severity 291794 minor
tags 291794 - unreproducible
retitle 291794 Change README.Debian to be more clear on admin password at
install
thanks
Hello
On Fri, Jan 28, 2005 at 02:41:07AM -0500, Alfie Costa wrote:
> On 27 Jan 2005 at 7:29, Ola Lundqvist <[EMAIL PROTECTED]> wrote:
>
> > > It says in '/usr/share/doc/ntop/README.Debian': { quote deleted }
> > >
> > > It's not mandatory, there's a qualifying "may". If something needs to be
> > > done to get 'ntop' working, the installer script should do it.
> >
> > You need to set it if it is not there or you have configured in some
> > special way.
>
> You seem to be saying certain procedures are required for EVERY new install.
Yes.
> In that case the text "may need" is a bug, and should be revised.
> Suggestions...
That can be fixed.
> Before:
>
> At installation you may need to set the administration password.
>
> After:
>
> After installing 'ntop' for the first time, you must set the
> administration
> password.
>
> As is common when editing technical docs, correcting an ambiguous
> expression reveals other faults.
>
> It's unclear what "set the administration password" means. Root's password
> as
> applied to some part of 'ntop' I'm guessing, but as it's phrased it might
> mean
> a special 'ntop'-only password.
>
> Assuming it's just 'root' though, further revision is needed. What are we
> setting? A permission. For what? A daemon, program or file? How does one
> set
> it?
>
> 2nd try.
>
> Before:
>
> At installation you may need to set the administration password. You do
> that by running ntop with the option -A (or --set-admin-password). It
> will prompt you for the password and then exit. Now start the ntop
> daemon.
>
>
> After, with comments in {brackets}:
>
> After installing 'ntop' for the first time, you must set the
> administration
> password for {what? a daemon, program or file? which ones?}. You do
> that by running:
>
> ntop -A { make the code easy to cut and paste! }
>
> You'll be prompted for a root password, then the program will exit.
> This
> only needs to be done once. {Right?}
>
> Now start the ntop daemon. {How? When? Every time you use 'ntop'?
> Every
> time you reboot? Just once? Example code should be included. Also
> there
> should be some note of what to expect -- namely nothing. The daemon
> doesn't
> produce useful user output, just diagnostic cruft.}
>
> { Some mention of the 'top'-like user level 'ntop' should be here.
> Example:
> "Now that the {daemon/program/file's?} password has been set, and the
> deamon is running, you can run the user level program. If your user
> name is "bill" login as "bill", go online, then type 'ntop'." Or
> whatever. Perhaps further steps have to be taken so "bill" can use
> it. }
>
> Finally, here's a model example of what we're aiming for from the
> 'README.Debian' from 'lxdoom-svga':
>
> lxdoom-svga
> -----------
> If you want to run lsdoom, the lxdoom SVGAlib binary, as a normal user,
> it will need to be setuid root. You can accomplish this by using the
> following sequence of commands:
>
> dpkg-statoverride --add root root 4755 /usr/games/lsdoom
> chown root:root /usr/games/lsdoom
> chmod 4755 /usr/games/lsdoom
>
> This used to be automated via debconf, but is now left up to the user.
>
> -- Joe Drew <[EMAIL PROTECTED]>, Fri, 26 Mar 2004 23:43:36 -0500
>
> That's not perfect, but it's good enough. (He's afraid of 'debconf' too.)
> The
> commands given are easy to cut and paste. No guesswork or looking up
> switches
> in 'man' pages.
Tanks for the suggestions. I'll update the documentation.
> > As it is a password that is needed to be set and there are
> > no really good way to do that in postinst with debconf without creating
> > really bad security issues you need to that manually.
>
> I don't see much problem. The installer script is already running as root,
> it has access, (no need to ask for a password), why not do it then, or
> at least offer to.
That is not the problem. The problem is on how debconf works. To automate
this from debconf a question needs to be asked (as it formerly was done).
This result is stored in a database in clear text. That is the first
problem. The second problem is that it is not trivial to be sure that the
admin password have not already been set so if the administrator update
it manually it may be reset. And if I clear the field in debconf
(to fix case 1) it may in some cases reset the admin password for ntop
to something that the administrator do not want, like a null password. This
is the reason why there are security implications.
> > > ...a repeat of that question: On your system(s), does purging
> > > and reinstalling 'ntop' with the install script options 'ppp0' and 'ntop'
> > > work?
> >
> > No as I do not have a ppp0 interface.
>
> Much faster for you, but I wish you'd mentioned that earlier.
>
> HEY YOU modem users, if any are reading this: what are your results with
> installing 'ntop'?
>
> > apt-get remove --purge ntop
> > apt-get install ntop
> > (Read README.Debian file)
> > ntop -A
> > /etc/init.d/ntop start
> >
> > That will work for you.
>
> It hasn't so far. (cue audience booing...)
>
>
>
I'm quite sure that this has nothing to do with modem or ppp0
interface. It should not complain on permissions in that case.
It should complain on something else.
Regards,
// Ola
--
--------------------- Ola Lundqvist ---------------------------
/ [EMAIL PROTECTED] Annebergsslingan 37 \
| [EMAIL PROTECTED] 654 65 KARLSTAD |
| +46 (0)54-10 14 30 +46 (0)70-332 1551 |
| http://www.opal.dhs.org UIN/icq: 4912500 |
\ gpg/f.p.: 7090 A92B 18FE 7994 0C36 4FE4 18A1 B1CF 0FE5 3DD9 /
---------------------------------------------------------------
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
