Puppy needs one thing: user accounts

[tagginannie]

I have been using Linux for over 10 years, I'm currently using Kubntu Dapper 6.06 Red Hat Linux 9/Fedora core 6. I like this distro but it is seriously lacking in security. Ask any person who has ben using Linux for for few years will tell you the same thing as I am going to say, any good distro will require that you setup a root/sudo account during installation and do any thing that involves altering the system files or installing software you must enter the root password. If you want to find more the best forum to go to is http://www.linuxforums.org

Suzy

[Sage]

Not necessarily. Many Puppy users are sole users for which the root/user is not always essential to internal (household/office) security. For external security, there are a built-in firewall options in Puppy, but most networking modems also have built-in SPI firewall features.
Otherwise, the kernel and what Barry builds around it are fairly robust. Notwithstanding, many users are live-CD or USB users; even for those who install it to HD, a majority favour the frugal route, so the compressed files and data can be replaced, replenished, updated with little risk.
For other reasons, my personal preference is a full HD install, but my use and application is atypical and I do suffer the consequences of my own (and Barry's!!) occasional oversights.

[muggins]

i'd be interested in a pupuser poll regarding how often/when/how a pup installation has been compromised/infiltrated/breached.

in my case after several years usage ....none that i'm aware.

[kjs]

muggins,

you're lucky or really the only user! My Puppy-PC (ok, it's currently a Grafpup alpha which doesn't count but before) was also used by my little one as she liked the puppy pictures and she managed pretty frequently to screw things up to the point I had to revert to a saved known good configuration.

This never happened on my SuSE machine where she has her own user account and doesn't know the root password. The same applies to her new-old own PC (I was tired of not having PC access, ). It's running SuSE too and she doesn't have the root password.......

An option to install root/user for anything but CD mode IMHO would be the way to go and if Nathan doesn't change his mind the next version of Grafpup will have it. To be honest, I don't even like the Ubuntu way with the first user password being the root one by default.

Juergen

[HairyWill]

I had to revert to a saved known good configuration.

We might not have user management but we definately encourage good backup discipline.
There are solutions in puppy that help to overcome these problems such as encrypted and password protected save files though they are unconventional.

When I used a multisession CD I just took it out whenever my youngest used the computer, mainly she was using the web and wasn't really interested in saving anything.

[Flash]

taginanny, if you really exist, it was I who edited your subject line. Are you familiar with the term FUD?

[Pizzasgood]

you're lucky or really the only user! My Puppy-PC (ok, it's currently a Grafpup alpha which doesn't count but before) was also used by my little one as she liked the puppy pictures and she managed pretty frequently to screw things up to the point I had to revert to a saved known good configuration.

Situations like that are pretty much the only time Puppy really needs true multi-user (as it isn't intended for, say, campus-wide networking). A pseudo-multiuser setup is easy enough to make, and even password protect. Just use multiple encrypted save-files. More security than that on the home-end is pointless. Actually, encryption is better than multi-user in this case, because it prevents booting a live-cd and mounting the data (at least without lots of time to crack the password/encryption).

The main drawback with that is each "user" is free to trash his/her own save-file. For adults that's not much of a problem (they're free to trash their car too, after all), but with kids it can be tricky.

I'm not quite done being a kid yet, so maybe I can't give advice, but I'd say use Puppy as a way to teach them responsibility. Give them their own save-file so they don't ruin yours, set it up, back it up, and let them play. If they ruin it, let it sit for a while, then replace the original pre-set save-file "when you feel like it". Eventually, they'll learn to be more careful. The toaster doesn't have a multi-user system implemented, does it? And I know from experience that electric fences don't.

I think that's a better system, because then they know why they shouldn't mess with stuff, rather than just saying, "You aren't allowed", or "You aren't smart enough" (even if it's subliminally). Besides, maybe it will influence them to learn how Linux works, so they can do stuff on their own without help. (make sure they don't learn to circumvent you in the process.... )

Though it may be a good idea to put your savefile on a separate partition, and remove MUT from the kid's setup. And take the partitioning tools out of the menu. Just in case.



That said, the new Graphpup uses multi-user.

