@BluishHumility in the pkgbuild file I believe
# Fix permissions
chmod -R 750 "$pkgdir"/etc/sudoers.d/
This line is the cause of the different permission from what you guys are packaging. Line 40
.
Though it does say # Fix permissions
@BluishHumility in the pkgbuild file I believe
# Fix permissions
chmod -R 750 "$pkgdir"/etc/sudoers.d/
This line is the cause of the different permission from what you guys are packaging. Line 40
.
Though it does say # Fix permissions
I canāt imagine why we would want to do that on purpose, although it does appear to be pretty intentionally set that way for one reason or another.
is it a security or stability issue?
i donāt know enough about how this OS works to determine this for myself.
Actually this PKGBUILD makes the /usr/share/polkit-1/rules.d/
directory world-executable as well.
package() {
install -d "$pkgdir"/etc
cp -rf "$srcdir"/$pkgname-$pkgver/etc "$pkgdir"
install -d "$pkgdir"/usr
cp -rf "$srcdir"/$pkgname-$pkgver/usr "$pkgdir"
# Fix permissions
chmod -R 750 "$pkgdir"/etc/sudoers.d/
chmod -R 750 "$pkgdir"/usr/share/polkit-1/rules.d/
chown -R root:polkitd "$pkgdir"/usr/share/polkit-1/rules.d
}
I think in general placing executable files in directories they should not be is a bad practice from a security standpoint, but these directories deal specifically with privilege escalation so it seems especially bad.
@garuda-team what do you guys think? Iām inclined to scrap those lines from the PKGBUILD but I am curious if anyone knows if they were added for a compelling reason.
I believe it got added due to Pacman complaining about permissions at some point, though, if thatās not the case we might of course remove it.
I wasnāt sure what you were talking about here, but I made a test branch for this package (Files Ā· bluish-branch Ā· Garuda Linux š¦ / Themes and Settings / Settings / Garuda common settings Ā· GitLab) so I could tweak the settings a little and see what happens.
When I remove the chmod
s out of the PKGBUILD, I get the Pacman complaining you are talking about:
:: Proceed with installation? [Y/n] y
(1/1) checking keys in keyring [----------------------------] 100%
(1/1) checking package integrity [----------------------------] 100%
(1/1) loading package files [----------------------------] 100%
(1/1) checking for file conflicts [----------------------------] 100%
(1/1) checking available disk space [----------------------------] 100%
warning: could not get file information for etc/sudoers.d/editor
warning: could not get file information for etc/sudoers.d/insults
warning: could not get file information for etc/sudoers.d/pwfeedback
warning: could not get file information for usr/share/polkit-1/rules.d/99-garuda.rules
:: Running pre-transaction hooks...
(1/1) Performing snapper pre snapshots for the following configurations...
==> root: 99
:: Processing package changes...
(1/1) reinstalling garuda-common-settings [----------------------------] 100%
warning: directory permissions differ on /etc/sudoers.d/
filesystem: 440 package: 755
warning: directory permissions differ on /usr/share/polkit-1/rules.d/
filesystem: 750 package: 755
Attempting to enable services...
Performing misc postinstall operations...
:: Running post-transaction hooks...
[...]
At that point I had already set /etc/sudoers.d/
to 440 based on this note in the ArchWiki:
Sudoers default file permissions
The owner and group for the
sudoers
file must both be 0. The file permissions must be set to 0440. These permissions are set by default, but if you accidentally change them, they should be changed back immediately or sudo will fail.# chown -c root:root /etc/sudoers # chmod -c 0440 /etc/sudoers
That is specifically about /etc/sudoers
, not the /etc/sudoers.d/
directory but I am kind of thinking the directory should get the same treatment.
After a little more tinkering around, I added back in the chmod
lines but like this:
[...]
chmod -R 440 "$pkgdir"/etc/sudoers.d/
chmod -R 440 "$pkgdir"/usr/share/polkit-1/rules.d/
[...]
This gave me a different output when I installed the package:
:: Proceed with installation? [Y/n] y
(1/1) checking keys in keyring [----------------------------] 100%
(1/1) checking package integrity [----------------------------] 100%
(1/1) loading package files [----------------------------] 100%
(1/1) checking for file conflicts [----------------------------] 100%
(1/1) checking available disk space [----------------------------] 100%
:: Running pre-transaction hooks...
