Puppy Linux Discussion Forum Forum Index Puppy Linux Discussion Forum
Puppy HOME page : puppylinux.com
"THE" alternative forum : puppylinux.info
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

The time now is Tue 29 Jul 2014, 08:56
All times are UTC - 4
 Forum index » Off-Topic Area » Security
Run As The Root User Account
Post new topic   Reply to topic View previous topic :: View next topic
Page 2 of 3 [34 Posts]   Goto page: Previous 1, 2, 3 Next
Author Message
Eyes-Only


Joined: 10 Aug 2006
Posts: 1046
Location: La Confederation Abenaquaise

PostPosted: Sat 07 May 2011, 11:10    Post subject:  

Amen and Halleluia to the last two of you, sickgut and Chris, for very well-made statements!! I salute you each! ( Why can't we have a salute smiley? LOL! )

I'm being totally serious here. I can't remember if I posted earlier here in this thread ( hey, I've got a bad memory and I post a lot Razz ) but in over 25+ years as root in both Windows, BeOS, and Linux the worse I've done is accidently delete my email directory. But that didn't matter because I make often AND frequent backups ( which I believe Sickgut said we should be teaching people to do more of, right? ) and I'd lost only a few emails - none of any import really.

And as stated above about the firewall on Linux? I have to laugh at that one! I've gone to more of these "hacker sites" ( Not just the common one of "GMR" is it? He was a top hacker who turned to work for the Feds? ) and all they get is a "ping" reply that I'm here. But able to actually HACK my ports? They have to be opened for that to happen! And these "cracks" you hear about? - bingo! - those are "opened ports". DUH!

Sorry... I shouldn't allow myself to sit here and get upset over what has become my "Biggest Pet Peeve" as one day Mrs. Eyes-Only will find me slumped over the keyboard...

Oh, and by the way: The one here who had written that truly great essay about "Running in Root" ( I believe you had mentioned that Chris? ), the person who wrote that was Nathan of "GrafPup" fame. Someone around here - ruddy toothpick if I can recall just who now of course! - has a nice link to that essay in their sigfile. Really a brilliant exposition done by Nathan who is truly numbered as one of the "Linux Greats" in my book - even if I never could get along with the gentleman ( our personalities seemed to have clashed ), I much admired the man as I did learn oodles about Linux off from him as he had extreme patience with me!

And I guess this is far more than enough of my ramblings for today! Thanks everyone for enduring this "frothing-at-the-mouth". Sad

Cheers/Amicalement,

Eyes-Only
"L'Peau-Rouge d'Acadie"

_________________
*~*~*~*~*~*
Proud user of LXpup and 3-Headed Dog. Cool
*~*~*~*~*~*
Back to top
View user's profile Send private message 
SimpleWater

Joined: 19 Apr 2011
Posts: 95

PostPosted: Sat 07 May 2011, 16:11    Post subject:  

hello, thanks for sharing

yes puppy users have full beards. I have tried ubuntu, and found it a big annoyance to type in sudo, and after sudo be prompted with a user password completion. On everything, from updates, to deleting some files, to making slight changes in configuration files. I agree with sickgut, i mean, can you accidentally type in -rf /*? or any other destructive command? Anyone who knows bash does not just "accidentally" type in some bad code. Was there ever such a case?

And did anyone else notice 01micko on the list? I think he is supposed to be one of the puppy developers, anywho, i did the same. I have not been in linux for the longest time, but on windows there was never any reason not to be an administrator. If the teletubies ran as root, i run in root.

Eyes-Only wrote:
I'm being totally serious here. I can't remember if I posted earlier here in this thread


you might one to check page 1 Wink
Back to top
View user's profile Send private message 
Eyes-Only


Joined: 10 Aug 2006
Posts: 1046
Location: La Confederation Abenaquaise

PostPosted: Sun 08 May 2011, 11:34    Post subject:  

DUH!

Thanks oodles SimpleWater for pointing out my oversight! LOL!! ( Or would that be "undersight" since I missed so much? Whatever! Laughing ) And in the process you gave me several postings to read which I'd missed that were simply awesome!

Anyway, yeah... I've been so busy between emails, reading, and posting @ various topics here - unusual for me where I rarely ever venture outside of "Derivatives/Software" - that I often forget where I've posted and what I've said. lol. Oh well, as they say in English, "The mind is the first to go!"

It's true. Wink

Cheers/Amicalement,

Eyes-Only
"L'Peau-Rouge"

_________________
*~*~*~*~*~*
Proud user of LXpup and 3-Headed Dog. Cool
*~*~*~*~*~*
Back to top
View user's profile Send private message 
Aitch


Joined: 04 Apr 2007
Posts: 6825
Location: Chatham, Kent, UK

PostPosted: Sun 08 May 2011, 14:21    Post subject:  

If you 'accidentally' type rm rf /

You're a DORK!!

Throw your computer away, you are a waste of space, and a danger to everyone

Puppy [as root] Rules!