[Lobster]

Ask any person who has ben using Linux for for few years will tell you the same thing as I am going to say

Suzy as a Puppy User for a while and a Linux User for a while, I can say this: Puppy is different. Yes it is Linux, Linux compatible and so on. However Linux experts will insist my CD is mounted before use. I don't want that. In every Linux I use, I very soon change to auto log in - to by pass the meaningless security. Nobody asks me on my machine for a password. Ridiculous.

Passwords may have some use on a network and multiple users on a single machine but we have specialised Puppys being developed for that. Most people are individuals controlling and being responsible for their own machine.

However perhaps Richard Stallmans (you may have heard of him) experience of passwords and admin may be of interest. He got annoyed with the admin at MIT when they introduced passwords (so they could log and control users) so he wrote a hack to work out peoples passwords - wrote an email to everyone congratulating them on their new password (which he gave them) and then suggested everyone use the password "Enter". One fifth of users went over to the easy access system. The suits were put in their place.

We at Puppy use the easy access system and are quite safe. If he was interested I am sure Richard and other Puppy members could send you your password - but hey why bother . . .
Be Happy. Have Fud or fun. Wear your tin hat with pride.

actually this is well out of date . . . nobody seems bothered . . .
http://puppylinux.org/wikka/Security

[rarsa]

This has been debated many times.

If someone needs user accounts they can choose another distro. Why fitting a sqare peg in a round hole?

By the time Barry finishes adding all the things that "puppy needs" he will have created Ubuntu or Mandriva!

If people like Puppy is because what it has.

I am sure that if one of these days Barry really finds that user accounts are needed, he will implement them Puppyfied. Until then, they are not needed.

[Flash]

I just downloaded TrueBSD (a >300 MB download) burned it to a CD and booted it. It required a login and password! That's taking paranoia past the point of stupidity. I had to boot back into Puppy, go to the TrueBSD website and hunt around until I found how to get past the login prompt. It wasn't easy to find, either. Needless to say, I'm not about to recommend TrueBSD.

I like the fact that Puppy runs as root. It keeps things simple. Having to login as a user, and then jump through special hoops to do things like install or run programs, is just silly for a live CD like Puppy.

I can see where restricted user accounts might appeal, in an old-fashioned way, when several people share a computer, but Puppy opens up a whole new option: multisession DVD. Now, each user can have his own private DVD, with a separate operating system on it, along with his programs, settings and whatever. Multisession Puppy makes worries about unauthorized people messing with your stuff a thing of the past, because each user can take his DVD with him when he is done using the computer, leaving only empty RAM behind.

[Billwho?]

I'm currently stuck with one foot in each camp. While I don't see any need for user accounts from a security standpoint when running from a live CD there is the problem of trying to install outside programs that expect user accounts. I have put trying to get fax working in Puppy with Hylafax on the backburner as I only need to use it very occassionaly, so rarely that I am prepared to put up with the indignaty of booting into window$ and Hylafax needs useradd which is not in Puppy.

[ElectronicShark]

my opinion is that puppy should stay the way it is by "default" and if someone wants to use accounts then maybe barry could add user account features at bootup.

that way puppy won't slow down and the software bloat and scripts stays on the cd for people who like the way puppy is.

maybe something to look at is the fact that this thread may have manifested the fact that some people like puppy but are repelled from becoming a user due to not being able to facilitate accounts. but its like someone already said thats what other distros are for.

due to my ignorance i depend on others on this forum and others to insure that i'm doing the right things to keep my linux box safe.

-jay

[pelokwin]

I have two laptops, one thinkpad with pup 1.0.8. and a gateway solo with pup2, both HD installs. One for me and one for my brilliant 4yr old son, so the idea of locking out my son because he will mess something up is no problemfor me, but that is not for everyone. What about a Dot Pup? Puppy works because it is unbloated . Over doing it with safegaurds is a donward spirial to window$ hell! (seen the new Mac Commercial )

[MU]

You could break into any desktop-Linux.

Say you have Ubuntu - simply boot from a Puppy-CD, chroot /mnt/hda1, passwd root.
Like this you can disble access for the owner.
A real secure system would require several steps. I know no person except in one company, who uses the feature of setting the BIOS password (which is more important than a password for the operating system).

