LinuxQuestions.org
Latest LQ Deal: Latest LQ Deals
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Arch
User Name
Password
Arch This Forum is for the discussion of Arch Linux.

Notices


Reply
  Search this Thread
Old 07-16-2012, 10:32 AM   #1
CrazyGuy158
Member
 
Registered: Feb 2012
Posts: 105

Rep: Reputation: 1
Arch setup? (Vbox)


In lack of better things to do (I'm bored, and when I'm bored, I get Linuxy.), I thought about fixing my Arch setup in Virtualbox. I went through the installation without the setup guide as I have done it before and know what I'm doing there. I used the netinstall image.

I plan on using Openbox WM as standalone without any DE, using Slim as login manager, currently. I find it looks more badass.

Question: Arch doesn't seem to like running without constant root, so is it recommended turning off logging in as root and only do as most other distros? (normal user, but root via su or sudo) by editing the sudoers file with visudo?

I know what I said before and in my Ubuntu thread, but eff that. I do want to learn. I know running Linux through a VM isn't the same as running it directly on your hardware, but I wanna familiarize myself first, and currently I think I have the basics covered.

Last edited by CrazyGuy158; 07-16-2012 at 10:35 AM.
 
Old 07-16-2012, 10:48 AM   #2
TobiSGD
Moderator
 
Registered: Dec 2009
Location: Germany
Distribution: Whatever fits the task best
Posts: 17,148
Blog Entries: 2

Rep: Reputation: 4863Reputation: 4863Reputation: 4863Reputation: 4863Reputation: 4863Reputation: 4863Reputation: 4863Reputation: 4863Reputation: 4863Reputation: 4863Reputation: 4863
Arch runs just fine if you aren't root. If you use sudo or su to to your administration works is mostly a matter of taste, but of course the whole bunch of security things you have to consider on other distributions are also valid for Arch. Running the GUI constantly as root is a no-go here too.
 
Old 07-16-2012, 11:21 PM   #3
CrazyGuy158
Member
 
Registered: Feb 2012
Posts: 105

Original Poster
Rep: Reputation: 1
Quote:
Originally Posted by TobiSGD View Post
Arch runs just fine if you aren't root. If you use sudo or su to to your administration works is mostly a matter of taste, but of course the whole bunch of security things you have to consider on other distributions are also valid for Arch. Running the GUI constantly as root is a no-go here too.
I checked what KeyLevel I have and it's set to "PackageRequired". Since all official packages are signed, I shouldn't have to go about setting it to allow all or the like, right?

Configured the pacman-key with the --init string followed by --populate archlinux. Didn't take long as I almost constantly generated entropy.

I set up Openbox (and Xfce separately) if Iwanna run either, which I probably will. I set up my sudoers file with nano (by removing vi to vi.old and symlinking nano as vi is a pain in the ass. I set up a second account with non-but will all permissions in the sudoers file and I also made a separate xinitrc file and separate openbox config files for it as I had made them for the root account first.

So far, everything's good.

Oh, and I'm not gonna use a login manager. Login in to my account in the Arch console and then type startx will automatically launch whatever DE or VM I've set up, and currently it launches Xfce.

Another thing, why won't Xfce's console recognize my keymap? I've set the general keymapping to "sv-latin1.map.gz" in rc.conf and it works for everything but Xfce's conolse (and Openbox's xterm). In Arch's console (before initializing startx) it understands my keymap. I'm gonna stick with the american (en_US.UTF-8) locale as I don't wanna have lame Swedish as Linux language (even though I am Swedish. That looks really gay.

EDIT: Regarding su and sudo, I like using sudo more per-terminal inputs.
EDIT2: I'm starting to get the hang of this, I hope.
EDIT3: You're probably wondering why I wanna run Arch. Well, you see, I saw this badass screenshot of this guy in a Swedish forum running arch where he had Openbox and a cool minimalistic layout. When he said he ran Arch and what was so good about it, I decided I wanted to run it too.

Last edited by CrazyGuy158; 07-16-2012 at 11:26 PM.
 
