I think the rationnal from old posts I read, is that originally, Linux users were limited to 8 characters for user name on old distros. Maybe that’s why.
o.k. - that is a reasonable reason
But is that documented anywhere?
If it is not, the flaw/error could not have been avoided.
thinking of it:
it doesn’t make sense, especially with larger multi user systems, that users with inevitably similar names cannot be told apart because of this
My Uni, even back in 1998, had thousands of users.
Can’t believe that such a restriction was there - and even still is.
(of course they gave us the account names - we did not get to choose them)
Remove (root) file with polkit example
create (javascript) file /etc/polkit-1/rules.d/50-pacnew-check.rules
/* manjaro-pacnew-checker */
polkit.addRule(function (action,subject) {
if (action.lookup("command_line") == "/usr/bin/sh -c rm /tmp/pacnew-check.file") {
return polkit.Result.YES;
}
});
in our bash script, at beginning :
cleanup() {
[ -f "/tmp/pacnew-check.file" ] && {
pkexec sh -c 'rm /tmp/pacnew-check.file'
}
}
trap cleanup EXIT
I also use pacnew-chaser
; it works as expected. It might be a welcome alternative to return to the official repo’s, if it were continually maintained.
rationale
The first programming language I learned was sequential BASIC, but that was on my own. Pascal was the first “real” programming language I learned in college, and even though I haven’t used it anymore in a long time, I still have fond memories of it, which is why I too have installed lazarus
.
Yep, similar thing here, albeit that in the case of the college I went to, it was only a couple of dozen user accounts.
I’m not sure whether it ever was in the official repos, or at least, for Manjaro. Maybe it was in Arch at some point.
Another kid of the 90s here, we also started with (Turbo)Pascal at college. I remember coding some simple game, cows and bulls i think, and some very simple encryption tool. But then it was also the dawn of WWW so i moved to html and css.
Ontopic: i use this simple script (the 30 sec waiting is to be sure everything is up and running on boot, it can be done with systemd and target of course but i did not bother)
#!/usr/bin/env bash
#
# pacnew checker
#
sleep 30
#check if libnotify is available
if ! [[ "$(which notify-send)" =~ (notify-send) ]]; then
echo ":: libnotify not found... sudo pacman -S libnotify"
exit 1
fi
#check for pacnew and notify
pacnews=($(/usr/bin/pacdiff -p --output|grep -v pacsave))
nb="${#pacnews[@]}"
if [[ $nb > 0 ]]; then
echo -e "\e[1;31m$nb .pacnew found in system \e[0m"
printf "%s\n" "${pacnews[@]}"
notify-send -u normal "Use DIFFPROG=meld pacdiff -s" "<span color='#ff1000' font='28px'><b>.PACNEW files found</b></span>"
fi
the use of
last
command should be stopped. It cuts the username to a specific length so it breaks if username is longer than 8 characters
Yes, this seems to be the case. last
command truncates the username to 8 chars.
I’m not sure what the officially sanctioned Arch or Manjaro way to do this in libalpm
hooks would be… but I’ve got a few possible solutions:
# lslogins from core/util-linux
# Control the formatted output (beware the --print0 option does not seem to work)
# Sort on ISO 8601 time lexicographically, remove root, and get the last user ID
user_id=$(lslogins --time-format=iso --noheadings --output UID,USER,LAST-LOGIN | sort -k 3 | awk '{ print $1 }' | grep -v '^0' | tail -n 1)
# Check whether it is >= UID 1000 (usually system accounts are below this)
if [[ "$user_id" -lt 1000 ]]; then
# It is a system account, default to first user UID
user_id=1000
else
# It is a normal user
: # no-op ... or do something else here
fi
# If we want the username... or any other field /etc/passwd entry, use cut
user_name="$(getent passwd "$user_id" | cut -d: -f1)"
gecos="$(getent passwd "$user_id" | cut -d: -f5)"
full_name="$(echo "$gecos" | cut -d, -f1)"
# Do something with the user ID and/or username
sudo -u "#$user_id" whoami
echo "Hello $full_name, your username is: $user_name, and your user ID is: $user_id"
Or, I guess @Ste74 could always use a shorter hack like $SUDO_USER
. I used something similar in a patch for vdhcoapp-bin
’s PKGBUILD
:
sudo -u "${SUDO_USER:-$(id -u -n 1000 )}"
like
$SUDO_USER
not with pamac ! pamac create a “clean” env (all entries : )
LANG=
LC_ADDRESS=
LC_IDENTIFICATION=
LC_MEASUREMENT=
LC_MONETARY=
LC_NAME=
LC_NUMERIC=
LC_PAPER=
LC_TELEPHONE
LC_TIME
PATH=/usr/local/sbin:/usr/local/bin:/usr/bin
USER=root
INVOCATION_ID=354541501ba345c48a79cc9baa275145
JOURNAL_STREAM=
SYSTEMD_EXEC_PID=
MEMORY_PRESSURE_WATCH=
MEMORY_PRESSURE_WRITE=
HTTP_USER_AGENT=Pamac/11.6.4_manjaro
SHLVL=1
with pacman ok (note: sometime test HTTP_USER_AGENT is usefull)
SUDO_COMMAND=/usr/bin/pacman -S yay
SUDO_USER=patrick
SUDO_UID=1000
SUDO_GID=984
HTTP_USER_AGENT=pacman/6.1.0 (Linux x86_64) libalpm/14.0.0
SHLVL=1
(same as run0 env
) with run0 pacman, much closer to pamac (both use polkit) but we have in addition
SUDO_USER=
SUDO_UID=
SUDO_GID=
Sorry for delay and thank you for report this. Please check the 0.6.7-3
release.
seem i forgot -w
flag from last
command:
~ last -h ✔
Usage:
last [options] [<username>...] [<tty>...]
