Multiuser Puppy 4.2.1

[richard.a]

Pizzasgood You have done a great job here. Thanks mate.

I saw earlier that you weren't going to do this for other puppies; wondering, though, if you would be able to do an add-on (pupget or something) that contains the extras needed to do this? Like Warren did with the EZ-pup updater he built.

Have tried the first version and got similar problems to your correspondents sent in, so felt shouldn't merely repeat others comments. However have downloaded R1 ISO so hope to look in another day or so.

It looks nice on the AspireOne - as nice as on a 19inch monitor

Thanks again

Richard
where the crows fly backwards to keep the dust out of their eyes

[Pizzasgood]

The problem with just making an addon is that the system scripts are where the most complicated modifications are. At the same time, those are the files most likely to change between versions. A .pet could theoretically do it by applying patches to modify those files rather than replace them. But as soon as a line of a script that was modified in a patch gets changed in a version of Puppy, the patch would no longer work and I'd get a bunch of people begging for an updated version of the patch.

If you look at the how-to thread I linked to in the first post, I did provide packages of the additional software I packaged or wrote, along with archives of many of the files that I modified. But I decided not to bother trying to automate the procedure. Besides the issue I mentioned, where you know that it failed, doing things automatically could lead to situations where a change between versions introduced some code that the addon doesn't catch. In that circumstance it would look like it worked. Maybe it would even boot and run properly. But there could be a subtle bug somewhere that would only come up in rare situations and be hard to diagnose. And it would be very bad if the user's motivation in using it was security related, because he could have all kinds of holes without knowing it. So that would make releasing such a thing almost feel negligent on my part.


And anyway, that would take even more time and energy, which I would much rather apply to other projects now that I've accomplished my goal here.

[richard.a]

Fair enuff mate.

I totally understand

Take care.


Richard
where we went from winter to summer within 24hrs... the cats were indoors yesterday for the indoors warmth; today they are indoors because of the heat outside

[stevoomba]

It's always puzzled me why Puppy's never had the multi-user option. I'm quite happy to be root, but I don't see why there shouldn't be the option to go multi even in the official releases.

Thanks for the work PG.
Steve

[richard.a]

It's always puzzled me why Puppy's never had the multi-user option.

From what I've read, the original intention of the distribution was to have the fastest possible loading time, while running as a live distribution - in effect a diskless machine.

The less code that has to be loaded at boot-up, the faster it will run. And apart from the possibility of deleting the whole file system tree by a root user, there could be no security problems. That tree being located in memory, copied from the CD, it would be restored immediately on reboot.

The rest of this post may be slightly off-topic but is provided to explain the antagonism that exists over root user.

Having spent several years assisting with the development of another so-called "root only" system - which actually was a misnomer because it did provide multi-user facilities - it's interesting to note that its very wide user base never had one reported - or even one anecdotal - incident of invasive access by the actions of a cracker (NOT hacker).

Regardless of that, there will always be a vocal minority who will be determined to force their views on those who actually have "been there, done that" as it is called.

FYI I was assisting with the testing and release of several BSD-Unix versions over a couple of years or so at one time, and I got into really hot water through suggesting on their forum that a range of nicely coloured red wallpapers (backgrounds) for those who chose to use a GUI login as root, along with instructions on how to convert root GUI prohibition to root GUI enabling, and vice-versa, in Gnome and KDE was available on my website for those who wanted to exercise their own personal choice... for example ubuntu which by default does not allow root logins, vs Sun Java Desktop Linux which does (both of these are Gnome-based).

http://micro-hard.dreamhosters.com/root_wallpaper
http://micro-hard.dreamhosters.com/root_GUI_login

There was such an uproar by the vocal minority that I shifted my interest elsewhere.

[WarMocK]

FYI I was assisting with the testing and release of several BSD-Unix versions over a couple of years or so at one time, and I got into really hot water through suggesting on their forum that a range of nicely coloured red wallpapers (backgrounds) for those who chose to use a GUI login as root, along with instructions on how to convert root GUI prohibition to root GUI enabling, and vice-versa, in Gnome and KDE was available on my website for those who wanted to exercise their own personal choice... for example ubuntu which by default does not allow root logins, vs Sun Java Desktop Linux which does (both of these are Gnome-based).

http://micro-hard.dreamhosters.com/root_wallpaper
http://micro-hard.dreamhosters.com/root_GUI_login

There was such an uproar by the vocal minority that I shifted my interest elsewhere.

And those who make up this minority are the people who give the rest of the linux community a bad reputation.
I had enough discussions about that with other people when they asked me "how good this Linux thingy actually is". And right now, some of them are actually using various Linux distributions occationally, which is better than if they were still sticking to Windows only. There are enough people out there who would give Linux a chance, but are scared off by those wannabe-hackers who fear to lose their "elite" status if Linux gets too userfriendly and eventually reaches the masses.
Puppy Linux is PRETTY userfriendly when compared to other distros (okay, I am a former gentoo user, so anything is probably more userfriendly to me xD), but it still has lots of edges and stuff that needs some touch-up. And multi-user capabilities are a good addition imho, even if you don't need it personally - others may do for various (plausible) reasons, and you have to think about those epople as well if you want to get more feedback and drivers from the hardware vendors.
I'd love to see Puppy Linux 5.x offering optional multi-user support, but that's just me. It definitely wouldn't hurt.

[8-bit]

In setting up a new user, if the new user is not allowed to shut down the computer, none of his work gets saved.
Also, If he cannot mount a usb flash stick, he cannot save his work externally.
So is there a way to lock the user out of accessing drives already installed and still give him the ability to mount and unmount drives added by him?
Just my thoughts..

[maxtothemax]

Is there a good way to allow ordinary users to run the "connect" script?


EDIT: I've been poking thru the files on the PuppyLinux installation, and I can see that most of the applications are implemented as shell scripts. It should be easy to edit the appropriate scripts, add "sudo" to the right commands within those scripts, then give no-password permission for those commands in the sudoers file.

I'm working on the net-setup.sh and wag-profiles.sh files right now but I really don't know too much about hacking puppy linux. I'm not exactly sure what other files I may need to modify and if I will need to make any other changes (although thankfully the scripts look well-written.) Perhaps a real puppy linux developer would have an easier time of it than me?

[Pizzasgood]

In setting up a new user, if the new user is not allowed to shut down the computer, none of his work gets saved.

You mean when he reaches for the poweroff button rather than getting root to come powerdown properly? The point in letting you disallow rebooting privileges is for people who are not supposed to turn the computer off at all (probably because it's a server so you want it on 24-7). If they can simply do it manually, then you need to either make so that they can't do that (place the physical box out of their reach, for example), consider punishments for people who mistreat your hardware, or give up and let them poweroff correctly so that they don't screw up your harddrives....

Basically the idea is that if you for example give people SSH access to your server, you probably don't want to let them poweroff the server on their own. People logging in with SSH generally are not within arms reach of the server, so manually hitting the button isn't an issue.



As for limiting the mounting of specific partitions, yes, you can do this. All you have to do is edit /etc/fstab and remove the "group" option for any partition that you don't want users to be able to mount/unmount. Any new partitions that are detected will automatically be given the group option.


@maxtothemax: Wouldn't it be easier to just use sudo to run the network wizard itself, rather than modifying it for all the little parts? Or does it not work that way? I have no experience with sudo, besides when I installed, configured, and tested it last weekend. I'm thinking you should be able to configure sudo so that anybody in the "network" group (which you'd have to create) could run "sudo /full/path/to/network_wizard", and then set up a wrapper script that runs that command and replace the "connect" icon with that.

[maxtothemax]

Sorry, I should have explained-- I'm going to be turning this laptop over to a six-year-old girl as soon as I'm done setting it up.

The wrapper script would work I guess, but its hardly elegant in my opinion. I could clobber that together as a contingency but I'd prefer to do it "right" if I can.

[Eyes-Only]

.

[Pizzasgood]

Thanks.

Sorry, I should have explained-- I'm going to be turning this laptop over to a six-year-old girl as soon as I'm done setting it up.

The wrapper script would work I guess, but its hardly elegant in my opinion. I could clobber that together as a contingency but I'd prefer to do it "right" if I can.

I kind of think that using a single sudo command to run the wizard would be more correct than embedding a bunch of sudo commands into the scripts. Seems more secure to me.

[timremy]

hello pizzasgood

i would like to ask, i might be wrong, but with your pupplet,

when i start my computer and if i am running multiuser, i can

configure the program to ask for a login?

thankyou

timremy

[technowomble]

Hi pizzasgood,

I'm running Multiuser Revision 1 as a full install on a Dell Latitude laptop - 192Mb RAM, 6Gb HD if that has any relevance - and if I try to create a user useradd fails to create a home directory with error code 3. I'm trying to create a user on a new install, and having looked at useradd it looks as if I should be able to create a user in a terminal by entering the appropriate parameters. Any thoughts on why the wizard isn't working or what I need to input in a terminal? TIA.

[Pizzasgood]

@timremy: Yes. Menu->Setup->Autologin Wizard.

@technowomble: Not sure why that would happen off the top of my head. One possibility is that you tried making a user with a capital letter in his name. I think it only likes lowercase letters for usernames. According to the man page, error code 3 means "invalid argument to option" but I'm not sure how you could have given it an invalid argument. Did you use spaces? You can't have spaces in a user name.

To do it from the terminal you would do this, assuming the user you were adding was named 'bob' and you don't want him assigned to any groups:

Code: Select all

useradd -m bob
passwd bob
mkdir -p /etc/X11/bob
chown bob /etc/X11/bob

To add bob to some groups, for the useradd command you would do something like this instead:

Code: Select all

useradd -m -G audio,disk,power bob

otherwise you could add him to the groups later with this:

Code: Select all

gpasswd -a bob audio
gpasswd -a bob disk
gpasswd -a bob power

[technowomble]

We progress! This time when I tried the GUI useradd it gave error code 12, unable to create /home for user. Playing a hunch I looked at the file system, no /home directory. I created an empty directory and this time successfully created a user. Seems as if useradd couldn't create a /home until it had somewhere to put it?
The next step is to let the user bring up my PCIMA wireless card, which I suspect will be a case of altering a few permissions. Wish me luck!

EDIT Well, I've got on line as user by getting the wireless up in root and saving for next boot. Not the most elegant - or flexible - solution, but it's a start. Maybe tomorrow I'll do some searching, what seems to be stopping me controlling wireless from user is ifconfig wlan0 up/down, I tried sudo'ing it, but evidently I don't have that set quite right yet.

[Pizzasgood]

No /home on a full install... Okay, that means I'll need to take a look at the install script this weekend. I'll also take a look at gksu and some of the other stuff Nathan mentioned.

[Lobster]

It has taken me awhile to understand why multi-user is a good thing.
Eyes-only clarified it for me in his posting.

Many users (multi-users in fact) using the same computer - with their desktop and bookmark settings etc. Is that right?

So it is ideal as a family computer
or in an internet cafe.

Does this relate to an intranet (locally networked computers)?

Many thanks

[Pizzasgood]

Multiple save files is good for when you have multiple trusted people who want to have full control of their OS.

Multiple users is good for multiple untrusted people who don't care so much about being able to install things and you want to prevent them from screwing things up.


And of course, multiple users can be combined with multiple save files, optionally encrypted. So you could have a save file that the rest of the family all share via. multi-user, and then a second one that you use so that you can un/install things at will without bothering your family when you accidentally break everything.

Does this relate to an intranet (locally networked computers)?

I'm not sure what you mean. I understand the difference between intra-, inter-, and Internet just fine. But I don't see what difference they make to the multiuser-ness of an OS.

[Lobster]

Lobster wrote:
Does this relate to an intranet (locally networked computers)?

I'm not sure what you mean. I understand the difference between intra-, inter-, and Internet just fine. But I don't see what difference they make to the multiuser-ness of an OS.

With what has been described - many users can access their settings on one computer.

If there are are multiple computers, going through a router, or perhaps with a server, can a user sit at any computer of a network and access their settings. Is this something different?