Run As The Root User Account

For discussions about security.
Message
Author
User avatar
Eyes-Only
Posts: 1043
Joined: Thu 10 Aug 2006, 06:32
Location: La Confederation Abenaquaise

#16 Post by Eyes-Only »

Amen and Halleluia to the last two of you, sickgut and Chris, for very well-made statements!! I salute you each! ( Why can't we have a salute smiley? LOL! )

I'm being totally serious here. I can't remember if I posted earlier here in this thread ( hey, I've got a bad memory and I post a lot :P ) but in over 25+ years as root in both Windows, BeOS, and Linux the worse I've done is accidently delete my email directory. But that didn't matter because I make often AND frequent backups ( which I believe Sickgut said we should be teaching people to do more of, right? ) and I'd lost only a few emails - none of any import really.

And as stated above about the firewall on Linux? I have to laugh at that one! I've gone to more of these "hacker sites" ( Not just the common one of "GMR" is it? He was a top hacker who turned to work for the Feds? ) and all they get is a "ping" reply that I'm here. But able to actually HACK my ports? They have to be opened for that to happen! And these "cracks" you hear about? - bingo! - those are "opened ports". DUH!

Sorry... I shouldn't allow myself to sit here and get upset over what has become my "Biggest Pet Peeve" as one day Mrs. Eyes-Only will find me slumped over the keyboard...

Oh, and by the way: The one here who had written that truly great essay about "Running in Root" ( I believe you had mentioned that Chris? ), the person who wrote that was Nathan of "GrafPup" fame. Someone around here - ruddy toothpick if I can recall just who now of course! - has a nice link to that essay in their sigfile. Really a brilliant exposition done by Nathan who is truly numbered as one of the "Linux Greats" in my book - even if I never could get along with the gentleman ( our personalities seemed to have clashed ), I much admired the man as I did learn oodles about Linux off from him as he had extreme patience with me!

And I guess this is far more than enough of my ramblings for today! Thanks everyone for enduring this "frothing-at-the-mouth". :(

Cheers/Amicalement,

Eyes-Only
"L'Peau-Rouge d'Acadie"
*~*~*~*~*~*
Proud user of LXpup and 3-Headed Dog. 8)
*~*~*~*~*~*

SimpleWater
Posts: 94
Joined: Tue 19 Apr 2011, 11:53

#17 Post by SimpleWater »

hello, thanks for sharing

yes puppy users have full beards. I have tried ubuntu, and found it a big annoyance to type in sudo, and after sudo be prompted with a user password completion. On everything, from updates, to deleting some files, to making slight changes in configuration files. I agree with sickgut, i mean, can you accidentally type in -rf /*? or any other destructive command? Anyone who knows bash does not just "accidentally" type in some bad code. Was there ever such a case?

And did anyone else notice 01micko on the list? I think he is supposed to be one of the puppy developers, anywho, i did the same. I have not been in linux for the longest time, but on windows there was never any reason not to be an administrator. If the teletubies ran as root, i run in root.
Eyes-Only wrote:I'm being totally serious here. I can't remember if I posted earlier here in this thread
you might one to check page 1 :wink:

User avatar
Eyes-Only
Posts: 1043
Joined: Thu 10 Aug 2006, 06:32
Location: La Confederation Abenaquaise

#18 Post by Eyes-Only »

DUH!

Thanks oodles SimpleWater for pointing out my oversight! LOL!! ( Or would that be "undersight" since I missed so much? Whatever! :lol: ) And in the process you gave me several postings to read which I'd missed that were simply awesome!

Anyway, yeah... I've been so busy between emails, reading, and posting @ various topics here - unusual for me where I rarely ever venture outside of "Derivatives/Software" - that I often forget where I've posted and what I've said. lol. Oh well, as they say in English, "The mind is the first to go!"

It's true. ;)

Cheers/Amicalement,

Eyes-Only
"L'Peau-Rouge"
*~*~*~*~*~*
Proud user of LXpup and 3-Headed Dog. 8)
*~*~*~*~*~*

User avatar
Aitch
Posts: 6518
Joined: Wed 04 Apr 2007, 15:57
Location: Chatham, Kent, UK

#19 Post by Aitch »

If you 'accidentally' type rm rf /

You're a DORK!!

Throw your computer away, you are a waste of space, and a danger to everyone

Puppy [as root] Rules!

Eyes-Only [quote me for link] Image


Aitch :)

jpeps
Posts: 3179
Joined: Sat 31 May 2008, 19:00

#20 Post by jpeps »

I'd agree Puppy works just fine in root, and eliminates the whole sudo hassle. That said, I don't run in root and use sudo, not really for security but just because I'm used to it, and for me it adds colors...another step away from Windows that is unique to Linux. For example, running running a browser with sudo uses the config in /root, and without it uses a config in my designated home directory. There are many possibilities for those who like to fiddle with various permissions, write their own software, have other users on the machine, etc, etc. Linux provides an abundance of possibilities at the cost of some additional learning and complexity. As mentioned, some programs won't compile in /root, and common apps like cups need "nobody" to work.

BTW/ I once DID wipe out an entire partition with rm -r * accidentally. I think it was very late, and I thought I was inside a directory. It happens fairly quickly. It can also happen from within a script if something screws up. In that case, not being in root could really be a blessing.

2byte
Posts: 353
Joined: Mon 09 Oct 2006, 18:10

#21 Post by 2byte »

Well I'm going to stick my neck out here to point out a couple of things. As a preface I'll say this “I run as root with Puppy


jpeps
Posts: 3179
Joined: Sat 31 May 2008, 19:00

#22 Post by jpeps »

2byte wrote:
So there you have it, and let me sum up with this. If Puppy were to be changed so that I could not be root when need be or I had to sudo everything I wouldn't give it the time of day.
~
It's very simple to set up access to whatever you need with permissions. Then sudo gets used mainly when you're changing or removing things. My vim editor, for example, runs in read-only without sudo, which in an added feature, since there is no chance of accidentally changing code when I'm scrolling around or copying things.

2byte
Posts: 353
Joined: Mon 09 Oct 2006, 18:10

#23 Post by 2byte »

jpeps wrote: It's very simple to set up access to whatever you need with permissions
Hi jpeps,
Are you talking about Puppy here? Which version? Sudo doesn't exist on 4.12 nor does pam.

If you could tells us how to easily (even not so easily) get Puppy to boot as a user other than root or spot with a specified user group, run Open Office and various other programs, log in to the server and read, create and edit files only in permitted directories then I am all ears. BTW having more than one user per machine isn't a requirement for our needs, if that makes any difference.

Seriously, can this be done? And if so are you willing to tell us how, or point us in the right direction?
~


User avatar
Eyes-Only
Posts: 1043
Joined: Thu 10 Aug 2006, 06:32
Location: La Confederation Abenaquaise

#24 Post by Eyes-Only »

Hi 2byte! :)

Actually, if you take and change the last 2 numbers of your current version around ( 4.1.2 ) to make "4.2.1" and then search for "Pizzasgood's 4.2.1 multiuser puppy", you'll have exactly what you're looking for me thinks!

Reason being: Back when 4.2.1 came out there was such a clamour for a multiuser Puppy, much like Nathan's "Grafpup-2.0.1" ( I believe it was? ) as he too had made a multiuser Puppy, that Pizzasgood decided to try the same - to please those that wanted one - plus to see how difficult it would be to take on such a project. He detailed a lot of his work in the thread he'd made ( sorry I can't recall it off the top of my head hence why I've said you'll need to do a search... ). Such work is NOT for the faint-hearted, trust me. Both Nathan AND Pizzasgood have stated so each time. If I recall correctly it's because the programmes now in Puppy have been compiled for single-user use and had to be completely recompiled...

I hope this has helped?

Cheers/Amicalement,

Eyes-Only
"L'Peau-Rouge"
*~*~*~*~*~*
Proud user of LXpup and 3-Headed Dog. 8)
*~*~*~*~*~*

nooby
Posts: 10369
Joined: Sun 29 Jun 2008, 19:05
Location: SwedenEurope

#25 Post by nooby »

Pizzasgood has told his story somewhere and it was real hard works for weeks upon weeks him having to forsaken family and all and it was very tiring too. So I doubt it ever will happen again that somebody take upon them to try. It is too tedious to do even if one are good at it.

But that is my poor memory. Search can find the original text

But that version is not using the later drivers so it fails to get internet on some modern computers so one would need to add good drivers to it.
I use Google Search on Puppy Forum
not an ideal solution though


2byte
Posts: 353
Joined: Mon 09 Oct 2006, 18:10

#27 Post by 2byte »

Hi eyes-only, nooby, bernie

Thanks for taking the time to offer advice. I have tried PG's multiuser 4.21 and it almost fits the bill. Problems with 4.21 unrelated to his work make it undesirable for us. The Xorg for one thing, plus a no longer supported and unfamiliar build system. I suppose it could be remastered, and maybe that will be the route taken. However, I am attempting to apply some of the things I am learning from his instructions to a 5.25 remake via EZ-Woof. Slow going.... My thinking for taking this route is that it's already pretty compatible with 10.04 LTS and the Linux apps we need could be obtained from 10.04 or directly from the developers, thus already multiuser friendly. Most of what needs changing in Puppy are the scripts and gtkdialog apps that use hard coded references to /root. Anyone who is a programmer knows that hard coded paths are a major mistake in any software. Anyway, my desire for a minimal Puppy with multiuser is for a work environment, and a good number of the built in Puppy specific apps are not needed nor desired.

I realize it may be an exercise in futility, but something in me always seems to say "take the road less traveled"
~


jpeps
Posts: 3179
Joined: Sat 31 May 2008, 19:00

#28 Post by jpeps »

2byte wrote:
jpeps wrote: It's very simple to set up access to whatever you need with permissions
Hi jpeps,
Are you talking about Puppy here? Which version? Sudo doesn't exist on 4.12 nor does pam.

Seriously, can this be done? And if so are you willing to tell us how, or point us in the right direction?
~
I posted a build script in utilities a while back:
http://murga-linux.com/puppy/viewtopic. ... 17&t=60258

It's simple to add additional groups or users; there's "adduser" and "addgroup". Spot, of course, is already set up.

Home directories are in /etc/passwd, and permissions set with chown.
If you want passwords, use "passwd [user]"

EDIT: I have an easy way of password protecting exiting back into root shell from user, if you need it.

SimpleWater
Posts: 94
Joined: Tue 19 Apr 2011, 11:53

#29 Post by SimpleWater »

jpeps wrote:BTW/ I once DID wipe out an entire partition with rm -r * accidentally. I think it was very late, and I thought I was inside a directory. It happens fairly quickly. It can also happen from within a script if something screws up. In that case, not being in root could really be a blessing.
If using pwd or ls is too much for you, you should consider editing your .bashrc to include your current working directory, I am very careful anyways, but i can see how software can blow up in your face. When i was experimenting with distros, i enabled compiz only to find out my graphics card could not handle it. My screen was filled with black and it restarts with compiz enabled. So looong distro! I think a regular account could not save you thereof. At least in my own situation.

User avatar
Lobster
Official Crustacean
Posts: 15522
Joined: Wed 04 May 2005, 06:06
Location: Paradox Realm
Contact:

#30 Post by Lobster »

If using pwd or ls is too much for you
Do not underestimate the unreasonable capacities of some users . . .
http://clientsfromhell.net/post/4963761 ... -client-is
Puppy Raspup 8.2Final 8)
Puppy Links Page http://www.smokey01.com/bruceb/puppy.html :D

jpeps
Posts: 3179
Joined: Sat 31 May 2008, 19:00

#31 Post by jpeps »

SimpleWater wrote:
jpeps wrote:BTW/ I once DID wipe out an entire partition with rm -r * accidentally. I think it was very late, and I thought I was inside a directory. It happens fairly quickly. It can also happen from within a script if something screws up. In that case, not being in root could really be a blessing.
If using pwd or ls is too much for you, you should consider editing your .bashrc to include your current working directory,
It happened from within a script I was testing. When doing a lot of programing, the chances of screwing things up increases substantially.

SimpleWater
Posts: 94
Joined: Tue 19 Apr 2011, 11:53

#32 Post by SimpleWater »

Lobster wrote:
If using pwd or ls is too much for you
Do not underestimate the unreasonable capacities of some users . . .
http://clientsfromhell.net/post/4963761 ... -client-is
sounds like my parents :lol:

jpeps, just try and be careful. I have yet to see how it can happen, but then again i have a hard time relating since i know little about programming.

jpeps
Posts: 3179
Joined: Sat 31 May 2008, 19:00

#33 Post by jpeps »

SimpleWater wrote:
jpeps, just try and be careful. I have yet to see how it can happen, but then again i have a hard time relating since i know little about programming.
Linux has evolved via many thousands of users over the years, and there's a reason for most things, such as use of permissions, read-only options, etc., that may not be immediately transparent. Having the correct tools available is precisely the way to "be careful"....that's the point.

User avatar
Mechanic_Kharkov
Posts: 9
Joined: Sun 24 Jul 2011, 08:08
Location: Kharkov, Ukraine

#34 Post by Mechanic_Kharkov »

Hail a holy war! :-)
I agree that if you're programming then there is much more possibilities for you to break the system down. The closer you are to ring0 the closer system crash is. It's mostly about drivers only, but even ring3 progz can hardly damage the system in test runs if being improperly designed.
As for me, I never run as Administrator@Win* or root@*nix if it is not really required. Especially in Windows.
Puppy is running under root by default and there is not much possibly damage if things would go wrong here - it's entirely in RAM, so I don't mean. But if system is on hdd then being a non-root becomes very actual.

And Yes, I really believe that I personally never type a command that will kill my system in command prompt,
.. but I really can't know what will do the prog that I run first time if it is written by somebody else, not me!
[color=brown][size=75][i]Let's digitize the world to re-compile it to better suit our own needs![/i][/size][/color]

Post Reply