LinuxQuestions.org
View the Most Wanted LQ Wiki articles.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices

Reply
 
Search this Thread
Old 03-23-2013, 02:00 AM   #1
silverdrgn
Member
 
Registered: Mar 2005
Location: Texas
Distribution: slackware, slackware
Posts: 41

Rep: Reputation: 15
getting permission denied as root trying to change /etc/hosts.deny


Hello everyone, have tried to give slackware a try for the third time but I am noob and don't know how to maneuver around well in a linux system. Need help setting up a good secure box. Any advice and guidance is greatly a appreciated. Thanks.

As the title states, I am getting "permission denied" from root login to change the "/etc/hosts.deny" settings this is the first step in oldskoolphreaks basic security advisory and I am needing help already. To those with patience and a willingness to teach I am your student. Please help. Thanks.
 
Old 03-23-2013, 06:08 AM   #2
ukiuki
Senior Member
 
Registered: May 2010
Location: Planet Earth
Distribution: Debian
Posts: 1,026

Rep: Reputation: 333Reputation: 333Reputation: 333Reputation: 333
Wouldn't be better to setup a firewall to improve security?
This website has lots of good info about security: http://www.linuxsecurity.com/

Regards
 
Old 03-23-2013, 06:24 AM   #3
jpollard
Senior Member
 
Registered: Dec 2012
Location: Washington DC area
Distribution: Fedora, CentOS, Slackware
Posts: 1,982

Rep: Reputation: 512Reputation: 512Reputation: 512Reputation: 512Reputation: 512Reputation: 512
You have to be root to modify that file. If just anyone could do it, it would be useless.
 
Old 03-23-2013, 06:26 AM   #4
jschiwal
Guru
 
Registered: Aug 2001
Location: Fargo, ND
Distribution: SuSE AMD64
Posts: 15,733

Rep: Reputation: 654Reputation: 654Reputation: 654Reputation: 654Reputation: 654Reputation: 654
Log in as a regular user and use sudo to launch the editor as root in the terminal. Examples:
sudo vim /etc/hosts.deny
or
sudo emacs /etc/hosts.deny
or
sudo nano /etc/hosts.deny

If this doesn't work, be more descriptive about what the error was.

If you want to use a kde graphical text editor, then use "kdesu kedit /etc/hosts.deny", or create a new link to kedit (or kwrite) and in the advanced properties select "run as different user" and enter "root". That will let you launch the program as the root user.

Never log into the graphical desktop as root. That's another oldskoolphreaks basic security rule.
 
1 members found this post helpful.
Old 03-23-2013, 11:53 PM   #5
silverdrgn
Member
 
Registered: Mar 2005
Location: Texas
Distribution: slackware, slackware
Posts: 41

Original Poster
Rep: Reputation: 15
Thanks guys just to clarify: I was logged in as root from command line. I had not gotten into GUI mode when I tried to modifythe file.
From "xxxxx:~# /etc/hosts.deny"
I would get "-bash: /etc/hosts.deny: Permission denied"

I Tried jschiwal recommendation and entered
Xxxxx:~# vim /etc/hosts.deny

I got a prompt that I assume allied me to add the following rule.
# ALL: ALL

I did not know how to exit VIM, tried to type "exit" , "quit" , ":q" , "qa!“ nothing happened other than the letters being typed appeared on screen so I ended up having to reboot with ctrl+alt+del...
Not sure if i successfully changed the file so i tried to do it again, this time i typed:
Xxxxx~#: vim /etc/hosts.deny ALL: ALL
And got a warning.

E325: Attention
Found a swap file by name "etc/etc/.hosts.deny.swp"
Owned by: root
File name: /etc/hosts.deny
Modified: yes
User name: root. Host name: xxxxx
Process Id: 2124 (still running)

(1)(Another program may be editing the same file. If this is the case, be careful not to end up with two different instances of the same file when making changes. Quit, or continue with caution.
(2) An edit session for this file crashed.
If this is the case, use "recover" or "vim -r /etc/hosts.deny" to recover the changes (see":help recovery"). If you did this already, delete the swap file "/etc/.hosts.deny.swp" to avoid this message.

Swap file "etc/.hosts.deny.swp" already exists!
[O]pen Read-only, (e)dit anyway, (r)ecover' (q)uit, (a)bort:

I typed in (R) to recover since i assume the reboot caused this error message.

