Run puppy as spot

For discussions about security.
Message
Author
noryb009
Posts: 634
Joined: Sat 20 Mar 2010, 22:28

#21 Post by noryb009 »

Ok, you have all convinced me that running as root does not matter. As I said in the third post, "You may not want it, I might not want it, but some people do want it".

This is about adding a bit of security (some people feel it adds some, you have all proven them wrong) and giving *some* users what they want. Some people don't want to run as root. I don't see why we make them.

User avatar
rcrsn51
Posts: 13096
Joined: Tue 05 Sep 2006, 13:50
Location: Stratford, Ontario

#22 Post by rcrsn51 »

noryb009 wrote:I don't see why we make them.
Nobody is making anybody do anything. If someone doesn't want to run as root, they can get another Linux. It's as simple as that.

Or they can run their browser as non-root, if that makes them feel safer.

Bruce B

#23 Post by Bruce B »

rcrsn51 wrote:
noryb009 wrote:I don't see why we make them.
Nobody is making anybody do anything. If someone doesn't want to run as root, they can get another Linux. It's as simple as that.
In any distro a person can damage or delete his user files.

In a frugal install, periodic backups of the pupsave file are recommend.

Deleting or damaging system files would be hard. If the user thinks he
deleted them, it is only a virtual delete and easy to get them back.

Conversely, with conventional type installs, the system files can be
compromised or deleted.

~

noryb009
Posts: 634
Joined: Sat 20 Mar 2010, 22:28

#24 Post by noryb009 »

rcrsn51 wrote:
noryb009 wrote:I don't see why we make them.
Nobody is making anybody do anything. If someone doesn't want to run as root, they can get another Linux. It's as simple as that.
This is one thing about linux - specialty. Puppy is one of the best supporters of old hardware, but it doesn't have user support. Debian has user support, but it only releases once every few years. Red Hat has tons of support, but it costs a yearly fee to use. The Canterbury Project was a step forward - and it was an April Fools joke!
rcrsn51 wrote:Or they can run their browser as non-root, if that makes them feel safer.
And the number of people who know this, without spending hours on this forum?

Bruce B

#25 Post by Bruce B »

noryb009 wrote:And the number of people who know this [spot], without spending hours on this forum?
I've not heard Windows users complain about running as a privileged user.

The Linux command adduser is fundamental. Spot is incidental. If you didn't
know about adduser, why not? Or maybe better asked, who's responsible?

~

User avatar
mickee
Posts: 207
Joined: Tue 08 Feb 2011, 14:59
Location: Saskatoon SK Canada, Gateway 5300 Laptop, 600MHz Celeron, 384MB RAM, lucid puppy 5.2 (Full Install)
Contact:

#26 Post by mickee »

Bruce B wrote:
noryb009 wrote:And the number of people who know this [spot], without spending hours on this forum?
I've not heard Windows users complain about running as a privileged user.
Exactly, for Pre Vista. On my Win 7 box, I run as a Standard User, and have my admin account when I need it. Being Windows, I find a (false) sense of security, in believing that things won't get by UAC or my eyes... but you know what? The nasties still get on my PC on rare occasions. I feel quite safe using puppy as root, and I do have browsesafe I use when I know I am going on a suspicious site.
[img]http://i17.photobucket.com/albums/b68/The_Wizard_of_OZ/Lindows-NOT-1.jpg[/img]
Linux is [i][b]NOT[/b][/i] Windows. Doesn't [i][b]PRETEND[/b][/i] to be, Doesn't [i][b]WANT [/b][/i]to be; Don't try to [i][b]MAKE[/b][/i] it be.

noryb009
Posts: 634
Joined: Sat 20 Mar 2010, 22:28

#27 Post by noryb009 »

Bruce B wrote:
noryb009 wrote:And the number of people who know this [spot], without spending hours on this forum?
I've not heard Windows users complain about running as a privileged user.

The Linux command adduser is fundamental. Spot is incidental. If you didn't
know about adduser, why not? Or maybe better asked, who's responsible?
I've heard Linux users complain about running as a privileged user.

Of course, the new user who has never used linux before is to blame! How dare they use linux without knowing all the commands, syntax for the commands, and assembler?

