Script to run everything as 'spot'

Under development: PCMCIA, wireless, etc.
Post Reply
Message
Author
jamesbond
Posts: 3433
Joined: Mon 26 Feb 2007, 05:02
Location: The Blue Marble

Script to run everything as 'spot'

#1 Post by jamesbond »

Puppy introduced the concept of "run-as-spot", whereby an application run as the user 'spot' despite the fact that the logged-in user is 'root', long time ago. It was / is used to run 'didiwiki', a personal webserver providing wiki functions, as the user 'spot' to reduce the impact of someone breaking into the webserver. There was a blog post from mid 2008 that talked about it, but by that time it was already quite established that didiwiki always run as spot; the first implementation must be much earlier than that - could be 2006 or 2007.

For a very long time until now, didiwiki was the only application that run as spot. Fatdog elaborated on the concept and use the idea to run most network programs as spot - most prominently is the browser.

A few days ago Barry decided to expand the model too and adopt Fatdog's approach to run more programs as spot, first of all is seamonkey (a web browser), see this blog post.

I'm attaching a script that allows *any* program (proper ones!) to run as spot. This is the same script that is currently used in Fatdog, except that Fatdog uses "dash" shell instead of "sh" to reduce memory footprint.

How to use:
1. Gunzip, then chmod +x the script.
2. Copy it to /usr/bin
3. Prefix any app you want to run with "run-as-spot".

It has been tested on:
- firefox, seamonkey, thunderbird, pidgin, geany, libreoffice, chromium, and a few others I can't remember.

Enjoy. Feedback and contributions welcome.
Attachments
run-as-spot.gz
gunzip then chmod +x then copy to /usr/bin
(398 Bytes) Downloaded 1653 times
Fatdog64 forum links: [url=http://murga-linux.com/puppy/viewtopic.php?t=117546]Latest version[/url] | [url=https://cutt.ly/ke8sn5H]Contributed packages[/url] | [url=https://cutt.ly/se8scrb]ISO builder[/url]

User avatar
Ted Dog
Posts: 3965
Joined: Wed 14 Sep 2005, 02:35
Location: Heart of Texas

#2 Post by Ted Dog »

Nice a central script for run as spot... Could you add a control flag to run as root. I generally edit seamonkey-spot to seamonkey-bin to get around the issues of download corruptions and upload errors when ever I edit stuff as root and need to do something with the files upload/download using seamonkey to my webserver.
However if we could run all apps as spot it should reduce those types of issues.
Could you give us a taste of the script in the next release of FatDog64?

User avatar
Karl Godt
Posts: 4199
Joined: Sun 20 Jun 2010, 13:52
Location: Kiel,Germany

#3 Post by Karl Godt »

Have probably few usages for such for local games servers .
These tend in newer versions to check for root and abort .
Was modifying the source then ie

Code: Select all

#ifndef WIN32
    /* Here we check that we aren't root or suid */
    if (getuid() == 0 || geteuid() == 0) {
        fputs("Don't run crossfire as root, it is unsupported.\n", stderr);
        fputs("Instead run it as a normal unprivileged user.\n", stderr);
       // fputs("Aborting...\n", stderr);
       // return 1;
          return 0;    
}
#endif
For the Xauthority env var I have no experience with but I would write it like

Code: Select all

if [ "$(id -u)" = 0 ] ; then
    [ -f "$Xauthority" -a ! -f /root/spot/.Xauthority ] &&
    {
    cp "$Xauthority" /root/spot/.Xauthority;
    chown spot:spot /root/spot/.Xauthority;
    }
   export XAUTHORITY=/root/spot/.Xauthority
or

Code: Select all

if [ "$(id -u)" = 0 ] ; then
    [ -f "$Xauthority" ] && {
    cp -a --remove-destination "$Xauthority" /root/spot/.Xauthority;
    chown spot:spot /root/spot/.Xauthority;     }
    export XAUTHORITY=/root/spot/.Xauthority
>/dev/null is only needed if the / rootfs is ro , which should not be :lol:
«Give me GUI or Death» -- I give you [[Xx]term[inal]] [[Cc]on[s][ole]] .
Macpup user since 2010 on full installations.
People who want problems with Puppy boot frugal :P

User avatar
sc0ttman
Posts: 2812
Joined: Wed 16 Sep 2009, 05:44
Location: UK

#4 Post by sc0ttman »

I've looked at your script james, and I've no idea what half of it does (other than the obv).. What's all the Xauthority stuff? Can I get an 'in english for dummies' explanation?