Show a listing of last logged in users.
Options:
-<number> how many lines to show
-a, --hostlast display hostnames in the last column
-d, --dns translate the IP number back into a hostname
-f, --file <file> use a specific file instead of /var/log/wtmp
-F, --fulltimes print full login and logout times and dates
-i, --ip display IP numbers in numbers-and-dots notation
-n, --limit <number> how many lines to show
-R, --nohostname don't display the hostname field
-s, --since <time> display the lines since the specified time
-t, --until <time> display the lines until the specified time
-T, --tab-separated use tabs as delimiters
-p, --present <time> display who were present at the specified time
-w, --fullnames display full user and domain names
-x, --system display system shutdown entries and run level changes
--time-format <format> show timestamps in the specified <format>:
notime|short|full|iso
-h, --help display this help
-V, --version display version
For more details see last(1).
I’m such a moron, I even read the man page before reporting.
Thanks for the quick fix
mee too
I sent a PR while we’re at it, to fix the WIKI link button, and the FR language issues that reappeared when I asked to revert some changes back then (I pre-compiled the MO file and verified it works).
If you can include it in your next release that would be cool
And now, you use last -w
or polkit ??? EDITED
for polkit:
https://gitlab.manjaro.org/ste74/manjaro-pacnew-checker/-/tree/main?ref_type=heads
for polkit rule, why not create system directory as other files ? (more simple for install in PKGBUILD)
/etc/polkit-1/rules.d/
ATTENTION ! permisson on this dir is “special” (ls -ld /etc/polkit-1/rules.d => drwxr-x—)
https://gitlab.manjaro.org/packages/extra/manjaro-pacnew-checker/-/tree/main?ref_type=heads
TODO update …
- add rule to pkgbuild
- in script .sh, delete last_user and sudo (BUG “-w” is here)
And now, you use
pass -w
or polkit ???
I guess you meant last -w
?
Yes it is last -w
now. Basically it should now be fixed, user can create the spy file even if his username is longer than 8 characters. There should be no issue like before
(17/19) Looking for Pacnew/Pacsave created. sudo: unknown user michaldy sudo: plugin initiation error of audit sudoers_audit error: command was not performed correctly
PS: the changes are not reflected on the GitLab, the Pacman hook script is the old one pacnew-check.sh · main · Packages / Extra / manjaro-pacnew-checker · GitLab
//EDIT: and, even if it works, the touch executable path is not starting with a leading /
Pacman hook script is the old one
???
where is the original ? hard to find in 170 messages …
If -w
is used why today, add also rule (gitlab and codeberg) ??? polkit rule is only for delete file as root
(bretelle et ceinture ? ok)
The package has been updated, but the GitLab doesn’t reflect the changes in new package made to the hook script, exactly what I wrote, not sure where the confusion is.
The Polkit solution has not been applied, just the proper flag to last
was added (hence no need for Polkit in this case). It fixed the issue, in theory. User creates the spy file as the user even if username is longer than 8 characters, and can delete it without issue now the proper flag was added to last
command in hook script.
//EDIT ahhhh I see something weird, a Polkit rule actually has been added on Codeberg, but there is no need for that, as the proper flag was added to the last
command. The Polkit file is not in the latest package anyway, not sure why it was added on Codeberg.
Guys, Sorry for the confusion. I have cooied the changes made by Patric in gitlab ( codeberg and gitlab work One as mirrors of other and viceversa ). Today as i Say modify the code with Patrick suggestions and release the 0.6.8 because in my local all work fine but when release It via pkgbuild no. For delete the pacnew-check.file Always ask a admin right. Then as a casuality see i forgot to add the -w flags at the last command and so release a new ver of the 0.6.7 code.
I m on smartphone so Sorry for the not use all code tag…
to EDIT
yes was my question
add also rule (gitlab and codeberg)
tag is 0.6.8 in both, so my question and change #179 are for next 0.6.8
I suppose for today a speed Fix (polkit rule was not compatible with rapid troubleshooting)
not with pamac ! pamac create a “clean” env (all entries : )
Yes, I found that out the hard way… that’s why the default fallback to uid 1000
was in there. It’s still probably not ideal, but it most likely will work for most users, as the vdhcoapp
helper is a desktop-centric app, and most desktop user systems are run as single-user machines with a single account for graphical desktop login, thus uid 1000
by default.
In the case of the OS tooling in general, maybe it’s not safe to assume that the user’s default UID is 1000
, as it could be a shared machine in a university computing lab, a pair-programming station, or some other multi-user system. Like I said, it was a hack
to replace 1000 : pacman used by a “wheel” user, get the first in group (generally one by pc)
awk -F':|,' '/^wheel/{print $4}' /etc/group
?
EDIT : when i view source
Description = Installing JSON configuration file for current user ...
Strange as description for a package. this hook install only in pacman user but other ? At all users to re-install this package ?
an .install file is missing in PKGBUILD to document the manual install for other users or , at you to install for all users ? (in hook, loop in grep -E ‘:1[0-9]{3}:.*home’ /etc/passwd)