do when a command isn't found?

starcycle at gmail.com starcycle at gmail.com
Thu Jul 6 20:36:09 UTC 2006


>
> Message: 7
> Date: Thu, 06 Jul 2006 14:03:20 -0500
> From: Les Mikesell <lesmikesell at gmail.com>
> Subject: Re: What to do when a command isn't found?
> To: For users of Fedora Core releases <fedora-list at redhat.com>
> Message-ID: <1152212601.20191.16.camel at moola.futuresource.com>
> Content-Type: text/plain
>
> On Thu, 2006-07-06 at 14:54 -0400, starcycle at gmail.com wrote:
> > On 7/6/06, fedora-list-request at redhat.com
> > <fedora-list-request at redhat.com> wrote:
> > >

> Do you log in in some way that avoids running /etc/profile?  Mine
> (in a stock install) adds /sbin, /usr/sbin, and /user/local/sbin
> if your uid is 0.

i was logging in through ssh. but the problem was not using the dash.
all workie now. see what i mean about difficult for newbies? :D

s.c.

>
> --
>   Les Mikesell
>    lesmikesell at gmail.com
>
>
>
>
> ------------------------------
>
> Message: 8
> Date: Thu, 6 Jul 2006 16:03:16 -0300
> From: "Jacques B." <jjrboucher at gmail.com>
> Subject: Re: Lock homepage in firefox for normal users?[Scanned]
> To: "For users of Fedora Core releases" <fedora-list at redhat.com>
> Message-ID:
>         <a937d2190607061203h6db44e05o1679d2d4ebe325a9 at mail.gmail.com>
> Content-Type: text/plain; charset=ISO-8859-1; format=flowed
>
> A quick Google search for:
>
> firefox lock homepage
>
> comes up with the following: http://ilias.ca/blog/2005_03_01_archive.html
>
> I would think you could create that lock_pref() configuration file as
> noted in the article, set it to read only for your users, and Bob's
> your uncle.
>
> Jacques B.
>
> On 7/6/06, Tim <ignored_mailbox at yahoo.com.au> wrote:
> > Tim:
> > >> Sure about that?  You only have to list a file to see whether it's a
> > >> link, or not.
> >
> >
> > Dotan Cohen:
> > > Allright. So /usr/bin/firefox is a bash script that calls "qwerty
> > > http://homepage.com", where qwerty is the firefox executable.
> >
> > Now all they have to do is look at the contents of that file.  That's
> > the sort of thing I've done to trace what start's what.  Various things
> > are started from scripts, and I know I can customise things to suit
> > myself by reading them.
> >
> > If I wanted to subvert a system, the methods suggested so far aren't
> > going to stop a mildly concerned user.  If you'd suggested compiling a
> > program that simply passed over to something else, that would have been
> > a bit more convincing.  It'll take more nouse from a would-be subverter
> > to check what that's really going to do.
> >
> > Thus far I've not seen any suggestions that really "lock" the homepage.
> >
> > --
> > (Currently running FC4, in case that's important to the thread)
> >
> > Don't send private replies to my address, the mailbox is ignored.
> > I read messages from the public lists.
> >
> > --
> > fedora-list mailing list
> > fedora-list at redhat.com
> > To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
> >
>
>
>
> ------------------------------
>
> Message: 9
> Date: Thu, 6 Jul 2006 15:07:12 -0400
> From: Matthew Miller <mattdm at mattdm.org>
> Subject: Re: What to do when a command isn't found?
> To: For users of Fedora Core releases <fedora-list at redhat.com>
> Message-ID: <20060706190712.GA31062 at jadzia.bu.edu>
> Content-Type: text/plain; charset=us-ascii
>
> On Thu, Jul 06, 2006 at 08:50:58PM +0200, nigel henry wrote:
> > It would make sense for /bin /sbin /usr/bin /usr/sbin being in
> > ~/.bash_profile as default. /usr/local/bin, and /usr/local/sbin probably
>
> I disagree. Most of the commands in these paths aren't really meant to be
> executed by _anyone_ directly (httpd, for example).
>
> For the rest, most people really don't need to use them, so they'd just be
> clutter. This is particularly annoying if you use tab completion a lot (and
> if you use the command line a lot, you *should*).
>
>
>
> --
