I thought I understood (vaguuly) the reasons for .profile and .kshrc or, for bash, .bash_profile and .bashrc but on this new Fedora system it doesn't work as I expect. The system boots and runs gdm which allows me to log in and, as far as I can see, my .profile (or my .bash_profile) *never* gets executed. Surely it's supposed to get executed at least once when you first log in, but it's not getting executed here for me. If I ssh into the system then the .profile gets executed (as expected by a 'login' shell), but isn't gdm (or kdm, or xdm) meant to do the login shell bit for you before starting your window manager? -- Chris Green
On 12-Mar-07 Eur Ing Chris Green wrote:
I thought I understood (vaguuly) the reasons for .profile and .kshrc or, for bash, .bash_profile and .bashrc but on this new Fedora system it doesn't work as I expect.
The system boots and runs gdm which allows me to log in and, as far as I can see, my .profile (or my .bash_profile) *never* gets executed. Surely it's supposed to get executed at least once when you first log in, but it's not getting executed here for me.
If I ssh into the system then the .profile gets executed (as expected by a 'login' shell), but isn't gdm (or kdm, or xdm) meant to do the login shell bit for you before starting your window manager?
-- Chris Green
I would certainly have expected so, since *dm certainly emulates a login when asking you for userid/passwd before starting up the window manager. I've tried poking around on an old SuSE (which has kdm) with locate dmrc locate kdm | grep conf without coming up with anything which made reference to login etc. So probaboy I can't help! However, I would make the comment that very eary on I gave up on using a login display manager, since I simply didn't like it and didn't need it. I've always set things up to boot into the cosole prompt, where I can do a "primitive" login as root (drop back to it with Ctrl-Alt-F1 for scruff-of-the-neck purposes), plus one as ted from which I then "startx &". So by then I'm logged in and my .bashrc, .profile get executed. Plus, I know exactly where I stand! Best wishes, Ted. -------------------------------------------------------------------- E-Mail: (Ted Harding) <ted.harding@nessie.mcc.ac.uk> Fax-to-email: +44 (0)870 094 0861 Date: 12-Mar-07 Time: 16:29:13 ------------------------------ XFMail ------------------------------
On Mon, 2007-03-12 at 16:29 +0000, ted.harding@nessie.mcc.ac.uk wrote:
I've always set things up to boot into the cosole prompt, where I can do a "primitive" login as root (drop back to it with Ctrl-Alt-F1 for scruff-of-the-neck purposes), plus one as ted from which I then "startx &". So by then I'm logged in and my .bashrc, .profile get executed. Plus, I know exactly where I stand!
Well I certainly hope your machines are in a secure area where nobody else can access the console, because it sounds like I could walk up to one of them and stab ctrl-alt-f1 and have root :-) I guess if we are talking private machines in your house it is not so much of a problem, but if I so much as go out of line of sight of a machine at many of my clients whilst leaving it logged into a privileged account I would never be invited back.
On 12-Mar-07 Wayne Stallwood wrote:
On Mon, 2007-03-12 at 16:29 +0000, ted.harding@nessie.mcc.ac.uk wrote:
I've always set things up to boot into the cosole prompt, where I can do a "primitive" login as root (drop back to it with Ctrl-Alt-F1 for scruff-of-the-neck purposes), plus one as ted from which I then "startx &". So by then I'm logged in and my .bashrc, .profile get executed. Plus, I know exactly where I stand!
Well I certainly hope your machines are in a secure area where nobody else can access the console, because it sounds like I could walk up to one of them and stab ctrl-alt-f1 and have root :-)
I guess if we are talking private machines in your house it is not so much of a problem,
Yes, that is exactly my situation; and if I found you (unexpectedly) walking up to one of my machines ... !!!!
but if I so much as go out of line of sight of a machine at many of my clients whilst leaving it logged into a privileged account I would never be invited back.
