Linux

49221 readers
661 users here now

From Wikipedia, the free encyclopedia

Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).

Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word "Linux" in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.

Rules

Related Communities

Community icon by Alpár-Etele Méder, licensed under CC BY 3.0

founded 5 years ago
MODERATORS
401
402
27
submitted 1 month ago* (last edited 1 month ago) by LifeLemons@lemmy.ml to c/linux@lemmy.ml
 
 

When I started linux, I heard creating seperate user accounts for specific uses only is a good step to security in linux. I haven't tried it but after seeing concerns regarding some game launchers snooping around the os, I am trying to see how hard will it be to not let them. I only know the basics of user creation through GUI.

I wont be running games by the way, but I want to have this knowledge of user accounts in linux as a linux security enthusiast. I just want to create a user account where only apps or packages will run with no root access or access to outside its home folder. Even installing apps or packages should not require root to install and must be installed in that home folder and not /usr/bin or /lib. Should be like sandbox environment. I have complete control of permisions and processes of the app. Dont say about flatpak or virtual machines, not talking about that here, just plain old linux.

Note that I am not doing this out of paronoia but as a security enthusiast. I have heard about firejail, SE linux, and WhonixOS but just scratched the surface of it.

How should I do this? I need some sources to read all about linux user accounts.

403
 
 

For me, it's Shared GPU memory.

404
405
406
0
submitted 1 month ago* (last edited 1 month ago) by maniacalmanicmania@aussie.zone to c/linux@lemmy.ml
407
 
 

Hi folks,

I had first written about my attempts here: https://lemmy.zip/post/24041939

I got to learn a lot thanks to some very helpful lemmyist (thank you @chameleon@fedia.io !), but I ran into a wall and tried to persist alone for a while.

While my initial goal is still the same, I'm right now focusing on seeing whether I can rebuild an initramfs myself, excluding any customizations.

My setup is the following:

  • OS: Alpine Linux
  • Bootloader: Grub
  • OpenRC (no systemd)
  • Root in a LUKS encrypted partition
  • EFI firmware

When booting using the default initramfs:

mytestalpine:~# lsblk -o NAME,FSTYPE,FSVER,LABEL,UUID,FSAVAIL,FSUSE%,MOUNTPOINTS
NAME     FSTYPE      FSVER LABEL UUID                                 FSAVAIL FSUSE% MOUNTPOINTS
sda                                                                                  
├─sda1   vfat                    515E-70E4                             238.9M    20% /boot
├─sda2   swap                    667a53d2-dc82-4d2a-a121-63a75da51c24                [SWAP]
└─sda3   crypto_LUKS             73cada8c-5885-4334-b72b-b09b7f919d66                
  └─root ext4                    8613c4fe-dbc2-4a4e-9d41-3e7eaa8acf18      5G     3% /
sr0                                                                                  
mytestalpine:~# blkid
/dev/sda3: UUID="73cada8c-5885-4334-b72b-b09b7f919d66" TYPE="crypto_LUKS" PARTUUID="a900120b-4b78-4164-add8-f6a88eadb219"
/dev/sda1: UUID="515E-70E4" BLOCK_SIZE="512" TYPE="vfat" PARTUUID="83a340a7-ec05-4452-a775-178b5d3ea96e"
/dev/sda2: UUID="667a53d2-dc82-4d2a-a121-63a75da51c24" TYPE="swap" PARTUUID="cdddf0ec-5b8d-448f-a1c6-c9a97af06709"
/dev/mapper/root: UUID="8613c4fe-dbc2-4a4e-9d41-3e7eaa8acf18" BLOCK_SIZE="4096" TYPE="ext4"

Where I'm at:

  • I've created a custom dracut configuration file /etc/dracut.conf.d/base-initramfs.conf containing:
add_dracutmodules+=" crypt dm rootfs-block "
kernel_cmdline+=" rd.luks.uuid=luks-73cada8c-5885-4334-b72b-b09b7f919d66 "
  • I ran dracut --regenerate-all --force which yielded the following initramfs: -rwxr-xr-x 1 root root 10734241 Nov 27 22:56 /boot/initramfs-6.6.58-0-lts.img
  • I did not touch /etc/default/grub which contains:
GRUB_TIMEOUT=2
GRUB_DISABLE_SUBMENU=y
GRUB_DISABLE_RECOVERY=true
GRUB_CMDLINE_LINUX_DEFAULT="modules=sd-mod,usb-storage,ext4 cryptroot=UUID=73cada8c-5885-4334-b72b-b09b7f919d66 cryptdm=root rootfstype=ext4"
  • I entered my custom boot entry in /etc/grub.d/40_custom:
mytestalpine:~# cat /etc/grub.d/40_custom
#!/bin/sh
exec tail -n +3 $0
# This file provides an easy way to add custom menu entries.  Simply type the
# menu entries you want to add after this comment.  Be careful not to change
# the 'exec tail' line above.