> Matthew Miller           mattdm at mattdm.org          <http://mattdm.org/>
> Boston University Linux      ------>              <http://linux.bu.edu/>
>
>
>
> ------------------------------
>
> Message: 10
> Date: Thu, 6 Jul 2006 16:20:31 -0300
> From: "Jacques B." <jjrboucher at gmail.com>
> Subject: Re: Lock homepage in firefox for normal users?[Scanned]
> To: "For users of Fedora Core releases" <fedora-list at redhat.com>
> Message-ID:
>         <a937d2190607061220n38cbea79l7a8be6d0083db80b at mail.gmail.com>
> Content-Type: text/plain; charset=ISO-8859-1; format=flowed
>
> On 7/6/06, Jacques B. <jjrboucher at gmail.com> wrote:
> > A quick Google search for:
> >
> > firefox lock homepage
> >
> > comes up with the following: http://ilias.ca/blog/2005_03_01_archive.html
> >
> > I would think you could create that lock_pref() configuration file as
> > noted in the article, set it to read only for your users, and Bob's
> > your uncle.
> >
> > Jacques B.
> >
> > On 7/6/06, Tim <ignored_mailbox at yahoo.com.au> wrote:
> I guess I was too quick on the draw.  That's for Windows verion.  I
> tried to figure out how to do the same in FC5 but no luck.  In the
> meantime I didn't plug away at it much, 5-10 minutes.  Someone else
> may have more time/knowledge to figure out how to do it in Linux.
>
> Jacques B.
>
>
>
> ------------------------------
>
> Message: 11
> Date: Thu, 6 Jul 2006 12:21:20 -0700
> From: "jdow" <jdow at earthlink.net>
> Subject: Re: What to do when a command isn't found?
> To: "For users of Fedora Core releases" <fedora-list at redhat.com>
> Message-ID: <07c901c6a131$5d32fd50$0225a8c0 at Wednesday>
> Content-Type: text/plain; format=flowed; charset="UTF-8";
>         reply-type=original
>
> From: "nigel henry" <cave.dnb at tiscali.fr>
>
> > On Thursday 06 July 2006 18:58, Timothy Alberts wrote:
> >> So I get this every now and then and haven't found a smooth method of
> >> dealing with it.  I have my desktop upgraded from FC4 to FC5 and the
> >> command 'ifconfig' comes back with 'bash: ifconfig: command not found.'
> >> Additionally, I have been through tutorials on the web and different
> >> books on running commands that more often than not, the bash shell comes
> >> back with the same message.
> >>
> >> My first question is, are the shell commands and features standardized
> >> somewhere so that I know what commands I can expect to have no matter
> >> what machine I'm sitting at or what type of installation I have?  My
> >> second question is, if these commands are supposed to be there, but the
> >> shell comes back and says they aren't, what is the procedure for finding
> >> the commands or installing the packages required for them?
> >>
> >> I understand the 'which xxx' command will tell me the location of the
> >> executable that is being used when I call a command.  However it doesn't
> >> help me find a missing command.  I also understand that typically shell
> >> commands are in /bin /usr/bin /usr/local/bin among others.  If it helps,
> >> when I type 'which ifconfig' the following is the result:
> >>
> >> /usr/bin/which: no ifconfig in
> >> (/usr/kerberos/sbin:/usr/kerberos/bin:/usr/local/bin:/usr/bin:/bin:
> >> /usr/X11R6/bin:/home/talberts/bin)
> >>
> >> Sorry these are fairly general questions so if it's easier to just focus
> >> on the 'ifconfig' command that would be helpful.  Thank you for any
> >> response.
> >
> > Hi Tim. Just for a start ifconfig is in /sbin/ifconfig . Darned annoying isn't
> > it.
>
> The /sbin and /usr/sbin directories are generally commands that users
> should not use and which may not work at all for users. It is a basic
> part of the security of the system. Unfettered access to ifconfig gives
> a really nice way to perform nastiness on your system by bringing up
> or down various interfaces. It's somewhat handy if commands users are
> not expected to use are not on the user's path.
>
> {^_^}
>
>
>
> ------------------------------
>
> Message: 12
> Date: Thu, 6 Jul 2006 20:38:12 +0100