This is as far as i have gotten. I know this is simple to alot of folks but please have patience with me i really would like to learn as much as i can. Thank you.

Any further guidance is very much appreciated.
 
Old 03-24-2013, 12:11 AM   #6
silverdrgn
Member
 
Registered: Mar 2005
Location: Texas
Distribution: slackware, slackware
Posts: 41

Original Poster
Rep: Reputation: 15
OK I removed the file it told me delete.

Xxxxx~#: rm -r /etc/.hosts.deny.swp

Tried
#vim /etc/hosts.deny

Everything looked normal. No additional info where I would expect to see the added rules.

#
#hosts.deny. this file describes the names of the hosts which are *not* allowed to use the local INET
services, as described by the 'usr/sbin/tcpd' server.
#
#
#version @(#)/etc/hosts.deny. 1.0. 05/28/93
#
#author: Fred n. Van kempen, <waltje@uwalt.no.mugent.org
#
# end of hosts.deny
~
~
~
~
~
~
~
~
I can type ":q" and it works to exit the program and returns me to root prompt.

What I don't understand is if I should see the "ALL: ALL" rule I put in where all the # symbols are at... or somewhere before the
#end of .hosts.deny
 
Old 03-24-2013, 12:21 AM   #7
haertig
Senior Member
 
Registered: Nov 2004
Distribution: Debian, Ubuntu, LinuxMint, Slackware, SysrescueCD
Posts: 1,969

Rep: Reputation: 289Reputation: 289Reputation: 289
I don't mean to pee in your punchbowl, but I would suggest you have a lot to learn about Linux before worrying about how to set up a host.deny file.

When you typed "/ext/hosts.deny", you were not telling the system you wanted to edit that file, you were telling the system you wanted to EXECUTE that file. And since the file is not executable you were getting an error message telling you that. This shows you have a very basic misunderstanding of how to use the command line. I don't say this to be mean. I say it because it is true, and you have a high potential to really hose up your system if you plod along as root on the command line without having any clue about what you are doing.

When you were "stuck" in vi and the letters you were typing were just being printed to the screen, that was because you were in vi's "insert mode". You would have had to hit the escape key to exit that mode, before you could exit the vi program. But you didn't know how to exit vi anyway, so getting out of insert mode wouldn't have helped you much. The reason your system warned you about finding a vi swap file the next time you tried to edit hosts.deny is because you had not exited vi cleanly when you shutdown the system, thus leaving the swap file which would have normally been deleted.

We all start learning all this at sometime, but I would recommend that you NOT edit any more files on your system as root until you have learned more about Linux. This is not knowledge you can just stumble into on your own from the command line and clarify the little details by asking a few questions in a forum such as this. At this point in your learning of Linux I would recommend you stick with the GUI ("Graphical User Interface") that is supplied by the distro you installed. As you learn the GUI, which is more like what you are used to in Windows (assuming that's the background you came from), you can pick up and study a book on basic command line usage. There is probably some book about command line in the "... For Dummies" series. I'm not calling you a dummy, but you do need to begin learning at the level where you are currently at, which is "rank beginner" I'm afraid. When you are learning, do your practicing in the /home filesystem. You will learn about /home in a basic book on Linux. Stay out of /etc, /usr ... actually, pretty much any place on your system other than /home. And don't use the root login while practicing.
 
1 members found this post helpful.
Old 03-24-2013, 12:28 AM   #8
haertig
Senior Member
 
Registered: Nov 2004
Distribution: Debian, Ubuntu, LinuxMint, Slackware, SysrescueCD
Posts: 1,969

Rep: Reputation: 289Reputation: 289Reputation: 289
BTW, :q in vi says "exit without saving". Probably not what you are wanting to do after editing a file. You will be warned that you have unsaved changes. You can say :q! to override that warning and exit anyway, or you can say :wq to save the changes and exit. But you shouldn't be editing system files using vi if you don't already know this. I'd hate to think the mess you'd make of a file hitting random keys trying to figure out how to exit, and then somehow manage to actually save that mangled file.
 
