Puppy Linux Discussion Forum Forum Index Puppy Linux Discussion Forum
Puppy HOME page : puppylinux.com
"THE" alternative forum : puppylinux.info
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

The time now is Wed 21 Aug 2019, 03:44
All times are UTC - 4
 Forum index » House Training » Users ( For the regulars )
How to run as user in Dpup? (Not as root)
Moderators: Flash, Ian, JohnMurga
Post new topic   Reply to topic View previous topic :: View next topic
Page 2 of 2 [22 Posts]   Goto page: Previous 1, 2
Author Message
s243a

Joined: 02 Sep 2014
Posts: 2036

PostPosted: Mon 06 May 2019, 22:37    Post subject:  

SolusUmbra wrote:
I got the mount part and then you lost me.... haha but knowing one way is better then none. I guess it would be no different from mounting a usb drive to use right? In which case the computer seems to do it for me. Unless I’m thinking of something totally different.


To manually mount a drive you can either use pmount or you can type in the Comand at a terminal.
Back to top
View user's profile Send private message Visit poster's website 
rufwoof


Joined: 24 Feb 2014
Posts: 3340

PostPosted: Tue 07 May 2019, 06:08    Post subject:  

rufwoof wrote:
Fundamentally, 'nix's are multi-user - intended for multiple users using the same system, where administrators have higher permissions than regular users and groups of users are separated, sales team not having access to accounts team data ...etc. Puppy is a single user system, where you are both user and administrator. Little point in separating yourself, except perhaps if a family system and you want to protect the setup when the kids are using the PC.

For all but script-kiddies, running as spot or any other non root userid is near as good as useless under Puppy. Its trivial for a cracker to elevate to root under Puppy. Running as root (should) make you more thoughtful, whilst in some respects is safer. Each time anyone enters a password within X (gui) for instance is a potential vulnerability, as X is relatively old and insecure. With Puppy, you don't enter passwords within X, so that's one less vulnerability.

Good practice is to set Puppy to not save, excepting when you specifically chose to do so, and only do so against a clean boot. i.e. initially boot a clean version, tweak things as desired and then save those changes, and thereafter boot that clean version, use it, shut down without saving (so the next boot after that is also 'clean'). When you want to make changes, such as updates, boot, apply the updates to the clean version and save (so you have a updated clean version). For non system files/folders, save those outside of Puppy space (not in the save file/folder) so that changes to that data/files are persistent across reboots (many use a separate partition or usb for such data).

If you boot a clean system, go directly to your banks web site, nowhere else before or after, and reboot again, there's little opportunity for a cracker to crack your system during that 'sensitive' session - even if you're using old/outdated software.

Yes in the more general use case, casually browsing around, you could be cracked, but so also might any other system. A nice feature however is that even if a session is cracked, at the next reboot any keyloggers or other crack installed by the cracker will be lost, similar to as though you'd completely reinstalled the OS. Other systems however are more vulnerable to cracks remaining persistent across reboots.

That's part of the reason why most prefer to frugally boot Puppy rather than doing a full install to HDD. A full install in effect becomes similar to other systems, i.e. cracks might be made persistent. Saving repeatedly after each session is also little different to having fully installed to HDD.

You'll tend to hear two extremes. One saying that you should never run as root, others saying that Puppy/Linux is impervious/invulnerable. Neither are right - security is a practice not a product, and even then potentially flawed (crackers only need a weakness for a instant, security has to be 100% all of the time, and in a ever changing world bugs will always occur (a security bug is no different to any other bug, except that its a bug that a cracker can exploit to circumvent security)).

Turning my already relatively lengthy previous post as above into a mini book :

For a frugal install look to install-to/boot-from a usb, and use a encrypted save file stored on HDD. That way once the system has booted remove the usb so that its contents are safe. A cracker can't insert nasties into the MBR, grldr, initrd (with integral main sfs) or vmlinuz (OS). Lose that 'key' (usb) and the finder has a open copy of Puppy OS files, that are freely available anyway. Lose your laptop and without the encrypted save file password the content of that isn't readable.