Yes, I do appreciate that in a more "public" situation things would need to be arranged differently. In particular, I would not leave root logged in. And I would probaby re-write the "boot" sequence so that no-one (not even the human entity with genuine privileges) could do anything without knowing the root password. Thanks, Ted. -------------------------------------------------------------------- E-Mail: (Ted Harding) <ted.harding@nessie.mcc.ac.uk> Fax-to-email: +44 (0)870 094 0861 Date: 13-Mar-07 Time: 00:21:33 ------------------------------ XFMail ------------------------------
On Tue, 13 Mar 2007, ted.harding@nessie.mcc.ac.uk wrote:
On 12-Mar-07 Wayne Stallwood wrote:
On Mon, 2007-03-12 at 16:29 +0000, ted.harding@nessie.mcc.ac.uk wrote:
I've always set things up to boot into the cosole prompt, where I can do a "primitive" login as root (drop back to it with Ctrl-Alt-F1 for scruff-of-the-neck purposes), plus one as ted from which I then "startx &". So by then I'm logged in and my .bashrc, .profile get executed. Plus, I know exactly where I stand!
Well I certainly hope your machines are in a secure area where nobody else can access the console, because it sounds like I could walk up to one of them and stab ctrl-alt-f1 and have root :-)
I guess if we are talking private machines in your house it is not so much of a problem,
Yes, that is exactly my situation; and if I found you (unexpectedly) walking up to one of my machines ... !!!!
but if I so much as go out of line of sight of a machine at many of my clients whilst leaving it logged into a privileged account I would never be invited back.
Yes, I do appreciate that in a more "public" situation things would need to be arranged differently. In particular, I would not leave root logged in. And I would probaby re-write the "boot" sequence so that no-one (not even the human entity with genuine privileges) could do anything without knowing the root password.
That's almost impoosible to do I think, if someone has physical access to your hardware, you're already in trouble. Password protected bootladers are easily bypassed, and passing certain variables to the kernel at boot time make gaining root a trivial task, not mentioning someone just stealing your disks! :) Cheers. -Mark ----------------------------------------------------------- This message may contain confidential and/or privileged information. This information is intended to be read only by the individual or entity to whom it is addressed. If you are not the intended recipient, you are on notice that any review, disclosure, copying, distribution or use of the contents of this message is strictly prohibited. If you have received this message in error, please notify the sender immediately and delete or destroy any copy of this message.
On Tue, 2007-03-13 at 09:07 +0000, Mark Ridley wrote:
That's almost impoosible to do I think, if someone has physical access to your hardware, you're already in trouble. Password protected bootladers are easily bypassed, and passing certain variables to the kernel at boot time make gaining root a trivial task, not mentioning someone just stealing your disks! :)
Agreed if you have physical access it is possible to break into pretty much any system, however it's all about closing off possible attack vectors. The tricks you mention are more intrusive and may be picked up by monitoring systems etc. Things like password protected bootloaders are just speedbumps to slow down an attacker or increase their chances of being detected. It's a bit like locking a car door, it is trivial for a thief to break a side window but doing so it more likely to get them noticed, therefore it is worthwhile even though on it's own it only offers a tiny barrier to someone attempting to break in.
On Tue, Mar 13, 2007 at 09:07:54AM +0000, Mark Ridley wrote:
On Tue, 13 Mar 2007, ted.harding@nessie.mcc.ac.uk wrote:
but if I so much as go out of line of sight of a machine at many of my clients whilst leaving it logged into a privileged account I would never be invited back.
Yes, I do appreciate that in a more "public" situation things would need to be arranged differently. In particular, I would not leave root logged in. And I would probaby re-write the "boot" sequence so that no-one (not even the human entity with genuine privileges) could do anything without knowing the root password.
That's almost impoosible to do I think, if someone has physical access to your hardware, you're already in trouble. Password protected bootladers are easily bypassed, and passing certain variables to the kernel at boot time make gaining root a trivial task, not mentioning someone just stealing your disks! :)
Absolutely, any machine to which you have physical access can be 'broken into' within a few minutes. The *only* thing that would protect data to any significant extent would be having an encrypted file system. -- Chris Green
participants (4)
-
Eur Ing Chris Green -
Mark Ridley -
ted.harding@nessie.mcc.ac.uk -
Wayne Stallwood