menuentry 'Dracut entry' --class gnu-linux --class gnu --class os $menuentry_id_option 'gnulinux-lts-advanced-8613c4fe-dbc2-4a4e-9d41-3e7eaa8acf18' {
	load_video
	insmod gzio
	insmod part_gpt
	insmod fat
	set root='hd0,gpt1'

	if [ x$feature_platform_search_hint = xy ]; then
	  search --no-floppy --fs-uuid --set=root --hint-bios=hd0,gpt1 --hint-efi=hd0,gpt1 --hint-baremetal=ahci0,gpt1  515E-70E4
	else
	  search --no-floppy --fs-uuid --set=root 515E-70E4
	fi

	#search --no-floppy --fs-uuid --set=root 515E-70E4
	echo	'Loading Linux lts ...'
	linux	/vmlinuz-lts root=UUID=8613c4fe-dbc2-4a4e-9d41-3e7eaa8acf18 ro  modules=sd-mod,usb-storage,ext4 cryptroot=UUID=73cada8c-5885-4334-b72b-b09b7f919d66 cryptdm=root rootfstype=ext4 rd.shell rd.debug log_buf_len=1M 
	echo	'Loading initial ramdisk ...'
	initrd	/initramfs-6.6.58-0-lts.img
}

This was closely matched to the original boot entry.

  • I then ran grub-mkconfig -o /boot/grub/grub.cfg (at this point, not sure whether normal or not, I see mention of the original initramfs, but not mine:
Generating grub configuration file ...
Found linux image: /boot/vmlinuz-lts
Found initrd image: /boot/initramfs-lts
Warning: os-prober will not be executed to detect other bootable partitions.
Systems on them will not be added to the GRUB boot configuration.
Check GRUB_DISABLE_OS_PROBER documentation entry.
Adding boot menu entry for UEFI Firmware Settings ...
done
  • When attempting to boot into my entry in grub, I get a blank screen which hangs indefinitely where the only text visible is:
Loading Linux lts ...
Loading initial ramdisk ...
_
EFI stub: Loaded initrd from LINUX_EFI_INITRD_MEDIA_GUID device path

I've tried looking up the message but nothing seems to be giving hints at how I can fix it.

Is there something visibly wrong with what I'm doing? I've removed the quiet parameter and added debug flags to the kernel parameters but I'm doing able to get more information from the failed boot... Thanks!

Below is my entire grub conf:

/boot/grub/grub.cfg

mytestalpine:~# cat /boot/grub/grub.cfg
#
# DO NOT EDIT THIS FILE
#
# It is automatically generated by grub-mkconfig using templates
# from /etc/grub.d and settings from /etc/default/grub
#

### BEGIN /etc/grub.d/00_header ###
if [ -s $prefix/grubenv ]; then
  load_env
fi
if [ "${next_entry}" ] ; then
   set default="${next_entry}"
   set next_entry=
   save_env next_entry
   set boot_once=true
else
   set default="0"
fi

if [ x"${feature_menuentry_id}" = xy ]; then
  menuentry_id_option="--id"
else
  menuentry_id_option=""
fi

export menuentry_id_option

if [ "${prev_saved_entry}" ]; then
  set saved_entry="${prev_saved_entry}"
  save_env saved_entry
  set prev_saved_entry=
  save_env prev_saved_entry
  set boot_once=true
fi

function savedefault {
  if [ -z "${boot_once}" ]; then
    saved_entry="${chosen}"
    save_env saved_entry
  fi
}

function load_video {
  if [ x$feature_all_video_module = xy ]; then
    insmod all_video
  else
    insmod efi_gop
    insmod efi_uga
    insmod ieee1275_fb
    insmod vbe
    insmod vga
    insmod video_bochs
    insmod video_cirrus
  fi
}

if loadfont unicode ; then
  set gfxmode=auto
  load_video
  insmod gfxterm
fi
terminal_output gfxterm
if [ x$feature_timeout_style = xy ] ; then
  set timeout_style=menu
  set timeout=2
# Fallback normal timeout code in case the timeout_style feature is
# unavailable.
else
  set timeout=2
fi
### END /etc/grub.d/00_header ###