I take that a step further and signed up for a free hashbang.sh ssh account. I store the .ssh folder that contains the ssh keys on the usb, in a encrypted folder so again without that anyone finding the usb cannot see my ssh keys. Immediately after booting and before pulling the usb I set up a ssh socks connection and once that's up and running I close the encrypted .ssh folder, umount and remove the usb. Once the ssh link is up and running the ssh keys are no longer required, and as the ssh keys are on usb - that has been removed, a session cracker cannot download the .ssh folders contents and crack the ssh keys password using their own system(s).

Setting up a ssh socks is as simple as running the following command in a terminal (or script)

ssh -D 9999 -q -C -N xxxxx@ny1.hashbang.sh

where xxxxx has been substituted for my hashbang.sh userid.

Once that's up and running, in Seamonkey (that most Puppy's come with) you open up Edit, Preferences, Advanced, Proxies and then click the Manual option, and then click the Advanced option for that and in the Socks box enter localhost and in the Port box enter 9999 (as we used port 9999 in the above ssh command), tick the Socks5 choice and also tick the Use for Resolving Hostnames choice.

What that does is set seamonkey to route traffic (web page requests/content) through that ssh tunnel. Your ISP (and hence state) only get to see that you ssh'd into a remote box, and encrypted traffic flowed through that link. Web sites you visit wont see your ISP, instead they see then ssh servers IP. That does involve trusting the ssh server, so for banking its best IMO to revert to 'normal' i.e. using your ISP (go back into Preferences and revert to Automatic (turn the manual proxy option off).

When using socks, you can test that using https://www.dnsleaktest.com/ which should show another IP than your actual IP and if you click on the Standard Test option should show that dns traffic is also not your dns.

Another benefit of having your Puppy boot from a usb is that you can carry that around and use it to boot on other PC's. You might also want to periodically copy the (encrypted) save file to that USB both as a backup, and just in case you want to access that when you only have the usb and not your laptop.

Another nice thing to set up in addition to socks is to sshfs mount a ssh server as though it were a local folder i.e. that you can open with rox like any other folder. The ssh command to do that looks like

mkdir /hb
sshfs xxxxx@ny1.hashbang.sh:/home/xxxxx /hb &

With hashbang.sh you can also ssh directly into their server and by default that runs a tmux session with irc and mutt (email).

The above is all very "command line" however, so more for the 'experienced' user who is familiar with cli and scripts and Puppy in general. I've outlined it here purely as a potential path to progress down with time and as the reason why may who use Puppy opt to frugally boot from usb and store changes in a save file.

I used hashbang in the examples above, as that's what I use, there are however other choices of ssh server around. With enough experience you might even set up your own ssh server at home and use that from your laptop when out and about. A benefit in doing that is that you're using your home internet connection to access all web pages, and in connecting to your home system using ssh and keys, that validates that there isn't a man-in-middle attack at the internet cafe or wherever you are, because if there is when you try to connect to your home ssh server it will throw out a warning that the host or keys have 'changed', which should set alarm bells ringing (power off your laptop and move on).

For data, ensure you keep back copies including at least one disconnected copy ideally stored at another family members home and for sensitive data store that in encrypted form, ideally where you only attach and use that data as/when required, ideally after a 'clean' boot and with the internet connection disabled.

The reality is that its all quite simple once your into the habit of running things the Puppy way. Just that its a different way to 'normal'. It will hook you however, such that you'll be more conscious of reverting to using 'normal' systems and the 'updates' and virus scans, cleaning ...etc that involves, whilst still browsing around using a system where cracks might have occurred at any time in the past and where those cracks remain persistent across reboots (virus scanners only flag 'known' viruses and lag the actual number of viruses out there).

But in the first instance, you'll likely be best served by looking to initially install and get your Puppy up and running using a usb (or some use CD/DVD) and a frugal type install/setup. From there with time you'll expand/develop upon that and have at least started on the right path from the offset. You've overcome the biggest hurdle when you have one version of Puppy booting already, as that makes it much easier to move onto the next stage. There are tools/options to create a usb based Puppy in most/all Puppy's. Personally I do it manually as I like to format the entire usb to ext3 format, install grub4dos (to the mbr of the usb) and then copy across the initrd/vmlinuz (and main sfs file if its not inside initrd) and edit menu.lst (boot menu) on the usb to boot it. Again very technical, but becomes easy with time. Fundamentally here I'm proposing the use of a ext3 format choice for your usb's, a better choice IMO compared to using ext2 or ext4. A ext3 formatted usb also serves as a bit of a security barrier as well, as if lost a finder is more inclined to plug it into a Windows machine that wont see what's on the usb (at least I think that's the case, haven't used Windows myself for years now).

_________________
( ͡° ͜ʖ ͡°) :wq
Fatdog multi-session usb

echo url|sed -e 's/^/(c/' -e 's/$/ hashbang.sh)/'|sh
Back to top
View user's profile Send private message 
perdido


Joined: 09 Dec 2013
Posts: 1316
Location: ¿Altair IV , Just north of Eeyore Junction.?

PostPosted: Tue 07 May 2019, 08:41    Post subject: Re: How to run as user in Dpup (not as root)  

SolusUmbra wrote:
When I installed Dpup it didn’t ask me to create a user and just put me as root. Now after being told and doing some more reading that for safety I really should create a user instead of using root. So my question is how do I go about doing this?


2nd half of this post from user 2byte has simple instructions for setting up a limited user & browser.
http://www.murga-linux.com/puppy/viewtopic.php?p=617719#617719

.
Back to top
View user's profile Send private message 
SolusUmbra

Joined: 11 May 2017
Posts: 120

PostPosted: Wed 08 May 2019, 16:53    Post subject: Re: How to run as user in Dpup (not as root)  

perdido wrote:
SolusUmbra wrote:
When I installed Dpup it didn’t ask me to create a user and just put me as root. Now after being told and doing some more reading that for safety I really should create a user instead of using root. So my question is how do I go about doing this?


2nd half of this post from user 2byte has simple instructions for setting up a limited user & browser.
http://www.murga-linux.com/puppy/viewtopic.php?p=617719#617719

.


It says to install Avast for linux but I can't find how to do that, any advice?
Back to top
View user's profile Send private message 
s243a

Joined: 02 Sep 2014
Posts: 2036

PostPosted: Wed 08 May 2019, 17:05    Post subject: Re: How to run as user in Dpup (not as root)  

SolusUmbra wrote:
perdido wrote:
SolusUmbra wrote:
When I installed Dpup it didn’t ask me to create a user and just put me as root. Now after being told and doing some more reading that for safety I really should create a user instead of using root. So my question is how do I go about doing this?


2nd half of this post from user 2byte has simple instructions for setting up a limited user & browser.
http://www.murga-linux.com/puppy/viewtopic.php?p=617719#617719

.


It says to install Avast for linux but I can't find how to do that, any advice?


Personally, I would only give an anti-virus "read-only" access to my linux system and let it view files only in (or linked to) LD_LIBRARY_PATH and PATH. I also wouldn't run an anti-virus in the background. Actually, if you scan your system for changes to the checksum (e.g. md5) then you only need to have the antivirus review the modified files.

Intelligence agencies have exploited anti-virus software because they typically have elevated permissions.
Back to top
View user's profile Send private message Visit poster's website 
SolusUmbra

Joined: 11 May 2017
Posts: 120

PostPosted: Wed 08 May 2019, 17:34    Post subject: Re: How to run as user in Dpup (not as root)  

perdido wrote:
SolusUmbra wrote:
When I installed Dpup it didn’t ask me to create a user and just put me as root. Now after being told and doing some more reading that for safety I really should create a user instead of using root. So my question is how do I go about doing this?


2nd half of this post from user 2byte has simple instructions for setting up a limited user & browser.
http://www.murga-linux.com/puppy/viewtopic.php?p=617719#617719

.


Sad I tired to create the safebrowser user like they said to, and now I have everything messed up and not sure how to undo it.
Back to top
View user's profile Send private message 
SolusUmbra

Joined: 11 May 2017
Posts: 120

PostPosted: Fri 10 May 2019, 09:00    Post subject:  

Do I have to just completely reinstall?
Nevermind I got it
Back to top
View user's profile Send private message 
Display posts from previous:   Sort by:   
Page 2 of 2 [22 Posts]   Goto page: Previous 1, 2
Post new topic   Reply to topic View previous topic :: View next topic
 Forum index » House Training » Users ( For the regulars )
Jump to:  

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group
[ Time: 0.0559s ][ Queries: 11 (0.0083s) ][ GZIP on ]