Setting up multiple users in Puppy

Under development: PCMCIA, wireless, etc.
Message
Author
ted142
Posts: 10
Joined: Sat 19 Aug 2006, 02:07
Location: State of Liberty

#16 Post by ted142 »

I don't know about "multiple users" but I would think supporting a package and how it interfaces with puppy version 2.x or 3.x would be, for the most part, less of a job than supporting a whole fork of puppy--which ultimately sounds like it would end up as "pupuntu" by reviewing the reasoning behind the above and other discussions. I just want to slip on some protection without rebooting or "no save" or whatever--particularly if its only going to be for a quick 20 minute session before I get back to critical research.

For example, I can start a vmware instance from an image in my workstation and wreak some ugly damage to the image by typing goggle.com or otherwise and its all contained quite nicely--bad active x scripts seem to be contained as well. But starting an operating system within an operating system just to "safely" leave the box--so to speak--seems like overkill. The effect is achievable with xen (even more so with virtual-enabled CPUs) with less resource consumption, but still overkill.

Barry seems driven to decrease Puppy's complexity with each evolution which is almost unheard of in "progressive development". Most of you cats are buying into this and getting real creative with simplicity and that rocks. I think, as you point out often enough, that a lot of this creativity is self-expression and we must choose our avenues of expression. Each of the derivatives offers insight into the hearts, minds and passions of their creators/maintainers and it is with great respect and admiration that I look upon graphpup, pizzpup, etc...as well as what Barry (and friends) has achieved.

pupuntu---hmmm

well off to look at what spot can do for me....

amish
Posts: 615
Joined: Sun 24 Sep 2006, 23:15

a bit of design philosophy

#17 Post by amish »

pupuntu
of the dozen or so distro's/derivatives i've tried since 1999, ubuntu was the first thing i was able to do anything useful with. i still use it to rip ogg files since i don't know how to install the ogg codecs for ripperx in puppy. (puppy can play mpg/mp3/ogg but writes wav or mp3... ripped oggs SOUND Beautiful.)

but i was unable to install anything without a connection to the internet (hold on, what i mean is that i had to have UBUNTU connected to the net, which wasn't possible and still isn't for me) and the package management wouldn't let me uninstall ANYTHING either. i appreciate that app-i-don't-care-about requires app-i-don't-care-about that-i'm-trying-to-uninstall but really, fine if you must bother me with that detail, but LET ME DO IT!

guesttoo's wonderful simple (in all aspects) package system in puppy changed all that.

because of this simplicity, ubuntu was left behind as the first distro that i could use for anything, for puppy: the first distro that i could use for anything that wasn't already a standard feature.

i had been trying to install dosemu (or dosbox when it came out) for 8 years, and thanks to mu, i was able to install dosbox (FINALLY) and run dos apps in linux. i was also able, within 6 months, to install dosemu at long last.

ubuntu i had to reinstall because of the way it forces you to not be root. sudo is a fine OPTION but when mandated IT SUCKS.

all in all, i can't freaking stand ubuntu.

now a word on simplicity

simplicity isn't simple. think of it as compression: yes, compression makes a file smaller but it takes a sophisticated (complex) algorithm to make it compress. the more compression there is, the more complex a process is usually required.

similarly, every time you make something mroe simple, you have to put More Thinking into the process of making it simple for someone else.

so there are at least two levels of simplicity:

internal simplicity: the stuff under the hood that is working invisiably and automagically

external simplicity: the kind you must be referring to an increase of. yes, optional wizards (even by default) are a good thing when you put a lot of thought into their design.

what drives most distros/foss software projects/and eventually, commericial products like windows into extinction are an imbalance of external and internal simplicity.

for example: dotpup was very simple. dotpet is more complex. this can be okay (and it might be)

dotpet seeks to make things externally more simple. this is not a bad thing. but when the internal mechanisms are not designed in a simple way, they become difficult or impossible (or impractical) to maintain and are abandoned for something "better."

