getting permission denied as root trying to change /etc/hosts.deny
Linux - NewbieThis Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place!
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
getting permission denied as root trying to change /etc/hosts.deny
Hello everyone, have tried to give slackware a try for the third time but I am noob and don't know how to maneuver around well in a linux system. Need help setting up a good secure box. Any advice and guidance is greatly a appreciated. Thanks.
As the title states, I am getting "permission denied" from root login to change the "/etc/hosts.deny" settings this is the first step in oldskoolphreaks basic security advisory and I am needing help already. To those with patience and a willingness to teach I am your student. Please help. Thanks.
Log in as a regular user and use sudo to launch the editor as root in the terminal. Examples:
sudo vim /etc/hosts.deny
sudo emacs /etc/hosts.deny
sudo nano /etc/hosts.deny
If this doesn't work, be more descriptive about what the error was.
If you want to use a kde graphical text editor, then use "kdesu kedit /etc/hosts.deny", or create a new link to kedit (or kwrite) and in the advanced properties select "run as different user" and enter "root". That will let you launch the program as the root user.
Never log into the graphical desktop as root. That's another oldskoolphreaks basic security rule.
Thanks guys just to clarify: I was logged in as root from command line. I had not gotten into GUI mode when I tried to modifythe file.
From "xxxxx:~# /etc/hosts.deny"
I would get "-bash: /etc/hosts.deny: Permission denied"
I Tried jschiwal recommendation and entered
Xxxxx:~# vim /etc/hosts.deny
I got a prompt that I assume allied me to add the following rule.
# ALL: ALL
I did not know how to exit VIM, tried to type "exit" , "quit" , ":q" , "qa!“ nothing happened other than the letters being typed appeared on screen so I ended up having to reboot with ctrl+alt+del...
Not sure if i successfully changed the file so i tried to do it again, this time i typed:
Xxxxx~#: vim /etc/hosts.deny ALL: ALL
And got a warning.
Found a swap file by name "etc/etc/.hosts.deny.swp"
Owned by: root
File name: /etc/hosts.deny
User name: root. Host name: xxxxx
Process Id: 2124 (still running)
(1)(Another program may be editing the same file. If this is the case, be careful not to end up with two different instances of the same file when making changes. Quit, or continue with caution.
(2) An edit session for this file crashed.
If this is the case, use "recover" or "vim -r /etc/hosts.deny" to recover the changes (see":help recovery"). If you did this already, delete the swap file "/etc/.hosts.deny.swp" to avoid this message.
Everything looked normal. No additional info where I would expect to see the added rules.
#hosts.deny. this file describes the names of the hosts which are *not* allowed to use the local INET
services, as described by the 'usr/sbin/tcpd' server.
#version @(#)/etc/hosts.deny. 1.0. 05/28/93
#author: Fred n. Van kempen, <firstname.lastname@example.org
# end of hosts.deny
I can type ":q" and it works to exit the program and returns me to root prompt.
What I don't understand is if I should see the "ALL: ALL" rule I put in where all the # symbols are at... or somewhere before the
#end of .hosts.deny
I don't mean to pee in your punchbowl, but I would suggest you have a lot to learn about Linux before worrying about how to set up a host.deny file.
When you typed "/ext/hosts.deny", you were not telling the system you wanted to edit that file, you were telling the system you wanted to EXECUTE that file. And since the file is not executable you were getting an error message telling you that. This shows you have a very basic misunderstanding of how to use the command line. I don't say this to be mean. I say it because it is true, and you have a high potential to really hose up your system if you plod along as root on the command line without having any clue about what you are doing.
When you were "stuck" in vi and the letters you were typing were just being printed to the screen, that was because you were in vi's "insert mode". You would have had to hit the escape key to exit that mode, before you could exit the vi program. But you didn't know how to exit vi anyway, so getting out of insert mode wouldn't have helped you much. The reason your system warned you about finding a vi swap file the next time you tried to edit hosts.deny is because you had not exited vi cleanly when you shutdown the system, thus leaving the swap file which would have normally been deleted.
We all start learning all this at sometime, but I would recommend that you NOT edit any more files on your system as root until you have learned more about Linux. This is not knowledge you can just stumble into on your own from the command line and clarify the little details by asking a few questions in a forum such as this. At this point in your learning of Linux I would recommend you stick with the GUI ("Graphical User Interface") that is supplied by the distro you installed. As you learn the GUI, which is more like what you are used to in Windows (assuming that's the background you came from), you can pick up and study a book on basic command line usage. There is probably some book about command line in the "... For Dummies" series. I'm not calling you a dummy, but you do need to begin learning at the level where you are currently at, which is "rank beginner" I'm afraid. When you are learning, do your practicing in the /home filesystem. You will learn about /home in a basic book on Linux. Stay out of /etc, /usr ... actually, pretty much any place on your system other than /home. And don't use the root login while practicing.
BTW, :q in vi says "exit without saving". Probably not what you are wanting to do after editing a file. You will be warned that you have unsaved changes. You can say :q! to override that warning and exit anyway, or you can say :wq to save the changes and exit. But you shouldn't be editing system files using vi if you don't already know this. I'd hate to think the mess you'd make of a file hitting random keys trying to figure out how to exit, and then somehow manage to actually save that mangled file.