### BEGIN /etc/grub.d/10_linux ###
menuentry 'Alpine Linux v3.20, with Linux lts' --class gnu-linux --class gnu --class os $menuentry_id_option 'gnulinux-lts-advanced-8613c4fe-dbc2-4a4e-9d41-3e7eaa8acf18' {
	load_video
	insmod gzio
	insmod part_gpt
	insmod fat
	set root='hd0,gpt1'
	if [ x$feature_platform_search_hint = xy ]; then
	  search --no-floppy --fs-uuid --set=root --hint-bios=hd0,gpt1 --hint-efi=hd0,gpt1 --hint-baremetal=ahci0,gpt1  515E-70E4
	else
	  search --no-floppy --fs-uuid --set=root 515E-70E4
	fi
	echo	'Loading Linux lts ...'
	linux	/vmlinuz-lts root=UUID=8613c4fe-dbc2-4a4e-9d41-3e7eaa8acf18 ro  modules=sd-mod,usb-storage,ext4 cryptroot=UUID=73cada8c-5885-4334-b72b-b09b7f919d66 cryptdm=root rootfstype=ext4
	echo	'Loading initial ramdisk ...'
	initrd	/initramfs-lts
}

### END /etc/grub.d/10_linux ###

### BEGIN /etc/grub.d/20_linux_xen ###
### END /etc/grub.d/20_linux_xen ###

### BEGIN /etc/grub.d/25_bli ###
if [ "$grub_platform" = "efi" ]; then
  insmod bli
fi
### END /etc/grub.d/25_bli ###

### BEGIN /etc/grub.d/30_os-prober ###
### END /etc/grub.d/30_os-prober ###

### BEGIN /etc/grub.d/30_uefi-firmware ###
if [ "$grub_platform" = "efi" ]; then
	menuentry 'UEFI Firmware Settings' $menuentry_id_option 'uefi-firmware' {
		fwsetup
	}
fi
### END /etc/grub.d/30_uefi-firmware ###

### BEGIN /etc/grub.d/40_custom ###
# This file provides an easy way to add custom menu entries.  Simply type the
# menu entries you want to add after this comment.  Be careful not to change
# the 'exec tail' line above.

menuentry 'Dracut entry' --class gnu-linux --class gnu --class os $menuentry_id_option 'gnulinux-lts-advanced-8613c4fe-dbc2-4a4e-9d41-3e7eaa8acf18' {
	load_video
	insmod gzio
	insmod part_gpt
	insmod fat
	set root='hd0,gpt1'

	if [ x$feature_platform_search_hint = xy ]; then
	  search --no-floppy --fs-uuid --set=root --hint-bios=hd0,gpt1 --hint-efi=hd0,gpt1 --hint-baremetal=ahci0,gpt1  515E-70E4
	else
	  search --no-floppy --fs-uuid --set=root 515E-70E4
	fi

	#search --no-floppy --fs-uuid --set=root 515E-70E4
	echo	'Loading Linux lts ...'
	linux	/vmlinuz-lts root=UUID=8613c4fe-dbc2-4a4e-9d41-3e7eaa8acf18 ro  modules=sd-mod,usb-storage,ext4 cryptroot=UUID=73cada8c-5885-4334-b72b-b09b7f919d66 cryptdm=root rootfstype=ext4 rd.shell rd.debug log_buf_len=1M 
	echo	'Loading initial ramdisk ...'
	initrd	/initramfs-6.6.58-0-lts.img
}
### END /etc/grub.d/40_custom ###

### BEGIN /etc/grub.d/41_custom ###
if [ -f  ${config_directory}/custom.cfg ]; then
  source ${config_directory}/custom.cfg
elif [ -z "${config_directory}" -a -f  $prefix/custom.cfg ]; then
  source $prefix/custom.cfg
fi
### END /etc/grub.d/41_custom ###

Edit: corrected tagged user & formatting

408
 
 

A friend of mine mentioned that a much more efficient way to distro hop is to do it in a VM rather than boot an ISO every time. I've only ever used WINE and am unsure how to go about doing this.

What's the best way to try distro hopping and what are some easy-ish distros to try out temporarily?

