Wrapped in gaffa

Programming, Art, Music, Philosophy, Politics

Archive for the ‘Ubuntu’ Category

Configuring Debian Squeeze with PolicyKit for sudo

with 7 comments

I’ve recently gone back to the roots and installed Debian testing to replace Ubuntu. I would like to keep the concept of a disabled root account from Ubuntu, I tried for a long time using trial and error until I Read The Fucking Man page and found the solution to configure PolicyKit for sudo users. I’ve chosen to use a new group I called admin like the one from Ubuntu, although using the sudo group would fit the purpose on my single user machine.

As usual:
su root
adduser <username> sudo
visudo

With visudo make sure you have a line like this:
%sudo ALL=(ALL) ALL

Expire the root password and set sudo mode in gnome:
sudo passwd -l root
gconftool --type bool --set /apps/gksu/sudo-mode true

Create the group admin and join it:
addgroup admin
adduser <username> admin

Edit /etc/polkit-1/localauthority.conf.d/50-localauthority.conf:

Change this:
[Configuration]
AdminIdentities=unix-user:0

To this:
[Configuration]
AdminIdentities=unix-user:0;unix-group:admin

This setup is the one I’ve chosen, with disabled root and a permissive sudo group. There is endless possibilities if you read the man pages of sudoers and pklocalauthority.

That’s it! I hope…

Ari had a an important comment to make:

That configuration file says not to edit it. Just copy the file to something like 90-customauthority.conf with the same customized contents.

Advertisements

Written by gaffa

2009-11-05 at 19:05

Posted in Debian, Gnome, Linux, Software, Ubuntu

Tagged with , , , , ,

Local DNS to work around censorship

with one comment

I live in Denmark and unfortunately that’s a country where courts don’t know the laws they judge by. Which means IFPI got through with a nationwide block of the site thepiratebay.org. The Pirate Bay is basically just a huge public torrent tracker, which means many Open Source projects are using it to distribute files (fx. the game Urban Terror) and even the Danish national television were distributing some files through it. I personally used it to distribute the Creative-Commons BBC documentary The Codebreakers for IOSN (a UN Development Programme).

At first I used /etc/hosts and manually entered the IPs, because I didn’t want to use an external DNS service. I don’t trust any outsiders with all my DNS lookups, I want all lookups except the blocked domains to go to my ISP. Unfortunately a static hosts file is just not the same as doing a DNS lookup for this kind of site. Fx. tracker.thepiratebay.org does not point to one single IP, but 8 different IPs. CNAME records like vip.tracker.thepiratebay.org points to tracker.thepiratebay.org. Another problem is when TPB decides to start a new site like trial.thepiratebay.org, then I have to manually add that domain to /etc/hosts after looking it up at TPBs own nameservers.

Today I decided to try a different approach than the static hosts file. I wanted to set up at DNS proxy. I went with pdnsd, which was very easy to set up. All I had to do was to install the packages pdnsd and resolvconf (on Ubuntu 8.04) and add the two entries below to the pdnsd.conf file. The router entry redirects any lookup not pointing at thepiratebay.org and its subdomains to my router. If you’re not using a router you could enter the IPs of your ISPs DNS servers instead of the IP of your router. The tpb entry is simply an entry that looks up any request for thepiratebay.org and its subdomains and nothing else. The servers used are TPBs own name servers.

server {
    label = "router";
    ip = 192.168.1.1;
    exclude = ".thepiratebay.org";
    policy = included;
}
 
server {
    label = "tpb";
    ip = 83.140.176.159
    ,    194.71.107.1
    ,    85.17.40.33
    ,    217.75.120.120
    ;
    include = ".thepiratebay.org";
    policy = excluded;
}

Written by gaffa

2009-02-15 at 19:41

Posted in Copyright, Linux, Politics, Software, Ubuntu

Tagged with