Why I don't like running as root (in Puppy)
Puppy Linux for my family
Puppy is just great: little, fast, usefull, especially when installed on hard disk of old hardware configuration...
For my very young children, I keep skeptical about letting them as root removing any configuration file.
Please, insert multi user ability including root, as DSL proposes: you'll get perfect.
For my very young children, I keep skeptical about letting them as root removing any configuration file.
Please, insert multi user ability including root, as DSL proposes: you'll get perfect.
- klhrevolutionist
- Posts: 1121
- Joined: Wed 08 Jun 2005, 10:09
the answer
It seems people don't want to run as root. Most of these people that
want a user have children. And then again, some people read about it,
and assume they also, need a user. Maybe, it might be possible to add a user
in the near future. My understanding of linux is not the best, but I do
wonder about the lot of us that use a hard drive. A little ssh & someone
could do about anything. That is unless you take precaution to prevent
these actions.
So, personally I don't mind being root as I like full control of my computer.
Any other distro, I always use root.
want a user have children. And then again, some people read about it,
and assume they also, need a user. Maybe, it might be possible to add a user
in the near future. My understanding of linux is not the best, but I do
wonder about the lot of us that use a hard drive. A little ssh & someone
could do about anything. That is unless you take precaution to prevent
these actions.
So, personally I don't mind being root as I like full control of my computer.
Any other distro, I always use root.
Heaven is on the way, until then let's get the truth out!
Re: the answer
The genius of Puppy is that it can run entirely from CD or DVD. If you replace your hard drive with a DVD burner, running from root in multisession Puppy is nothing to worry about. Each user can have his own (removable) disk containing his personal settings and everything he is working on.klhrevolutionist wrote:...It seems people don't want to run as root. Most of these people that want a user have children. And then again, some people read about it, and assume they also, need a user... I do wonder about the lot of us that use a hard drive. A little ssh & someone could do about anything. ...
What if the computer owner is a woman, or has a wife or daughter?flash wrote:Each user can have his own (removable) disk containing his personal settings and everything he is working on.
Logging in as a limited user WON'T protect you from this. When someone connects through ssh, a new session is created with its own loggin. If the atacker can guess, findout or crack your root password, the atacker will get controll of your computer, whether you are running as root or not. The moral of this story: If you enable SSH, Choose a secure password that you can remember but it's difficult to crack.klhrevolutionist wrote:A little ssh & someone could do about anything. ...
Note to new puppys: klhrev example is highly hypotetical. SSH server does not come with puppy as a default, it has to be downloaded, installed, configured and enabled for it to be a risk.
Last edited by rarsa on Wed 05 Oct 2005, 17:09, edited 1 time in total.
- seldomseen
- Posts: 40
- Joined: Mon 30 May 2005, 16:05
- Location: Charleston, SC
- Contact:
Since starting to use Linux I've gotten used to the root/user system, and it's no great effort to bring up a terminal, type in su and my password, and do root things that way. Actually I've come to appreciate this. In the few seconds it takes to open a root terminal, I'm reminded to put my game face on and get my stuff together 'cause I can now do some real damage if I type the wrong thing. The computer is asking me, "Are you sure? Better be, 'cause you're in for a hell of a ride." Just an extra level of protection.
When running Puppy off the CD, it doesn't matter a whole lot in my case. I'm the only one who uses this computer (unless my dog is surfing for canine porn sites while I'm at work), and it is kinda hard to screw up system files when they're on the CD-ROM anyway.
When running Puppy off the CD, it doesn't matter a whole lot in my case. I'm the only one who uses this computer (unless my dog is surfing for canine porn sites while I'm at work), and it is kinda hard to screw up system files when they're on the CD-ROM anyway.
OK here comes another qoute for multiuser (maybe tiny loggin?)
As guessed before its about networking in environment like family, coworkers etc.
Running linux for a while leads often to something like haing a file-/ printer- / whatever-server. mine should do the following (in the 'end' state):
-file server holding /home /mp3 and doing backup.
-beeing the misic server holding all the mp3s to provide to any computer in the house
-and musicbox as home stereo replacement
-VDR (digtal video disc recorder)
-family calendar/ planer
-sharing the dsl internet connection
so if I want everyone let use any computer in the house with access to her/ his data i NEED nfs-filesharing and multiusers on any comp in the house.
what makes puppy that interessting is its unbelievable speed, even on old machines AND its opportunity to be carried arround, too.
So I'm not very used to generate users/groups from commandline, here is my question:
Is it really that difficult (at least with HD install) to generate users?
What about this:
-generating tiny loggin as dotpup
-a skript (yes commandline, its the linux admin anyway useing this) that generates:
--new lines in /etc/passwd (/etc/shadow)
--home dirctories
--adding the new users to the nesessary groups/ generating the nesessay apps
is this to simple? What else did I forgot to mention...
As guessed before its about networking in environment like family, coworkers etc.
Running linux for a while leads often to something like haing a file-/ printer- / whatever-server. mine should do the following (in the 'end' state):
-file server holding /home /mp3 and doing backup.
-beeing the misic server holding all the mp3s to provide to any computer in the house
-and musicbox as home stereo replacement
-VDR (digtal video disc recorder)
-family calendar/ planer
-sharing the dsl internet connection
so if I want everyone let use any computer in the house with access to her/ his data i NEED nfs-filesharing and multiusers on any comp in the house.
what makes puppy that interessting is its unbelievable speed, even on old machines AND its opportunity to be carried arround, too.
So I'm not very used to generate users/groups from commandline, here is my question:
Is it really that difficult (at least with HD install) to generate users?
What about this:
-generating tiny loggin as dotpup
-a skript (yes commandline, its the linux admin anyway useing this) that generates:
--new lines in /etc/passwd (/etc/shadow)
--home dirctories
--adding the new users to the nesessary groups/ generating the nesessay apps
is this to simple? What else did I forgot to mention...
You can start Puppy with several pup00x
You could modify your grub-menu like this:
Mark
You could modify your grub-menu like this:
Code: Select all
title Puppy for Walter
rootnoverify (hd0,0)
kernel /puppylinux1.0.6/vmlinuz root=/dev/ram0 PFILE=pup001-PasSwOrD1
initrd /puppylinux1.0.6/image.gz
title Puppy for ME
rootnoverify (hd0,0)
kernel /puppylinux1.0.6/vmlinuz root=/dev/ram0 PFILE=pup002-PasSwOrD2
initrd /puppylinux1.0.6/image.gz
you can run X as an unprivileged user (for example, spot) fairly easily ... (setuid X and tinylogin, setup config files in /root/spot, chmod or chown or delete a file or 2 in /tmp, su spot, type xwin)
rxvt/aterm will not run as spot ... i tried a few things like xhost and setuid root, but didn't get it to work ... i have not tried changing the configuration in inittab yet (i would need to remaster Puppy or install Puppy to a hard drive, option 2) ... rxvt will run as root, so terminals are still available
many or most dotpup and pupget packages assume Puppy runs as root and assumes $HOME is /root ... they assume the configuration files, like menus, are in /root and that you have write permissions to /root ... MUT and pmount assume you have supervisor powers ... and things like "my-documents is owned by root" need to be fixed
it can be done, but it will break a lot of 3rd party packages ... running as root is less safe, but it is simpler
rxvt/aterm will not run as spot ... i tried a few things like xhost and setuid root, but didn't get it to work ... i have not tried changing the configuration in inittab yet (i would need to remaster Puppy or install Puppy to a hard drive, option 2) ... rxvt will run as root, so terminals are still available
many or most dotpup and pupget packages assume Puppy runs as root and assumes $HOME is /root ... they assume the configuration files, like menus, are in /root and that you have write permissions to /root ... MUT and pmount assume you have supervisor powers ... and things like "my-documents is owned by root" need to be fixed
it can be done, but it will break a lot of 3rd party packages ... running as root is less safe, but it is simpler
- Alucard_the_dex
- Posts: 317
- Joined: Wed 05 Oct 2005, 01:53
I don't see a lot of consensus here on actual facts...
its one thing to say 'can't happen' when you are really competent with Linux and have the knowledge to see a prob if it develops, but the advice is being given to everybody...
almost everything I've read about Linux in general says 'DON"T RUN AS ROOT unless you have to, and offline.' I'd like something pretty solid to contradict that, and expect most first-lookers would too. I understand about the CD providing some immunity to screwups & malware, but...
