Root v multiuser
- klhrevolutionist
- Posts: 1121
- Joined: Wed 08 Jun 2005, 10:09
There are plenty of ways to run as user and not know the difference. Obviously there are security holes everywhere somewhere. It is just a matter of whom gets hit first.
But if anybody (puppy,grafpup) decides to go multiuser maybe this will be of interest: http://encurl.com/vb
But if anybody (puppy,grafpup) decides to go multiuser maybe this will be of interest: http://encurl.com/vb
Heaven is on the way, until then let's get the truth out!
root vs multiuser...
Hello everybody.
Thought i have nothing against puppy mono-user orientation, there is a mystery I cant explain:
I cant login as user spot or as any user i created.
i "sanity checked" the libs:
f_tst(){
local TEST="$1"
ldd ${TEST} | gawk -F '>' '{ print $2; }' | grep / | cut -d ' ' -f '2'
}
P_tst(){
local ARG="$1"
for i in "$( f_tst ${ARG} )";
do [[ -e "$i" ]] || echo "$i is missing";
done
}
P_tst "/bin/tinylogin"
=> /lib/libc.so.6 is missing
(it's not, just a symlink pointing to the real file, so no pb
with the libs)
now here's what strange:
fn(){
find / -wholename '/initrd' -prune -o -wholename '/proc' -prune -o -type d -exec chmod 777 {} \;
find / -wholename '/initrd' -prune -o -wholename '/proc' -prune -o -type f -exec chmod 777 {} \;
find / -wholename /initrd -prune -o -name tinylogin -exec chmod u+s {} \;
su spot;
echo $?
}
fn;
=>1
!!!!!!!!!!!!
i dtraced login, and then su to avoid the vhangup, but found nothing more than "/bin/sh : EACCES". this isnt a problem of shell: I get the same thing with bash.
i looked at tinylogin sourcecode, but found nothing that can explain in detail which operation in the (execv "/bin/bash") call is not allowed, nothing more than strace or ltrace. Any idea? I repeat, i dont really need it, it's just for the fun of finding the reason why...
Thought i have nothing against puppy mono-user orientation, there is a mystery I cant explain:
I cant login as user spot or as any user i created.
i "sanity checked" the libs:
f_tst(){
local TEST="$1"
ldd ${TEST} | gawk -F '>' '{ print $2; }' | grep / | cut -d ' ' -f '2'
}
P_tst(){
local ARG="$1"
for i in "$( f_tst ${ARG} )";
do [[ -e "$i" ]] || echo "$i is missing";
done
}
P_tst "/bin/tinylogin"
=> /lib/libc.so.6 is missing
(it's not, just a symlink pointing to the real file, so no pb
with the libs)
now here's what strange:
fn(){
find / -wholename '/initrd' -prune -o -wholename '/proc' -prune -o -type d -exec chmod 777 {} \;
find / -wholename '/initrd' -prune -o -wholename '/proc' -prune -o -type f -exec chmod 777 {} \;
find / -wholename /initrd -prune -o -name tinylogin -exec chmod u+s {} \;
su spot;
echo $?
}
fn;
=>1
!!!!!!!!!!!!
i dtraced login, and then su to avoid the vhangup, but found nothing more than "/bin/sh : EACCES". this isnt a problem of shell: I get the same thing with bash.
i looked at tinylogin sourcecode, but found nothing that can explain in detail which operation in the (execv "/bin/bash") call is not allowed, nothing more than strace or ltrace. Any idea? I repeat, i dont really need it, it's just for the fun of finding the reason why...
@cohinor i don't really know what that means but it would be nice to find out... im not really sure what you are doing...
what is the $?
what is the $?
Taking Puppy Linux to the limit of perfection. meanwhile try "puppy pfix=duct_tape" kernel parem eater.
X86: Sager NP6110 3630QM 16GB ram, Tyan Thunder 2 2x 300Mhz
Sun: SS2 , LX , SS5 , SS10 , SS20 ,Ultra 1, Ultra 10 , T2000
Mac: Platinum Plus, SE/30
X86: Sager NP6110 3630QM 16GB ram, Tyan Thunder 2 2x 300Mhz
Sun: SS2 , LX , SS5 , SS10 , SS20 ,Ultra 1, Ultra 10 , T2000
Mac: Platinum Plus, SE/30
- Pizzasgood
- Posts: 6183
- Joined: Wed 04 May 2005, 20:28
- Location: Knoxville, TN, USA
A $? is a special variable that holds the return status of the last run program. It will generally hold '0' after a successful command.
[size=75]Between depriving a man of one hour from his life and depriving him of his life there exists only a difference of degree. --Muad'Dib[/size]
[img]http://www.browserloadofcoolness.com/sig.png[/img]
[img]http://www.browserloadofcoolness.com/sig.png[/img]
Root vmultiuser
I think this poll is closed but as stated Options are good! Thats what draws most of us to Linux in the first place. I realize that its old school now but in my early SCO days we were always discouraged from using a root login except for the highest level admin. functions. My Puppy is running on a home network and at times I worry about some users having root privileges, so my vote would have been in favor of multiuser option. I would like the root option for single stand alone systems.
Nathan, Great job on the blog. In fact if you don't mind I would like to paraphrase you with a couple of NT clients allowing anyone to install anything. Thanks, CDD
Nathan, Great job on the blog. In fact if you don't mind I would like to paraphrase you with a couple of NT clients allowing anyone to install anything. Thanks, CDD
@pizzasgood thanks i gotcha
anyway i still don't get why some people just don't want multi user.... like on my slackware box that i am trying to build T2/puppy on i can set that up to autologin to root just like puppy does.... of course its not automatic in slackware but it would be the default of course in puppy
anyway i still don't get why some people just don't want multi user.... like on my slackware box that i am trying to build T2/puppy on i can set that up to autologin to root just like puppy does.... of course its not automatic in slackware but it would be the default of course in puppy
Taking Puppy Linux to the limit of perfection. meanwhile try "puppy pfix=duct_tape" kernel parem eater.
X86: Sager NP6110 3630QM 16GB ram, Tyan Thunder 2 2x 300Mhz
Sun: SS2 , LX , SS5 , SS10 , SS20 ,Ultra 1, Ultra 10 , T2000
Mac: Platinum Plus, SE/30
X86: Sager NP6110 3630QM 16GB ram, Tyan Thunder 2 2x 300Mhz
Sun: SS2 , LX , SS5 , SS10 , SS20 ,Ultra 1, Ultra 10 , T2000
Mac: Platinum Plus, SE/30
- Pizzasgood
- Posts: 6183
- Joined: Wed 04 May 2005, 20:28
- Location: Knoxville, TN, USA
My guess is the slight impact it would have on creating packages and the opportunity cost of doing all the work - there are other things more important that could be done instead.
Of course, what's important is relative.
Or maybe they just don't realize that, like you said, we wouldn't actually be giving up the auto-login-straight-to-root deal that we have now. Just making it so that we can disable that and log in as a user (or even set it to auto-log-in as a user).
Of course, what's important is relative.
Or maybe they just don't realize that, like you said, we wouldn't actually be giving up the auto-login-straight-to-root deal that we have now. Just making it so that we can disable that and log in as a user (or even set it to auto-log-in as a user).
[size=75]Between depriving a man of one hour from his life and depriving him of his life there exists only a difference of degree. --Muad'Dib[/size]
[img]http://www.browserloadofcoolness.com/sig.png[/img]
[img]http://www.browserloadofcoolness.com/sig.png[/img]
my guess is the latter... as far as i know it just doesn't affect that many packages (X of course can't think of the others off the top of my head) since most programs (excluding stuff written just for puppy) are design to run as a user because that is the norm
Taking Puppy Linux to the limit of perfection. meanwhile try "puppy pfix=duct_tape" kernel parem eater.
X86: Sager NP6110 3630QM 16GB ram, Tyan Thunder 2 2x 300Mhz
Sun: SS2 , LX , SS5 , SS10 , SS20 ,Ultra 1, Ultra 10 , T2000
Mac: Platinum Plus, SE/30
X86: Sager NP6110 3630QM 16GB ram, Tyan Thunder 2 2x 300Mhz
Sun: SS2 , LX , SS5 , SS10 , SS20 ,Ultra 1, Ultra 10 , T2000
Mac: Platinum Plus, SE/30
I have been able to add users with adduser in version 4.1 Puppy. I did have to
create /home manually. Also Had to move the following from /etc to /tmp/etc
during the "remaster process: inittab, passwd and shadow.
The inittab file was changed to get a login prompt (got this from another poet).
This did allow me to login as the new user, however there was no home directory!
In my opinion if there was a way to selectively include the /home directory (and
all of it's subdirectories), each user could remaster their CDs to be root only or
multi user.
create /home manually. Also Had to move the following from /etc to /tmp/etc
during the "remaster process: inittab, passwd and shadow.
The inittab file was changed to get a login prompt (got this from another poet).
This did allow me to login as the new user, however there was no home directory!
In my opinion if there was a way to selectively include the /home directory (and
all of it's subdirectories), each user could remaster their CDs to be root only or
multi user.
Of the hordes of Puppy Linux users and visitors to the forum, only 15 people have voted on the related poll ... since May 2008.
What more does it take to put this root/user holy war to rest?
Just curious ...
What more does it take to put this root/user holy war to rest?
Just curious ...
[size=84][i]hangout:[/i] ##b0rked on irc.freenode.net
[i]diversion:[/i] [url]http://alienjeff.net[/url] - visit The Fringe
[i]quote:[/i] "The foundation of authority is based upon the consent of the people." - Thomas Hooker[/size]
[i]diversion:[/i] [url]http://alienjeff.net[/url] - visit The Fringe
[i]quote:[/i] "The foundation of authority is based upon the consent of the people." - Thomas Hooker[/size]
- technosaurus
- Posts: 4853
- Joined: Mon 19 May 2008, 01:24
- Location: Blue Springs, MO
- Contact:
- ttuuxxx
- Posts: 11171
- Joined: Sat 05 May 2007, 10:00
- Location: Ontario Canada,Sydney Australia
- Contact:
well lets put it this way, I enjoy being root all the time, Because of what I do for puppy, Buttttttttttttttttttttttttttttttttttttttttttttttttttttt We do get a heck of a lot of post from new users that want multi-users accounts. Its almost like we have 2 versions of puppy, One for developers with devx included, and one for regular linux users who want to have a security blanket. Or has kids and wants to keep their pc's safe from them.alienjeff wrote:Of the hordes of Puppy Linux users and visitors to the forum, only 15 people have voted on the related poll ... since May 2008.
What more does it take to put this root/user holy war to rest?
Just curious ...
ttuuxxx
-
http://audio.online-convert.com/ <-- excellent site
http://samples.mplayerhq.hu/A-codecs/ <-- Codec Test Files
http://html5games.com/ <-- excellent HTML5 games :)
http://samples.mplayerhq.hu/A-codecs/ <-- Codec Test Files
http://html5games.com/ <-- excellent HTML5 games :)
BINGO! You win!ttuuxxx wrote: well lets put it this way, I enjoy being root all the time, Because of what I do for puppy, Buttttttttttttttttttttttttttttttttttttttttttttttttttttt We do get a heck of a lot of post from new users that want multi-users accounts. Its almost like we have 2 versions of puppy, One for developers with devx included, and one for regular linux users who want to have a security blanket. Or has kids and wants to keep their pc's safe from them.
ttuuxxx
-
Our 11 & 12 year olds are responsible & don't mess with system settings, however our precocious and impatient 6yr old is forever trashing the Win2000pro desktop he uses. Some of his learning games require Admin and thus the gates are open - and he uses them - sigh.
I'm planning to set up a shared Puppy 4.xx computer with games - I need to protect Root from the 6yr old and keep him from raiding his brother and sister's game settings (mostly unintentionally but increasingly intentionally) as he has done on other game toys and computers in the past.
So yes, it makes very good sense to allow for User Accounts on shared computers where children are involved.
[b]Thanks! David[/b]
[i]Home page: [/i][url]http://nevils-station.com[/url]
[i]Don't google[/i] [b]Search![/b] [url]http://duckduckgo.com[/url]
TahrPup64 & Lighthouse64-b602 & JL64-603
[i]Home page: [/i][url]http://nevils-station.com[/url]
[i]Don't google[/i] [b]Search![/b] [url]http://duckduckgo.com[/url]
TahrPup64 & Lighthouse64-b602 & JL64-603
Hi edoc
A method I use with kids windoze PCs is to install ERUNT direct to C:\ & have a boot floppy available - restores most kids 'messes' by restoring the registry from before the 'oops'
http://www.larshederer.homepage.t-onlin ... /erunt.txt
http://www.larshederer.homepage.t-online.de/erunt/
for puppy copy save file.....
Aitch
A method I use with kids windoze PCs is to install ERUNT direct to C:\ & have a boot floppy available - restores most kids 'messes' by restoring the registry from before the 'oops'
http://www.larshederer.homepage.t-onlin ... /erunt.txt
http://www.larshederer.homepage.t-online.de/erunt/
for puppy copy save file.....
Aitch
Root and multiuser
I had an idea for this kind of problem.
Already puppy has a system to choose between multiple user saves, with different names. What I was thinking is that there could be a new utility to kill X and then do to that system again. Rather that having usernames and passwords, you would have different encrypted saves, and different encryption keys.
Another idea to take this further is to split the save files into 'personal' and 'core' files, with the user's personal app settings and files encrypted, while core files would not be encrypted. This means that multiple people could get access to the same apps installed (but have different settings, if they are configured right).
Then, make a dialogue to easily add another user/save file.
Already puppy has a system to choose between multiple user saves, with different names. What I was thinking is that there could be a new utility to kill X and then do to that system again. Rather that having usernames and passwords, you would have different encrypted saves, and different encryption keys.
Another idea to take this further is to split the save files into 'personal' and 'core' files, with the user's personal app settings and files encrypted, while core files would not be encrypted. This means that multiple people could get access to the same apps installed (but have different settings, if they are configured right).
Then, make a dialogue to easily add another user/save file.
A very belated vote:
Multiuser.
To begin with, Puppy is already multiuser in some curious way. I am talking about 'Spot.' It is a second user of some sort although it is not clear to me at all what purpose is served by its inclusion in Puppy.
Furthermore making Spot a true limited user in the manner of other Linux distros would not deter the 'root only' aficionados from doing just this, i.e., logging in as root and automatically so if they wish. On the other hand, insisting on 'root only' and keeping Spot in its present state, i.e., a caricature of a limited user, does seem to enforce a 'do as I say and not as you would like to' regime on the rest of us.
Last but not least, I would like to take issue with an earlier post stating that because only a few members voted in this poll, the multiuser issue should be put to rest. Why so? Obviously the last majority does not care whether this issue is decided one way or another. Is abstention to be claimed as a vote for the 'root only' proposition? If so, why?
Multiuser.
To begin with, Puppy is already multiuser in some curious way. I am talking about 'Spot.' It is a second user of some sort although it is not clear to me at all what purpose is served by its inclusion in Puppy.
Furthermore making Spot a true limited user in the manner of other Linux distros would not deter the 'root only' aficionados from doing just this, i.e., logging in as root and automatically so if they wish. On the other hand, insisting on 'root only' and keeping Spot in its present state, i.e., a caricature of a limited user, does seem to enforce a 'do as I say and not as you would like to' regime on the rest of us.
Last but not least, I would like to take issue with an earlier post stating that because only a few members voted in this poll, the multiuser issue should be put to rest. Why so? Obviously the last majority does not care whether this issue is decided one way or another. Is abstention to be claimed as a vote for the 'root only' proposition? If so, why?
Since there is no push-mail feature activated on the Forum users are only aware of a new poll or thread if they stumble across it. There is no basis whatsoever to declare that more than a tiny fragment of the Puppy user base ever knew that the poll/thread existed - therefore there was not meaningful measurement of their opinion taken.
I believe that there are now multiple PET's and Puplets which address the multiuser need, so it appears to be moot, as is generally the case in the Open Source world users created what they neeeded.
I believe that there are now multiple PET's and Puplets which address the multiuser need, so it appears to be moot, as is generally the case in the Open Source world users created what they neeeded.
[b]Thanks! David[/b]
[i]Home page: [/i][url]http://nevils-station.com[/url]
[i]Don't google[/i] [b]Search![/b] [url]http://duckduckgo.com[/url]
TahrPup64 & Lighthouse64-b602 & JL64-603
[i]Home page: [/i][url]http://nevils-station.com[/url]
[i]Don't google[/i] [b]Search![/b] [url]http://duckduckgo.com[/url]
TahrPup64 & Lighthouse64-b602 & JL64-603