> From: Chris Jones <jonesc at hep.phy.cam.ac.uk>
> Subject: Re: kernel-2.6.17-1.2139_FC5 broke ACPI S3 on thinkpad T42p
> To: fedora-list at redhat.com
> Message-ID: <200607062038.13057.jonesc at hep.phy.cam.ac.uk>
> Content-Type: text/plain;  charset="utf-8"
>
> On Thursday 06 July 2006 10:34 am, Chris Jones wrote:
> > > https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=196835
> >
> > Thanks, I am already watching that bug, but as yet I have not had chance to
> > try out all the suggestions so have not added my own comments. Will do as
> > soon as I get time...
>
> Update. I've since updated to the 2.6.17-1.2145_FC5 kernel, and with this
> hibernate works fine again. Looking at the release notes I'm not sure what
> change fixed it, but something did.
>
> Chris
> >
> > Chris
>
> --
> +--------------------------------------------------------------+
> | Dr Chris R Jones         work   : +44 (0)1223 337324         |
> | HEP Group  (rm 882)      fax    : +44 (0)1223 353920         |
> | Cavendish Laboratory,    home   : +44 (0)1223 510711         |
> | Madingley Road,          mobile : +44 (0)7723 327477         |
> | Cambridge, CB3 0HE       email  : jonesc at hep.phy.cam.ac.uk   |
> +--------------------------------------------------------------+
>
>
>
> ------------------------------
>
> Message: 13
> Date: Thu, 06 Jul 2006 12:40:26 -0700
> From: Jonathan Ryshpan <jonrysh at pacbell.net>
> Subject: More mplayer installation problems
> To: Fedora List <fedora-list at redhat.com>
> Message-ID: <1152214826.2615.2.camel at claremont.localdomain>
> Content-Type: text/plain
>
> Installing mplayer using yumex, I get these errors:
>         Missing Dependency: mplayer = 1.0-0.43.pre8.lvn5 is needed by package mencoder
>         Missing Dependency: mplayer = 1.0-0.43.pre8.lvn5 is needed by package mplayer-gui
>
> But it looks like this version of mplayer is installed:
>         # rpm -q mplayer
>         mplayer-1.0-0.43.pre8.lvn5
>
> Any ideas what's going on?
>
> Thanks - jon
>
>
>
> ------------------------------
>
> Message: 14
> Date: Thu, 6 Jul 2006 12:53:28 -0700 (PDT)
> From: Al Sparks <data345 at yahoo.com>
> Subject: Re: What to do when a command isn't found?
> To: For users of Fedora Core releases <fedora-list at redhat.com>
> Message-ID: <20060706195328.46750.qmail at web31815.mail.mud.yahoo.com>
> Content-Type: text/plain; charset=iso-8859-1
>
> --- jdow <jdow at earthlink.net> wrote:
> >
> > The /sbin and /usr/sbin directories are generally commands that users
> > should not use and which may not work at all for users. It is a basic
> > part of the security of the system. Unfettered access to ifconfig gives
> > a really nice way to perform nastiness on your system by bringing up
> > or down various interfaces. It's somewhat handy if commands users are
> > not expected to use are not on the user's path.
>
> I tried to execute
>    ifconfig eth0 down
> on my system as non-root, and got permission denied.
>
> If you're going to restrict access to the commands in /sbin, you
> should also change the permissions on the /sbin directory so
> unauthorized personnel can't reach it.  As things stand now, you
> simply have security through obscurity, since users can change their
> own $PATH.
>
> Actually, if you're going to restrict users, you default their shell
> to /bin/rbash, set their $PATH to a small amount of directories, and
> make their .bashrc and .bash_profiles inaccessible.
>    === Al
>
>
>
> ------------------------------
>
> Message: 15
> Date: Thu, 06 Jul 2006 14:55:27 -0500
> From: "Mikkel L. Ellertson" <mikkel at infinity-ltd.com>
> Subject: Re: More mplayer installation problems
> To: For users of Fedora Core releases <fedora-list at redhat.com>
> Message-ID: <44AD6AAF.7090408 at infinity-ltd.com>
> Content-Type: text/plain; charset=ISO-8859-1
>
> Jonathan Ryshpan wrote:
> > Installing mplayer using yumex, I get these errors:
> >         Missing Dependency: mplayer = 1.0-0.43.pre8.lvn5 is needed by package mencoder
> >         Missing Dependency: mplayer = 1.0-0.43.pre8.lvn5 is needed by package mplayer-gui
> >
> > But it looks like this version of mplayer is installed:
> >         # rpm -q mplayer
> >         mplayer-1.0-0.43.pre8.lvn5
> >
> > Any ideas what's going on?
> >
> > Thanks - jon
> >
> It is telling you that you can not upgrade mplayer without upgrading
>  the mencoder and mplayer-gui packages because they depend on the
> mplayer-1.0-0.43.pre8.lvn5 package. It looks like the requirements
> are set so that a newer version of mplayer, or one from a different
> source besides Livna are not acceptable.
>
> Mikkel
> --
>
>   Do not meddle in the affairs of dragons,
> for thou art crunchy and taste good with Ketchup!
>
>
>
> ------------------------------
>
> Message: 16
> Date: Thu, 6 Jul 2006 16:02:21 -0400
> From: Matthew Miller <mattdm at mattdm.org>
> Subject: Re: What to do when a command isn't found?
> To: For users of Fedora Core releases <fedora-list at redhat.com>
> Message-ID: <20060706200221.GA1387 at jadzia.bu.edu>
> Content-Type: text/plain; charset=us-ascii
>
> On Thu, Jul 06, 2006 at 12:53:28PM -0700, Al Sparks wrote:
> > I tried to execute
> >    ifconfig eth0 down
> > on my system as non-root, and got permission denied.
>
> Try adding
>
> USERCTL=yes
>
> to
>
> /etc/sysconfig/network-scripts/ifcfg-eth0
>
> (One of several arguments for moving ifconfig to /bin.)
>
>
> But yeah, having programs in sbin isn't a security thing. It's an
> organizational thing.
>
>
> --
> Matthew Miller           mattdm at mattdm.org          <http://mattdm.org/>
> Boston University Linux      ------>              <http://linux.bu.edu/>
>
>
>
> ------------------------------
>
> Message: 17
> Date: Thu, 06 Jul 2006 15:05:46 -0500
> From: "Mikkel L. Ellertson" <mikkel at infinity-ltd.com>
> Subject: Re: What to do when a command isn't found?
> To: For users of Fedora Core releases <fedora-list at redhat.com>
> Message-ID: <44AD6D1A.5070901 at infinity-ltd.com>
> Content-Type: text/plain; charset=ISO-8859-1
>
> Al Sparks wrote:
> >
> > I tried to execute
> >    ifconfig eth0 down
> > on my system as non-root, and got permission denied.
> >
> > If you're going to restrict access to the commands in /sbin, you
> > should also change the permissions on the /sbin directory so
> > unauthorized personnel can't reach it.  As things stand now, you
> > simply have security through obscurity, since users can change their
> > own $PATH.
> >
> > Actually, if you're going to restrict users, you default their shell
> > to /bin/rbash, set their $PATH to a small amount of directories, and
> > make their .bashrc and .bash_profiles inaccessible.
> >    === Al
> >
> What happens if you run "/sbin/ifconfig eth0" instead of
> "/sbin/ifconfig eth0 down"? Is the permission denied message about
> running ifconfig or about trying to bring down eth0? There are times
> when the information presented by ifconfig is useful to a normal
> user, even though you can not change the settings.
>
> One thing I think you are missing is that keeping these commands off
> a normal user's path is not really a security measure. It is more a
> matter of keeping them out of the way of people that would not
> normally need access to them. Chances are, they are not going to
> stumble across them by accident, but they are there if you do need
> to use them. The security is that most actions by the commands
> require root permissions. The information function of the commands
> still works for normal users.
>
> Mikkel
> --
>
>   Do not meddle in the affairs of dragons,
> for thou art crunchy and taste good with Ketchup!
>
>
>
> ------------------------------
>
> --
> fedora-list mailing list
> fedora-list at redhat.com
> https://www.redhat.com/mailman/listinfo/fedora-list
>
> End of fedora-list Digest, Vol 29, Issue 57
> *******************************************
>




More information about the fedora-list mailing list