User avatar
Bernie_by_the_Sea
Posts: 328
Joined: Wed 09 Feb 2011, 18:14

#28 Post by Bernie_by_the_Sea »

noryb009 wrote: Of course, the new user who has never used linux before is to blame! How dare they use linux without knowing all the commands, syntax for the commands, and assembler?
A person really should know the basic commands and the syntax for those commands (but not assembler) before using any operating system. When my wife finally got her own computer rather than sharing mine the first thing she did was buy a copy of Windows XP for Dummies and read it cover to cover. She learned some things I didn’t know after using Windows since 3.1. Anyone new to Linux should get something like Running Linux, Linux Pocket Guide or Linux for Dummies and read it cover to cover. If she doesn’t she will remain a Dummy.

Although this forum treats Dummies well what it ends up with are Dummies who only know how to follow recipes -- follow steps 1, 2, 3 and 4 to accomplish A or do this and this and this to make your system do B. These Dummies then think they know how to do something in Puppy or worse yet in Linux and they’ll try it on a friend’s computer and destroy it because all they know is a recipe that works only on their own machine and their own software version.

nooby
Posts: 10369
Joined: Sun 29 Jun 2008, 19:05
Location: SwedenEurope

#29 Post by nooby »

Although this forum treats Dummies well what it ends up with are Dummies who only know how to follow recipes -- follow steps 1, 2, 3 and 4 to accomplish A or do this and this and this to make your system do B.

These Dummies then think they know how to do something in Puppy or worse yet in Linux and they’ll try it on a friend’s computer and destroy it because all they know is a recipe that works only on their own machine and their own software version.

Bernie is right on! :)
I use Google Search on Puppy Forum
not an ideal solution though

User avatar
mickee
Posts: 207
Joined: Tue 08 Feb 2011, 14:59
Location: Saskatoon SK Canada, Gateway 5300 Laptop, 600MHz Celeron, 384MB RAM, lucid puppy 5.2 (Full Install)
Contact:

#30 Post by mickee »

Bernie_by_the_Sea wrote:
Although this forum treats Dummies well what it ends up with are Dummies who only know how to follow recipes -- follow steps 1, 2, 3 and 4 to accomplish A or do this and this and this to make your system do B. These Dummies then think they know how to do something in Puppy or worse yet in Linux and they’ll try it on a friend’s computer and destroy it because all they know is a recipe that works only on their own machine and their own software version.
Guilty. (of being a Linux/Puppy dummy :oops: )
[img]http://i17.photobucket.com/albums/b68/The_Wizard_of_OZ/Lindows-NOT-1.jpg[/img]
Linux is [i][b]NOT[/b][/i] Windows. Doesn't [i][b]PRETEND[/b][/i] to be, Doesn't [i][b]WANT [/b][/i]to be; Don't try to [i][b]MAKE[/b][/i] it be.

User avatar
Lobster
Official Crustacean
Posts: 15522
Joined: Wed 04 May 2005, 06:06
Location: Paradox Realm
Contact:

#31 Post by Lobster »

Puppy Raspup 8.2Final 8)
Puppy Links Page http://www.smokey01.com/bruceb/puppy.html :D

noryb009
Posts: 634
Joined: Sat 20 Mar 2010, 22:28

#32 Post by noryb009 »

Lobster wrote:Fido will save you
http://bkhome.org/blog/?viewDetailed=02240
:D

User avatar
Bernie_by_the_Sea
Posts: 328
Joined: Wed 09 Feb 2011, 18:14

#33 Post by Bernie_by_the_Sea »

Okay, to avoid letting Fido in the house we could try cleaning up spot.

Barry wants the "browser working perfectly in every respect. That would include GTK themes, SSL, font rendering, etc. Plus, a mechanism for downloading files outside of /root/spot is needed." He also wants "drag-and-drop browser to the desktop and other rox windows."

My spot browser system (that is a total of 26 bytes) works with drag-and-drop. I just copied it from /root/ to /usr/share and I can drag it to the desktop. My SeaMonkey fonts in spot look fine. How is font rendering tested? Mine is not using my GTK theme -- I'll look at that. SSL? How is this tested? SSL for what? Internet banking? Web hosting? Privacy? Security? Downloads outside of /root/spot? It looks like that might cancel browser-in-spot security.
^
Last edited by Bernie_by_the_Sea on Sat 30 Apr 2011, 15:51, edited 1 time in total.

jpeps
Posts: 3179
Joined: Sat 31 May 2008, 19:00

#34 Post by jpeps »

Bernie_by_the_Sea wrote:Okay, to avoid letting Fido in the house we could try cleaning up spot.

Barry wants the "browser working perfectly in every respect. That would include GTK themes, SSL, font rendering, etc. Plus, a mechanism for downloading files outside of /root/spot is needed." He also wants "drag-and-drop browser to the desktop and other rox windows."

My spot browser system (that is a total of 26 bytes) works with drag-and-drag. I just copied it from /root/ to /usr/share and I can drag it to the desktop. My SeaMonkey fonts in spot look fine. How is font rendering tested? Mine is not using my GTK theme -- I'll look at that. SSL? How is this tested? SSL for what? Internet banking? Web hosting? Privacy? Security? Downloads outside of /root/spot? It looks like that might cancel browser-in-spot security.
I think gmail uses SSL; it will probably work in Spot. Fonts generally get installed to /usr/share/fonts, so will need permissions. I use msttcorefonts, so would have to place them somewhere else to work with SPOT.

User avatar
rcrsn51
Posts: 13096
Joined: Tue 05 Sep 2006, 13:50
Location: Stratford, Ontario

#35 Post by rcrsn51 »

jpeps wrote:Fonts generally get installed to /usr/share/fonts, so will need permissions. I use msttcorefonts, so would have to place them somewhere else to work with SPOT.
You shouldn't need write permission to use a font. Spot should still have read permission on places like /usr/share/fonts.

jpeps
Posts: 3179
Joined: Sat 31 May 2008, 19:00

#36 Post by jpeps »

rcrsn51 wrote:
jpeps wrote:Fonts generally get installed to /usr/share/fonts, so will need permissions. I use msttcorefonts, so would have to place them somewhere else to work with SPOT.
You shouldn't need write permission to use a font. Spot should still have read permission on places like /usr/share/fonts.
You're right, they're available. They didn't initially show up because my setting are in /root

User avatar
L18L
Posts: 3479
Joined: Sat 19 Jun 2010, 18:56
Location: www.eussenheim.de/

run puppy as spot

#37 Post by L18L »

Browsing as root and spot will confuse everybody
Downloads
The only change in our behaviour is that installing directly from browser will not work for spot. It is just 1 click more if Downloads is opened in rox.
But the entire discussion is for safety of especially new users (and reviewers' opinions about puppy)
So
- browsing as root should become not possible anymore.
- /root/Downloads will be owned by spot
- changes in browser configuration: no open as petget
- offering only directories writeable by spot

HTTPS
no problem, I have already inspected my banking account as user spot

Drag and Drop no problem to drag text from browser to root's console or geany

So I am very confidont :)

User avatar
rcrsn51
Posts: 13096
Joined: Tue 05 Sep 2006, 13:50
Location: Stratford, Ontario

#38 Post by rcrsn51 »

In Quirky 1.3 and Wary 5.11, sound doesn't work in Spot. You can fix it by increasing permissions

Code: Select all

chmod -R o+rw /dev
L18L wrote:browsing as root should become not possible anymore.
So what happens to a user with a frugal install inside a Windows partition whose savefile isn't big enough to hold a download?

Bruce B

#39 Post by Bruce B »

rcrsn51 wrote:So what happens to a user with a frugal install inside a Windows partition whose savefile isn't big enough to hold a download?
Does Windows understand Linux permissions?

On a Linux partition, I made a download directory, outside pupsave, with spot as
the owner. Spot can read and write to this directory.

Then of course that directory is spot's default download directory. To keep
things more orderly, spot can make subdirectories within it, before committing the download.

~

User avatar
rcrsn51
Posts: 13096
Joined: Tue 05 Sep 2006, 13:50
Location: Stratford, Ontario

#40 Post by rcrsn51 »

Does Windows understand Linux permissions?
That's the point. Forcing users to browse as Spot means that they can only download into a Linux partition.

Post Reply