Not trying to plug anything as such, trying to share something that may be useful, if fatdog uses spot like akita...

Akita has had a "Run as Spot" menu item in its main menu since around the time fido was first developed - cos fido stuff was too hard, so I ended up adding spot as a real user, correcting /dev permissions etc, adding the popup user login thing, etc (repeating half of pizzagoods barrys work to get there) - long story short, having done that, akita can run firefox, vlc etc as spot, with the cmd `run_as_spot $1` (sound works, etc)

The script run_as_spot basically contains

Code: Select all

su -s /bin/bash spot -c "$@"
If this is how you did it, then the full script might be of use, it includes a gtkdialog GUI for choosing from the apps in /usr/share/applications ..

Code: Select all

#!/bin/sh
# run the given commands as the restricted user 'spot'
[ "$(which gtkdialog4)" = "" ] && GTKDIALOG="gtkdialog4" || GTKDIALOG="gtkdialog"
VERSION=0.4 # set version
TERMINAL=mrxvt # choose preferred terminal
[ "`whoami`" = "spot" ] && pupdialog --title "Run as spot" --msgbox "You are already running as spot" 0 0 && exit 1
if [ ! "${1}" ];then # if no options given, we will run GUI
  COMBO_LIST="" EXEC_LIST="" # reset vars
  for DESKTOP_FILE in /usr/share/applications/* # for each .desktop file, get the name and command
  do
    [ "$DESKTOP_FILE" = "" ] && continue
    NAME="" EXEC=""
    # read each line of the current .desktop file, get its Name and Exec details
    while read LINE
    do
      [ "$LINE" = "" ] && continue
      case ${LINE} in
        Name=*) NAME="${LINE#*=}"'' ;;
        Exec=*) EXEC="${LINE#*=}"'' ;;
        *) ;;
      esac
    done < "${DESKTOP_FILE}" # end while read line
    # build the list of programs, 2 lists, 1 for this script, 1 for gtkdialog <combobox>
    [ "$COMBO_LIST" = "" ] && COMBO_LIST="<item>${NAME}</item>" || COMBO_LIST="${COMBO_LIST}
<item>${NAME}</item>" # build the list to go into combobox in GUI
    [ "$EXEC_LIST" = "" ] && EXEC_LIST="${NAME}@$EXEC" || EXEC_LIST="${EXEC_LIST}
${NAME}@$EXEC" # build a list which also contains the commands
  done # end for each .desktop file
  COMBO_LIST="$(echo "$COMBO_LIST" | sort)" # sort it alphabetically
  # create the GUI
  RUNASspotGUI="<window title=\"Run as spot $VERSION\">
  <frame>
    <vbox>
      <text><label>Run a program as spot, the restricted user</label></text>
    </vbox>
    <vbox>
      <hbox>
                <checkbox tooltip-text=\"Tick here to run the program in a console window, to see the programs output or errors\">
                        <label>Run in Terminal</label>
                        <variable>RUN_IN_TERM</variable>
                        <default>false</default>
                </checkbox>
      </hbox>
      <combobox>
      <variable>PROGS</variable>
        "$COMBO_LIST"
      </combobox>
    </vbox>
    <hbox>
    <button ok>
    </button>
    <button cancel></button>
    <button help>
    <action>Xdialog --title \"Run as spot $VERSION\" --msgbox \"'Spot' is a user with restricted privileges.\n\n \
The home folder for spot is /root/spot - the only folder where spot has full control.\n\n \
Unlike 'root' the super (admin) user, spot can't modify system files, in /bin, /usr/sbin, etc.\n \
Any programs run by 'spot' have the same restricted privileges, and can't modify the system. \n\n \
It is therefore considered more secure to run programs like browsers, etc, as 'spot'. \n \
If running programs as spot, all files must be saved, edited, etc, in /root/spot.\n\n \
This tool simply runs the chosen program as 'spot', with restricted privileges.\n \
Tick 'Run in terminal' to see any program output, errors and messages in a console.\n\n \
Some programs need admin (root) privileges and won't work running as spot.\n \
This generally includes programs that install, remove or modify system files and settings.\n \" 0 0 &</action>
    </button>
    </hbox>
  </frame>
</window>"
  export RUNASspotGUI
  # get variables from GUI, if not cancelled, check values, and execute the appropriate command as 'spot'
  RETVAL="`$GTKDIALOG -c -p RUNASspotGUI`"
  EXIT=`echo "$RETVAL" | grep EXIT= | cut -f2 -d'=' | tr -d '"' `
  if [ "$EXIT" = "OK" ];then
    TERM=`echo "$RETVAL" | grep TERM= | cut -f2 -d'=' | tr -d '"' `
    PROG=`echo "$RETVAL" | grep PROGS= | cut -f2 -d'=' | tr -d '"' `
    EXEC="`echo "$EXEC_LIST" | grep -m1 "$PROG" | cut -f2 -d'@'`"
    [ "$TERM" = true ] && $TERMINAL -e su -s /bin/bash spot -c "$EXEC" || su -s /bin/bash spot -c "$EXEC"
  else  # user clicked cancel
    exit 1
  fi
else # command line options were given, so just run the command, no GUI
  su -s /bin/bash spot -c "$@"
fi
exit 0
Attachments
spot.png
(117.01 KiB) Downloaded 4234 times
[b][url=https://bit.ly/2KjtxoD]Pkg[/url], [url=https://bit.ly/2U6dzxV]mdsh[/url], [url=https://bit.ly/2G49OE8]Woofy[/url], [url=http://goo.gl/bzBU1]Akita[/url], [url=http://goo.gl/SO5ug]VLC-GTK[/url], [url=https://tiny.cc/c2hnfz]Search[/url][/b]

User avatar
Q5sys
Posts: 1105
Joined: Thu 11 Dec 2008, 19:49
Contact:

#5 Post by Q5sys »

awesome work!

nooby
Posts: 10369
Joined: Sun 29 Jun 2008, 19:05
Location: SwedenEurope

#6 Post by nooby »

From a users point of view what would be different?
I mean how would I notice that I am now spot instead of root?

I think of saving a picture to the sda1 HD from Firefox?
Would it ask fir password each time? Would it refuse to save it
and only allow it to save to Spot directory and if I want to move it
from there to HD would it have permissions set to only be viewed
in Spot?

How does it behave from the user perspective?

Edit thanks to Scottman below for that detailed explantion. would not the downloaded things still end up in Spot and not allowed to be moved
why else use spot if it does not protect? I am a noony obviously :)
Last edited by nooby on Tue 04 Jun 2013, 19:41, edited 1 time in total.
I use Google Search on Puppy Forum
not an ideal solution though

User avatar
sc0ttman
Posts: 2812
Joined: Wed 16 Sep 2009, 05:44
Location: UK

#7 Post by sc0ttman »

nooby, you can set different GTK themes for different users, so the programs they use will look different... The easy way to do this is to make sure you dont have the files /root/spot/.gtkrc and /root/spot/.gtkrc.mine ... If you dont have the same GTK theme settings (gtkrc etc) in both /root and /root/spot then the programs will look different depending on if run as root or not.. If run as root programs will look 'normal', if not, they will have different (probably uglier) theme settings.. Hope that's clear.

EDIT: I attached a screenshot, so you can see.. The 1st is run as root, the second is run as spot (using `run_as_spot vlc-gtk` in akita)
Attachments
vlc-root.png
(36.52 KiB) Downloaded 4325 times
vlc-spot.png
(32 KiB) Downloaded 4295 times
[b][url=https://bit.ly/2KjtxoD]Pkg[/url], [url=https://bit.ly/2U6dzxV]mdsh[/url], [url=https://bit.ly/2G49OE8]Woofy[/url], [url=http://goo.gl/bzBU1]Akita[/url], [url=http://goo.gl/SO5ug]VLC-GTK[/url], [url=https://tiny.cc/c2hnfz]Search[/url][/b]

jamesbond
Posts: 3433
Joined: Mon 26 Feb 2007, 05:02
Location: The Blue Marble

#8 Post by jamesbond »

Ted Dog wrote:Nice a central script for run as spot... Could you add a control flag to run as root. I generally edit seamonkey-spot to seamonkey-bin to get around the issues of download corruptions and upload errors when ever I edit stuff as root and need to do something with the files upload/download using seamonkey to my webserver.
Instead of using "seamonkey-spot" just use "seamonkey" and it will run as whatever logged in user you are in.
Same for firefox - just use "firefox" instead of "firefox-spot", etc.
However if we could run all apps as spot it should reduce those types of issues.
Could you give us a taste of the script in the next release of FatDog64?
Yes you already can. Go to Control Panel --> System --> User manager and create a new user (don't forget to set the password too). After you create a new user you can launch a second desktop too. Switch between desktops by pressing Ctrl-Alt-Fxxx (the first desktop is F4, second is F5, third is F6, etc).

While there, you can also choose whether you want to automatically logged in as "root" or as any other user. If you don't like autologin (as root or as any other user), go to Control Panel --> System --> Login manager to choose how to to login to the system, you have 3 choices: autologin, console login, or graphical login.

It's all in the login FAQ :)
sc0ttman wrote:I've looked at your script james, and I've no idea what half of it does (other than the obv).. What's all the Xauthority stuff? Can I get an 'in english for dummies' explanation?
Xauthority is the (old) security model of X server to prevent anyone who happens to know your IP address to connect to your Xorg and display
an annoying popup ad banner message :) But relax this won't happen in Fatdog or Puppy because in both, X server is configured *not* to listen to any IP address.

It is there because when running Fatdog with the slim graphical login manager, slim creates an X authority file, and if that file isn't made available to spot, spot will not be able to display anything on screen. On regular sessions (ie console login / autologin), Xauthority isn't used.
Akita has had a "Run as Spot" menu item in its main menu since around the time fido was first developed - cos fido stuff was too hard, so I ended up adding spot as a real user, correcting /dev permissions etc, adding the popup user login thing, etc (repeating half of pizzagoods barrys work to get there) - long story short, having done that, akita can run firefox, vlc etc as spot, with the cmd `run_as_spot $1` (sound works, etc)

The script run_as_spot basically contains

Code: Select all

su -s /bin/bash spot -c "$@"
Fatdog's run-as-spot script used to be a one-liner like that, but there are a few others things that need to be set properly, otherwise certain apps will not run.
What it does:
1. Copy Xauthority as explained above.
2. Set $XDG_* environment variables needed by many freedesktop-compliant programs such as geany, libreoffice, chromium, etc.
3. Make sure after switching to spot we stays in the current directory (if current directory is readable by spot)
4. Make sure if the app requires arguments that has space in it, that space is preserved and passed correctly after switching to spot.
Fatdog64 forum links: [url=http://murga-linux.com/puppy/viewtopic.php?t=117546]Latest version[/url] | [url=https://cutt.ly/ke8sn5H]Contributed packages[/url] | [url=https://cutt.ly/se8scrb]ISO builder[/url]

User avatar
Smithy
Posts: 1151
Joined: Mon 12 Dec 2011, 11:17

Re: Script to run everything as 'spot'

#9 Post by Smithy »

jamesbond wrote: How to use:
1. Gunzip, then chmod +x the script.
2. Copy it to /usr/bin
3. Prefix any app you want to run with "run-as-spot".


Enjoy. Feedback and contributions welcome.
Sorry if I am a bit thick, but number one (1.) is change the permission so it is executable?

3. Can a prefix be applied to a .desktop file (say firefox)? in the exec bit.
Could you show us a template or two.

Reason I ask is because the Fatdog 64 runs seamlessly with the spot and that firewall is tight. A good combo there jamesbond.

But I was trying 01micko's browse as spot on a regular puppy and it wouldn't work properly, was moaning about some firefox profile or something. I was hoping spot might just use the executable and that's it.

And can spot be applied to certain aspects of an app? Was thinking about wine aspects after mikeb mentioned mbr wipes occasionally.

jamesbond
Posts: 3433
Joined: Mon 26 Feb 2007, 05:02
Location: The Blue Marble

Re: Script to run everything as 'spot'

#10 Post by jamesbond »

Smithy wrote:Sorry if I am a bit thick, but number one (1.) is change the permission so it is executable?
Yes.
3. Can a prefix be applied to a .desktop file (say firefox)? in the exec bit.
Could you show us a template or two.
Sure. In terminal, instead of typing "firefox" to run the web browser, you type "run-as-spot firefox".

In firefox.desktop file, you usually have the line "Exec=firefox" so change that to "Exec=run-as-spot firefox".
Reason I ask is because the Fatdog 64 runs seamlessly with the spot and that firewall is tight. A good combo there jamesbond.
Thanks.
But I was trying 01micko's browse as spot on a regular puppy and it wouldn't work properly, was moaning about some firefox profile or something. I was hoping spot might just use the executable and that's it.
You can always open a terminal and do "run-as-spot sh"; to get a new shell that runs as spot, proper. From there you can try to run firefox directly, and see any error messages you've got. If you've got errors it's most likely because the permission are not set correctly. E.g. sometimes the browser's profile under spot (/root/spot/.mozilla) is linked to an external partition outside the savefile (/mnt/sdb5 or something) but spot doesn't have access to that partition. This needs to be solved: either you give spot the permission to that partition, or move the browser profiles to somewhere else that spot has access to.
And can spot be applied to certain aspects of an app? Was thinking about wine aspects after mikeb mentioned mbr wipes occasionally.
No. If you run a program under spot, then "all-aspects-of-it" will be running under spot. A program that needs to run under multiple-privilege levels (sometimes as root, sometimes as spot) cant' be run as "spot", it must always be run as root first, and it is up to the program to downgrade its access level to a non-root user. There are other ways of achieving this, but until aufs supports extended attribute this alternative method isn't gonig to work on Puppies (or Fatdog, for that matter).

Hope that helps.
Fatdog64 forum links: [url=http://murga-linux.com/puppy/viewtopic.php?t=117546]Latest version[/url] | [url=https://cutt.ly/ke8sn5H]Contributed packages[/url] | [url=https://cutt.ly/se8scrb]ISO builder[/url]

User avatar
Smithy
Posts: 1151
Joined: Mon 12 Dec 2011, 11:17

#11 Post by Smithy »

Yes it does help thanks, I've been wanting to try spot for yonks but it seemed a bit complicated, this should be easy now.

User avatar
Smithy
Posts: 1151
Joined: Mon 12 Dec 2011, 11:17

#12 Post by Smithy »

Blast, it doesn't work.
Altered the firefox desktop file

Code: Select all

[Desktop Entry]
Encoding=UTF-8
Name=Firefox web browser
Icon=firefox.png
Comment=Firefox web browser
Exec="run-as-spot firefox"
Terminal=false
Type=Application
Categories=X-Internet-browser
GenericName=Firefox
Tried with and without the "brackets" surrounding the exec
Downloaded Geoffrey's Paint programme and Lazz Paint.
And it let me install them both.
Checked usr/bin/run as spot script.
Opened in terminal.

