FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Debian > Debian User

 
 
LinkBack Thread Tools
 
Old 11-15-2010, 02:36 AM
 
Default Packages - what's the best way?

Your primary method of installing programs is going to be apt-get, especially if your new to linux. Apt is in essence a front end that runs ontop of dpkg and uses remote repositories to fetch, install, remove, and upgrade programs, including the dependences of those programs. This is a major advantage nowadays because before programs like apt all you had was dpkg and you had to work out the dependences yourself, many times layers of dependences. (e.g. Program you want depends on lib-x, which in turn depends on lib-y, which in turn depends on lib-z, and so forth)

Aptitude, synaptic, and the like are in turn front ends to apt, user interfaces to make it easier to manage packages.

It's your choice as to whether you wish to use a front end or apt directly, I guess some are intimidated by the command line and apt's many commands (apt-get, apt-cache, apt-key, etc.)

Personally I have studied and use apt directly but that's because graphical interfaces change too much for me, you upgrade a system and all the sudden you find the programs you like have totally changed, or have depreciated and been replaced. The Command Line isn't as fluctuate, it's practically universal, regardless of whether your system is debian based, red hat based, unix based, whatever...

TeddyB

-----Original Message-----
From: Rob Hurle <rob1940@gmail.com>
Date: Mon, 15 Nov 2010 14:22:13
To: <debian-user@lists.debian.org>
Reply-To: rob1940@gmail.com
Subject: Packages - what's the best way?

I'm quite new to debian and I'm getting my head around dpkg,
apt-get, aptitude and synaptic. Does anyone have advice on the best
way to handle a .deb package? Can I make up my own repository of .deb
packages and point apt-get at that to install packages? I've
installed one or two small things (gcc and gnu make) using dpkg, but I
wondered if there was a better way to do this. I've just downloaded
opera and it comes in a .deb package, so this is my next task. apt or
dpkg - or even synaptic?

Thanks for any help.

Rob Hurle

--
-----------------------------
Rob Hurle
ANU, College of Asia and the Pacific
School of Culture, History and Language
Histories of Asia and the Pacific
e-mail:* * * * * * * rob1940@gmail.com
Telephone (ANU): +61 2 6125 3169
Mobile (in VN):* +84 948 243 538
Mobile (in OZ):* +61 417 293 603
-----------------------------


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: http://lists.debian.org/AANLkTikprdp6ux8ZRC2AQL+E6LMnUeyMQyxafZyPozzk@mail .gmail.com
 
Old 11-15-2010, 02:54 AM
Bob Proulx
 
Default Packages - what's the best way?

Rob Hurle wrote:
> Does anyone have advice on the best way to handle a .deb package?

The easiest way is to not handle .deb files at all. Instead allow
apt-get to install the package and any dependencies from the network.

> Can I make up my own repository of .deb packages and point apt-get
> at that to install packages?

Yes. Many of us do that for packages that we create ourselves. But
if you are new to Debian then this isn't something I recommend for you
to do yet. Get some familiarity with the system before trying such
advanced topics.

> I've installed one or two small things (gcc and gnu make) using
> dpkg, but I wondered if there was a better way to do this.

What!? Why? In the future just use apt-get to install things that
you want.

$ sudo apt-get update
$ sudo apt-get install gcc
$ sudo apt-get install make

If you are compiling programs then you will want to install the
build-essential package at the least to pull in many of the tools that
you need.

$ sudo apt-get install build-essential

And if you have a package in mind that you want to tinker with and to
rebuild yourself in different ways then you can install all of the
build dependencies for that package.

$ sudo apt-get build-dep grep
$ sudo apt-get build-dep coreutils
$ sudo apt-get build-dep whatever

And if 'sudo' isn't configured for you then that is the first thing
that you will want to do. :-)

# visudo
rob ALL=(ALL) ALL

> I've just downloaded opera and it comes in a .deb package, so this
> is my next task. apt or dpkg - or even synaptic?

Yes. For Opera on Debian see the instructions on the wiki which go
into detail what you should do.

http://wiki.debian.org/Opera

Bob
 
Old 11-15-2010, 06:20 AM
Andrei Popescu
 
Default Packages - what's the best way?