I've been using Linux Mint Debian edition for a while now and am happy with it on my main machine, but want to try out some others on my spare just to make sure there's not another one that I like more.

409
410
 
 

The moment in the video: https://youtu.be/6KcV1C1Ui5s&t=938

411
 
 

I’ve been thinking of switching from btrfs to zfs but it seems like it’s quite a bit of work. Does anyone have any experience with this?

412
27
submitted 1 month ago* (last edited 4 weeks ago) by fin@sh.itjust.works to c/linux@lemmy.ml
 
 

I’ve recently switched to Linux (Debian Bookworm) because I was tired of all the bullshits I had to deal with when using Windows, especially when developing software.

Now I really have to use MS Office applications for my school. Libreoffice is good but not completely compatible with MSOffice, like I can’t use the log graph in the template provided. And their web apps are nearly unusable (especially with Firefox and its variants) , so I need desktop versions.

I can use VM maybe but I don’t want to pay for the Windows license.

How do you guys manage to open MS files appropriately?

Edit: 2024/12/26 I ended up using Windows inside KVM. It worked without license, and office seems to work fine

413
 
 

I have a dual boot Win 10/Debian setup on my laptop. I have not touched the Windows boot in months. There is nothing on there that needs saving.

How can I ditch the Windows partition and make it available as free space in Debian without damaging my Linux setup?

414
 
 

I want to setup a bunch of laptops to be web kiosks, I'll organize my wants into a list so that it's easier to skim:

  • Open a version of Firefox with the normal ui, tabs and all.
  • Automatically enters a session with no user input on reboot
  • Doesn't allow doing anything but interacting with Firefox (kinda obvious, kiosk and all)
  • Auto-login
  • Automatic updates, with them being applied on restart
  • Firefox settings reset on reboot

Nice to haves:

  • nice Plymouth screen to hide the scary code on startup.
  • completely block any attempts to change configuration on Firefox
  • ad-block
  • easy deployment to a bunch of machines.

If these sound like pretty strict requirements, they are, I'm doing this to attempt to get an internship by making my school's web kiosk laptops not suck (they currently run a janky install of Ubuntu 18.04)

Any help would be greatly appreciated, and I'd be glad to add more information.

415
 
 

it's so confusing that the order changes when adding IDENTICAL strings to BOTH filenames. Is this really how it's supposed to be?

416
 
 

I'm trying to come up with a elegant way of backing up my docker volumes. I don't really care about my host and the data on the host, because everything I do happens inside my docker containers and the mapped volumes. Some containers use mapped paths, but some others use straight up docker volumes.

I've started writing a script that inspects the containers, reads all the mount paths and then spins up another container to tar all the mounted paths.

docker run --rm --volumes-from $container_name-v /data/backup:/backup busybox tar cvf /backup/$container_name.tar $paths

So far so good, this works and I can write all backups to my storage and later sync them to an offsite backup space.

But error handling, (nice)logging and notifications using ntfy in case of success / errors / problems is going to suck in a bash script. Local backup file rollover and log file rollover also just suck if I have to do all this by hand. I'm able to use other languages to write this backup util but I don't want to start this project if there already is a ready made solution.

So the question, is there a utility that can simply schedule arbitrary bits of script, write nicer logs for these script bits, do file rollovers and run another script on success / error?
All the backup programs that I can find are more focused on backing up directories, permissions and so on.

417
418
419
 
 
420
 
 

Not sure if anybody on here is actually looking for one, but I went ahead and made a community for Tuxedo OS. The community is for the distro and not the computers (bc I only use the distro) but given that there is no tuxeo computers community rn its fine if you post stuff for the computers.

421
 
 

Hi all,

I'm currently using Zorin OS, but I'd like to perhaps explore other Linux distributions. Is it possible to dual-boot another distro, and then if I'm satisfied and after having installed all the apps I need, to erase my Zorin OS partition and only use the other, new distro?

422
423
424
 
 

back in the ubuntu days I used radiotray, but it seems not to be maintained anymore.

my next question is: is https://github.com/ebruck/radiotray-ng/releases/tag/v0.2.9 being maintained? it was last updated nov 10, but the page doesn't list the year.

I've also found some flatpak radio packages. Should I disregard radiotray and try any flatpak radio application?

What I liked of radiotray is that it was minimalist, simply click on it, choose a radio station and that was it, I didn't need to open a whole suite just to listen to radio online. Adding station was also very easy, just pasting a url.

425
view more: ‹ prev next ›