Old 07-16-2012, 11:51 PM   #4
TobiSGD
Moderator
 
Registered: Dec 2009
Location: Germany
Distribution: Whatever fits the task best
Posts: 17,148
Blog Entries: 2

Rep: Reputation: 4863Reputation: 4863Reputation: 4863Reputation: 4863Reputation: 4863Reputation: 4863Reputation: 4863Reputation: 4863Reputation: 4863Reputation: 4863Reputation: 4863
Quote:
Originally Posted by CrazyGuy158 View Post
I set up my sudoers file with nano (by removing vi to vi.old and symlinking nano as vi is a pain in the ass.
That is not the way to go and will automatically be reverted as soon as you get an update for vi. To use nano for visudo (and most other tasks that automatically start an command line editor) add
Code:
export EDITOR=nano
to your .bashrc.

Quote:
Another thing, why won't Xfce's console recognize my keymap? I've set the general keymapping to "sv-latin1.map.gz" in rc.conf and it works for everything but Xfce's conolse (and Openbox's xterm).
The keyboard mapping in X is handled independent from the one on the console. I added a file called 90-keyboard-layout.conf to the directory /etc/X11/xorg.conf.d/ with this content:
Code:
Section "InputClass"
	Identifier "keyboard-all"
	MatchIsKeyboard "on"
	MatchDevicePath "/dev/input/event*"
	Driver "evdev"
	Option "XkbLayout" "de"
	Option "XkbVariant" "nodeadkeys"
	Option "XkbOptions" "terminate:ctrl_alt_bksp"
EndSection
Of course you have to adapt that for the Swedish layout, but after that X should start with the right keyboard layout.

Quote:
I'm gonna stick with the american (en_US.UTF-8) locale as I don't wanna have lame Swedish as Linux language (even though I am Swedish. That looks really gay.
I also run all my systems with German keyboard layout, but en_US.UTF8, but for a different reason.
I am only active on international forums and it is much easier to get help (and search on the net) for English error-messages than for German ones.

Quote:
Regarding su and sudo, I like using sudo more per-terminal inputs.
That is up to your preferences of course. I just would recommend to avoid the NOPASSWD-option.

Quote:
Well, you see, I saw this badass screenshot of this guy in a Swedish forum running arch where he had Openbox and a cool minimalistic layout
Just keep in mind that Openbox is available for any distro, so if you at one point decide that Arch isn't the distro for you you still can have exactly the same layout and look on every other distro.
 
Old 07-17-2012, 09:58 AM   #5
CrazyGuy158
Member
 
Registered: Feb 2012
Posts: 105

Original Poster
Rep: Reputation: 1
Quote:
Originally Posted by TobiSGD View Post
That is not the way to go and will automatically be reverted as soon as you get an update for vi. To use nano for visudo (and most other tasks that automatically start an command line editor) add
Code:
export EDITOR=nano
to your .bashrc.
I thought about doing just that, but doesn't it leave a security hole? I thought I read that on the Archwiki.

Quote:
Originally Posted by TobiSGD View Post
The keyboard mapping in X is handled independent from the one on the console. I added a file called 90-keyboard-layout.conf to the directory /etc/X11/xorg.conf.d/ with this content:
Code:
Section "InputClass"
	Identifier "keyboard-all"
	MatchIsKeyboard "on"
	MatchDevicePath "/dev/input/event*"
	Driver "evdev"
	Option "XkbLayout" "de"
	Option "XkbVariant" "nodeadkeys"
	Option "XkbOptions" "terminate:ctrl_alt_bksp"
EndSection
Of course you have to adapt that for the Swedish layout, but after that X should start with the right keyboard layout.
Ok, thanks!

Quote:
Originally Posted by TobiSGD View Post
I also run all my systems with German keyboard layout, but en_US.UTF8, but for a different reason.
I am only active on international forums and it is much easier to get help (and search on the net) for English error-messages than for German ones.
I am active more on English forums than Swedish forums, so it's easier to get help if I need it, plus I think English looks better.

Quote:
Originally Posted by TobiSGD View Post
That is up to your preferences of course. I just would recommend to avoid the NOPASSWD-option.
The what and in what context?

