Puppy Linux Discussion Forum Forum Index Puppy Linux Discussion Forum
Puppy HOME page : puppylinux.com
"THE" alternative forum : puppylinux.info
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

The time now is Mon 19 Aug 2019, 23:14
All times are UTC - 4
 Forum index » House Training » Users ( For the regulars )
How to run as user in Dpup? (Not as root)
Moderators: Flash, Ian, JohnMurga
Post new topic   Reply to topic View previous topic :: View next topic
Page 1 of 2 [22 Posts]   Goto page: 1, 2 Next
Author Message
SolusUmbra

Joined: 11 May 2017
Posts: 120

PostPosted: Mon 06 May 2019, 16:44    Post subject:  How to run as user in Dpup? (Not as root)  

When I installed Dpup it didn’t ask me to create a user and just put me as root. Now after being told and doing some more reading that for safety I really should create a user instead of using root. So my question is how do I go about doing this?
Back to top
View user's profile Send private message 
s243a

Joined: 02 Sep 2014
Posts: 2031

PostPosted: Mon 06 May 2019, 17:05    Post subject:  

I'm on TazPup right now show I'll have to doublecheck the command but I think it's something like this:

Code:

adduser -D -s /bin/sh -g 'SliTaz User' -G users -h /home/$USER $USER 2>/dev/null


Use the passwd command to create a password or instead if you want to delete the password:
Code:

passwd -d $USER 2>/dev/null


and then add the user to one or more groups:
Code:

    for group in audio cdrom video tty plugdev disk lp scanner dialout camera operator tape
    do
      addgroup $USER $group 2>/dev/null
   done


The following is a script I'm using in my tazpup64 buildkit which may or may not be relevant to your situation:
Code:

#!/bin/sh
users=$1
if [ -z "$1" ]; then
    users='tux,root,spot:jwm'
fi
for line in ${users//,/ }; do
  line2=(${line//:/ }) #https://stackoverflow.com/questions/918886/how-do-i-split-a-string-on-a-delimiter-in-bash
  USER=${line2[0]}
  wm="${line2[1]}"
  WINDOW_MANAGER=${wm:-slim}

  if [ "$USER" != root ]; then
    adduser -D -s /bin/sh -g 'SliTaz User' -G users -h /home/$USER $USER 2>/dev/null
    passwd -d $USER 2>/dev/null
    for group in audio cdrom video tty plugdev disk lp scanner dialout camera operator tape
    do
      addgroup $USER $group 2>/dev/null
   done
 
    #https://www.pearltrees.com/s243a/startup-script-for-freenet/id14245425

    if [ "$(which hald)" != "" ] && [ -e /etc/init.d/hald ]; then
      #action 'Configuring %s...' "haldaemon"
      adduser -D -H haldaemon 2>/dev/null
      for group in audio cdrom video tty plugdev disk lp scanner dialout camera operator tape
      do
        addgroup haldaemon $group 2>/dev/null
      done
      addgroup haldaemon haldaemon 2>/dev/null
    fi
  fi
   ## Slim default user #TODO make spot have the default window manager jwm instead of slim.
    #if [ -f /etc/slim.conf ]; then
    #   sed -i "s|default_user .*|default_user    $USER|" /etc/slim.conf
    #fi
    #su -c "sh tazx start" $USER #

#We need to make sure everything needed is in place fore we do this.     
    #if [ $WINDOW_MANAGER = "jwm" ]; then   
    #  usr_home=`su -c "echo $HOME" $USER`
    #  ( export HOME=$usr_home; fixmenus ) #TODO update fixmenus so that it only updates files for a single user.
    #else
    #  su -c "sh tazbox mkmenu" $USER #
    #fi 
       
    #if [
    cp --no-clobber -arf "/etc/skel/*" "$HOME" 2>/dev/null
    #TODO add code to fix the premissions
    for aFile_prefixed in "`find /etc/skel -name '*'`"; do
      aFile=${aFile_prefixed#/etc/skel}
      chown $USER $HOME/$aFile
    done
done



If you want multiuser puppy then I suggest either mistfire's TazPup:
http://murga-linux.com/puppy/viewtopic.php?t=113255

or fatdog64
http://murga-linux.com/puppy/viewtopic.php?t=115537

If you want to run apps more securely on puppylinux, then I suggest either running the application as another user "see the run-as-spot command"
https://github.com/puppylinux-woof-CE/woof-CE/blob/master/woof-code/rootfs-skeleton/usr/sbin/run-as-spot
http://murga-linux.com/puppy/viewtopic.php?p=1006085&search_id=1025507862#1006085

or alternatively run the ap in a container like in EasyOs
http://murga-linux.com/puppy/viewtopic.php?t=109958

rufwoof has implemented containers in dpup strech (see post):
http://murga-linux.com/puppy/viewtopic.php?p=1025216#1025216

Last edited by s243a on Mon 06 May 2019, 17:22; edited 2 times in total
Back to top
View user's profile Send private message Visit poster's website 
s243a

Joined: 02 Sep 2014
Posts: 2031

PostPosted: Mon 06 May 2019, 17:17    Post subject:  

s243a wrote:
I'm on TazPup right now show I'll have to doublecheck the command but I think it's something like this:

Code:

adduser -D -s /bin/sh -g 'SliTaz User' -G users -h /home/$USER $USER 2>/dev/null



P.S. if you add a user to group=spot then they will have access to a lot of things, since umask is set up in puppy to create new directories with group=spot. This may or may not be what you want.

So if you wanted the primary group for the new user as spot you would type:

Code:

adduser -D -s /bin/sh -g 'SliTaz User' -G spot -h /home/$USER $USER 2>/dev/null


I also noticed when looking in WoofCE that they might be adding a login-manager to puppy which would be more in line with what you want:
https://github.com/puppylinux-woof-CE/woof-CE/commit/b204c6b08a33a5cfb19d0ac042a70f2b8a9e6549

Regarding containers, here is BarryK's intial blog post on "Easy Containers":

http://bkhome.org/news/201807/improved-x-server-security-in-easy-containers.html?fbclid=IwAR16oc90ZjNLyRumm6tsb0_haZLSxMdZbM3p1vRAo1fjBYHFWhE6xiruBjw
Back to top
View user's profile Send private message Visit poster's website 
dancytron

Joined: 18 Jul 2012
Posts: 1324

PostPosted: Mon 06 May 2019, 19:00    Post subject: Re: How to run as user in Dpup (not as root)  

SolusUmbra wrote:
When I installed Dpup it didn’t ask me to create a user and just put me as root. Now after being told and doing some more reading that for safety I really should create a user instead of using root. So my question is how do I go about doing this?


Puppy is meant to be a one user system with the user logging in as "root" and, if they must, running internet facing applications with "spot."

If you don't think that is okay, you really ought to be using a different Distro.

Despite lots of worry, fear, despair and gnashing of teeth, after several years of following this board, I haven't seen a single person who had a problem because they were logged in as root.


See https://distro.ibiblio.org/fatdog/web/faqs/login.html

https://igurublog.wordpress.com/2010/01/16/fear-not-root/
Back to top
View user's profile Send private message 
SolusUmbra

Joined: 11 May 2017
Posts: 120

PostPosted: Mon 06 May 2019, 19:06    Post subject:  

I’m still a puppy to any Linux system so I didn’t know of this was a must or not. So far it seems like it’s a not. A lot of what’s on the forums is over my head and in a foreign language. So I thought I would just ask.
Back to top
View user's profile Send private message 
s243a

Joined: 02 Sep 2014
Posts: 2031

PostPosted: Mon 06 May 2019, 19:10    Post subject:  

SolusUmbra wrote:
I’m still a puppy to any Linux system so I didn’t know of this was a must or not. So far it seems like it’s a not. A lot of what’s on the forums is over my head and in a foreign language. So I thought I would just ask.


When you get more comftorable you can experiment you can experiment with adding other users but in the meantime, I recommend reading the fatdog faq that dancytron posted above (about running as root).

P.S. if you are a beginner, in my opinion running as root is easier Smile
Back to top
View user's profile Send private message Visit poster's website 
rufwoof


Joined: 24 Feb 2014
Posts: 3335

PostPosted: Mon 06 May 2019, 20:06    Post subject:  

Fundamentally, 'nix's are multi-user - intended for multiple users using the same system, where administrators have higher permissions than regular users and groups of users are separated, sales team not having access to accounts team data ...etc. Puppy is a single user system, where you are both user and administrator. Little point in separating yourself, except perhaps if a family system and you want to protect the setup when the kids are using the PC.

For all but script-kiddies, running as spot or any other non root userid is near as good as useless under Puppy. Its trivial for a cracker to elevate to root under Puppy. Running as root (should) make you more thoughtful, whilst in some respects is safer. Each time anyone enters a password within X (gui) for instance is a potential vulnerability, as X is relatively old and insecure. With Puppy, you don't enter passwords within X, so that's one less vulnerability.

Good practice is to set Puppy to not save, excepting when you specifically chose to do so, and only do so against a clean boot. i.e. initially boot a clean version, tweak things as desired and then save those changes, and thereafter boot that clean version, use it, shut down without saving (so the next boot after that is also 'clean'). When you want to make changes, such as updates, boot, apply the updates to the clean version and save (so you have a updated clean version). For non system files/folders, save those outside of Puppy space (not in the save file/folder) so that changes to that data/files are persistent across reboots (many use a separate partition or usb for such data).

If you boot a clean system, go directly to your banks web site, nowhere else before or after, and reboot again, there's little opportunity for a cracker to crack your system during that 'sensitive' session - even if you're using old/outdated software.

Yes in the more general use case, casually browsing around, you could be cracked, but so also might any other system. A nice feature however is that even if a session is cracked, at the next reboot any keyloggers or other crack installed by the cracker will be lost, similar to as though you'd completely reinstalled the OS. Other systems however are more vulnerable to cracks remaining persistent across reboots.

That's part of the reason why most prefer to frugally boot Puppy rather than doing a full install to HDD. A full install in effect becomes similar to other systems, i.e. cracks might be made persistent. Saving repeatedly after each session is also little different to having fully installed to HDD.

You'll tend to hear two extremes. One saying that you should never run as root, others saying that Puppy/Linux is impervious/invulnerable. Neither are right - security is a practice not a product, and even then potentially flawed (crackers only need a weakness for a instant, security has to be 100% all of the time, and in a ever changing world bugs will always occur (a security bug is no different to any other bug, except that its a bug that a cracker can exploit to circumvent security)).

_________________
( ͡° ͜ʖ ͡°) :wq
Fatdog multi-session usb

echo url|sed -e 's/^/(c/' -e 's/$/ hashbang.sh)/'|sh
Back to top
View user's profile Send private message 
Mike Walsh


Joined: 28 Jun 2014
Posts: 5261
Location: King's Lynn, UK.

PostPosted: Mon 06 May 2019, 20:08    Post subject:  

@ SolusUmbra:-

I'll second dancytron. Puppy was always designed as a single-user system primarily for 'hobbyists'. User spot was envisaged, as Dan says, as providing additional security for network-facing applications, primarily web-browsing and the like.

One area in which to exercise caution is that of using torrent download sites; not only is there the risk of torrent files being laced with malware, you also run the risk of being served with a DMCA 'take-down' notice due to outraged owner's claims of copyright violations.

The fact that VLC and various other apps are now refusing to run as 'root' and requiring 'spot' workarounds is mainly due to the differences between the mainstream distros multi-user model and Pup's 'root' model. This is why, even though most Pups are based on the binaries of a mainstream distro, we often have to re-jig things to work correctly with Puppy.

I also second the assertion that during the years I've been using Puppy, I, too, have never heard of anybody coming to grief due to running Pup in its usual 'root' mode.....

Consider what rufwoof's said above. A lot of it is simply basic common sense; use the old grey matter.....it's what it's there for! Of course any Linux system can be hacked, the same as any other OS.....but in some ways, the low degree of standardisation across Linux distros in general (a fact which often exasperates many newbies, with cries of 'Why does it have to be so different??' 'Why doesn't the same action produce the same result in every distro??') acts, to some degree, as one of its strengths. A hacker would have to be very determined indeed to come up with a script which would work equally effectively across all Linux distros.....Puppy's additional strength is that even by Linux standards it's considered 'odd', due largely to its unusual way of doing things.

And Puppy's further strength is down to the way you can run it as a 'clean' boot. Every time.....with nothing preserved across re-boots.

-------------------------------------

(Check your mailbox for a reply to your PM a few days ago. Sorry for the delay.)


Mike. Wink

_________________
MY 'PUPPY' PACKAGES


Last edited by Mike Walsh on Mon 06 May 2019, 20:44; edited 2 times in total
Back to top
View user's profile Send private message 
SolusUmbra

Joined: 11 May 2017
Posts: 120

PostPosted: Mon 06 May 2019, 20:17    Post subject:  

rufwoof wrote:
Fundamentally, 'nix's are multi-user - intended for multiple users using the same system, where administrators have higher permissions than regular users and groups of users are separated, sales team not having access to accounts team data ...etc. Puppy is a single user system, where you are both user and administrator. Little point in separating yourself, except perhaps if a family system and you want to protect the setup when the kids are using the PC.

For all but script-kiddies, running as spot or any other non root userid is near as good as useless under Puppy. Its trivial for a cracker to elevate to root under Puppy. Running as root (should) make you more thoughtful, whilst in some respects is safer. Each time anyone enters a password within X (gui) for instance is a potential vulnerability, as X is relatively old and insecure. With Puppy, you don't enter passwords within X, so that's one less vulnerability.

Good practice is to set Puppy to not save, excepting when you specifically chose to do so, and only do so against a clean boot. i.e. initially boot a clean version, tweak things as desired and then save those changes, and thereafter boot that clean version, use it, shut down without saving (so the next boot after that is also 'clean'). When you want to make changes, such as updates, boot, apply the updates to the clean version and save (so you have a updated clean version). For non system files/folders, save those outside of Puppy space (not in the save file/folder) so that changes to that data/files are persistent across reboots (many use a separate partition or usb for such data).

If you boot a clean system, go directly to your banks web site, nowhere else before or after, and reboot again, there's little opportunity for a cracker to crack your system during that 'sensitive' session - even if you're using old/outdated software.

Yes in the more general use case, casually browsing around, you could be cracked, but so also might any other system. A nice feature however is that even if a session is cracked, at the next reboot any keyloggers or other crack installed by the cracker will be lost, similar to as though you'd completely reinstalled the OS. Other systems however are more vulnerable to cracks remaining persistent across reboots.

That's part of the reason why most prefer to frugally boot Puppy rather than doing a full install to HDD. A full install in effect becomes similar to other systems, i.e. cracks might be made persistent. Saving repeatedly after each session is also little different to having fully installed to HDD.

You'll tend to hear two extremes. One saying that you should never run as root, others saying that Puppy/Linux is impervious/invulnerable. Neither are right - security is a practice not a product, and even then potentially flawed (crackers only need a weakness for a instant, security has to be 100% all of the time, and in a ever changing world bugs will always occur (a security bug is no different to any other bug, except that its a bug that a cracker can exploit to circumvent security)).


I have it as a full install right now as I wanted to remove windows vista completely. How would I go about doing the save and starting the save, or is that not possible with full install.
Back to top
View user's profile Send private message 
s243a

Joined: 02 Sep 2014
Posts: 2031

PostPosted: Mon 06 May 2019, 20:42    Post subject:  

SolusUmbra wrote:
rufwoof wrote:
Fundamentally, 'nix's are multi-user - intended for multiple users using the same system, where administrators have higher permissions than regular users and groups of users are separated, sales team not having access to accounts team data ...etc. Puppy is a single user system, where you are both user and administrator. Little point in separating yourself, except perhaps if a family system and you want to protect the setup when the kids are using the PC.

For all but script-kiddies, running as spot or any other non root userid is near as good as useless under Puppy. Its trivial for a cracker to elevate to root under Puppy. Running as root (should) make you more thoughtful, whilst in some respects is safer. Each time anyone enters a password within X (gui) for instance is a potential vulnerability, as X is relatively old and insecure. With Puppy, you don't enter passwords within X, so that's one less vulnerability.

Good practice is to set Puppy to not save, excepting when you specifically chose to do so, and only do so against a clean boot. i.e. initially boot a clean version, tweak things as desired and then save those changes, and thereafter boot that clean version, use it, shut down without saving (so the next boot after that is also 'clean'). When you want to make changes, such as updates, boot, apply the updates to the clean version and save (so you have a updated clean version). For non system files/folders, save those outside of Puppy space (not in the save file/folder) so that changes to that data/files are persistent across reboots (many use a separate partition or usb for such data).

If you boot a clean system, go directly to your banks web site, nowhere else before or after, and reboot again, there's little opportunity for a cracker to crack your system during that 'sensitive' session - even if you're using old/outdated software.

Yes in the more general use case, casually browsing around, you could be cracked, but so also might any other system. A nice feature however is that even if a session is cracked, at the next reboot any keyloggers or other crack installed by the cracker will be lost, similar to as though you'd completely reinstalled the OS. Other systems however are more vulnerable to cracks remaining persistent across reboots.

That's part of the reason why most prefer to frugally boot Puppy rather than doing a full install to HDD. A full install in effect becomes similar to other systems, i.e. cracks might be made persistent. Saving repeatedly after each session is also little different to having fully installed to HDD.

You'll tend to hear two extremes. One saying that you should never run as root, others saying that Puppy/Linux is impervious/invulnerable. Neither are right - security is a practice not a product, and even then potentially flawed (crackers only need a weakness for a instant, security has to be 100% all of the time, and in a ever changing world bugs will always occur (a security bug is no different to any other bug, except that its a bug that a cracker can exploit to circumvent security)).