(1/1) Performing snapper pre snapshots for the following configurations...
==> root: 101
:: Processing package changes...
(1/1) reinstalling garuda-common-settings [----------------------------] 100%
warning: directory permissions differ on /usr/share/polkit-1/rules.d/
filesystem: 750 package: 440
Attempting to enable services...
Performing misc postinstall operations...
:: Running post-transaction hooks...
It still complains about /usr/share/polkit-1/rules.d/
because the permissions are different, but not a peep about /etc/sudoers.d/
and I confirmed the configs installed as 440.
This made me realize the PKGBUILD for garuda-common-settings
is a red herring. Yes, it does chmod
those packages but itās only doing it to make them match the permissions the directory already has set on it. To correctly fix this issue, we need to figure out what is setting the permission on the directory in the first place, and fix that. Then we can fix the PKGBUILD so these files get deployed correctly.
Thatās going to have to wait for another day Iām afraid, at least as far as Iām concerned.
Never touch a running system
Maybe this has been lost in translation, I am not sure. How do you propose I test software changes without a running system? In my imagination?
Canāt you have this calculated?
Ok, no one understands my jokes either
This is all such great work from you that I can no longer keep up mentally.
Which in the end means that I get to paint more
Win, win
If I somehow broke this system and for whatever reason could not fix it, itās okayāIāll just boot up a different one. Donāt forget, Iām the weirdo that sets up like ten installations on every computer.
How could we?
And this is why.
Anyway, anyone that can or would do that (Is it still running?) can handle a little bit of circular logic with dignity and aplomb. We have faith in you.
That system is still up, no issues at all. The various installations come and go. If a system gets old or I never use it Iāll snap my fingers and vanish the subvolumes to free up space.
I add installations all the time, itās especially useful for ISO testing. I even set up a little āGaruda Startupā repo with a script that automates a lot of the setup routine (renaming the subvolumes and setting up the symlinks for the shared resources, etc): BluishHumility / garuda-startup-repo Ā· GitLab. I install the ISO, clone the repo, and run the script inside and poof I have all my settings and stuff just how I like them.
Iām not sure; it wonāt be easy if I keep constantly reminding everyone what a weirdo I am like this.
Iāve never known a Linux user that wasnāt a bit strange. Almost always in a good way (forgive those Red Hat people). So you really donāt stand out, even though you are an outstanding team member with excellent Linux knowledge.
Strange, weird, funny. Hunter S. could have been one of us had the timing been right.
Only the best people.
LOL just imagine what helluva hacker if only he banged keyboards and sniffed network packetsā¦
sorry I could not resist, feel free to memory hole this comment
I am running Garuda on an old Mac Pro 5,1 2012
It has two 2TB hard drives, a Xeon processor and 14GB RAM lol
I was cleaning out old text files & configs Iāve kept around for a time, and now no longer applyā¦ I ran across something from a friend, and an old friend of the Arch family, Jonathon Fernyhouh, a/k/a @jonathon R.I.P. It has nothing whatsoever to do with Linux. But it speaks volumes about the authorās character; always helpful, always friendly, always instructive.
Iām a coffee drinker. Teas are only okay with me, not much more. But my mom had loved them and I wanted to know more about them. This is what @jonathon wrote to me. If you would like to know more about Teas, this will do very well. Itās a bit long but Jon put a lot of himself into it. :
Tea novice, eh?
Well then.
There are several types of tea and some that are known as āteaā but arenāt really tea. Confused? Good. Teaās an adventure.
Tea is made by infusing the leaves of members of the Camellia sinensis plant. If itās not an infusion of leaves from that plant itās not truly tea but instead a ātisaneā. Herbal infusions, camomile tea, mate, are all really tisanes.
All teas or tisanes are brewed by steeping the leaves in hot water for a length of time. The longer it is steeped, the stronger the brew. The hotter the water, the stronger the brew. Generally, the darker the tea, the hotter the water (roughly, black at 90C, green at 70C, white at 60C).
Tea
Tea contains caffeine; the darker the tea, the more caffeine, but most caffeine can be removed by a ārinseā (pour off the initial hot water after 10 seconds or so). Bitterness is due to tannins; at the correct levels thatās what gives tea its quenching āaahā taste but if left brewing for too long gives the characteristic āstewedā flavour (some blends are designed to avoid that; e.g. Russian samovar blends).
