suggested disabling root account.

modified:   set_up_build_environments.md
This commit is contained in:
reaction.la 2022-06-18 19:21:04 +10:00
parent 566198a6d5
commit fb210a9b7a
No known key found for this signature in database
GPG Key ID: 99914792148C8388
4 changed files with 48 additions and 241 deletions

View File

@ -1,84 +0,0 @@
<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
<meta charset="utf-8" />
<meta name="generator" content="pandoc" />
<meta name="viewport" content="width=device-width, initial-scale=1.0, user-scalable=yes" />
<title>LICENSE</title>
<style>
code{white-space: pre-wrap;}
span.smallcaps{font-variant: small-caps;}
span.underline{text-decoration: underline;}
div.column{display: inline-block; vertical-align: top; width: 50%;}
div.hanging-indent{margin-left: 1.5em; text-indent: -1.5em;}
ul.task-list{list-style: none;}
.display.math{display: block; text-align: center; margin: 0.5rem auto;}
</style>
<style type="text/css">body {
max-width: 30em;
margin-left: 1em;
}
table {
border-collapse: collapse;
}
td, th {
border: 1px solid #999;
padding: 0.5rem;
text-align: left;
}
code{white-space: pre-wrap;
}
span.smallcaps{font-variant: small-caps;
}
span.underline{text-decoration: underline;
}
div.column{display: inline-block; vertical-align: top; width: 50%;
}
div.hanging-indent{margin-left: 1.5em; text-indent: -1.5em;
}
ul.task-list{list-style: none;
}
.display.math{display: block; text-align: center; margin: 0.5rem auto;
}
h1.title{text-align: center; font-size: xxx-large;
}
div.center {text-align:center;
}
div.centre {text-align:center;
}
table {
border-collapse: collapse;
}
td, th {
border: 1px solid #999;
padding: 0.5rem;
text-align: left;
}
</style>
<!--[if lt IE 9]>
<script src="//cdnjs.cloudflare.com/ajax/libs/html5shiv/3.7.3/html5shiv-printshiv.min.js"></script>
<![endif]-->
</head>
<body>
<header id="title-block-header">
<h1 class="title">LICENSE</h1>
</header>
<p>Copyright © 2021 reaction.la gpg key 154588427F2709CD9D7146B01C99BB982002C39F</p>
<p>This distribution of free software contains numerous other
distributions with other compatible free software licenses and copyrights.
Those files and directories are governed by their own license, and their
combination and integration into this project by this license and this
copyright, and anything in this distribution not otherwise licensed and
copyrighted in this distribution is governed by this license, and this
copyright.</p>
<p>Licensed under the Apache License, Version 2.0 (the “License”);
you may not use this distribution of software except in compliance with the License.
You may obtain a copy of the License at
<a href="https://directory.fsf.org/wiki/License:Apache-2.0" class="uri">https://directory.fsf.org/wiki/License:Apache-2.0</a></p>
<p>Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an “AS IS” BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.</p>
</body>
</html>

View File

@ -1,83 +0,0 @@
<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
<meta charset="utf-8" />
<meta name="generator" content="pandoc" />
<meta name="viewport" content="width=device-width, initial-scale=1.0, user-scalable=yes" />
<title>NOTICE</title>
<style>
code{white-space: pre-wrap;}
span.smallcaps{font-variant: small-caps;}
span.underline{text-decoration: underline;}
div.column{display: inline-block; vertical-align: top; width: 50%;}
div.hanging-indent{margin-left: 1.5em; text-indent: -1.5em;}
ul.task-list{list-style: none;}
.display.math{display: block; text-align: center; margin: 0.5rem auto;}
</style>
<style type="text/css">body {
max-width: 30em;
margin-left: 1em;
}
table {
border-collapse: collapse;
}
td, th {
border: 1px solid #999;
padding: 0.5rem;
text-align: left;
}
code{white-space: pre-wrap;
}
span.smallcaps{font-variant: small-caps;
}
span.underline{text-decoration: underline;
}
div.column{display: inline-block; vertical-align: top; width: 50%;
}
div.hanging-indent{margin-left: 1.5em; text-indent: -1.5em;
}
ul.task-list{list-style: none;
}
.display.math{display: block; text-align: center; margin: 0.5rem auto;
}
h1.title{text-align: center; font-size: xxx-large;
}
div.center {text-align:center;
}
div.centre {text-align:center;
}
table {
border-collapse: collapse;
}
td, th {
border: 1px solid #999;
padding: 0.5rem;
text-align: left;
}
</style>
<!--[if lt IE 9]>
<script src="//cdnjs.cloudflare.com/ajax/libs/html5shiv/3.7.3/html5shiv-printshiv.min.js"></script>
<![endif]-->
</head>
<body>
<header id="title-block-header">
<h1 class="title">NOTICE</h1>
</header>
<p>Copyright © 2021 reaction.la gpg key 154588427F2709CD9D7146B01C99BB982002C39F</p>
<p>The license of this software, and the licenses of the packages on which it
relies, grant the four software freedoms:</p>
<ol start="0" type="1">
<li>The freedom to run the program as you wish, for any purpose.</li>
<li>The freedom to study how the program works, and change it so it
does your computing as you wish.</li>
<li>The freedom to redistribute copies so you can help others.</li>
<li>The freedom to distribute copies of your modified versions to
others.</li>
</ol>
<p>This software is licensed under the <a href="LICENSE.html">apache 2.0 license</a>.</p>
<p>This product includes several packages, each with their own free software licence, referenced in the relevant files or subdirectories.</p>
<p>Or, in the case of Sqlite, the Sqlite blessing in place of a license, which is
morally though not legally obligatory on those that obey the
commandments of Gnon. See also the <a href="docs/contributor_code_of_conduct.html">contributor code of conduct</a>.</p>
</body>
</html>

View File

@ -1,72 +0,0 @@
<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
<meta charset="utf-8" />
<meta name="generator" content="pandoc" />
<meta name="viewport" content="width=device-width, initial-scale=1.0, user-scalable=yes" />
<title>Release Notes</title>
<style>
code{white-space: pre-wrap;}
span.smallcaps{font-variant: small-caps;}
span.underline{text-decoration: underline;}
div.column{display: inline-block; vertical-align: top; width: 50%;}
div.hanging-indent{margin-left: 1.5em; text-indent: -1.5em;}
ul.task-list{list-style: none;}
.display.math{display: block; text-align: center; margin: 0.5rem auto;}
</style>
<style type="text/css">body {
max-width: 30em;
margin-left: 1em;
}
table {
border-collapse: collapse;
}
td, th {
border: 1px solid #999;
padding: 0.5rem;
text-align: left;
}
code{white-space: pre-wrap;
}
span.smallcaps{font-variant: small-caps;
}
span.underline{text-decoration: underline;
}
div.column{display: inline-block; vertical-align: top; width: 50%;
}
div.hanging-indent{margin-left: 1.5em; text-indent: -1.5em;
}
ul.task-list{list-style: none;
}
.display.math{display: block; text-align: center; margin: 0.5rem auto;
}
h1.title{text-align: center; font-size: xxx-large;
}
div.center {text-align:center;
}
div.centre {text-align:center;
}
table {
border-collapse: collapse;
}
td, th {
border: 1px solid #999;
padding: 0.5rem;
text-align: left;
}
</style>
<!--[if lt IE 9]>
<script src="//cdnjs.cloudflare.com/ajax/libs/html5shiv/3.7.3/html5shiv-printshiv.min.js"></script>
<![endif]-->
</head>
<body>
<header id="title-block-header">
<h1 class="title">Release Notes</h1>
</header>
<p>To build and run <a href="./README.html">README</a></p>
<p><a href="docs/index.htm">pre alpha documentation (mostly a wish list)</a> (In order to read these on this local system, you must first execute the document build script <code>mkdocs.sh</code>, with <code>bash</code>, <code>sed</code> and <code>pandoc</code>)</p>
<p>This software is pre alpha and should not yet be released. It does
not work well enough to even show what it would do if it was
working</p>
</body>
</html>

View File

@ -176,10 +176,36 @@ Setting up an actual server is similar to setting up the virtual machine
modelling it, except you have to worry about the server getting overloaded
and locking up.
On an actual server, you probably want to totally disable passwords by corrupting the shadow file once you have `ssh` working.
On an actual server, it is advisable to enable passwordless sudo for one user.
issue the command `visudo` and edit the sudoers file to contain the line:
``` default
cherry ALL=(ALL) NOPASSWD:ALL
```
That user can now sudo any root command, with no password login nor ssh in for root. And can also get into the root shell with `sudo su -l root`
On an actual server, you may want to totally disable passwords to
accounts that have sensitive information by corrupting the shadow file
```bash
usermod -L root
usermod -L cherry
```
When an account is disabled in this manner, you cannot login at the
terminal, and may be unable to ssh in, but you can still get into it by `su -l cherry` from the root account. And if you have disabled the root account,
but have enabled passwordless sudo for one special user, you can still get
into the root account with `sudo -s` or `sudo su -l root` But if you disable
the root account in this manner without creating an account that can sudo
into root passwordless, you are hosed big time. So instead, once `ssh` is
working, give one user passwordless sudo, make sure you can ssh into that
account, and disable password and ssh access to the root account.
You can always undo the deliberate corruption by setting a new password,
providing you can somehow get into root.
```bash
passwd -D cherry
```
If a server is configured with an [ample swap file] an overloaded server will
@ -198,6 +224,26 @@ on wake. Swapping should never escalate to lockup, and if it does, bad
memory management design, though this misfeature seems common to
most operating systems.
When the OS detects the cpu idling while waiting for pages to be loaded
into memory, should disable one process so its pages do not get loaded for
a while, and derank all pages in memory that belong to that process, and
derank all pages that belong to processes waiting on that process. When the
cpu has idle time, and nothing to do for enabled processes, because
everything they need has been done, and is only awaiting for disabled
processes to get their pages loaded, then the OS can re-enable a disabled
process, whereupon its virtualed paged get loaded back into physical
memory, possibly resulting in some other process starting to thrash and
getting disabled. So instead paging out the least recently used page, pages out an entire process, and stalls it until the cpu is adequately responsive to the remaining processes, and has been adequately responsive for a little
while. This is inefficient, but it is a lot more efficient than a computer
thrashing on paging. If the computer is stalling waiting on page load, then
it is just running more processes than it can run, and the least recently used page algorithm is not going to accomplish anything useful. Some entire
processes just have to be paged out, and stay paged out, until the
remaining processes have completed and are idling. A thrashing computer
is not running anything at all. Better that is run some things, and from time
to time changes those things.
When the cpu has nothing to do because all the processes are waiting for pages to be loaded, something has to be done.
I prefer an ample swap file, larger than total memory, plus [thrash protect],
which will result in comparatively graceful degradation, plus the existence of
the file `/tmp/thrash-protect-frozen-pid-list` will tell you that your