On Du, 14 nov 10, 20:54:42, Bob Proulx wrote:
>
> And if 'sudo' isn't configured for you then that is the first thing
> that you will want to do. :-)
>
> # visudo
> rob ALL=(ALL) ALL

What's wrong with su?

Regards,
Andrei
--
Offtopic discussions among Debian users and developers:
http://lists.alioth.debian.org/mailman/listinfo/d-community-offtopic
 
Old 11-15-2010, 08:40 AM
Camaleón
 
Default Packages - what's the best way?

On Mon, 15 Nov 2010 14:22:13 +1100, Rob Hurle wrote:

> I'm quite new to debian and I'm getting my head around dpkg, apt-get,
> aptitude and synaptic. Does anyone have advice on the best way to
> handle a .deb package? Can I make up my own repository of .deb packages
> and point apt-get at that to install packages? I've installed one or
> two small things (gcc and gnu make) using dpkg, but I wondered if there
> was a better way to do this. I've just downloaded opera and it comes in
> a .deb package, so this is my next task. apt or dpkg - or even
> synaptic?

This is just my POW (and I'm quite new to Debian deb packaging system)
but here it goes :-)

apt-get / aptitude / synaptic (GUI based interface) are "repository"
based package managers, meaning they will resolve any dependency issue
you can encounter when installing packages form repos.

Repositories can be online based (ftp.debian.org) or local directory
based (you can have your own repository in your lan).

"dpkg" is a package manager, you can use it for installing standalone
packages (I did so for my UPS monitoring program that was only available
as a single ".deb" package from manufacturer's site).

In brief: I always try to get packages from Debian repositories (whenever
possible/available) and so using apt-get or synaptic. If not there, you
can download from upstream and install them locally... hoping not to get
a conflict, library missing or dependency error :-P

Recommended for reading:

Chapter 2. Debian package management
http://www.debian.org/doc/manuals/debian-reference/ch02.en.html

As for Opera:

http://wiki.debian.org/Opera

The last time I installed Opera was under openSUSE, but it was installed
without a glitch (yes, I remember I had to get the package directly from
Opera site)

Greetings,

--
Camaleón


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: pan.2010.11.15.09.40.39@gmail.com">http://lists.debian.org/pan.2010.11.15.09.40.39@gmail.com
 
Old 11-15-2010, 09:14 AM
"tv.debian@googlemail.com"
 
Default Packages - what's the best way?

>> On Mon, 15 Nov 2010 14:22:13 +1100, Rob Hurle wrote:
>> I'm quite new to debian and I'm getting my head around dpkg, apt-get,
>> aptitude and synaptic. Does anyone have advice on the best way to
>> handle a .deb package? Can I make up my own repository of .deb packages
>> and point apt-get at that to install packages? I've installed one or
>> two small things (gcc and gnu make) using dpkg, but I wondered if there
>> was a better way to do this. I've just downloaded opera and it comes in
>> a .deb package, so this is my next task. apt or dpkg - or even
>> synaptic?


Hi, if you want a simple gui solution you should have a look at gdebi,
comes in gnome and kde flavours. Gdebi can install local packages and
fetch any needed dependency from the configured repositories.
As for Opera it will drop it's own repo file under
/etc/apt/sources.list.d during installation, so once installed it will
be updated as any other package with apt-get/aptitude.


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 4CE10816.3030002@googlemail.com">http://lists.debian.org/4CE10816.3030002@googlemail.com
 
Old 11-15-2010, 12:50 PM
Kelly Clowers
 
Default Packages - what's the best way?

On Sun, Nov 14, 2010 at 23:20, Andrei Popescu <andreimpopescu@gmail.com> wrote:
> On Du, 14 nov 10, 20:54:42, Bob Proulx wrote:
>>
>> And if 'sudo' isn't configured for you then that is the first thing
>> that you will want to do. :-)
>>
>> * # visudo
>> * rob * * ALL=(ALL) ALL
>
> What's wrong with su?

It is the The Wrong Way(TM), because it involves giving everyone the
root password
and unlimited authority, and it has very little in the way of logging.

With sudo, you specifically log every command that gets run as root
and who did it,
each user uses their own password, and you can give as broad or as limited
permissions as you want.


Cheers,
Kelly Clowers


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: AANLkTi=tGgXYOgzH3ZYZHBnX6tk-1UvvEJHw=Q_aokRv@mail.gmail.com">http://lists.debian.org/AANLkTi=tGgXYOgzH3ZYZHBnX6tk-1UvvEJHw=Q_aokRv@mail.gmail.com
 
Old 11-15-2010, 03:11 PM
Tyler Smith
 
Default Packages - what's the best way?

Kelly Clowers <kelly.clowers@gmail.com> writes:

> On Sun, Nov 14, 2010 at 23:20, Andrei Popescu <andreimpopescu@gmail.com> wrote:
>> On Du, 14 nov 10, 20:54:42, Bob Proulx wrote:
>>>
>>> And if 'sudo' isn't configured for you then that is the first thing
>>> that you will want to do. :-)
>>>
>>> * # visudo
>>> * rob * * ALL=(ALL) ALL
>>
>> What's wrong with su?
>
> It is the The Wrong Way(TM), because it involves giving everyone the
> root password
> and unlimited authority, and it has very little in the way of logging.

Doesn't the 'ALL=(ALL) ALL' line give the user unlimited authority
anyways? Is there any security benefit to logging in as a user with
unlimited sudo access over just logging in as root?

I don't see the point of sudo *except* to allow fine-grained control to
select programs to select users. Using it to provide open access seems
counter-productive.

t




--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: 87k4ker2gj.fsf@guruji.demimonde">http://lists.debian.org/87k4ker2gj.fsf@guruji.demimonde
 
Old 11-15-2010, 05:46 PM
Blair Mason
 
Default Packages - what's the best way?

Kelly Clowers <kelly.clowers@gmail.com> writes:

>> On Sun, Nov 14, 2010 at 23:20, Andrei Popescu <andreimpopescu@gmail.com> wrote:
>>> On Du, 14 nov 10, 20:54:42, Bob Proulx wrote:
>>>>
>>>> And if 'sudo' isn't configured for you then that is the first thing
>>>>that you will want to do. :-)
>>>>
>>>> * # visudo
>>>> * rob * * ALL=(ALL) ALL
>>>
>>> What's wrong with su?
>>
>> It is the The Wrong Way(TM), because it involves giving everyone the
>> root password
>> and unlimited authority, and it has very little in the way of logging.

>Doesn't the 'ALL=(ALL) ALL' line give the user unlimited authority
>anyways? Is there any security benefit to logging in as a user with
>unlimited sudo access over just logging in as root?

>I don't see the point of sudo *except* to allow fine-grained control to
>select programs to select users. Using it to provide open access seems
>counter-productive.
>
>t

I'd have to agree, especially how many distros automatically give ALL permissions to all local users.* At least with su you have to *tell* them the root password, which means you have to trust them.* The BSD su's wheel group also serves this purpose.* Giving someone the right to sudo su seems (IMHO) to defeat the purpose of sudo.* I'm all for sudo over su (for things like halt, apt-get, etc.), but if you give users ALL permissions then you are basically creating multiple root passwords, thus (in theory) multiplying significantly the risk of a system breach.

Anyways, in the GUI world i'll second gdebi.* In the console world I find the easiest way is just to dpkg -i, and then if there are unmet dependencies run aptitude and let it autoresolve the dependencies (not very elegant, but the easiest way i've found).

rbmj



--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Archive: http://lists.debian.org/1673250935.312324.1289846790526.JavaMail.root@vzni t170078
 
Old 11-15-2010, 06:26 PM
Bob Proulx
 
Default Packages - what's the best way?

Tyler Smith wrote:
> Doesn't the 'ALL=(ALL) ALL' line give the user unlimited authority
> anyways?

It isn't about restricting privilege. Both have superuser privilege.
It is about the invocation environment.

The difference is that:

* 'sudo' uses your user password while 'su' uses root's password.
With sudo you manage your own password. With su you manage both
your password *and* root's password.

* 'sudo' uses your editing environment while 'su' uses root's. I am
an emacs users. Let's say that you are a vi user. If we both use
su then one of us will be frustrated because the command line
editing will be the wrong way for us. I leave it the default of
emacs and then you as a vi user get the wrong keys. You change it
to vi mode and then I as am emacs user get the wrong keys. But with
sudo each of us customize our own shell for our own preferences and
they don't conflict.

* With sudo if I leave the group then my account is disabled. You
don't have to change your password. You are using your password and
I don't know it. With su if I leave the group then you should
change the su password to prevent me from accessing it. Which means
that everyone that is sharing the root password needs to get the
update all at the same time. Sharing the root password is
problematic. Are you going to email it to them? Store it in a
readable only by root file on the system? Call everyone? None of
those problems with sudo.

* Other items that I didn't remember while typing this.

Sure if you are the only one using your own machine and nothing else
then it doesn't matter. If you are on your own farm and driving on
your own farm road then drive on any part of the road that you want!
You will see no advantage to any driving rule or convention if you are
the only vehicle on the road. But if you are sharing the road with
others that is when things like this become important.

There are some downsides too. Everything is a tradeoff of some type.

If you really want a root shell then there isn't anything preventing
either of these following. You are root and you can do what you want.

$ su

Or

$ sudo $SHELL # aka sudo -s

> Is there any security benefit to logging in as a user with
> unlimited sudo access over just logging in as root?

It isn't about security. Although the need to share passwords with su
makes it inherently less secure.

> I don't see the point of sudo *except* to allow fine-grained control to
> select programs to select users. Using it to provide open access seems
> counter-productive.

Accident prevention is an important safeguard. If you are operating
with your normal command line editing environment then you are less
likely to make mistakes. I find that most of my command line mistakes
have been when I have been out of my normal environment and finger
memory doesn't match. When operating as root mistakes can be much
more costly. Therefore I try to minimize those problems and create as
safe of an operating environment as possible. Safe working
environments are fun to work in. Risky ones are stressful.

Bob
 
Old 11-15-2010, 06:33 PM
"Boyd Stephen Smith Jr."
 
Default Packages - what's the best way?

In <87k4ker2gj.fsf@guruji.demimonde>, Tyler Smith wrote:
>Kelly Clowers <kelly.clowers@gmail.com> writes:
>> On Sun, Nov 14, 2010 at 23:20, Andrei Popescu <andreimpopescu@gmail.com>
>> wrote:
>>> On Du, 14 nov 10, 20:54:42, Bob Proulx wrote:
>>>> And if 'sudo' isn't configured for you then that is the first thing
>>>> that you will want to do. :-)
>>>>
>>>> # visudo
>>>> rob ALL=(ALL) ALL
>>>
>>> What's wrong with su?
>>
>> It is the The Wrong Way(TM), because it involves giving everyone the
>> root password
>> and unlimited authority, and it has very little in the way of logging.

Just want to interject that the logging in sudo is largely pointless if you
allow ALL binaries, any shell, or most editors to be executed directly. It is
quite east to subvert by invoking a shell or otherwise having the binary read
and fork()/exec() stuff.

>Doesn't the 'ALL=(ALL) ALL' line give the user unlimited authority
>anyways? Is there any security benefit to logging in as a user with
>unlimited sudo access over just logging in as root?
>
>I don't see the point of sudo *except* to allow fine-grained control to
>select programs to select users. Using it to provide open access seems
>counter-productive.

A shared password is a compromised password. Even when "ALL=(ALL) ALL" is
used, sudo avoids having the root password be shared, which is a good thing if
there are multiple administrators.

On a single-user system, many of the security enhancements that sudo provides
are rather pointless. However, in that situation using the NOPASSWD option
allows sudo to go the opposite way -- slightly less secure -- in favor of
(what some would call) more ease of use.

I encourage sudo use everywhere, because it is simply a better tool than su,
but for purposes of this thread any way you want to get root permissions is
fine.
--
Boyd Stephen Smith Jr. ,= ,-_-. =.
bss@iguanasuicide.net ((_/)o o(\_))
ICQ: 514984 YM/AIM: DaTwinkDaddy `-'(. .)`-'
http://iguanasuicide.net/ \_/
 

Thread Tools




All times are GMT. The time now is 01:04 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright ©2007 - 2008, www.linux-archive.org