Tea leaves are freshest when they are new growth - the tips of the new growth produce the freshest and least bitter tea (hence the brand name āPG Tipsā which is a bit of a misnomer now). Older growth is larger and so cheaper, but produces more bitter tea.
Tea is harvested in a number of āflushesā. First flush is the very first new growth of the season. You might come across 1-and-a-half and 2nd flush teas. I havenāt seen a tea labelled as 3rd flush but I suspect those would go into the cheaper teas (i.e. teabags).
Loose leaf vs teabag
Teabags are normally made to brew quickly. Cheap ones contain what amounts to tea dust or ground stalk. Theyāre generally a waste of money.
For a proper cup of tea you should always use loose-leaf. For standard ābuilderās teaā the rolled Assam or Kenyan teas are excellent - if you can get it, Ringtons is the best Iāve come across (start with their green bag, then move through to red, then blue).
If youāre after any other infusion, again loose-āleafā is the way to go. For a āfruityā infusion hibiscus flowers are better than any red berry.
There are several categories of tea. The most common are black and green.
Milk vs no milk vs lemon
This is a matter of taste and personal preference. Stronger teas will take milk as it reduces the tannin effect; you can have a stronger brew without the associated tongue-curl.
Lighter teas shouldnāt have milk added but some (e.g. Ceylons) go well with a little lemon. If the tea is already flavoured (e.g. Earl Grey) you donāt add lemon (and I wouldnāt add milk unless itās a very strong brew).
Tea types
Black
This is the ānormalā tea. Raw tea leaves are processed and produce a rich, dark liquor.
As with all teas, the origin and processing provides unique flavours - Yunnan vs Keemun, Assam vs Kenyan, Nepalese vs Darjeeling vs Ceylon.
This is one of the best parts of tea drinking - every tea is different.
Green
Less processed (fired or steamed) than black tea it produces a yellow-green liquor. Very sensitive to too-hot water. Green tea is a Chinese and Japanese staple.
As with black teas, plenty of variety. Dragonwell Lung Jing (with all the variant spellings) is probably my favourite so far; itās expensive but amazingly floral. Thereās a huge number to try though.
White
White tea is essentially tips of the tips of tea leaves - even just the buds - with minimal processing. It produces an incredibly light and clean liquor with almost no bitterness over an extended brewing period. Tends to be more expensive; cheaper batches include stalks too (which still work, but arenāt quite the same).
Oolong
A black tea but with a very specific processing technique. Chinese (or Taiwanese) in origin, very distinctive flavour. Not normally a starter tea.
Puerh (pu-erh, puāerh)
Now weāre talking. If youāve got to the puāerh teas youāve come a long way on your tea journey.
Puāerh teas are processed in a unique way (fermented) and left to mature for years - the best examples are decades old. Until fairly recently old tea was inaccessibly expensive, but with an obvious market, supply has increased to the point you can get a 15-year-old puāerh for about the same price as a green tea.
Puāerh has a very distinctive flavour. Woody, earthy, rich. It produces an almost purple liquor. I tend to drink mine quite strong (similar to a gongfu-style first infusion but without enough leaves for further infusions).
Flavoured vs non-flavoured
Tea can be flavoured by adding oils and spices. The most famous flavoured tea is probably Earl Grey which is a black tea given its famous flavour by added bergamot oil. Lady Grey is similar but with a lighter blend of teas.
Chai is a sweet spiced tea.
Other flavourings Iāve seen include orange oil and āmilkā, both in oolongs. Cheaper flavoured tea tends to taste quite artificial.
Jasmine tea (green tea flavoured with Jasmine) is often a favourite of the ladies. A Taiwanese girl I know takes hers with honey - too sweet for me, but worth trying.
Tea origins
There are three principal tea origins - China, the Indian subcontinent, Japan. Several African countries also produce tea (e.g. Kenya, Tanzania).
Tea grows best at higher altitudes, hence probably the best known teas growing in the Yunnan, and Assam regions. Chinese tea is also produced in the Fujian region, Taiwan is a special case, and Nepalese tea is, to my taste, the best there is. Japanese tea tends to be relatively expensive.