Quote:
Originally Posted by TobiSGD View Post
Just keep in mind that Openbox is available for any distro, so if you at one point decide that Arch isn't the distro for you you still can have exactly the same layout and look on every other distro.
I know. I just like Arch better now as I get to shape it like I want. It's like a big pile of play-doh I can shape to my heart's content. ^^
 
Old 07-17-2012, 11:15 AM   #6
TobiSGD
Moderator
 
Registered: Dec 2009
Location: Germany
Distribution: Whatever fits the task best
Posts: 17,148
Blog Entries: 2

Rep: Reputation: 4863Reputation: 4863Reputation: 4863Reputation: 4863Reputation: 4863Reputation: 4863Reputation: 4863Reputation: 4863Reputation: 4863Reputation: 4863Reputation: 4863
Quote:
Originally Posted by CrazyGuy158 View Post
I thought about doing just that, but doesn't it leave a security hole? I thought I read that on the Archwiki.
Never heard of that and didn't find anything about that on the sudo page of the ArchWiki.

Quote:
The what and in what context?
The NOPASSWD option of sudo can be used to give you access to commands without having to type in a password. This can be useful for single commands that you use in scripting, but some inexperienced users set it up in a way that they don't have to give a password for any command, which is essentially the same as running the system as root. You shouldn't do that, unless you want that anyone who gains control over your user account (physically or remotely) will be able to do anything on the machine.
 
Old 07-17-2012, 11:32 AM   #7
CrazyGuy158
Member
 
Registered: Feb 2012
Posts: 105

Original Poster
Rep: Reputation: 1
Quote:
Originally Posted by TobiSGD View Post
Never heard of that and didn't find anything about that on the sudo page of the ArchWiki.
Quote:
Note that this can be a security hole since it allows the user to execute any program they wish simply by setting VISUAL or EDITOR.
https://wiki.archlinux.org/index.php...g_vi_with_nano

Quote:
Originally Posted by TobiSGD View Post
The NOPASSWD option of sudo can be used to give you access to commands without having to type in a password. This can be useful for single commands that you use in scripting, but some inexperienced users set it up in a way that they don't have to give a password for any command, which is essentially the same as running the system as root. You shouldn't do that, unless you want that anyone who gains control over your user account (physically or remotely) will be able to do anything on the machine.
Well, I always type in the password anyways.
 
Old 07-17-2012, 11:55 AM   #8
TobiSGD
Moderator
 
Registered: Dec 2009
Location: Germany
Distribution: Whatever fits the task best
Posts: 17,148
Blog Entries: 2

Rep: Reputation: 4863Reputation: 4863Reputation: 4863Reputation: 4863Reputation: 4863Reputation: 4863Reputation: 4863Reputation: 4863Reputation: 4863Reputation: 4863Reputation: 4863
Thanks for that link. Let me explain that. Normal users are not allowed to run visudo, you either must be root or in the sudoers-file. So this security hole applies in your case only to users that have access to your account and know your accounts password. In that case setting a program other than an editor for the use with visudo will be your least problem, since that user can do anything on the system anyways.
In short: This security hole applies to multi-user systems were other people than root are setup in the sudoers list with the right to use visudo. On single-user systems it shouldn't matter.
 
Old 07-17-2012, 11:58 AM   #9
CrazyGuy158
Member
 
Registered: Feb 2012
Posts: 105

Original Poster
Rep: Reputation: 1
Quote:
Originally Posted by TobiSGD View Post
Thanks for that link. Let me explain that. Normal users are not allowed to run visudo, you either must be root or in the sudoers-file. So this security hole applies in your case only to users that have access to your account and know your accounts password. In that case setting a program other than an editor for the use with visudo will be your least problem, since that user can do anything on the system anyways.
In short: This security hole applies to multi-user systems were other people than root are setup in the sudoers list with the right to use visudo. On single-user systems it shouldn't matter.
Ok, thanks for explaining it!
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Matrox Dual VGA extended display setup, Arch. Jesse W Linux - Software 4 05-29-2012 08:27 PM
[SOLVED] vbox 4.0.2 - guest sabayon5.4 on win7 - mnt local gentoo from vbox sabayon? shinystuffrox Linux - Virtualization and Cloud 1 03-04-2011 01:10 AM
[SOLVED] Setup printer in Arch Linux MTK358 Linux - General 3 02-22-2010 09:31 PM
Upgrading VBox 2.0.2 on Fedora 9 to VBox 2.0.6 fcquayso Linux - Newbie 2 12-10-2008 04:44 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Arch

All times are GMT -5. The time now is 05:30 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration