Root v multiuser

What features/apps/bugfixes needed in a future Puppy

Root or Multiuser?

Poll ended at Sat 21 Jun 2008, 21:36

Root
8
53%
Multiuser
5
33%
Other (please state)
2
13%
 
Total votes: 15

Message
Author
User avatar
darrelljon
Posts: 551
Joined: Sun 08 Apr 2007, 11:10
Contact:

Root v multiuser

#1 Post by darrelljon »

Root or multiuser or other? How would you like Puppy Linux? Poll to gauge opinion during May 2008.

User avatar
SirDuncan
Posts: 829
Joined: Sat 09 Dec 2006, 20:35
Location: Ohio, USA
Contact:

#2 Post by SirDuncan »

I would like it if Puppy were could be multi-user, but not the type we normally see in other distros.

We cannot have sudo. We can have su, in fact we should, but not sudo as it defeats the minor amount of security multi-user gives you.

Puppy can continue to be a root distro, just make adduser work so that people who want to may have other users. This gives the small benefit to security that so many have been griping about and lets the rest continue the way they always have. It shouldn't create any significant overhead, either.

Of course, I'll be just as happy if we stay root only, but multi-user would be nice.
Be brave that God may help thee, speak the truth even if it leads to death, and safeguard the helpless. - A knight's oath

cthisbear
Posts: 4422
Joined: Sun 29 Jan 2006, 22:07
Location: Sydney Australia

#3 Post by cthisbear »

I like it simple, I like to get to the screen the first time.

::::::::::::::::::::::
All those wanting security....try Ubuntu or Debian...that worked.

http://www.technologyreview.com/Infotec ... ?nlid=1085

Security....dream on.

From the same people that have a Myspace page.

http://www.wired.com/politics/security/ ... 01/myspace

From those who have wireless internet and have never
put in a password in the router.

http://idahofallz.com/2007/03/27/your-u ... weak-link/

:::::::::::::::::::::::::
From those who continually enter contests online
or in shoppng centres...giving away all their details.

And how many government agencies have lost laptops, and USBs
that we know of....let alone the paperwork left by banks,
hospitals in garbage bins.

http://www.smh.com.au/news/national/pri ... 54244.html

""""""""""""""""""'''''
No! Leave Puppy alone.
Those that want more can make their own Puplet.
Vista is irritating customers....so they just turn off UAC.

Chris.

User avatar
Aitch
Posts: 6518
Joined: Wed 04 Apr 2007, 15:57
Location: Chatham, Kent, UK

#4 Post by Aitch »

If puppy is to be changed to multi users, I give my support to the notion of SU only

Also let the multi user be admin approval mode, so that proper control over security can be maintained
A simple guide demonstrating necessary backup procedure is about all I think would be needed,
but ideally Puppy's quickstart procedure should not be interfered with - let multi user be selected after bootup by logout,
rather than make the main bootup go multi user automagically

Aitch

User avatar
SirDuncan
Posts: 829
Joined: Sat 09 Dec 2006, 20:35
Location: Ohio, USA
Contact:

#5 Post by SirDuncan »

What I'm saying is that we leave Puppy with only a root account by default, and leave it so that it automatically logs in. We just make adduser work right, and then let people make more accounts and turn off auto-login if they want multi-user. It makes everyone happy and doesn't add any significant overhead (we already have adduser, it is just broken). We also don't add sudo (we don't have it right now anyway).

The way I see it, this isn't even a compromise, because everyone gets exactly what they want.
Be brave that God may help thee, speak the truth even if it leads to death, and safeguard the helpless. - A knight's oath

User avatar
Pizzasgood
Posts: 6183
Joined: Wed 04 May 2005, 20:28
Location: Knoxville, TN, USA

#6 Post by Pizzasgood »

Actually, to do it "right" we'd need to tweak some things and get people into the habit of writing multi-user friendly code. All the scripts with /root hardcoded into them would need to be changed to use ~/ or $HOME. That isn't as bad since Puppy 2.00 came out and the whole filesystem was writable. We'd also have to start packaging packages to not come with their configuration in /root. Either that, or tweak PETget to put the /root directory of packages into $HOME automatically,

The commands that scripts run would also have to be watched, or they'll only work with root.

I believe there are also some tweaks needed to make X function correctly when it's run as other than root.


So no, I don't think there would be much overhead in getting multi-user working. Just effort. I think it would be worth it, but not high priority.
[size=75]Between depriving a man of one hour from his life and depriving him of his life there exists only a difference of degree. --Muad'Dib[/size]
[img]http://www.browserloadofcoolness.com/sig.png[/img]

User avatar
Lobster
Official Crustacean
Posts: 15522
Joined: Wed 04 May 2005, 06:06
Location: Paradox Realm
Contact:

#7 Post by Lobster »

You can have multiple users, when you save and encrypt or not. Do these different saves have a password protection request if you boot up from an encrypted save?

Another multi user possibility is individual multi sessions.

Puppy is not really a network distro (one OS per machine more like) However Puppy is flexible enough to provide networkable puplets as has and is happening :)
Puppy Raspup 8.2Final 8)
Puppy Links Page http://www.smokey01.com/bruceb/puppy.html :D

User avatar
Flash
Official Dog Handler
Posts: 13071
Joined: Wed 04 May 2005, 16:04
Location: Arizona USA

#8 Post by Flash »

I say keep it simple: Puppy should run as root only. Adding multi-user capability complicates things for both users and developers, as Pizzasgood points out. I still haven't seen a single report of a problem caused because Puppy runs as root, that wouldn't have happened if there were limited-power users instead.

User avatar
bobwrit
Posts: 283
Joined: Mon 12 Mar 2007, 23:33
Contact:

#9 Post by bobwrit »

There are situations in puppy where I'd like to have multi-user but there are also situations where I'd like root only. If it was an option during installation, It might work for me.
I need help with my forum. [b][u]LINK:[/u][/b][url]http://www.programers.co.nr/[/url]
[url]http://www.freewebs.com/programm/iframe.html[/url] is my gateway page...

User avatar
Nathan F
Posts: 1764
Joined: Wed 08 Jun 2005, 14:45
Location: Wadsworth, OH (occasionally home)
Contact:

#10 Post by Nathan F »

Once again there is a lot of misinformation here.

Sudo is in itself no less (or more) secure than su. If anything it is more secure, because to use 'su' you must know the root password and can therefore run ANY program as root. Sudo is weak when it is configured badly, which amounts to user error.

The adduser program in Puppy IS slightly broken, but fixing it does not make it possible to log in to X as another user. There are a lot of other changes required. I have some small amount of experience here.

Creating scripts that function in a multi-user environment is NOT difficult for the user or developer. Only a few habits need changed for the person doing the coding, and they are minor.

Flaming Debian about ONE security hole in how many years? That's a bit crazy I think. It was a bad hole to be sure, and it was left untouched for far too long. But it was ONE hole. I can gaurantee we have more than that in Puppy but not many people are using it for mission critical server installations, and in fact not very many power users at all in comparison with Debian. So our potential security problems may go undiscovered for even longer, sir.

I have stated my piece about this subject at other times and my purpose is not to convince anyone of the merits of running as root or running as nonroot. I would just ask that people stop posting as fact things which are factually inaccurate. Do your homework please.

Nathan
Bring on the locusts ...

User avatar
Nathan F
Posts: 1764
Joined: Wed 08 Jun 2005, 14:45
Location: Wadsworth, OH (occasionally home)
Contact:

#11 Post by Nathan F »

Well I got sick of seeing the uninformed posts about this subject, and even sicker of replying to them. So I wrote the bulk of my thoughts that I thought were important down in a blog page and I'm going to start saying look HERE whenever I see another one of these. In some ways it amounts to a rant but I'm OK with that right now. If you get offended I really don't care. I miss Bladehunter...

Nathan
Bring on the locusts ...

User avatar
Aitch
Posts: 6518
Joined: Wed 04 Apr 2007, 15:57
Location: Chatham, Kent, UK

#12 Post by Aitch »

Congratulations, Nathan on an excellent & informative Blog

Yes, do point to it, as I certainly shall :)

Far from being a rant, I found it to be well balanced and offering sound reasoning & clear explanation
In fact, the only thing differentiating this piece from a professional magazine writer, was the sheer absense of cr*p

Applause, applause :D

I'm glad to hear that the minor differences between yourself & BarryK,
do not make you feel a need to set off independently, and I appreciate your unprovoked honesty on that front

Thank you

Aitch
PS: never came across Bladehunter AFAIK
Though it sounds like a Movie character, but I don't go out much now....

User avatar
Nathan F
Posts: 1764
Joined: Wed 08 Jun 2005, 14:45
Location: Wadsworth, OH (occasionally home)
Contact:

#13 Post by Nathan F »

PS: never came across Bladehunter AFAIK
Though it sounds like a Movie character, but I don't go out much now....
Bladehunter was an extremely knowledgeable, but extremely cantankerous guy who used to liven up the forum back in the 1.0-something days. He finally got really angry one day and just had John M. remove his membership and hasn't been heard from again to the best of my knowledge.

The mention was a bit of an inside joke meaning I realize I probably sound a bit cranky.

Nathan
Bring on the locusts ...

User avatar
cb88
Posts: 1165
Joined: Mon 29 Jan 2007, 03:12
Location: USA
Contact:

#14 Post by cb88 »

hmm seems like i remember BladeHunter but I wasn't into the forum as much back then... and I agree with Sir Duncan puppylinux is a very useful as a root distro but the option to run as a user would be iceing on my cake :-) you know where my vote is...

Yes I do run Debian ... BUT that bug was only a problem if you had an SSH port open or were tunneling over some other port.... I was a serious issue but my install of Debian updated itself before i even knew about it so on that front i am pretty impressed and they certainly didn't try to cover it up

one thing that bothers me is that puppy is compiled from T2 right? well why aren't there more packages from T2 in puppy? like all 3000 of them?
Taking Puppy Linux to the limit of perfection. meanwhile try "puppy pfix=duct_tape" kernel parem eater.
X86: Sager NP6110 3630QM 16GB ram, Tyan Thunder 2 2x 300Mhz
Sun: SS2 , LX , SS5 , SS10 , SS20 ,Ultra 1, Ultra 10 , T2000
Mac: Platinum Plus, SE/30

User avatar
SirDuncan
Posts: 829
Joined: Sat 09 Dec 2006, 20:35
Location: Ohio, USA
Contact:

#15 Post by SirDuncan »

Nathan, that was a superb post. It's good to hear it explained by someone more knowledgeable about the subject. I had not realized that sudo was not broken by default, but I guess that's because the only distro where I really had to use it was Ubuntu. I also didn't realize that Apache forced itself to run as non-root, I just assumed it would run as whatever you told it to.

All in all, it was very informative.
Be brave that God may help thee, speak the truth even if it leads to death, and safeguard the helpless. - A knight's oath

User avatar
klhrevolutionist
Posts: 1121
Joined: Wed 08 Jun 2005, 10:09

#16 Post by klhrevolutionist »

There are plenty of ways to run as user and not know the difference. Obviously there are security holes everywhere somewhere. It is just a matter of whom gets hit first.

But if anybody (puppy,grafpup) decides to go multiuser maybe this will be of interest: http://encurl.com/vb
Heaven is on the way, until then let's get the truth out!

User avatar
8Geee
Posts: 2181
Joined: Mon 12 May 2008, 11:29
Location: N.E. USA

#17 Post by 8Geee »

Nathan F:

As a former longtime Windows User I could not have said it any better, or clearer. The example of ActiveX is perfect. Your response is exemplary.

cohinor
Posts: 2
Joined: Tue 24 Jun 2008, 20:26

root vs multiuser...

#18 Post by cohinor »

Hello everybody.
Thought i have nothing against puppy mono-user orientation, there is a mystery I cant explain:
I cant login as user spot or as any user i created.

i "sanity checked" the libs:
f_tst(){
local TEST="$1"
ldd ${TEST} | gawk -F '>' '{ print $2; }' | grep / | cut -d ' ' -f '2'
}

P_tst(){
local ARG="$1"
for i in "$( f_tst ${ARG} )";
do [[ -e "$i" ]] || echo "$i is missing";
done
}

P_tst "/bin/tinylogin"
=> /lib/libc.so.6 is missing
(it's not, just a symlink pointing to the real file, so no pb
with the libs)

now here's what strange:
fn(){
find / -wholename '/initrd' -prune -o -wholename '/proc' -prune -o -type d -exec chmod 777 {} \;
find / -wholename '/initrd' -prune -o -wholename '/proc' -prune -o -type f -exec chmod 777 {} \;
find / -wholename /initrd -prune -o -name tinylogin -exec chmod u+s {} \;
su spot;
echo $?
}

fn;
=>1
!!!!!!!!!!!!

i dtraced login, and then su to avoid the vhangup, but found nothing more than "/bin/sh : EACCES". this isnt a problem of shell: I get the same thing with bash.

i looked at tinylogin sourcecode, but found nothing that can explain in detail which operation in the (execv "/bin/bash") call is not allowed, nothing more than strace or ltrace. Any idea? I repeat, i dont really need it, it's just for the fun of finding the reason why...

User avatar
cb88
Posts: 1165
Joined: Mon 29 Jan 2007, 03:12
Location: USA
Contact:

#19 Post by cb88 »

@cohinor i don't really know what that means but it would be nice to find out... im not really sure what you are doing...

what is the $?
Taking Puppy Linux to the limit of perfection. meanwhile try "puppy pfix=duct_tape" kernel parem eater.
X86: Sager NP6110 3630QM 16GB ram, Tyan Thunder 2 2x 300Mhz
Sun: SS2 , LX , SS5 , SS10 , SS20 ,Ultra 1, Ultra 10 , T2000
Mac: Platinum Plus, SE/30

User avatar
Pizzasgood
Posts: 6183
Joined: Wed 04 May 2005, 20:28
Location: Knoxville, TN, USA

#20 Post by Pizzasgood »

A $? is a special variable that holds the return status of the last run program. It will generally hold '0' after a successful command.
[size=75]Between depriving a man of one hour from his life and depriving him of his life there exists only a difference of degree. --Muad'Dib[/size]
[img]http://www.browserloadofcoolness.com/sig.png[/img]

Post Reply