From owner-freebsd-questions@freebsd.org Sun Apr 17 00:56:54 2016 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 87EF4AEE3AC for ; Sun, 17 Apr 2016 00:56:54 +0000 (UTC) (envelope-from wblock@wonkity.com) Received: from wonkity.com (wonkity.com [67.158.26.137]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "wonkity.com", Issuer "wonkity.com" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 3C6FC14AC for ; Sun, 17 Apr 2016 00:56:53 +0000 (UTC) (envelope-from wblock@wonkity.com) Received: from wonkity.com (localhost [127.0.0.1]) by wonkity.com (8.15.2/8.15.2) with ESMTPS id u3H0uMlg004111 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Sat, 16 Apr 2016 18:56:22 -0600 (MDT) (envelope-from wblock@wonkity.com) Received: from localhost (wblock@localhost) by wonkity.com (8.15.2/8.15.2/Submit) with ESMTP id u3H0uLwT004108; Sat, 16 Apr 2016 18:56:22 -0600 (MDT) (envelope-from wblock@wonkity.com) Date: Sat, 16 Apr 2016 18:56:21 -0600 (MDT) From: Warren Block To: Anton Sayetsky cc: Bernt Hansson , FreeBSD Questions Subject: Re: Geli and glabel ? In-Reply-To: Message-ID: References: <57125647.9050805@bananmonarki.se> <57126AFB.9060303@bananmonarki.se> User-Agent: Alpine 2.20 (BSF 67 2015-01-07) MIME-Version: 1.0 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.4.3 (wonkity.com [127.0.0.1]); Sat, 16 Apr 2016 18:56:22 -0600 (MDT) Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8BIT X-Content-Filtered-By: Mailman/MimeDel 2.1.21 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 17 Apr 2016 00:56:54 -0000 On Sun, 17 Apr 2016, Anton Sayetsky wrote: > > 17 апр. 2016 г. 3:15 пользователь "Warren Block" написал: > > > > On Sun, 17 Apr 2016, Anton Sayetsky wrote: > > > >> > No, the /dev/disc device is being used both times. > >> > > >> >   geli attach disc > >> > > >> > creates a disc.eli device.  Now create the label on *that*: > >> > > >> >   glabel label 1213 /dev/disc.eli > >> This just doesn't make any sense bc if device name will change - geli name will change too. So it's really necessary to build reverse - geli on top of glabel. > > > > > > The label is only created once.  After that, it will be present when the .eli device is created. > I know. But here an example: > 1. Insert one disk > 2. Create geli and glabel there > 3. Pull out that disk and insert it again in random order with hundred of other disks > 4. Try to find where geli is located > So I can say again - glabel inside geli doesn't make any sense in any situation. But geli inside glabel makes sense almost always. Not any situation? What if I have data partitions on an encrypted drive? That gives a constant name to those partitions, but only after the drive has been mounted with geli. From owner-freebsd-questions@freebsd.org Sun Apr 17 01:23:38 2016 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id B32B6AEF000 for ; Sun, 17 Apr 2016 01:23:38 +0000 (UTC) (envelope-from jhunt@lynden.on.ca) Received: from mail-yw0-x233.google.com (mail-yw0-x233.google.com [IPv6:2607:f8b0:4002:c05::233]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 7BBB614C7 for ; Sun, 17 Apr 2016 01:23:38 +0000 (UTC) (envelope-from jhunt@lynden.on.ca) Received: by mail-yw0-x233.google.com with SMTP id t10so171451254ywa.0 for ; Sat, 16 Apr 2016 18:23:38 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=lynden-on-ca.