1 members found this post helpful.
Old 03-24-2013, 12:41 AM   #9
jschiwal
Guru
 
Registered: Aug 2001
Location: Fargo, ND
Distribution: SuSE AMD64
Posts: 15,733

Rep: Reputation: 654Reputation: 654Reputation: 654Reputation: 654Reputation: 654Reputation: 654
Press the 'i' key to enter the edit mode. Perform your edits, then press the ESC key to return to the command mode. Next you can press :wq to save your changes and quit the vim program. You may find another editor such as "nano" to be easier to use.

Using ALL:ALL in hosts.deny will block assess to all processes from all hosts unless they are included in hosts.allow.

I'd recommend reading the hosts_access man page. Select the (5) version.

The tcpd daemon which reads the hosts.deny file is used for programs written with the libwrap library. These programs often have config file entries which contain the same information as hosts.deny and hosts.allow. Look at the output of "ldd /usr/sbin/sshd". You will see libwrap and libpam being used. PAM is also used to control access, adding Authentication. Another example is Samba. You can have entries in smb.conf which control access by host. It uses the same libwrap library, so you can use smb.conf instead.

Good Luck.

Last edited by jschiwal; 03-24-2013 at 12:44 AM.
 
Old 03-24-2013, 12:50 AM   #10
silverdrgn
Member
 
Registered: Mar 2005
Location: Texas
Distribution: slackware, slackware
Posts: 41

Original Poster
Rep: Reputation: 15
Its OK haertig, I'm taking no offense at what you said because it is absolutely correct. I don't know much of anything when it comes to using Linux. I have a lot to learn I thought this is how it was done, if I must pickup a begginers book then that is what I must do. Can you please recommend a specic one for me? I do have a windows background but even that was a beginners understanding. I would like to eventually be able to setup my system make it stable /secure and actually use it for more than web surfing and misc entertainment( music movies etc...) if you can direct me to book(s) that will ease the transition I would greatly appreciate it. Tried to read slack book but unless I get my hands in the mix I'm afraid i won't learn much. This is why I decided to jump right into it. Not that I'm not taking your advice but if everyone here does not mind I would like to continue learning while in the system. From my understanding if I mess up some setting/file I can always change it Back or better yet format and start over. I basically need a Linux mentor. If anyone reading this would like to be that please let me know. Thanks again to everyone thus far. Any other advice on where to get the knowledge I seek or a good starting place I would like to hear it. Thanks again everyone.
 
Old 03-24-2013, 12:55 AM   #11
silverdrgn
Member
 
Registered: Mar 2005
Location: Texas
Distribution: slackware, slackware
Posts: 41

Original Poster
Rep: Reputation: 15
Just read the added posts. Jschiwal and heartig thank you guys I will fiddle around in the areas you advised trying to be more careful of what I enter and keys that I hit. I will also find a "dummies" book and try to get started reading. I'm sure this will make my questions more precise and help the learning process.
 
Old 03-24-2013, 01:01 AM   #12
silverdrgn
Member
 
Registered: Mar 2005
Location: Texas
Distribution: slackware, slackware
Posts: 41

Original Poster
Rep: Reputation: 15
Damn, well looks like I managed to screw something up. I tried emacs and pressed a slew of keys trying to navigate my way around. I finally exited after Googling emacs commands and now when I try to use vim I get permission denied. Its as you said haertig I saved a mangled file. Its at these points in the past where I lost hope of learning linux and decided to take a hiatus. This time I will start from the very beginning. I am going to search for books now to see what I can find to make this time different.
 
Old 03-24-2013, 01:22 AM   #13
haertig
Senior Member
 
Registered: Nov 2004
Distribution: Debian, Ubuntu, LinuxMint, Slackware, SysrescueCD
Posts: 1,969

Rep: Reputation: 289Reputation: 289Reputation: 289
There is nothing wrong with having a system "to learn on". And being willing to reinstall the OS if you get into a jam. Reinstalling the OS is certainly overkill, and not the recommended way to fix a system (usually), but that may be quicker for you than trying to figure out what you've done wrong and how to correct it. Just make sure this system you are experimenting on is not the one that contains your personal data that you don't have backups of. It is easily possible for you to mess things up so bad that your system is not re-bootable when you are editing system files as root.

