Why does Puppy run in root?

Booting, installing, newbie
Post Reply
Message
Author
PaulBx1
Posts: 2312
Joined: Sat 17 Jun 2006, 03:11
Location: Wyoming, USA

#46 Post by PaulBx1 »

OK, I'm the paranoid guy around here - it was my nagging that got Barry to allow encrypted pupsaves, etc.

And yet, I still don't see the need to run as other than root - in a desktop/laptop/workstation!

OK, it makes some sense when you are a system admin and 100 users depend on you not screwing up. Any added layer of "be careful" might save your job.

But I don't know how many explanations I've read about people having to hack into a user name and user password and finally root password to get su or sudo access as being more secure than just a root password - nonsense! If you want security, cook yourself up a good root password. There is no example of username/password//rootpassword so secure that it cannot be trumped by simply adding more security in a root password by itself.

BTW, are passwords really only limited to 8 characters? Mine has more - are the last characters ignored? If we have an 8-character limit, then THAT is the big security hole in Puppy, not the fact that we run as root.

It might make sense for Puppy to require a root password as default though, rather than having root the password completely turned off. Then if people insist on no password for root they can always do that, but the default condition is more secure.

But maybe I'm just being more paranoid than I need to be. It's happened before. :roll:

I have noticed that in reviews of Puppy, the big thing that people rag on is running as root. Oh, well. Can't please everyone...
Top
Bruce B

#47 Post by Bruce B »

PaulBx1 wrote: OK, it makes some sense when you are a system admin and 100 users depend on you not screwing up. Any added layer of "be careful" might save your job.
I suppose the biggest real enterprise players are RedHat, Suse, Fedora and Centos. In terms of the big four, I think that's accurate.

What I know is accurate is; they have traditional root accounts.

Suppose we want to do one thing and one thing only. We want to perform daily backups at 2:00 AM.

Are we actually going to pay a person to type in commands to do this, at that hour?

Can Ubuntu sudo run all by its lonesome and make this daily backup?

If so, where is the extra safety? A computer doing things at root access level and not a human being around to tell it to start, continue or stop?

If it can't do things at high permission levels; meaning start, continue and stop, when no human is around, where is the enterprise value?

BTW: I don't know the answer to the two questions I just posed. I'd be curious enough to know.
Top
User avatar
37fleetwood
Posts: 403
Joined: Fri 10 Aug 2007, 03:25

#48 Post by 37fleetwood »

I have to say I think the encrypted pupsave is really necessary especially if you are using a laptop. with this cool option, if you loose your computer somehow, it is gone but at least you don't have to worry about some weirdo writing crazy e-mails to your mom, or worse if you have an address book stored, calling friends or family, or really worse, showing up at someone's house! I've been meaning to set up a laptop with encryption for my Photography business and the more secure the better. my plan is encrypted pupsave, and truecrypt encrypted volume with all other documents etc. I've even been considering using bcrypt to encrypt the swap though the threat from someone finding or having stolen your laptop actually getting something useful from your swap is slim. running in root doesn't bother me at all.
Scott 8)
[color=darkblue][b]Thanks!
Scott 8) [/b][/color]
[color=darkblue][size=150]I'm a PC... Without Windows[/size][/color]
Top
Post Reply

Return to “Beginners Help ( Start Here)”