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc; bh=027xtw5XgfRQvLYCz5mKmF6eibLlqYlXLT1liJBwu4Y=; b=ZBG1e5lWYfAeHXyNI2mB0usmC5h24FEoPhQ28rg7gqRyhYsINuUHKwoXhhHdhXpUFa hjCxpXhATJVMV/i+Pq0lzTLTNCSl9igmtCOH5LB47sAwks0qoyw6WIkx2DXfkbUVlSkW MK6CsZ1x3HOG1oKUKzc4BCrcTdXE/kfmSasUf+YLxk0K5mpSefXpdr1hykK4fb+csok5 0mWmkf6x4/x8TXykQBnKAedBfVPj8WLp85QS7H96tSUnw24uqUVRtk9R6X06JBldsn+V 5KrkV11suvp1qYyokDDXtVQZT2NZMlo5WfO6+GZphhVeKRVtIrABh8baBMiTS8Cd4Kqv h8XQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc; bh=027xtw5XgfRQvLYCz5mKmF6eibLlqYlXLT1liJBwu4Y=; b=AueDCWxSRerL6Jly1ACV1WrRk9euhO8cai6lPYkMFq5DhWqvtoEWemKppXD+W9t6iL SfcWk/b+c0e6N+EeiM6cj+IQ3k/YhpdQHljEfczUb/UL0n15+rTyDfoLbuMWNCsYp8Yc nnm1W5Eo40/BPillz1luZRQZmw/RW8ppphYahcV9NbL5GwNpme2wO7Dxdq8IKOeod9wm t0vA++mQ0xjX0Ra1yoelmTPM38RJJDW9xovTwVvEH2hzhZB8MZQVAYJ8kT29bbse4v77 QLsGGwwPIXrpsEaDOK1osSc3T3QR6UfqytvLg04oAn1xfn8Mq6CcZHVkSf7f5Me7+rgk wybg== X-Gm-Message-State: AOPr4FVAvJx2TZA5NgUg6zRng9zcZUrVeJfumeAgRZaDfHFyvSS9XkOex4z04xKzJAo0PrW4fpGE/YWp4LCbUg== MIME-Version: 1.0 X-Received: by 10.37.203.2 with SMTP id b2mr4650910ybg.148.1460856217625; Sat, 16 Apr 2016 18:23:37 -0700 (PDT) Received: by 10.83.87.12 with HTTP; Sat, 16 Apr 2016 18:23:37 -0700 (PDT) X-Originating-IP: [173.33.69.78] In-Reply-To: <20160415180613.c066affb.freebsd@edvax.de> References: <20160416000316.V1139@sola.nimnet.asn.au> <20160415180613.c066affb.freebsd@edvax.de> Date: Sat, 16 Apr 2016 21:23:37 -0400 Message-ID: Subject: Re: Cannot enter sleep mode as non-root user (Operation not permitted) From: Jason Hunt To: Polytropon Cc: Ian Smith , freebsd-questions@freebsd.org Content-Type: text/plain; charset=UTF-8 X-Content-Filtered-By: Mailman/MimeDel 2.1.21 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 17 Apr 2016 01:23:38 -0000 On Fri, Apr 15, 2016 at 12:06 PM, Polytropon wrote: > > Being in wheel just means you can su root, and only root can suspend the > > system .. unless you have a suspend button .. or know root's password :) > > That is the key information: The program must be run by root. > Being in the operator or wheel group is not sufficient. > > Thanks. I thought that might be the case but couldn't find anything online which specifically stated root is required. This old post is what got me thinking wheel or operator should be able to do it, but I guess there's some misunderstanding of how XFCE actually performs suspend/shutdown/reboot: https://marc.info/?l=freebsd-questions&m=139039546710646&w=2 In the past I've always used full-blown DE's like XFCE and had to set the rights in PolicyKit, but now using cwm so I need to use commands for these types of tasks, and just kind of assumed I should be able to do it without root access. > > > > > Does anyone have suggestions for how to troubleshoot this? > > > > Revise expectations or hack acpiconf.c :) > > Or use a program like su, sudo, or super, for example like this: > > % sudo acpiconf -s3 > > which should work as expected. It's possible to assign this command > to a shell alias or even to a key (or key combination). > > > I thought about poking through the acpi code but decided to leave it as a future project :) My solution for now is to install sudo, set the following in /usr/local/etc/sudoers: %operator ALL=(root) NOPASSWD: /usr/sbin/zzz Then set the following in .cshrc: alias zzz /usr/local/bin/sudo /usr/sbin/zzz