Puppy is not designed as a multi-user system by default, and most users don't need multiuser.
However it seems, that Grafpup 2 will add support for that, so if you really need it (e.g. to manage accounts for your family-members), you might have a look at it

Mark

[kjs]

Mark,

now you know one person more.... All BIOSes here (8) have password and all have boot from anything but HDD disabled (except for my experimental Puppy-box).
They all have user accounts and the kids machines boot directly into the user account w/o asking for a password (SuSE uses this as default). Except for the little one all know their BIOS and root passwords in case they need it.

All my friends running Linux and even some with winDOS use user accounts too.

I agree that a LiveCD doesn't need that feature and it's actually something which makes it less convenient but for a HDD install it's the better solution.

One of the reasons viruses and malware are such a disaster in the winDOS world is that everything runs in root by default. Sure, a password still requires some residual brain from the user side as they could just enter it when asked for but at least it's a warning before you give some unknown stuff root rights.

Juergen

[rarsa]

One of the reasons viruses and malware are such a disaster in the winDOS world is that everything runs in root by default.

Actually the main reason is that anything that has 'exe" or "cmd" or "bat" in the name runs. Period.

In linux you must assign the executable bit (chmod +x) for something to execute. A simple mail attachment won't execute.

This is, to run a program in Linux, there must be an action from the user.

[gronos04]

I am going to deploy 4 puppy workstations ( celerons no hardrive or optical drive) into an office run by a non profit orginisation.
Multiple users will use each machine.
I really like the fact that there is no user control to the workstations so somebody can just jump on and use it.
The network uses a NT4 server and each person has accounts which give them a personal, folder a shared folder, and in some cases to department folders.
To secure info and to make it as easy as possible for users I plan to have users run an interactive script from the desktop.This would get the username ,password and optional department variables to connect to their folders on the server and to the network printer.
A file would contains users and paths.
I figure this to be a lightweight fix for this kind of problem
Has anything like this been developed for puppy?

[rarsa]

Has anything like this been developed for puppy?

Kind off, although "developed" is a big word.

You just need the following on the server side
- A server running samba (or windows on the server)
- Create user accounts on the server (or samba accounts)
- Create one folder per user and only grant access to that user

On the puppy client side
- Create a folder where to mount the remote folder
- Create a script that opens a console and executes something like the following

Code: Select all

echo "user name?
read USER
smbmount //<serverIP>/<sharename>   <mountpoint> -o username $USER

The smbmount command will request the password.

Alternatively you may create entries for each user on the client and add entries to the fstab. Although I don't know how it would ask for the password if mounted from rox. you can test

[Bruce B]

{text cut}

I agree that a LiveCD doesn't need that feature and it's actually something which makes it less convenient but for a HDD install it's the better solution.

One of the reasons viruses and malware are such a disaster in the winDOS world is that everything runs in root by default. Sure, a password still requires some residual brain from the user side as they could just enter it when asked for but at least it's a warning before you give some unknown stuff root rights.

The only way I use Puppy is with a 'conventional' hard drive install. I don't know what percentage of Puppy users use it that way, but count me in.

My question are:

* How am I supposed to get a virus?
* Even if I get a virus how's it supposed to run?

Also, worth mentioning is that even with Windows, I don't get viruses or malware. I do enough 'tech' reading to figure out why many people do. I also understand my own computing practices well enough to know why I don't.

For me with DOS / Windows it has always been fine that I could delete, run and otherwise manage files, without having to give myself special permissions.

It is equally fine with me to have these permissions when running Linux. I am after all, by default the administrator over my own personal computer.

----------

The worst case scenerio with software is things get screwed up. Software can get screwed up by many more things than viruses, up to and including hardware failure such as hard drives and dvd, cd discs.

The main thing is how easily and quickly can you recover.

With Puppy on an Option 1 install, a person can simply backup (by copy) the pupfile to make a complete restoration file. Do this as many times as one wishes.

For more safty one can periodically copy or (burn as the case may be) the Puppy file to a removable medium.

As for me with the Option 2 install I can back up the whole works with a simple shell script in very little time.

-------------

Summary: Sincerely - no offense intended in my counter-arguments. But having used Windows for years with no virus or trojan problems, I don't think I likely to have virus or trojan problems with Puppy as root.

[gronos04]

thanks rarsa.
I now have a shortcut that will connect all the drives for one user.
Will get the interactive bit going over the next couple of days.
Probably will write a connect script for each user . Then choose which script to run by the vars.