Press the 'i' key to enter the edit mode. Perform your edits, then press the ESC key to return to the command mode. Next you can press :wq to save your changes and quit the vim program. You may find another editor such as "nano" to be easier to use.
Using ALL:ALL in hosts.deny will block assess to all processes from all hosts unless they are included in hosts.allow.
I'd recommend reading the hosts_access man page. Select the (5) version.
The tcpd daemon which reads the hosts.deny file is used for programs written with the libwrap library. These programs often have config file entries which contain the same information as hosts.deny and hosts.allow. Look at the output of "ldd /usr/sbin/sshd". You will see libwrap and libpam being used. PAM is also used to control access, adding Authentication. Another example is Samba. You can have entries in smb.conf which control access by host. It uses the same libwrap library, so you can use smb.conf instead.
Its OK haertig, I'm taking no offense at what you said because it is absolutely correct. I don't know much of anything when it comes to using Linux. I have a lot to learn I thought this is how it was done, if I must pickup a begginers book then that is what I must do. Can you please recommend a specic one for me? I do have a windows background but even that was a beginners understanding. I would like to eventually be able to setup my system make it stable /secure and actually use it for more than web surfing and misc entertainment( music movies etc...) if you can direct me to book(s) that will ease the transition I would greatly appreciate it. Tried to read slack book but unless I get my hands in the mix I'm afraid i won't learn much. This is why I decided to jump right into it. Not that I'm not taking your advice but if everyone here does not mind I would like to continue learning while in the system. From my understanding if I mess up some setting/file I can always change it Back or better yet format and start over. I basically need a Linux mentor. If anyone reading this would like to be that please let me know. Thanks again to everyone thus far. Any other advice on where to get the knowledge I seek or a good starting place I would like to hear it. Thanks again everyone.
Just read the added posts. Jschiwal and heartig thank you guys I will fiddle around in the areas you advised trying to be more careful of what I enter and keys that I hit. I will also find a "dummies" book and try to get started reading. I'm sure this will make my questions more precise and help the learning process.
Damn, well looks like I managed to screw something up. I tried emacs and pressed a slew of keys trying to navigate my way around. I finally exited after Googling emacs commands and now when I try to use vim I get permission denied. Its as you said haertig I saved a mangled file. Its at these points in the past where I lost hope of learning linux and decided to take a hiatus. This time I will start from the very beginning. I am going to search for books now to see what I can find to make this time different.
There is nothing wrong with having a system "to learn on". And being willing to reinstall the OS if you get into a jam. Reinstalling the OS is certainly overkill, and not the recommended way to fix a system (usually), but that may be quicker for you than trying to figure out what you've done wrong and how to correct it. Just make sure this system you are experimenting on is not the one that contains your personal data that you don't have backups of. It is easily possible for you to mess things up so bad that your system is not re-bootable when you are editing system files as root.
What might be better for you, is to boot with a "LiveCD". That way the OS is freshly loaded off the CD/DVD every time you reboot. All the "files" you are editing during practice are actually stored in memory, not on hard disk, from one of these LiveCDs. So if you hose things up, reboot from that LiveCD, and all your hosed up files are magically repaired and you have a pristine system to play with again. You don't have to reinstall anything. The downside is that booting from CD takes a few minutes whereas booting from hard disk takes a few seconds. But if you don't habitually hose things up so bad that you have to reboot all the time, taking a few minutes to boot from CD every now and then will not be a problem.
BTW, you can use any Linux distro to learn the commandline. I'm not sure how you chose Slackware. Maybe because it is sometimes called a "command line distro"? But every distro has a command line. In Slackware you pretty much NEED to use the commandline. In other distros, you CAN use the commandline, but aren't necessarily REQUIRED to. Nothing wrong with Slackware. I love it. But it will not do much hand-holding for you as other distros might. Slackware users tend to be the more experienced gurus who know pretty much everything about everything in Linux and can run the commandline in their sleep typing with their toes. Not saying you have to be that to use Slackware, but that's just kind of the way things tend to turn out. If you have a broken computer, any computer, any OS, your best chance of help is to find a friendly Slackware user to assist you.
Lol, yes you are right again. The system I chose is a standby system I have. I wanted to install slack ware and learn as much asi could. I got into slack ware because a friend of mine was very much into Linux and he introduced me to slack. He moved a short time later and I was left with a taste for Linux that could never be satisfied by my knowledge. Ever since then I have wanted to try and pick it back up but I was always left needing to know more. This time I am hoping to put in lots more time and effort to get into Linux as I should have back then. I really like slack ware and what it has to offer. I have been told that other distros are easier to learn but I'm not in it for "the easy" part. The level of Linux I want to learn starts with slack so that is where my aim is at. I went online and found some books to put on this kindle to read. I will be reading and then Placing questions here when necessary. Thanks for the advice thus far, perhaps you can be my friendly Linux teacher although I suppose by not having already suggested that yourself you may have better things to do than hold my hand. I will appreciate any further help you may provide should you ever see a post of mine. Thanks
Vim has a tutor. You don't need to become a vim expert, but you do need to learn the basics. The search/replace command uses the same syntax as the SED command, which is why I prefer vim. Some files such as sudoers and passwd need to be edited using a special program that checks for syntax errors. These programs use vim so you need to learn it anyway. Also, if you have a problem booting, and are dropped into the command shell in the initrd environment, a minimal version of vim is what is available.