Different region = different climate = different tea.
Single-origin vs blends
Generally, blends are more consistent and are designed to provide a known flavour. Most commercial teas are blends; if you buy a bag of tea in a shop itās a blend.
Single-origin teas will vary batch by batch and season by season. Higher-quality single-origin teas are expensive but more consistent, and would be used for e.g. tea ceremonies; lower-quality single-origin teas are suitable for day-to-day drinking.
Tisanes
Pretty much anything can be infused - if itās edible you can infuse it.
Common tisanes include camomile and mate. Dandelion is also well worth trying (quite aniseed-like) as well as nettle.
You can get all sorts of fruit- and flower-based infusions too. You just have to experiment here.
Brewing essentials
āDonglesā
For brewing a single cup use a metal sprung tea ādongleā. Avoid plastic or silicone.
Tea pots
General-use
There are two main choices - ceramic vs metal. Ceramic pots need to be warmed before infusion. Metal pots donāt. Both benefit from a tea cosy to keep the tea warm during brewing, unless you heat the pot (e.g. put a metal pot on a stove to keep it warm).
You shouldnāt use the same pot for different tea types as flavours will linger. Using a black tea pot for green tea is a definite no-no.
Special purpose
Guangxi tea pots are porus and absorb tea over time. They should each be used for a single type of tea.
Glass infusers (e.g. the Chinese top-loaders) are great for controlling infusion times. Theyāre probably the best way to get the clearest idea of a teaās flavour as you can control all the brewing variables.
Where to buy
Aliexpress for Chinese-origin teas
UK, Ringtons for day-to-day black tea
UK, High Teas (London) for a wide variety of reasonably priced specialist teas
My favourite Tea is Earl Grey, made strong.
We drink a lot of tea here in Argentina, it is the second most common hot beverage to drink, after Mate. We also have the Tea time (with biscuits) and all.
Ultimately, M_J is hinting at power play (opinion, influence?), different forms of power and then believing this āconceptā exists.
Some one says A, and you say ok. Or you might say, maybe, I dont know? Or say, no, I donāt believe this matters at all.
My popular science understanding of physics (docs, some books etc) says that our perceptions are quite limited* (what we are aware, vision, hearing etc).
Human psyche is quite limited as isā¦ We see limited amount of El.mag wavelengths, hear limited amount of frequencies and like to believe we are masters of somethingā¦ We are, of our own creations.
Our belief in false gods is real. There probably is some kind of God, call it physical reality or āThe All Knowingā but our descriptions with words and trying to piece it together is and always will be limited.
Our day to day perception is basically where we put our focus onā¦ That does not mean we define what we see but thatās , then our life basically.
i was referring to how people see corporations, organizations and governmental apparatuses as legitimate real entities with the same rights as the small āgā gods aka living souls that mankind are.
John 10:
"22 And it was at Jerusalem the feast of the dedication, and it was winter. 23And Jesus walked in the temple in Solomonās porch. 24Then came the Jews round about him, and said unto him, How long dost thou make us to doubt? If thou be the Christ, tell us plainly. 25Jesus answered them, I told you, and ye believed not: the works that I do in my Fatherās name, they bear witness of me. 26But ye believe not, because ye are not of my sheep, as I said unto you. 27My sheep hear my voice, and I know them, and they follow me: 28And I give unto them eternal life; and they shall never perish, neither shall any man pluck them out of my hand. 29My Father, which gave them me, is greater than all; and no man is able to pluck them out of my Fatherās hand. 30I and my Father are one.
31Then the Jews took up stones again to stone him. 32Jesus answered them, Many good works have I shewed you from my Father; for which of those works do ye stone me? 33The Jews answered him, saying, For a good work we stone thee not; but for blasphemy; and because that thou, being a man, makest thyself God. 34Jesus answered them, Is it not written in your law, I said, Ye are gods? 35If he called them gods, unto whom the word of God came, and the scripture cannot be broken; 36Say ye of him, whom the Father hath sanctified, and sent into the world, Thou blasphemest; because I said, I am the Son of God? 37If I do not the works of my Father, believe me not. 38But if I do, though ye believe not me, believe the works: that ye may know, and believe, that the Father is in me, and I in him. 39Therefore they sought again to take him: but he escaped out of their hand,"