Eyes-Only [quote me for link]


Aitch Smile
Back to top
View user's profile Send private message 
jpeps

Joined: 31 May 2008
Posts: 3220

PostPosted: Sun 08 May 2011, 20:02    Post subject:  

I'd agree Puppy works just fine in root, and eliminates the whole sudo hassle. That said, I don't run in root and use sudo, not really for security but just because I'm used to it, and for me it adds colors...another step away from Windows that is unique to Linux. For example, running running a browser with sudo uses the config in /root, and without it uses a config in my designated home directory. There are many possibilities for those who like to fiddle with various permissions, write their own software, have other users on the machine, etc, etc. Linux provides an abundance of possibilities at the cost of some additional learning and complexity. As mentioned, some programs won't compile in /root, and common apps like cups need "nobody" to work.

BTW/ I once DID wipe out an entire partition with rm -r * accidentally. I think it was very late, and I thought I was inside a directory. It happens fairly quickly. It can also happen from within a script if something screws up. In that case, not being in root could really be a blessing.
Back to top
View user's profile Send private message 
2byte

Joined: 09 Oct 2006
Posts: 357

PostPosted: Sun 08 May 2011, 20:39    Post subject:
Subject description: Root isn't always the best
 

Well I'm going to stick my neck out here to point out a couple of things. As a preface I'll say this “I run as root with Puppy”, in a business network environment, 5 days a week all day long. Puppy 4.12 with wine even. I have been doing this since 2006 without one security event or system crash. Not one. It's my home system too and is even used to remotely access or administer our Debian server when need be. By the way, all browsing is done as spot.

That being said I want a Puppy that can run as a non-root user with a user and group of my choosing and it looks like 'Fido' is not going to get the job done. So yeah I'll try to make one myself.

Now why in the world would I want to do this? The answer is simple and has nothing to do with being protected from the baddies on the internet. For my own reasons I want more Puppy based computers on my work network and for business privacy they need to have limited access to their allowed folders on the company server. The average office worker has no business looking at company financial information or other employees personal data and even income. Some employees do need access to it. This requires a distinct login identity for each person and limited use of the computer. This isn't a fortune 500 company, it's a small mom & pop and even a part time IT manager is out of the question. We can't even afford the latest and greatest hardware.

So there you have it, and let me sum up with this. If Puppy were to be changed so that I could not be root when need be or I had to sudo everything I wouldn't give it the time of day.
~

_________________

Back to top
View user's profile Send private message 
jpeps

Joined: 31 May 2008
Posts: 3220

PostPosted: Sun 08 May 2011, 23:01    Post subject:
Subject description: Root isn't always the best
 

2byte wrote:


So there you have it, and let me sum up with this. If Puppy were to be changed so that I could not be root when need be or I had to sudo everything I wouldn't give it the time of day.
~


It's very simple to set up access to whatever you need with permissions. Then sudo gets used mainly when you're changing or removing things. My vim editor, for example, runs in read-only without sudo, which in an added feature, since there is no chance of accidentally changing code when I'm scrolling around or copying things.
Back to top
View user's profile Send private message 
2byte

Joined: 09 Oct 2006
Posts: 357

PostPosted: Mon 09 May 2011, 09:23    Post subject:  

jpeps wrote:
It's very simple to set up access to whatever you need with permissions
Hi jpeps,
Are you talking about Puppy here? Which version? Sudo doesn't exist on 4.12 nor does pam.

If you could tells us how to easily (even not so easily) get Puppy to boot as a user other than root or spot with a specified user group, run Open Office and various other programs, log in to the server and read, create and edit files only in permitted directories then I am all ears. BTW having more than one user per machine isn't a requirement for our needs, if that makes any difference.

Seriously, can this be done? And if so are you willing to tell us how, or point us in the right direction?
~

_________________

Back to top
View user's profile Send private message 
Eyes-Only


Joined: 10 Aug 2006
Posts: 1046
Location: La Confederation Abenaquaise

PostPosted: Mon 09 May 2011, 10:56    Post subject:  

Hi 2byte! Smile

Actually, if you take and change the last 2 numbers of your current version around ( 4.1.2 ) to make "4.2.1" and then search for "Pizzasgood's 4.2.1 multiuser puppy", you'll have exactly what you're looking for me thinks!

Reason being: Back when 4.2.1 came out there was such a clamour for a multiuser Puppy, much like Nathan's "Grafpup-2.0.1" ( I believe it was? ) as he too had made a multiuser Puppy, that Pizzasgood decided to try the same - to please those that wanted one - plus to see how difficult it would be to take on such a project. He detailed a lot of his work in the thread he'd made ( sorry I can't recall it off the top of my head hence why I've said you'll need to do a search... ). Such work is NOT for the faint-hearted, trust me. Both Nathan AND Pizzasgood have stated so each time. If I recall correctly it's because the programmes now in Puppy have been compiled for single-user use and had to be completely recompiled...

I hope this has helped?

Cheers/Amicalement,

Eyes-Only
"L'Peau-Rouge"

_________________
*~*~*~*~*~*
Proud user of LXpup and 3-Headed Dog. Cool
*~*~*~*~*~*
Back to top
View user's profile Send private message 
nooby

Joined: 29 Jun 2008
Posts: 10557
Location: SwedenEurope

PostPosted: Mon 09 May 2011, 11:24    Post subject:  

Pizzasgood has told his story somewhere and it was real hard works for weeks upon weeks him having to forsaken family and all and it was very tiring too. So I doubt it ever will happen again that somebody take upon them to try. It is too tedious to do even if one are good at it.

But that is my poor memory. Search can find the original text

But that version is not using the later drivers so it fails to get internet on some modern computers so one would need to add good drivers to it.

_________________
I use Google Search on Puppy Forum
not an ideal solution though
Back to top
View user's profile Send private message 
Bernie_by_the_Sea


Joined: 09 Feb 2011
Posts: 329

PostPosted: Mon 09 May 2011, 11:32    Post subject:  

http://puppylinuxnews.org/puplets/puppy421multiuseriso/

http://www.murga-linux.com/puppy/viewtopic.php?t=47409
Back to top
View user's profile Send private message 
2byte

Joined: 09 Oct 2006
Posts: 357

PostPosted: Mon 09 May 2011, 11:53    Post subject:  

Hi eyes-only, nooby, bernie

Thanks for taking the time to offer advice. I have tried PG's multiuser 4.21 and it almost fits the bill. Problems with 4.21 unrelated to his work make it undesirable for us. The Xorg for one thing, plus a no longer supported and unfamiliar build system. I suppose it could be remastered, and maybe that will be the route taken. However, I am attempting to apply some of the things I am learning from his instructions to a 5.25 remake via EZ-Woof. Slow going.... My thinking for taking this route is that it's already pretty compatible with 10.04 LTS and the Linux apps we need could be obtained from 10.04 or directly from the developers, thus already multiuser friendly. Most of what needs changing in Puppy are the scripts and gtkdialog apps that use hard coded references to /root. Anyone who is a programmer knows that hard coded paths are a major mistake in any software. Anyway, my desire for a minimal Puppy with multiuser is for a work environment, and a good number of the built in Puppy specific apps are not needed nor desired.

I realize it may be an exercise in futility, but something in me always seems to say "take the road less traveled"
~

_________________

Back to top
View user's profile Send private message 
jpeps

Joined: 31 May 2008
Posts: 3220

PostPosted: Mon 09 May 2011, 11:56    Post subject:  

2byte wrote:
jpeps wrote:
It's very simple to set up access to whatever you need with permissions
Hi jpeps,
Are you talking about Puppy here? Which version? Sudo doesn't exist on 4.12 nor does pam.

Seriously, can this be done? And if so are you willing to tell us how, or point us in the right direction?
~


I posted a build script in utilities a while back:
http://murga-linux.com/puppy/viewtopic.php?search_id=813141117&t=60258

It's simple to add additional groups or users; there's "adduser" and "addgroup". Spot, of course, is already set up.

Home directories are in /etc/passwd, and permissions set with chown.
If you want passwords, use "passwd [user]"

EDIT: I have an easy way of password protecting exiting back into root shell from user, if you need it.
Back to top
View user's profile Send private message 
SimpleWater

Joined: 19 Apr 2011
Posts: 95

PostPosted: Tue 10 May 2011, 08:00    Post subject:  

jpeps wrote:
BTW/ I once DID wipe out an entire partition with rm -r * accidentally. I think it was very late, and I thought I was inside a directory. It happens fairly quickly. It can also happen from within a script if something screws up. In that case, not being in root could really be a blessing.


If using pwd or ls is too much for you, you should consider editing your .bashrc to include your current working directory, I am very careful anyways, but i can see how software can blow up in your face. When i was experimenting with distros, i enabled compiz only to find out my graphics card could not handle it. My screen was filled with black and it restarts with compiz enabled. So looong distro! I think a regular account could not save you thereof. At least in my own situation.
Back to top
View user's profile Send private message 
Lobster
Official Crustacean


Joined: 04 May 2005
Posts: 15117
Location: Paradox Realm

PostPosted: Tue 10 May 2011, 09:13    Post subject:  

Quote:
If using pwd or ls is too much for you

Do not underestimate the unreasonable capacities of some users . . .
http://clientsfromhell.net/post/4963761018/me-how-can-i-help-you-today-maam-client-is

_________________
Puppy WIKI
Back to top
View user's profile Send private message Visit poster's website 
Display posts from previous:   Sort by:   
Page 2 of 3 [34 Posts]   Goto page: Previous 1, 2, 3 Next
Post new topic   Reply to topic View previous topic :: View next topic
 Forum index » Off-Topic Area » Security
Jump to:  

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group
[ Time: 0.1014s ][ Queries: 12 (0.0036s) ][ GZIP on ]