What might be better for you, is to boot with a "LiveCD". That way the OS is freshly loaded off the CD/DVD every time you reboot. All the "files" you are editing during practice are actually stored in memory, not on hard disk, from one of these LiveCDs. So if you hose things up, reboot from that LiveCD, and all your hosed up files are magically repaired and you have a pristine system to play with again. You don't have to reinstall anything. The downside is that booting from CD takes a few minutes whereas booting from hard disk takes a few seconds. But if you don't habitually hose things up so bad that you have to reboot all the time, taking a few minutes to boot from CD every now and then will not be a problem.

BTW, you can use any Linux distro to learn the commandline. I'm not sure how you chose Slackware. Maybe because it is sometimes called a "command line distro"? But every distro has a command line. In Slackware you pretty much NEED to use the commandline. In other distros, you CAN use the commandline, but aren't necessarily REQUIRED to. Nothing wrong with Slackware. I love it. But it will not do much hand-holding for you as other distros might. Slackware users tend to be the more experienced gurus who know pretty much everything about everything in Linux and can run the commandline in their sleep typing with their toes. Not saying you have to be that to use Slackware, but that's just kind of the way things tend to turn out. If you have a broken computer, any computer, any OS, your best chance of help is to find a friendly Slackware user to assist you.
 
1 members found this post helpful.
Old 03-24-2013, 03:15 AM   #14
silverdrgn
Member
 
Registered: Mar 2005
Location: Texas
Distribution: slackware, slackware
Posts: 41

Original Poster
Rep: Reputation: 15
Lol, yes you are right again. The system I chose is a standby system I have. I wanted to install slack ware and learn as much asi could. I got into slack ware because a friend of mine was very much into Linux and he introduced me to slack. He moved a short time later and I was left with a taste for Linux that could never be satisfied by my knowledge. Ever since then I have wanted to try and pick it back up but I was always left needing to know more. This time I am hoping to put in lots more time and effort to get into Linux as I should have back then. I really like slack ware and what it has to offer. I have been told that other distros are easier to learn but I'm not in it for "the easy" part. The level of Linux I want to learn starts with slack so that is where my aim is at. I went online and found some books to put on this kindle to read. I will be reading and then Placing questions here when necessary. Thanks for the advice thus far, perhaps you can be my friendly Linux teacher although I suppose by not having already suggested that yourself you may have better things to do than hold my hand. I will appreciate any further help you may provide should you ever see a post of mine. Thanks
 
Old 03-24-2013, 04:29 AM   #15
jschiwal
Guru
 
Registered: Aug 2001
Location: Fargo, ND
Distribution: SuSE AMD64
Posts: 15,733

Rep: Reputation: 654Reputation: 654Reputation: 654Reputation: 654Reputation: 654Reputation: 654
By the way, Slackware was started by an MSU student just across the river from were I live in Fargo.

You may want to start learning the permission system and using synod and chown. Consider adding another user or two so you can play around with groups.

There is a lot of nformation at the www.tldp.org webbsite. They have short guides as well as longer manuals. Scan through the Linux Filesystem Hierarchy Standard. You will learn where certain types of files are located. http://www.tldp.org/LDP/Linux-Filesy...tml/index.html

About 90 of the most important commands are supplied by a coreutils package.
http://www.gnu.org/software/coreutil.../coreutils.pdf

Vim has a tutor. You don't need to become a vim expert, but you do need to learn the basics. The search/replace command uses the same syntax as the SED command, which is why I prefer vim. Some files such as sudoers and passwd need to be edited using a special program that checks for syntax errors. These programs use vim so you need to learn it anyway. Also, if you have a problem booting, and are dropped into the command shell in the initrd environment, a minimal version of vim is what is available.

Good Luck. Remember to have fun learning Linux!

Last edited by jschiwal; 03-24-2013 at 04:30 AM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
mkdir throws Permission Denied error in a directoy even with root ownership and 777 permission surajchalukya Linux - Security 14 09-03-2012 08:34 AM
Access denied for NFS - but hosts.allow and hosts.deny seem OK royce2020 Linux - Networking 4 10-17-2011 10:44 PM
hosts.allow - permission denied rainlinux Linux - Newbie 14 10-06-2010 01:57 AM
updating the change of /etc/hosts.deny in AIX 4.3.3 zepplin611 AIX 7 07-18-2004 02:31 PM
IP still denied, after removed from hosts.deny anth2oo1 Linux - Security 13 05-06-2003 07:31 PM


All times are GMT -5. The time now is 06:49 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration