Puppy Linux Discussion Forum Forum Index Puppy Linux Discussion Forum
Puppy HOME page : puppylinux.com
"THE" alternative forum : puppylinux.info
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

The time now is Wed 17 Dec 2014, 17:51
All times are UTC - 4
 Forum index » Off-Topic Area » Security
The Ultimate Solution for running as root
Post_new_topic   Reply_to_topic View_previous_topic :: View_next_topic
Page 3 of 4 Posts_count   Goto page: Previous 1, 2, 3, 4 Next
Author Message
Sylvander

Joined: 15 Dec 2008
Posts: 3547
Location: West Lothian, Scotland, UK

PostPosted: Sat 12 Mar 2011, 09:03    Post_subject:  

"How about everyone has their own multisession CD or DVD? When they're done using the computer, they remove their DVD and put it in a safe place"
Sounds like a "cunning plan".
Back to top
View user's profile Send_private_message 
dejan555


Joined: 30 Nov 2008
Posts: 2720
Location: Montenegro

PostPosted: Sat 12 Mar 2011, 09:21    Post_subject:  

Eh, so much options, but after all, modifying puppy scripts to allow multiuser would be much easier I think. Once changed in official woof packages all new builds would have this option.
Puppy in fact is multiuser and has spot limited user by default, but due to puppy's structure and scripts it can't run X server and most puppy scripts would need to be modified.
I never worried about security issues but user accounts for individual settings would be quite usefull instead of creating multiple installs or savefiles and rebooting.
It doesn't have to be a radical change planed for one release but scripts could be inspected and changed from time to time.

_________________
Dpup 487 | Puppy Gallery | My photo gallery | mtPaint works
Back to top
View user's profile Send_private_message Visit_website MSNM 
Flash
Official Dog Handler


Joined: 04 May 2005
Posts: 11180
Location: Arizona USA

PostPosted: Sat 12 Mar 2011, 09:26    Post_subject:  

My word. I never watched Blackadder. I've been deprived! Laughing
Back to top
View user's profile Send_private_message 
postfs1


Joined: 27 Mar 2010
Posts: 831

PostPosted: Sat 12 Mar 2011, 15:42    Post_subject:  

To use Puppy_Linux.avi Laughing
_________________
  • I don't know why laboratories are named a hospitals.
  • The alive personage is like a tea bag with granules of unknown density inside, at that one the packet was made of organic material and was placed in the evaporated liquid or liquid.

Back to top
View user's profile Send_private_message 
musher0


Joined: 04 Jan 2009
Posts: 4431
Location: Gatineau (Qc), Canada

PostPosted: Sun 13 Mar 2011, 12:33    Post_subject:  

Flash wrote:
Even if it is encrypted, a save file on a shared hard disk could be deleted. How about everyone has their own multisession CD or DVD? When they're done using the computer, they remove their DVD and put it in a safe place.


Yep! The safest and most private solution.

If perchance anything went wrong during your last session, whatever the reason, you just type

puppy pfix=1

at bootup, and puppy boots to the last "healthy" session before that one, and you're back in business!

In any case, if you're booting puppy from cd/dvd, and there is a foul-up, it would have to be your fault, because no external agent can write directly to your cd/dvd without you knowing!

TWYL (talk with you later.)
.

_________________
"Logical entities must not be multiplied needlessly." / "Il ne faut pas multiplier les êtres logiques inutilement." (Ockham)
Back to top
View user's profile Send_private_message Visit_website 
forfyv

Joined: 23 Apr 2011
Posts: 4

PostPosted: Sun 24 Apr 2011, 09:15    Post_subject: Hmm, as root, I want to have users
Sub_title: my machine, my decision.
 

I would like to add user accounts to my puppy 5.2.5

I really like this distro, and I will be doing the add user at the command line.
The point has been made that apps should never tell a user they CANNOT run as root.

I would like to point that a distro should never tell a root they CANNOT run as a user!

I suppose I may eventually build a pet that adds a user/group manager to Puppy.

I understand that a lot of experienced puppy users scoff at the idea of running in a user account, but then, this is "MY machine". I kinda resent the attitude that I should NOT want to run it as a user, and that I should NOT use Puppy if I DO want to.

The attitude is rather immature, don't you agree?

Some of the experienced developers could build a user/group manager in a short time with minimal effort. To NOT do so, is rather silly.

For a new user like me to accomplish the same thing will require a large effort, and time investment.

I really have better things to do.

Sigh.

45 Mike

www.45inx.com
Back to top
View user's profile Send_private_message 
musher0


Joined: 04 Jan 2009
Posts: 4431
Location: Gatineau (Qc), Canada

PostPosted: Sun 24 Apr 2011, 09:58    Post_subject:  

Hi, forfyv.

I personally never felt a need for it, but FYI:
"pizzasgood", I believe, has put together a Puppy derivative with separate user capacity (not running as root). Maybe make a search on the forum. Might date from a year ago.

Also, as was mentioned above, you could have each of your users run his/her Puppy "Internet cafe" style, from his/her own DVD. This is perfectly safe and entirely removes the need for additional code for separating users.

Alternatively, you can save the main sfs on hard-disk and each user can have his/her own personal encrypted savefile on hard-disk or usb-disk or flash-card. In this case, the user boots from cd/dvd, but the boot-up script fetches the Puppy sfs and the individual savefile on the user-provided media. Again, very safe. The system also boots much faster that if entirely based on DVD (as in paragraph above).

Those solutions stray from mainstream Linux thinking on the subject of root, but IMHO they are more practical and more user-friendly, while maintaining very high protection and safety for the user, system, and hardware.

Incidentally, Happy Easter, if this applies to the culture you're from.

_________________
"Logical entities must not be multiplied needlessly." / "Il ne faut pas multiplier les êtres logiques inutilement." (Ockham)
Back to top
View user's profile Send_private_message Visit_website 
forfyv

Joined: 23 Apr 2011
Posts: 4

PostPosted: Sun 24 Apr 2011, 11:00    Post_subject: Yes, but . . .
Sub_title: my machine, my decision.
 

Quote:
Hi, forfyv.

I personally never felt a need for it, but FYI:
"pizzasgood", I believe, has put together a Puppy derivative with separate user capacity (not running as root). Maybe make a search on the forum. Might date from a year ago.


Yes, I saw the distro you mentioned, it is a 4.x version. I am using the latest release, 5.2.5. I really like this version, why should I downgrade? Smile

Quote:

Also, as was mentioned above, you could have each of your users run his/her Puppy "Internet cafe" style, from his/her own DVD. This is perfectly safe and entirely removes the need for additional code for separating users.

Alternatively, you can save the main sfs on hard-disk and each user can have his/her own personal encrypted savefile on hard-disk or usb-disk or flash-card. In this case, the user boots from cd/dvd, but the boot-up script fetches the Puppy sfs and the individual savefile on the user-provided media. Again, very safe. The system also boots much faster that if entirely based on DVD (as in paragraph above).

Those solutions stray from mainstream Linux thinking on the subject of root, but IMHO they are more practical and more user-friendly, while maintaining very high protection and safety for the user, system, and hardware.

Incidentally, Happy Easter, if this applies to the culture you're from.


Happy Easter to you as well.
(I am not christian, but appreciate the sentiment!)

Yes, the alternative solutions are valid, and (ahem), they do stray somewhat from normal UNIX paradigm.

I think the point many people are missing here is that a "normal" UNIX solution would be easy to impliment, and does NOT require a new distro.

A developer, (me I guess), could create a PET that allows a root user to manage users and groups. That is all that is needed.

If a puppy user does not want to manage users, fine, don't. However for a distro to NOT have some facility, (beyond CLI), to manage users is rather awkward for a normal UNIX guy. Smile

Another point that the experienced developers here miss, is that for THEM to build such a PET would be almost trivial, if they just decided to do it.
For ME to do it requires another learning curve, and hours trying to get things to work, that an experienced guy would already know.

Silly, because it is just an attitude that is preventing it from being done.

Thanks for your comments!

45 Mike
www.45inx.com
Back to top
View user's profile Send_private_message 
musher0


Joined: 04 Jan 2009
Posts: 4431
Location: Gatineau (Qc), Canada

PostPosted: Sun 24 Apr 2011, 11:16    Post_subject:  

Hi, forfyv!

I agree that 5.2.5 is a great implementation of Puppy.

I am not a programmer, just an "extreme configuration" guy... Wink So I can't help you much.

Maybe the simplest solution would be to send a PM to "pizzasgood", and ask him if he'd be willing to post an upgraded script or utility for Puppy 5.2.5 ?

Also, in any Puppy, there is always a "spot" user / directory. I've never used it, but maybe that would be enough to suit your purpose?

TWYL.

_________________
"Logical entities must not be multiplied needlessly." / "Il ne faut pas multiplier les êtres logiques inutilement." (Ockham)
Back to top
View user's profile Send_private_message Visit_website 
Luluc


Joined: 16 Mar 2011
Posts: 200

PostPosted: Sun 24 Apr 2011, 14:18    Post_subject:  

dawg wrote:
(1) - Imagine you have a single computer in a household populated by more than 1 person, all sharing that same computer, young kids and/or other computer-nonproficient and possibly naughty users included.
- The computer has a harddrive where a bunch of each user's stuff that doesn't fit on USB flash drives (videos, music...) is stored that none of the users wants screwed with by the rest of the users.
- Running as root will allow screwing with the said files by anyone (else) in the household, whereas having multiple users added to the system and proper access permissions set for each user's files who can then login separately, will not.

If your kids are... erm... curious enough, they could boot from a live CD and still have access to those precious files. Setting up user accounts in Puppy would not prevent that. The best way to prevent that is with encrypted partitions.
Back to top
View user's profile Send_private_message 
dawg

Joined: 09 Aug 2009
Posts: 113
Location: still here

PostPosted: Sun 24 Apr 2011, 14:32    Post_subject:  

Luluc wrote:
dawg wrote:
(1) - Imagine you have a single computer in a household populated by more than 1 person, all sharing that same computer, young kids and/or other computer-nonproficient and possibly naughty users included.
- The computer has a harddrive where a bunch of each user's stuff that doesn't fit on USB flash drives (videos, music...) is stored that none of the users wants screwed with by the rest of the users.
- Running as root will allow screwing with the said files by anyone (else) in the household, whereas having multiple users added to the system and proper access permissions set for each user's files who can then login separately, will not.

If your kids are... erm... curious enough, they could boot from a live CD and still have access to those precious files. Setting up user accounts in Puppy would not prevent that. The best way to prevent that is with encrypted partitions.

Unless one sets the BIOS to only boot from the HDD, and locks it with a password Smile

_________________
I used to only like Puppy as a friend, but now I think our relationship is starting to develop into something more... Very Happy
Back to top
View user's profile Send_private_message 
ICQ 
WindUpToy


Joined: 21 Oct 2008
Posts: 89
Location: melbourne.au Slick525DVD

PostPosted: Sun 24 Apr 2011, 19:06    Post_subject:  

re: "Unless one sets the BIOS to only boot from the HDD, and locks it with a password"

I am not a security freak, altho I use IceCat as Spot, and have the mandatory minimum security, i.e: NoScript, BetterPrivacy, etc, and I don't mean to rain on your parade, but today's "curious" kiddies know that if you remove+replace the CMOS battery, when you boot up there is no password required and the CMOS sets the BIOS up automatically on modern computers, with CD-boot as the first option.

Don't underestimate your kids. Smile

Edited_time_total
Back to top
View user's profile Send_private_message 
dawg

Joined: 09 Aug 2009
Posts: 113
Location: still here

PostPosted: Sun 24 Apr 2011, 19:12    Post_subject:  

WindUpToy wrote:
re: "Unless one sets the BIOS to only boot from the HDD, and locks it with a password"

I am not a security freak, altho I use IceCat as Spot, and have the mandatory minimum security, i.e: NoScript, BetterPrivacy, etc, and I don't mean to rain on your parade, but today's "curious" kiddies know that if you remove+replace the CMOS battery, when you boot up there is no password required and the CMOS sets itself up automatically on modern computers, usually with CD-booting being the first option.

Don't underestimate your kids. Smile

Well yeah, that obviously isn't gonna work for those, so a different approach may be needed (i.e. authority) Smile

_________________
I used to only like Puppy as a friend, but now I think our relationship is starting to develop into something more... Very Happy
Back to top
View user's profile Send_private_message 
ICQ 
WindUpToy


Joined: 21 Oct 2008
Posts: 89
Location: melbourne.au Slick525DVD

PostPosted: Sun 24 Apr 2011, 19:23    Post_subject:  

heh heh.

Yup, its us vs them.

Just because they are smarter than us doesn't mean we let them rule.
Back to top
View user's profile Send_private_message 
forfyv

Joined: 23 Apr 2011
Posts: 4

PostPosted: Sun 24 Apr 2011, 23:14    Post_subject: user manager
Sub_title: my machine, my decision.
 

well, I am chagrined.
I was invited to read the "Gory Details" that Pizzasgood wrote on his experience creating a multiuser puppy distro.

That was NOT a trivial project. And I can now see why creating a PET to do a similar change would be a fruitless endeavor.

I won't say that I would be unhappy to see Puppy become a distro with the multi user facilities built in, but I am no longer advancing the opinion that it *should* be.

I am happy with Puppy on my Dell mini 9 netbook, although I will no longer be using it on my desktop.

I may just have to get rid of ubuntu netbook remix altogether. Smile

I locked the boot with a password, and have set a password for root, on the mini, and I am comfortable enough in 'NIX to know I should never go to a terminal and rm -r stuff. LOL

Thanks for the patient discussion Musher0 and pizzasgood!!

_________________
45 Mike
www.45inx.com

Edited_time_total
Back to top
View user's profile Send_private_message 
Display_posts:   Sort by:   
Page 3 of 4 Posts_count   Goto page: Previous 1, 2, 3, 4 Next
Post_new_topic   Reply_to_topic View_previous_topic :: View_next_topic
 Forum index » Off-Topic Area » Security
Jump to:  

Rules_post_cannot
Rules_reply_cannot
Rules_edit_cannot
Rules_delete_cannot
Rules_vote_cannot
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group
[ Time: 0.1009s ][ Queries: 12 (0.0067s) ][ GZIP on ]