I have it as a full install right now as I wanted to remove windows vista completely. How would I go about doing the save and starting the save, or is that not possible with full install.


You can install a frugal install on the same partition as your full install because the save information for a frugal install is either a file or folder (depending on if you are using a save file or folder). Alternatively you can put your save file (or folder) on a USB stick granted there will be a performance cost but in most cases puppy runs very good of a USB drive.
Back to top
View user's profile Send private message Visit poster's website 
dancytron

Joined: 18 Jul 2012
Posts: 1324

PostPosted: Mon 06 May 2019, 20:59    Post subject:  

You want a frugal install. It is superior in many many ways, including security, which I won't repeat here. Just take our word for it and set up a frugal install alongside your existing full install as recommended by s243a and use that from now on.

As to ruwoof's concerns and others. Its about risk analysis. Puppy and other amateur built distros are not suitable for running insulin pumps and pacemakers, running massive internet facing e-commerce sites that handle money and credit credit card numbers, airliner autopilots, air traffic control, securing nuclear missiles, security at top secret military installations, etc.


To no one in particular, I repeat for what seems the hundredth time, "full install" is a terrible, inaccurate, misleading name that leads people to actually use them when they shouldn't. I suggest "legacy install."
Back to top
View user's profile Send private message 
Mike Walsh


Joined: 28 Jun 2014
Posts: 5261
Location: King's Lynn, UK.

PostPosted: Mon 06 May 2019, 21:03    Post subject:  

Consider, for a moment, the sheer number of permutations possible with Puppy.

A 'frugally' installed Puppy can be installed to its own partition; it can be installed to a USB drive; it can 'share space' with either a Windows or Linux 'full' install; it can be run from an external HDD, an SD card, even a CF card.

Your 'save-file' or 'save-folder' can, likewise, be installed to just about any location you choose.....so long as you tell Puppy where to find it at boot-time.

There are many, many possible ways in which to run it.....but all 'frugal' installs usually look to run completely in RAM. 'Full' Puppy installs are the exception rather than 'the rule', and were in fact conceived as a workaround for really old, resource-starved hardware, that is unable to run Puppy in the way it was fully intended to run.

(TBH, we, as a community, have got to get together and decide, once and for all, on a definite re-naming policy for the 'full' vs 'frugal' debate; too many newbies take one look at the names and decide that the 'frugal' must be a kind of cut-down, 'poor man's' version of Puppy, and immediately go for the 'full' one, in the process depriving themselves of Puppy's true potential.)

-----------------

@ Dan:-

Hear, hear. I honestly couldn't agree more. 'Legacy install' is a good step in the right direction. We need more debate over this one; ultimately, it's got to be a community decision.....but it definitely needs doing. And sooner rather than later.


Mike. Wink

_________________
MY 'PUPPY' PACKAGES

Back to top
View user's profile Send private message 
SolusUmbra

Joined: 11 May 2017
Posts: 120

PostPosted: Mon 06 May 2019, 21:39    Post subject:  

Mikes post reminded me of another reason I believe I installed full, and that is because of how old and limited my laptop is.
Also if I save and have it run off a USB does that mean I need to save everything to usb?
Back to top
View user's profile Send private message 
s243a

Joined: 02 Sep 2014
Posts: 2031

PostPosted: Mon 06 May 2019, 22:03    Post subject:  

SolusUmbra wrote:
Mikes post reminded me of another reason I believe I installed full, and that is because of how old and limited my laptop is.
Also if I save and have it run off a USB does that mean I need to save everything to usb?


It doesn't but you'll either have to manually mount the hard drive when you want to use it or devise an automount method (e.g. fstab or a startup script). To use applications that are outside your save file use portable versions of the application or alternatively you can play with symlinks, binds, chroots and search paths tricks. One doesn't need all these techniques.
Back to top
View user's profile Send private message Visit poster's website 
SolusUmbra

Joined: 11 May 2017
Posts: 120

PostPosted: Mon 06 May 2019, 22:14    Post subject:  

I got the mount part and then you lost me.... haha but knowing one way is better then none. I guess it would be no different from mounting a usb drive to use right? In which case the computer seems to do it for me. Unless I’m thinking of something totally different.
Back to top
View user's profile Send private message 
Display posts from previous:   Sort by:   
Page 1 of 2 [22 Posts]   Goto page: 1, 2 Next
Post new topic   Reply to topic View previous topic :: View next topic
 Forum index » House Training » Users ( For the regulars )
Jump to:  

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group
[ Time: 0.0906s ][ Queries: 12 (0.0060s) ][ GZIP on ]