Puppy Linux Discussion Forum Forum Index Puppy Linux Discussion Forum
Puppy HOME page : puppylinux.com
"THE" alternative forum : puppylinux.info
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

The time now is Tue 02 Sep 2014, 14:05
All times are UTC - 4
 Forum index » Advanced Topics » Cutting edge
Setting up multiple users in Puppy
Moderators: Flash, Ian, JohnMurga
Post new topic   Reply to topic View previous topic :: View next topic
Page 3 of 5 [75 Posts]   Goto page: Previous 1, 2, 3, 4, 5 Next
Author Message
Nathan F


Joined: 08 Jun 2005
Posts: 1760
Location: Wadsworth, OH (occasionally home)

PostPosted: Tue 27 Mar 2007, 13:03    Post subject:  

The Kdrive server (Xvesa) would be far easier to configure individually for each user because it does not read a global config file. Instead you pass it all arguments on the command line, including resolution. Not that it isn't possible with Xorg, it's just probably not as easy (and I've never investigated how because I haven't ever wanted to).

Quote:
BTW biases: ="sudo"(editable @ users risk) is @!!## BAD !
Personal opinion I think. Sudo is no less secure than su, but if configured badly it can cause severe problems. Sudo allows the admin to specify which commands can be executed by whom with what permissions, and whether they need supply a password. Key points to remember when setting it up - don't allow users to run a program as root which they can escape to a shell from, ie you can easily open a terminal from most filemanagers. And specify the full path to each command, so users can't create an arbitrary program in their home directory with the same name, but malicious code. By contrast, giving the root password and allowing su means anything can be executed without any safety net.

Nathan

_________________
Bring on the locusts ...
Back to top
View user's profile Send private message AIM Address Yahoo Messenger MSN Messenger 
Gn2


Joined: 16 Oct 2006
Posts: 936
Location: virtual - Veni vidi, nihil est adpulerit

PostPosted: Tue 27 Mar 2007, 15:06    Post subject:  

Rationale is well understood - as is better alternatives:

Think group/wheel etal.
Then think Sys admin often owns wheels in danger of falling off

There is a REASON it is optional utility, not S.O.P.
For most "Sys Admins" sudo should have been spelt sloth.

They have yet to learn- playing w/own system does not translate:
Savoire sa lecon into insousciant "Don't put beans in your ears" !
Back to top
View user's profile Send private message 
richard.a


Joined: 15 Aug 2006
Posts: 510
Location: Adelaide, South Australia

PostPosted: Fri 30 Mar 2007, 20:29    Post subject:  

As a non-technical power user who has interfaced with other operating systems apart from Microsoft's over a number of years, may I make a few comments, trying to stay within the guidelines Nathan outlined in his first post.

Running as root does not frighten me, indeed I find it extremely frustrating with some operating systems I've tried where they go out of their way to prevent you from using the system in the way that you - the owner of it - wish and choose to do.

My experience shows that providing you are careful with how you use your computer, and what you do with it, it is no more or less likely to get invaded, blown up, or destroyed by running as user or root.

I accept the thoughts that as root you can del /*.*

However, if you run puppy in the way it was designed - an unimaginably fast Live-CD system, that keeps all the files it loads from read only by virtue of the media sitting in a read only CD drive, you can't destroy the OS by using puppy.

If you let a nastie in, so what, in actual fact. It isn't going to change anything except what is in RAM or swap file.

If you maintain your own personal file (read-write on an HDD) with regular backups, then if that does get destroyed, even then, so what?

I always back up my work as I go, and at the end of a session most times. Something when I taught AutoCAD users back in Version 2 days I continually emphasised.

With puppy you can restore a clean system and data in simple steps

1. reboot in pfix=ram mode,

2. copy back your pup_save.2fs (or 3fs) file and

3. then reboot again using the restored pup_save file.
It isn't hard, difficult, or really time-consuming.


Multiple users is another thing altogether. I wouldn't want others to browse through my documents, perhaps changing things, or deleting them.

Actually I developed a series of red-coloured root user wallpapers to suit a range of computer OS's (I won't call them distributions because that upsets Unix users - BSD anyway lol). I have published these explaining how SuSE gives its system owners the opportunity to use default wallpaper that continually reminds them of being "root". You should read some of the comments from some on the forums I've shared this information with!!

It isn't hard to make root logins work in KDE even if they've been prevented. Ubuntu is Gnome, and that's a dog of a different colour. I don't like Ubuntu anyway (not for that reason, lol)

I don't like having to keep entering the root password if I'm doing a task that needs root and I am only allowed to do it sudo. It is counter-productive.

You might be interested in looking at my "root wallpaper" page here but don't come back and flame this thread as you will incur Nathan's wrath as he laid down the ground rules in the first post. Like I did in the PC-BSD forums, but that didn't stop the slashdot types lolol Smile Sad

You might even like to look at the (currently four) pages of responses to that thread here.

Richard
Downunder

_________________
Have you noticed editing is always needed for the inevitable typos that weren't there when you hit the "post" button?


Back to top
View user's profile Send private message 
Nathan F


Joined: 08 Jun 2005
Posts: 1760
Location: Wadsworth, OH (occasionally home)

PostPosted: Fri 30 Mar 2007, 23:58    Post subject:  

That's not a bad idea, and you gave me a good reminder. I used to have my system set up something like this, and also had things arranged so root used different gtk themes and such. That way even running just one program as root you can tell it visually. I also have my root shell prompt set up a bit differently (besides the standard $ for users, # for root). On the one machine root's shell prompt is always red, while everyone else gets plain green.

Anyway this is good advice for most situations. I need to institute this in my own projects as well.

Nathan

_________________
Bring on the locusts ...
Back to top
View user's profile Send private message AIM Address Yahoo Messenger MSN Messenger 
jimhap

Joined: 03 Mar 2007
Posts: 63

PostPosted: Wed 04 Apr 2007, 19:00    Post subject:  

Another reason Puppy REALLY NEEDS multiuser rebuild.......

Lots of software require multi user......
If you don't they say:
Quote:

Can't run as root


(something like that....)

Now a real life software example.....

Ever heard of the very popular Xscreensaver?
After installing OpenGL(by Mesa3D) I compiled this.
Then installed it.
And typing xscreensaver in the prompt, an error....

Quote:

sh-3.00# xscreensaver
xscreensaver: couldn't get user info of uid 65534
xscreensaver: 18:18:05: running xscreensaver-gl-helper: Permission denied
xscreensaver: 18:18:05: already running on display :0.0 (window 0x2800037)
from process 32070 (???@puppypc).
sh-3.00#



Now I wasn't a that much of a newbie, so I went to CHMOD the "xscreensaver-gl-helper"
to 777. It was successful in CHMODing, but running it again.....


Quote:

sh-3.00# chmod 777 /usr/local/bin/xscreensaver-gl-helper
sh-3.00# xscreensaver
xscreensaver: couldn't get user info of uid 65534
xscreensaver: 18:20:38: running xscreensaver-gl-helper: Permission denied
xscreensaver: 18:20:38: already running on display :0.0 (window 0x2800037)
from process 32070 (???@puppypc).
sh-3.00#


And to find a little more details.....(killing the already running process.....)

Quote:

xscreensaver: couldn't get user info of uid 65534
xscreensaver: 18:21:42: running xscreensaver-gl-helper: Permission denied
xscreensaver: 18:21:42: locking is disabled (running as <unknown>).
xscreensaver: 18:21:42: locking only works when xscreensaver is launched
by a normal, non-privileged user (e.g., not "root".)
See the manual for details.



Now for a surprise.... This wasn't that much of a detail, right? Look at this.....

Quote:

sh-3.00# xscreensaver-demo
xscreensaver-demo: 18:24:18: we're still running as root! Disaster!
xscreensaver: couldn't get user info of uid 65534
xscreensaver: 18:24:23: running xscreensaver-gl-helper: Permission denied

xscreensaver: 18:24:23: locking is disabled (running as <unknown>).
xscreensaver: 18:24:23: locking only works when xscreensaver is launched
by a normal, non-privileged user (e.g., not "root".)
See the manual for details.

xscreensaver-demo: 18:24:28: we're still running as root! Disaster!
xscreensaver-demo: 18:24:31: we're still running as root! Disaster!


sh-3.00#


So you can see, xscreensaver DOES NOT want you to be root.

And even creating another user doesn't work!

Running is says access denied, and some errors...

And Puppy hates multi users!

Quote:

sh-3.00# login demo
Password:
-sh: error while loading shared libraries: libreadline.so.5: cannot open shared object file: Permission denied
sh-3.00#



So can anyone please recompile Linux for multiuser????

A couple notes....

I am developing a dotPup for OpenGL's Mesa3d along with prerequisites and the Xscreensaver itself.

The first shots of the terminal are when XScreensaver is already running. The last ones are no running processes of XScreensaver.
Back to top
View user's profile Send private message Visit poster's website 
John Doe

Joined: 01 Aug 2005
Posts: 1689
Location: Michigan, US

PostPosted: Thu 26 Jul 2007, 03:17    Post subject:  

*bump*
Back to top
View user's profile Send private message 
DavidBell

Joined: 24 Nov 2006
Posts: 132

PostPosted: Fri 03 Aug 2007, 20:28    Post subject:  

I was just wondering the last couple of days, could you do a frugal/multisession multiuser just by swapping pup_save files? My undestanding is these files contain all your settings and docs (if you save into it).

So if it found pup_save_david.2fs and pup_save_johnny.2fs both in mnt/home it would just pop up a dialog and let you select the one you want, the same as it does now when it finds .sfs files there. Maybe a SaveNow for frugals could have an option of making a new pup_save.

I guess it would have to be earlier in the boot process so things like XOrg setting would stick etc.

I can't really follow it, but maybe this is what people are already suggesting above? Seems easy from my amateur perspective.

David
Back to top
View user's profile Send private message 
richard.a


Joined: 15 Aug 2006
Posts: 510
Location: Adelaide, South Australia

PostPosted: Fri 03 Aug 2007, 21:02    Post subject:  

David,

Two things...

1 -- I've found that in many cases, regardless of what computer hardware has been seen when a pup_save.(x)fs file is created - ie even if it wasn't the machine you are currently seated at (with different hardware etc) that you can use that file in the new location with probably little more than having to run xorgwizard over again.

2 -- I have even copied the same pup_save.(x)fs file under several different names to the same drive filesystem root directory, for subsequent editing into specific different configurations.

You probably need to remember to keep evident in the filename the version of puppy, because otherwise you run the risk of destroying the configuration by accidentally upgrading to a more recent version. Like this...

Quote:
pup_save_202basic.3fs
pup_save_215ce.3fs
pup_save_216ex.2fs


I regularly save to different drives (including USB IDEs) and different partitions without much of a problem.

If they are FAT partitions where you save them, though, they often become badly fragmented, which the NT defragmenter isn't always clever at handling. One reason I keep win98SE around is for defragmenting big files like these, and also VMware Virtual Machine files which also seem to get laid down badly.

If you have your pup_save files on an USB IDE HD, then you can transport them to a w98 computer to defrag them Smile


Regarding sfs files, I haven't yet discovered what you need to do to select them, because I've never seen a menu. Perhaps you can enlighten me here? Very Happy

Richard

_________________
Have you noticed editing is always needed for the inevitable typos that weren't there when you hit the "post" button?


Back to top
View user's profile Send private message 
DavidBell

Joined: 24 Nov 2006
Posts: 132

PostPosted: Fri 03 Aug 2007, 22:23    Post subject:  

richard.a wrote:

Regarding sfs files, I haven't yet discovered what you need to do to select them, because I've never seen a menu. Perhaps you can enlighten me here?


When I restart X in 2.16 I get the attached dialog, maybe you need some sfs in /mnt/home before it shows? Anyway it occured to me something very similar could let you select the 'user' by presenting a list of 'pup_saves'.

I started thinking about this, because recently I've been using a frugal install on HDD, saving documents to /mnt/home (ie direct to HDD instead of via pup_save). This way pup_save just has my applications and settings, and I use it to set up new installs without remastering (which I haven't tried yet).

Point taken on keeping different versions marked.

DB
sfsbootmanager.png
 Description   
 Filesize   28.06 KB
 Viewed   2674 Time(s)

sfsbootmanager.png

Back to top
View user's profile Send private message 
minoruhackerguy

Joined: 27 Nov 2007
Posts: 31

PostPosted: Fri 07 Mar 2008, 05:35    Post subject:  

*Sigh* Boy, people have such misconceptions about hackers. Confused Ok, basically, hacking is not breaking into others computers. That's cracking (CRiminal hACKING). Or, if you prefer, black hat hacking. MOST hackers aren't like what you here about on tv. *If you google search ethical hacking, you'll see what I mean.* Hackers test security with consent. There are even government issued hacking licenses. Besides that, 9 out of 10 cracker only know enough to cause a little trouble. In order to hack a linux box, you need a lot of skill. I agree completely with making a multiuser puppy. But really, it IS like.. impossible to hack a linux computer. The only way it's possible is by users making extreme changes to security or using things like IM clients that are old and insecure. *Even then, you normally can't cause much damage*

Still it would be nice to know that, if a cracker got into the computer, it would be hell for them to cause damage.[/b]
Back to top
View user's profile Send private message Visit poster's website AIM Address 
stevenbinion


Joined: 24 Aug 2007
Posts: 180
Location: Pittsburgh, PA - United States

PostPosted: Fri 07 Mar 2008, 13:18    Post subject:  

I'm glad I found this thread. will be quite useful.
Back to top
View user's profile Send private message Visit poster's website AIM Address Yahoo Messenger MSN Messenger 
ICQ Number 
Farwater


Joined: 24 Mar 2008
Posts: 28
Location: Singapore

PostPosted: Mon 24 Mar 2008, 20:32    Post subject:  

Hi everyone!
Glad to meet you!

I'd like to continue describing the solution on multiple users proposed by monkeyweb. What'd like to show here is how to extend his idea to actually use all the programs like openoffice or sound mixer. And thus to create a truly usable second user account with fuctionality restricted only for security reasons. This is what I'm currently using on my puppy 3.01 installed onto my HD (not frugal).


Create a decent home directory for spot user

Code:
mkdir /home/spot


Copy the user profile from root's template

Code:
cp -R /root/* /hоmе/spot/
chown -Rh spot /home/spot


In /etc/init.d let's create an inituserspot script to initialize
the permissions for the whole spot group every time we boot up

Code:
echo "echo '' > /tmp/xerrs.log ; chgrp -R spot /tmp ; chmod -R g+rw /tmp ; chgrp spot /etc/.XLOADED ; chmod g+rw /etc/.XLOADED" > /etc/init.d/inituserspot


Don't forget to make the script executable, of course

Code:
chmod 755 /etc/init.d/inituserspot



And finally reboot and login as spot into a complete, but still secure working environment.

With this simple setup spot can work pretty much with all the programs installed in the system and modify any files in his directory and in /tmp/. What he can NOT is summarized below:

1. Modify the files in the directories which are not his, unless he was allowed explicitly.
2. Install/uninstall programs.
3. Mount/umount, create, delete and format file systems.
4. Start xterm or rxvt. ( although, he can leave X to a command line).
5. Switch off/reboot the system.


PS: Sorry if this method is already outdated Shocked

Last edited by Farwater on Tue 25 Mar 2008, 13:25; edited 3 times in total
Back to top
View user's profile Send private message 
Farwater


Joined: 24 Mar 2008
Posts: 28
Location: Singapore

PostPosted: Tue 25 Mar 2008, 02:27    Post subject: One more note to my previous post.  

In my original post above I used the idea to change the user's permissions, however later I changed the code to focus on group permissions.

This way the whole group spot can now run X with applications. It means that now we are not limited by a single user any longer - we can add more !

So, let's add them! Currently I'm writing a script for generating X-applications capable user accounts automatically. The script is based on the method proposed above - just automated for our convenience.
Back to top
View user's profile Send private message 
Farwater


Joined: 24 Mar 2008
Posts: 28
Location: Singapore

PostPosted: Tue 25 Mar 2008, 08:08    Post subject: Truly multiuser now, I guess  

The script is ready.

The usage is as follows:

Code:
onemorexuser USERNAME UID [ STUBDIR  [ HOMEDIR ] ]



The script accepts 2 mandatory arguments - the name of the user you'd like to create and his/her UID. The other two arguments are optional.

The third argument is the name of the directory you'd like to use as a template - in order not to leave him with just plain X server. The default value is /root

The fourth argument is the name of the home directory which will be created as a copy of STUBDIR. The default value is /home/USERNAME

So, everything is just really easy. You run the script as a root. Wait patiently until it copies the whole STUBDIR. After that it will prompt you for a password for the newly generated user. And that's it!

Code:
Ctrl-Alt-Bcksp   ;  logout  ;   login USERNAME  ;  xwin


And you will see your shining desktop with all the applications ready!

Examples.

Code:
onemorexuser  puppyuser  123  /puppyhome   /home/myself


will create a user puppyuser with UID=123 with home dir at /puppyhome copied from /home/myself

Code:
onemorexuser  justme 124


will create a user justme with UID=124 with home dir at /home/justme copied from /root

Code:
onemorexuser  alsome  125  /home/me/secondme


will create a user alsome with UID=125 with home dir at /home/me/secondme copied from /root


Two more things are to be mentioned:

1. The users which it creates are real. I.e., they won't disappear after rebooting. To delete them you'll have to erase the records from /etc/passwd and /etc/shadow

2. All of the users created by the script belong to the same group spot GID=502. Through their membership in this group they share the ability to manipulate X, /usr/bin, etc., etc. You are free to add them to other groups, however, better don't delete them from 502.

For further details please see the code - its really simple and self-explaining.

The version has been tested on HD-full-install and USB-frugal.
With frugal the only problem I found was accessing openoffice from .sfs

Recently added:

xonemoreuser - the same program, but with GUI for X with GTK (standard).

It doesn't require any command line options: all the customizations are done using menus and dialogs.

Please note that the final step (setting a password for the newly created users is propted automatically by the console version of the script only. If you are planning to use the GUI version, after adding each user please don't forget to setup a password for the user by typing in the console:

Code:
passwd newusersname


, where newusersname is the name of the user you've just created with xonemoreuser.

Have fun! Smile
xonemoreuser-en.tar.gz
Description 
gz

 Download 
Filename  xonemoreuser-en.tar.gz 
Filesize  2.59 KB 
Downloaded  555 Time(s) 
xonemoreuser.jpg
 Description   
 Filesize   20.75 KB
 Viewed   1864 Time(s)

xonemoreuser.jpg

onemorexuser.zip
Description 
zip

 Download 
Filename  onemorexuser.zip 
Filesize  2.17 KB 
Downloaded  554 Time(s) 

Last edited by Farwater on Mon 28 Apr 2008, 09:32; edited 7 times in total
Back to top
View user's profile Send private message 
Farwater


Joined: 24 Mar 2008
Posts: 28
Location: Singapore

PostPosted: Tue 25 Mar 2008, 12:14    Post subject: A bug in the script corrected !  

I apologize before the one who already have downloaded the script. I found a small, but very nasty mistake in it which prevented users from writing into their own directories. It's not even a bug - it's just I forgot to add one more line to the current file.

Now the file is updated and I can assure you that it works properly !!!
Back to top
View user's profile Send private message 
Display posts from previous:   Sort by:   
Page 3 of 5 [75 Posts]   Goto page: Previous 1, 2, 3, 4, 5 Next
Post new topic   Reply to topic View previous topic :: View next topic
 Forum index » Advanced Topics » Cutting edge
Jump to:  

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group
[ Time: 0.1306s ][ Queries: 13 (0.0060s) ][ GZIP on ]