...manyof the people here are at least partially HD installed as dual boot with a WinOS. While Win is dormant, the HD & CPU are not. I'm real fuzzy on what might get thru an open port in this situation, but I've discovered that Symantec 'doesn't support' dual boot machines of any kind. With corporate pirates getting into rootkits, etc* I'd guess there could be a problem.
*I know this isn't the same as running in root. But, doesn't 'not running in root' confer a sort of blanket protection in writing to the HD? Then the write file attribute is checked first for everything right?
sorry for that confusing sentence, best I can put it... sorry if I don't know something basic here.
its one thing to say 'can't happen' when you are really competent with Linux and have the knowledge to see a prob if it develops, but the advice is being given to everybody...
almost everything I've read about Linux in general says 'DON"T RUN AS ROOT unless you have to, and offline.' I'd like something pretty solid to contradict that, and expect most first-lookers would too. I understand about the CD providing some immunity to screwups & malware, but...
...manyof the people here are at least partially HD installed as dual boot with a WinOS. While Win is dormant, the HD & CPU are not. I'm real fuzzy on what might get thru an open port in this situation, but I've discovered that Symantec 'doesn't support' dual boot machines of any kind. With corporate pirates getting into rootkits, etc* I'd guess there could be a problem.
*I know this isn't the same as running in root. But, doesn't 'not running in root' confer a sort of blanket protection in writing to the HD? Then the write file attribute is checked first for everything right?
sorry for that confusing sentence, best I can put it... sorry if I don't know something basic here.
- Pizzasgood
- Posts: 6183
- Joined: Wed 04 May 2005, 20:28
- Location: Knoxville, TN, USA
Most of the ones in /root (and thus /etc) ARE editable. Some are overwritten with each boot, though.
The stuff in /usr can be "deleted" through the use of union fs, but it's still there in usr_cram.fs, just hidden from Puppy.
Everything else is invincable.
And, even the stuff you do edit can be regained if you delete your pupfile, because the data on the cd is still there.
That only applies to non-hd installs, though.
I for one like being able to edit. That's one of the problems I have with Windows. It's always trying to operate itself and block me from tweaking it. If I want to crash my computer, I have that right. Puppy might think I'm killing him, but I'm really giving him a heart transplant.
The stuff in /usr can be "deleted" through the use of union fs, but it's still there in usr_cram.fs, just hidden from Puppy.
Everything else is invincable.
And, even the stuff you do edit can be regained if you delete your pupfile, because the data on the cd is still there.
That only applies to non-hd installs, though.
I for one like being able to edit. That's one of the problems I have with Windows. It's always trying to operate itself and block me from tweaking it. If I want to crash my computer, I have that right. Puppy might think I'm killing him, but I'm really giving him a heart transplant.
[size=75]Between depriving a man of one hour from his life and depriving him of his life there exists only a difference of degree. --Muad'Dib[/size]
[img]http://www.browserloadofcoolness.com/sig.png[/img]
[img]http://www.browserloadofcoolness.com/sig.png[/img]
Some Of These Users Are Not Like The Others
Counterexample to the argument that "It's a LiveCD, so who cares about security?": I just discovered Puppy a few days ago, and so far I'm loving it. I do lots of system modification, though, and I'm not going to deal with popping the disc in an out all the time, so I had planned from the start for a HDD install. It was while looking for details on the process that I discovered this thread, and it's really pulled me up short to discover that there is no realistic way to run as a non-root. I come from a partial OpenBSD background and I need sub-root users for the stuff I do, for fun and for work, on a daily basis. I need to be able to set up guest logins who can only access specific folders, I need to have safety checks on some files for my own convenience, I need to have support for different desktops and profiles without rebooting and cryptic cheatcodes, and I need to run various servers with unproven stability under their own access rights. It's a shame - Puppy's still great (I love elegance) and it's still going to go on my MP3 player, but I had planned to use it as the base for a minimalist, serious Linux desktop. I look forward to doing so when it goes multiuser.