note that i mean someday, puppy itself will be replaced with something better because not enough people could keep puppy simple. but if we take care of him, puppy can last as much as a decade or two (as redhat might, or as dos really actually has.)


while it's good to make things externally simple, if the constant effort to make things simple on the outside makes them more and more complex on the inside, eventually the internal complexity will start to show up as far as the user is concerned: it doesn't work, and now you need complex fix-its and sometimes those don't work.

i'm saying something significant here:

1. too strong/careless a drive to make something simple for the user

-> 2. things become too complex internally to maintain

-> 3. things start to become too complex for the user

making it more simple to use makes it more complex to use. that's the paradox, and the thing that the best devs go to great care (and employ great brilliance) to avoid.

with luck, when things get unbalanced, they get rebalanced. when they don't get rebalanced, they simply stop being used.
sadly, it is not possible to separate politics from free software. free software - politics = unfree software.

jimhap
Posts: 63
Joined: Sat 03 Mar 2007, 16:51
Contact:

#18 Post by jimhap »

Hmmmm..... I can somewhat say I can see your point.....

You may be thinking like Windows XP. If you logged in as a limited user, you would be limited to any installs(very untrue! viruses can still install). However, to stay in that limited way but if needed to install a program, you can login as an admin.

But still....... how would you bubble EVERY single program????? I'm not disagreeing too much, but LOTS of programs use the NET. Of course, for me, I use Firefox with ad blockers and stuff, but still, you have those popups that fly loose.

I'd stick to the multiuser idea. If you just "bubble/limit" everything, hackers can still find a way OUT of the bubble/limitation, and hack your computer.

As a regular user, you would have destruction of your HOME dir, but never anything else.

I definitely agree with you on one thing-about puppy needing a rebuild.
By statistics, Puppy's 28th on the list.(as said by hit counts on distrowatch.com, scroll down and on the right, you'll see the list. if you wonder why am I wrong, 1 i did a check today, and 2 I did the "last 7 days" option) I was suprised to hear that Puppy had lost 372 visitors(hpd based)!!!

What Puppy need's is a groom, a a vet checkup, and a pamper.
What I really mean is that Puppy need to be rebuilt with multiuser, some secure things, and a redesign of puppy's website-a bit user repelling....

jimhap
Posts: 63
Joined: Sat 03 Mar 2007, 16:51
Contact:

#19 Post by jimhap »

(the above post was ment for the "bubble/limitation idea)

Ubuntu is good, but as I heard, it loves the NET and never wants to part with the NET.....

Puppy solved hat. It doesn't need the NET that much.
Even to uninstall it doesn't need to have the internet......

Anyway, back too the multiuser:

Yes, there ARE bots that love this site, and before long the BOTS will tell the hacker about the site, and before long the hacker will know wht puppy is, and if the hacker wanted the hacker could hack people's computers(trying to find IPs).

Thoughtfully, Puppy is kinda simple. But, Puppy just needs that "oomph" to get popular....
When I first started using Puppy(going to puppyos.org) I almost thought that puppy was a discontinued project, just by the look!But then I discovered that Pupppy was alive, and MUCH better than I thought!!!!!

I am right now attempting a redo of the site.
-----------------------------------------------
Comparison of Puppy and Ubuntu:

________________________________________________________
Features......................| Puppy..........................| Ubuntu...................|
Ease of use ........................YES ..............................YES(with NET) |
App Installer.........................YES...............................YES
..........# of apps....................???.................................???

(I will wdit this as I find more differences. If you're a mod, you can edit this to add more hings....)

GuestToo
Puppy Master
Posts: 4083
Joined: Wed 04 May 2005, 18:11

#20 Post by GuestToo »

The directory /tmp must have permissions set to 777
it might be better to set /tmp to 1777 ("so that anybody can write there, but they can't rename or delete other users' files")

setting up Puppy to run as multi-user does not automatically make Puppy safer ... even one tiny error could open a security hole that a proverbial truck could be driven through

paulsiu
Posts: 187
Joined: Wed 17 Jan 2007, 02:58

Puppy's design consideration

#21 Post by paulsiu »

Most Linux distro are multi-users, but Puppy appears to be single users system that assumes you run as root. Is there some reason for this? Did Barry ever explain why it was written this way (for simplicity?)

Paul

User avatar
Dougal
Posts: 2502
Joined: Wed 19 Oct 2005, 13:06
Location: Hell more grotesque than any medieval woodcut

#22 Post by Dougal »

How did Ubuntu get dragged into this thread??

As Nathan mentioned, this thread is not for discussing the merits of multi-user vs. single-user.
Neither is it for philosophizing about whether Puppy should have the option or not.
This is supposed to be a technical discussion about how to do it, be it for implementing into Puppy or so when we're old we can tell our grandchildren that we managed to get Puppy running multiuser.
If anyone wants to talk nonsense, they can go to any of the myriad threads in this forum consisting of that.

Now to busyness: I don't think it should be a problem to modify Puppy to accommodate the multiuser option without affecting the way it currently works.

Puppy can be as it is now, with some upgraded packages (such as mentioned by Nathan) and some slightly modified scripts.
It will run as it does now, but will have a "add user" option and the first time you add a user it will:
- get the root user to select a new password
- create the new user
- change your Puppy "installation" to run in multiuser mode

The last can be done by
1) (clumsy) installing a package
2) (better) modifying various scripts and files (/etc/inittab?) to how we need them in multiuser mode
3) (best) have everything built0in from the start, but just have some flag telling us to run multiuser

I really don't think that, for example, having in rc.local0 something like

Code: Select all

if [ -f /etc/.multiuser ] then
  exec /etc/rc.d/rc.multiuser
fi
will affect the "regular" use of Puppy…
What's the ugliest part of your body?
Some say your nose
Some say your toes
But I think it's your mind

User avatar
Nathan F
Posts: 1764
Joined: Wed 08 Jun 2005, 14:45
Location: Wadsworth, OH (occasionally home)
Contact:

#23 Post by Nathan F »

GuestToo is right on both counts. Setting up a multi-user environment carelessly could very well result in a system that is less secure than what Puppy is by default. That's why it pays to tread carefully. Also, the permissions of /tmp should be as he says.

Dougal brings up a couple good points here too, although I don't think there needs to be an rc.multiuser file. Frankly, most distros can be run just fine as root in which case you will have a very Puppy-like experience. Basically once the environment is set up Puppy can behave normally as people are used to, but by changing the way inittab is set up there are a lot of possible options. Puppy could continue to log root in automatically at boot, or he could present a text mode login prompt, or he could start a login manager. It would not be too hard to create a small wizard which makes the switch easy.

And absolutely, the changes I have been making are unobtrusive to the way users expect Puppy to run.

Folks I'm honestly glad that the thread is attracting attention now, but please read the initial post and try to keep the comments relavent to a technical discussion, rather than a philosofical one.

Nathan
Bring on the locusts ...

amish
Posts: 615
Joined: Sun 24 Sep 2006, 23:15

everything that isn't technical is nonsense - dougal

#24 Post by amish »

you could try running qemu (available as .pup) as spot, but it probably makes more sense to run apps like seamonkey and gaim or xchat as spot without emulation.

...ubuntu i had to reinstall because of the way it forces you to not be root. sudo is a fine OPTION
sorry if there wasn't enough technical info for your taste, dougal, next time if you could please make your request to stay on topic a little more arrogant and pompous, and more insulting to half the people on the forum, that would be nice. i'm all in favor of people working on this, if i knew how i'd help. i did know about running as spot, which someone was interested in doing, and helped him with it.

but since obviously i'm in the way here, i'll go sit on my thumb and let you GROWNUPS talk shop. christ.

nathan: sorry, couldn't help it. but i'll leave the thread anyway.

User avatar
Dougal
Posts: 2502
Joined: Wed 19 Oct 2005, 13:06
Location: Hell more grotesque than any medieval woodcut

#25 Post by Dougal »

Nathan F wrote:although I don't think there needs to be an rc.multiuser file
Hehe, that was just an example to show how little influence having the multiuser option will have on normal users...

My main point was that it should be done in a way changes the way Puppy works only if you've already added users -- so people can go on using Puppy without complaining about "having to log in" or anything.
What's the ugliest part of your body?
Some say your nose
Some say your toes
But I think it's your mind

User avatar
Nathan F
Posts: 1764
Joined: Wed 08 Jun 2005, 14:45
Location: Wadsworth, OH (occasionally home)
Contact:

#26 Post by Nathan F »

No need to leave, Amish, and please don't take offense.

Nathan
Bring on the locusts ...

jimhap
Posts: 63
Joined: Sat 03 Mar 2007, 16:51
Contact:

#27 Post by jimhap »

you fixed Xorg problem, right?

User avatar
Nathan F
Posts: 1764
Joined: Wed 08 Jun 2005, 14:45
Location: Wadsworth, OH (occasionally home)
Contact:

#28 Post by Nathan F »

I have Xorg working just fine for normal users. I'm working on doing the same with Xvesa now.

Nathan
Bring on the locusts ...

User avatar
Dougal
Posts: 2502
Joined: Wed 19 Oct 2005, 13:06
Location: Hell more grotesque than any medieval woodcut

#29 Post by Dougal »

Nathan F wrote:I have Xorg working just fine for normal users.
Do users have an option of changing the screen resolution only for themselves? I'm curious how it is done elsewhere...
What's the ugliest part of your body?
Some say your nose
Some say your toes
But I think it's your mind

User avatar
Gn2
Posts: 943
Joined: Mon 16 Oct 2006, 05:33
Location: virtual - Veni vidi, nihil est adpulerit

#30 Post by Gn2 »

Defintely - the method is dependent on platform used, x-server & desktop Mgr !
There are varied CLI commands to change resolution

In Kde - no CLI needed , it's a snap - as a multi user exercise; EG logged on @ user -hot-keys;

Code: Select all

Ctrl+Alt+F2<to>F6

Logon, startx option (symlink >initiate x) sources .xinitrc (user desktop still runing, 1st GUI = F7

Code: Select all

Startx --:1 (2,3,etc)
=new concurrent GUI > (TTY F8)

*Left click (configurable window behaviour determines mouse *optional behaviour) on MT desktop > (menu) "refresh desktop"
Menu > change resolution - accept -reversible @ any time

Code: Select all

Ctrl+Alt+F7
returns to users desktop
While in text console whichever unused TTY open -

Code: Select all

Alt +F2<>F6
may be accessed

Gui desktops start TTY F7, Systems may be Cfg'd to use any above GUI for monitoring only

Ea. user may have far more concurrent/separate instances of GUI session desktops then ever used. (MEM limitations)

Ea. running session also may have numerous desktops (default 4 - configurable.)

KDEutils may run under varied W/Mgrs, I.E. Ice/Fluxbox
(requires some QT dependencies)
Kdrive (Tinyx) will not have comparable x-libs

There are few more complicated variances as X-servers.
http://www.rahul.net/kenton/xsites.html

BTW biases: ="sudo"(editable @ users risk) is @!!## BAD !
Far better >

Code: Select all

su -l

User avatar
Nathan F
Posts: 1764
Joined: Wed 08 Jun 2005, 14:45
Location: Wadsworth, OH (occasionally home)
Contact:

#31 Post by Nathan F »

The Kdrive server (Xvesa) would be far easier to configure individually for each user because it does not read a global config file. Instead you pass it all arguments on the command line, including resolution. Not that it isn't possible with Xorg, it's just probably not as easy (and I've never investigated how because I haven't ever wanted to).
BTW biases: ="sudo"(editable @ users risk) is @!!## BAD !
Personal opinion I think. Sudo is no less secure than su, but if configured badly it can cause severe problems. Sudo allows the admin to specify which commands can be executed by whom with what permissions, and whether they need supply a password. Key points to remember when setting it up - don't allow users to run a program as root which they can escape to a shell from, ie you can easily open a terminal from most filemanagers. And specify the full path to each command, so users can't create an arbitrary program in their home directory with the same name, but malicious code. By contrast, giving the root password and allowing su means anything can be executed without any safety net.

Nathan
Bring on the locusts ...

User avatar
Gn2
Posts: 943
Joined: Mon 16 Oct 2006, 05:33
Location: virtual - Veni vidi, nihil est adpulerit

#32 Post by Gn2 »

Rationale is well understood - as is better alternatives:

Think group/wheel etal.
Then think Sys admin often owns wheels in danger of falling off

There is a REASON it is optional utility, not S.O.P.
For most "Sys Admins" sudo should have been spelt sloth.

They have yet to learn- playing w/own system does not translate:
Savoire sa lecon into insousciant "Don't put beans in your ears" !

User avatar
richard.a
Posts: 513
Joined: Tue 15 Aug 2006, 08:00
Location: Adelaide, South Australia

#33 Post by richard.a »

As a non-technical power user who has interfaced with other operating systems apart from Microsoft's over a number of years, may I make a few comments, trying to stay within the guidelines Nathan outlined in his first post.

Running as root does not frighten me, indeed I find it extremely frustrating with some operating systems I've tried where they go out of their way to prevent you from using the system in the way that you - the owner of it - wish and choose to do.

My experience shows that providing you are careful with how you use your computer, and what you do with it, it is no more or less likely to get invaded, blown up, or destroyed by running as user or root.

I accept the thoughts that as root you can del /*.*

However, if you run puppy in the way it was designed - an unimaginably fast Live-CD system, that keeps all the files it loads from read only by virtue of the media sitting in a read only CD drive, you can't destroy the OS by using puppy.

If you let a nastie in, so what, in actual fact. It isn't going to change anything except what is in RAM or swap file.

If you maintain your own personal file (read-write on an HDD) with regular backups, then if that does get destroyed, even then, so what?

I always back up my work as I go, and at the end of a session most times. Something when I taught AutoCAD users back in Version 2 days I continually emphasised.

With puppy you can restore a clean system and data in simple steps

1. reboot in pfix=ram mode,

2. copy back your pup_save.2fs (or 3fs) file and

3. then reboot again using the restored pup_save file.
It isn't hard, difficult, or really time-consuming.


Multiple users is another thing altogether. I wouldn't want others to browse through my documents, perhaps changing things, or deleting them.

Actually I developed a series of red-coloured root user wallpapers to suit a range of computer OS's (I won't call them distributions because that upsets Unix users - BSD anyway lol). I have published these explaining how SuSE gives its system owners the opportunity to use default wallpaper that continually reminds them of being "root". You should read some of the comments from some on the forums I've shared this information with!!

It isn't hard to make root logins work in KDE even if they've been prevented. Ubuntu is Gnome, and that's a dog of a different colour. I don't like Ubuntu anyway (not for that reason, lol)

I don't like having to keep entering the root password if I'm doing a task that needs root and I am only allowed to do it sudo. It is counter-productive.

You might be interested in looking at my "root wallpaper" page here but don't come back and flame this thread as you will incur Nathan's wrath as he laid down the ground rules in the first post. Like I did in the PC-BSD forums, but that didn't stop the slashdot types lolol :) :(

You might even like to look at the (currently four) pages of responses to that thread here.

Richard
Downunder
[i]Have you noticed editing is always needed for the inevitable typos that weren't there when you hit the "post" button?[/i]

[img]http://micro-hard.dreamhosters.com/416434.png[/img]

User avatar
Nathan F
Posts: 1764
Joined: Wed 08 Jun 2005, 14:45
Location: Wadsworth, OH (occasionally home)
Contact:

#34 Post by Nathan F »

That's not a bad idea, and you gave me a good reminder. I used to have my system set up something like this, and also had things arranged so root used different gtk themes and such. That way even running just one program as root you can tell it visually. I also have my root shell prompt set up a bit differently (besides the standard $ for users, # for root). On the one machine root's shell prompt is always red, while everyone else gets plain green.

Anyway this is good advice for most situations. I need to institute this in my own projects as well.

Nathan
Bring on the locusts ...

jimhap
Posts: 63
Joined: Sat 03 Mar 2007, 16:51
Contact:

#35 Post by jimhap »

Another reason Puppy REALLY NEEDS multiuser rebuild.......

Lots of software require multi user......
If you don't they say:
Can't run as root
(something like that....)

Now a real life software example.....

Ever heard of the very popular Xscreensaver?
After installing OpenGL(by Mesa3D) I compiled this.
Then installed it.
And typing xscreensaver in the prompt, an error....
sh-3.00# xscreensaver
xscreensaver: couldn't get user info of uid 65534
xscreensaver: 18:18:05: running xscreensaver-gl-helper: Permission denied
xscreensaver: 18:18:05: already running on display :0.0 (window 0x2800037)
from process 32070 (???@puppypc).
sh-3.00#

Now I wasn't a that much of a newbie, so I went to CHMOD the "xscreensaver-gl-helper"
to 777. It was successful in CHMODing, but running it again.....

sh-3.00# chmod 777 /usr/local/bin/xscreensaver-gl-helper
sh-3.00# xscreensaver
xscreensaver: couldn't get user info of uid 65534
xscreensaver: 18:20:38: running xscreensaver-gl-helper: Permission denied
xscreensaver: 18:20:38: already running on display :0.0 (window 0x2800037)
from process 32070 (???@puppypc).
sh-3.00#
And to find a little more details.....(killing the already running process.....)
xscreensaver: couldn't get user info of uid 65534
xscreensaver: 18:21:42: running xscreensaver-gl-helper: Permission denied
xscreensaver: 18:21:42: locking is disabled (running as <unknown>).
xscreensaver: 18:21:42: locking only works when xscreensaver is launched
by a normal, non-privileged user (e.g., not "root".)
See the manual for details.
Now for a surprise.... This wasn't that much of a detail, right? Look at this.....
sh-3.00# xscreensaver-demo
xscreensaver-demo: 18:24:18: we're still running as root! Disaster!
xscreensaver: couldn't get user info of uid 65534
xscreensaver: 18:24:23: running xscreensaver-gl-helper: Permission denied

xscreensaver: 18:24:23: locking is disabled (running as <unknown>).
xscreensaver: 18:24:23: locking only works when xscreensaver is launched
by a normal, non-privileged user (e.g., not "root".)
See the manual for details.

xscreensaver-demo: 18:24:28: we're still running as root! Disaster!
xscreensaver-demo: 18:24:31: we're still running as root! Disaster!


sh-3.00#
So you can see, xscreensaver DOES NOT want you to be root.

And even creating another user doesn't work!

Running is says access denied, and some errors...

And Puppy hates multi users!
sh-3.00# login demo
Password:
-sh: error while loading shared libraries: libreadline.so.5: cannot open shared object file: Permission denied
sh-3.00#

So can anyone please recompile Linux for multiuser????

A couple notes....

I am developing a dotPup for OpenGL's Mesa3d along with prerequisites and the Xscreensaver itself.

The first shots of the terminal are when XScreensaver is already running. The last ones are no running processes of XScreensaver.

Post Reply