Why does Puppy run in root?

[Bruce B]

{cut}

With any of the distros, if *you* load it you can make yourself root, you do have the password, you are the one who sets it. *You* get to use your system as you see fit if you are able to configure it thus. However, you may not want *someone else* who uses your computer to be able to type in a command incorrectly and destroy *your* system.

{cut}

Nipper,

I thought I wrote something about man over machine, if not, I just said it.

I have a PC, to me, that means Personal Computer. It is my computer.

Under what circumstances is someone using my computer? None, if they know what is good for them, and the last of the problems has to do with them running a command, if they didn't first get the Commander's permission, which they didn't.

We would be dealing with an serious violation of respect and property rights. (mine)

Not much more to say about my computer.

[nipper]

I share.

[Flash]

I'd just like to take this opportunity to point out (once again ) that the whole issue of how to share a computer yet keep your stuff private is solved if each user of a computer runs Puppy from his or her own multisession DVD. Users can even use a common hard disk drive to share files and stuff, without risking anything saved on their personal DVD.

[paulh]

I like running as root in a full install (Puppy 4.00) on a single user box. I'm all for man over machine. So when surfing the net, I'd just as soon put limits on other machines touching mine and doing something I don't want. That's when I don't want to be root. See spot/README.TXT in puppy's home folder in the full installation for an easy way to not be root.

Is it paranoia when they really are out to get you?

[bill]

Hi All,To clarify my lack my understanding in all the "Worries" of "Security" unless I was involved in "National Security" or some such,I really don't have much worry in all of this with LiveCDs because they are so handy to simply kill the temp files,I think it is .sfs ? and simply reload the LiveCD Puppy 4.0 ,and reenter whatever info I need and I am back in business.(I know this because I have shot myself in the foot several times already) You certainly can't say this with any other.
Brand X software.So unless someone cares to explain what "Evil doers" could visit on me that I haven't thought of,I will continue to follow the wise old saying of the "Aussies" No Worries ,Mate !The only thing I do wonder about is "What are people doing ? to have so much fun and need to keep others from finding out about it ?" cheers,bill

Oh .and before someone might decide to give me a online lessons on what they can accomplish,I absolutely refuse to do "Online Banking" or "CC transactions" over the internet so your not liable to find any good info .

[erikson]

I'd just like to take this opportunity to point out (once again ) that the whole issue of how to share a computer yet keep your stuff private is solved if each user of a computer runs Puppy from his or her own multisession DVD. Users can even use a common hard disk drive to share files and stuff, without risking anything saved on their personal DVD.

Excellent point.

Same applies to USB pendrive configs, that may contain Puppy OS + all "private" (not-for-sharing) personal data.

[alcy]

Using sudo is irritating, given the frequency of its usage and the number of tweaks you need to do, inevitable tweaks. I really got tired of sudo chmod every time I had to do something as simple as copy-paste or edit. And after a while you get so used to it, that you are as good as root, and the original "saving the system from being destroyed by the user" purpose gets defeated. Be a little responsible root, and enjoy.

[Bruce B]

The distro is Knoppix VL (virtual machine)

Default login user is knoppix (whoami)

su to root ( a sudo alias )

plenty of crashes, appears because starting GUI as root, but i've not yet debugged it.

Where to build the VM images? Under /home/knoppix?

A serious VMer will have gigabytes of vm imagines, but may strongly prefer all these images not belong in the knoppix user directory.

My initial (but not yet tested) thought would be to take a big partition and let user knoppix be the owner of all the directories of that partition. not to mention permissions. override the default of mounting partitions read only also. Yes, this Knoppix mounts readonly, dare it trust you with write operations, whitout you over-riddeing the default to read / write

I think it's great to have a distro pre-built for the VM user with the major VMs preconfigured.

It would be easier for me to allow root to be root without limiting him.

Limiting root doesn't make things easier, I think it requires more Linux know-how to get around the limitations. At a certain level of know-how, accunt root is not likely to present a danger to the computer.

---------------------

Not to mention very realistic work arounds for paranoid and controlling developers. Who appareently mistakenly think their audience may be stupid Windows converts. If they are Windows converts, I supsect they are not stupid or ignorant, at least they weren't as stupid as Microsoft needed them to be.

Summary: Knoppix seems to represent more work, not less. My virtual machines will not be for the hostile Internet, but if they were, I'd have enough sense to not run them as root, regardless of the sofware package hosting the VMS.

[alienjeff]

NOMINATION FOR
TYPO OF THE YEAR

At a certain level of know-how, accunt root is not likely to present a danger to the computer.

I couldn't agree with you more, Bruce!

[Caneri]

arse roots are tricky though...lol

Good one aj

Eric

[geneven]

Sometimes I want to protect myself from myself! Running as non-root means that if I go doing something slightly more important, I am reminded by denial of permissions that it is more important.

Typing sudo doesn't irritate me that much.

I'm reminded of the cartoon that seems to be destined to the same fame as the one with one dog to another, as they look at a computer, "on the Internet, no one knows you are a dog."

The more recent classic is this conversation:

"Make me a sandwich!"

"No way, get it yourself!"

"Sudo make me a sandwich."

"Oh, ok!"

So, I don't mind running as root or not.

[Bruce B]

It is not just permissions.

Application, even X crashes are a serious factor.

Sudo for this, user for that. Learn when sudo and when user, learn what sudo can do -- remember in these restricted systems sudo cannot do everything user can do and visa-versa.

Don't believe me. Try it. Crash and learn. Maybe the distro geniuses do not want to allow you to run X apps as root, maybe they'd prefer CRASH over giving you an advisory.

From my perspective some of this discussion is not root vs. user. It has to do also with crippling root.

Unix to my knowledge has no history of doing such things. Linux doesn't either. It has to do with Linux newbie developers on the block.

Do we want to attract Windows users? Are they stupid? Are we trying to appeal to skilled Linux users? Ignorant ones?

Let's all get together and make a truly user proof Linux. He can't remove or install anything, he can't make changes. He can only run the programs WE DECIDE he can run, no more or no less.

We can make Linux like Vista - genuine advantages, user access controls, layers of DMA, secrets and more secrets.

In the meantime, the more honest feedback these newbies on the block have to deal with, the better IMO.

Guess what folks? Although I have no experience in Operating System designs - I can improve UNIX!!!

No joke! I'll simply cripple administrator functionality. I will explain this madness in one paragraph on the Internet. Then all who follow can have crippled administrator functionality - I am so, so wise and smart.

I protect people from themselves. My next plan is to have you play solitaire with real cards that have no sharp edges so you won't get a paper cut on your finger.

[Flash]

And how about a book called "How to Cheat at Solitaire, for Dummies."

[Bruce B]

And how about a book called "How to Cheat at Solitaire, for Dummies." :lol:

Of course I wouldn't want anything that would damage the cards. Maybe I could start the book off with instructions how how to protect your ninety-nine cent deck of cards from inadvertent damage, which may be more money than you paid for Linux.

[37fleetwood]

OK, don't ask me how I found myself reading this thread, I was looking for something completely else, but while I'm here I thought I'd say something completely un-useful. well maybe not completely.

first I would like to tell new Linux users that I first downloaded Puppy about two years ago and knew next to nothing about Linux. I booted and played without even seting up the firewall. never used anti-virus software, went all over the web. never once did I have any renegade software, no malicious websites, no accidental mishaps in the terminal (never even used it ) and now I'm finding that I was supposed to be afraid all this time! (I have a suspicion which I'll expound later) I've used the live cd, and when I figured it out, I made multisession cd's I tried bunches of Puplets (different types of Puppy) installed lots of software packages I saved sessions to my hard drive, I've even installed Puppy and used it as my main operating system for several months. don't get me wrong, I've messed it up myself a few times, but I've never lost my personal data. (serious advice, keep personal data (music, photos, video, documents, etc. etc.) on a separate partition if not hard drive no matter which operating system you use). someone mentioned that if there were a real problem, there would be more testimonials. go to the Ubuntu forums and see just how many posts there are from people saying "Die, Die!!!, and they'll never be back. search here for "Die, Die!!!" and you aren't likely to find much (though this post might show up )

second, I have a suspicion, who is it that is making all the fuss? are they really concerned, or is there a more sinister agenda here? I mean really, where is it coming from? who doesn't want this distro to keep growing? I don't know but I suspect that this is what it really is. maybe the same couple of guys posting all over the place, exposing what they think they can convince people is a weakness. doesn't really matter if it is a weakness, it surely has turned at least some people off of Puppy.

let me know what you think

and for new people thinking of trying Puppy go for it, and don't worry I'm still using it not really knowing anything about security.
Scott

[PaulBx1]

OK, I'm the paranoid guy around here - it was my nagging that got Barry to allow encrypted pupsaves, etc.

And yet, I still don't see the need to run as other than root - in a desktop/laptop/workstation!

OK, it makes some sense when you are a system admin and 100 users depend on you not screwing up. Any added layer of "be careful" might save your job.

But I don't know how many explanations I've read about people having to hack into a user name and user password and finally root password to get su or sudo access as being more secure than just a root password - nonsense! If you want security, cook yourself up a good root password. There is no example of username/password//rootpassword so secure that it cannot be trumped by simply adding more security in a root password by itself.

BTW, are passwords really only limited to 8 characters? Mine has more - are the last characters ignored? If we have an 8-character limit, then THAT is the big security hole in Puppy, not the fact that we run as root.

It might make sense for Puppy to require a root password as default though, rather than having root the password completely turned off. Then if people insist on no password for root they can always do that, but the default condition is more secure.

But maybe I'm just being more paranoid than I need to be. It's happened before.

I have noticed that in reviews of Puppy, the big thing that people rag on is running as root. Oh, well. Can't please everyone...

[Bruce B]

OK, it makes some sense when you are a system admin and 100 users depend on you not screwing up. Any added layer of "be careful" might save your job.

I suppose the biggest real enterprise players are RedHat, Suse, Fedora and Centos. In terms of the big four, I think that's accurate.

What I know is accurate is; they have traditional root accounts.

Suppose we want to do one thing and one thing only. We want to perform daily backups at 2:00 AM.

Are we actually going to pay a person to type in commands to do this, at that hour?

Can Ubuntu sudo run all by its lonesome and make this daily backup?

If so, where is the extra safety? A computer doing things at root access level and not a human being around to tell it to start, continue or stop?

If it can't do things at high permission levels; meaning start, continue and stop, when no human is around, where is the enterprise value?

BTW: I don't know the answer to the two questions I just posed. I'd be curious enough to know.

[37fleetwood]

I have to say I think the encrypted pupsave is really necessary especially if you are using a laptop. with this cool option, if you loose your computer somehow, it is gone but at least you don't have to worry about some weirdo writing crazy e-mails to your mom, or worse if you have an address book stored, calling friends or family, or really worse, showing up at someone's house! I've been meaning to set up a laptop with encryption for my Photography business and the more secure the better. my plan is encrypted pupsave, and truecrypt encrypted volume with all other documents etc. I've even been considering using bcrypt to encrypt the swap though the threat from someone finding or having stolen your laptop actually getting something useful from your swap is slim. running in root doesn't bother me at all.
Scott