Code: Select all

sh: : command not found
Script competed. Hit return to close window
Any ideas.

User avatar
mikeb
Posts: 11297
Joined: Thu 23 Nov 2006, 13:56

#13 Post by mikeb »

A bodge is never going to work as well as doing it properly...wine is another awkward one.

I made puppy 2.12 and 4.12 true multiuser with slim login manager some years ago..I might do lucid if it snows.

It was not rocket science even for an idiot like me so why has it never been done with puppy releases? Only really makes sense if looked upon as a live cd that never gets installed...mind you SLAX manages it ok and its a live CD.

Not really pursued it at it seems a waste of time anyway for our general use and being a true user is awkward especially with puppy and its weird scripts and methods though feeding of such as ubuntu should mean it works better now.

On the other hand if you want to run a server (use puppy for that...NEVER!!! :D ) or have machines in public use or a family with bad habits then true multiuser would be of benefit.

mike
Last edited by mikeb on Mon 09 Mar 2015, 12:33, edited 1 time in total.

User avatar
mavrothal
Posts: 3096
Joined: Mon 24 Aug 2009, 18:23

#14 Post by mavrothal »

Smithy wrote:Blast, it doesn't work.
Altered the firefox desktop file
JWM/Rox do not read the desktop file
You should change /root/.jwmrc (for the menu entry) and /usr/local/bin/defaultbrowser (for the desktop icon).
The desktop file works with other window managers
== [url=http://www.catb.org/esr/faqs/smart-questions.html]Here is how to solve your[/url] [url=https://www.chiark.greenend.org.uk/~sgtatham/bugs.html]Linux problems fast[/url] ==

User avatar
Smithy
Posts: 1151
Joined: Mon 12 Dec 2011, 11:17

#15 Post by Smithy »

Ok, usr/local/bin default browser, that works, thanks Mathrothal.
Is there any way to alter the script so it just works on the firefox executable or does it have to use profiles(I suppose it does), keeps locking out, can't find the profile.
Anyway to make the script point to the profile?

Sort of "please find xnxxjhxhfj.default folder."

I do recognise the usefulness of limiting execution of downloads, I think it's a good idea, and you can still in an instant just go and wreck/alter your puppy which we all like to do from time to time.
I agree mike, restricted user would be total crap.
Someone's making a server puppy I think :o :P :)

User avatar
mikeb
Posts: 11297
Joined: Thu 23 Nov 2006, 13:56

#16 Post by mikeb »

Whats a bidge?

Anyway I should point out to anyone using the internet that you have to

1. download a malicious executable
2. Make it executable ....they are not by default unless you unpack say a zip as root...plus it has to be a elf linux executable or say bash/python/perl etc script. if you are getting that involved then common sense starts to creep in.
3. run it.

Now those 3 steps are manual...you have to do it and do it as root.
Far removed from the windows auto download and run mechanisms present. If you have the technical know how to do the above (and how many noobs here have to be hand held through the process to get anything to happen with wanted files)
If you can do such things I doubt if you are silly enough to grab yerself a virus... and then you would have to search hard to get a linux one...is all this likely.

If you really were stupid enough yet capable you would simply do this to your file obtained as spot and then play suicide as root... so again the only thing that can break your system is YOU.....

Spot...seems like a cheapskate way to avoid making the system true multiuser and provides NO real protection.

Just don't like seeing people waste their time...not like we have an endless supply of it :D

mike

User avatar
Smithy
Posts: 1151
Joined: Mon 12 Dec 2011, 11:17

#17 Post by Smithy »

Thought you meant bridge.

Been hearing these echos about spot for a good while, but blissfully running Puppy as root.

It would be good to see your little pup that did a login mike.
But that's full monty, quite like the idea of an internet bridge but not a productivity bridge.

I just wanted to try out spot to see if it is any good.
Like I say Fatdog 64 was seamless, you didn't notice it, no slowdown, nothing.

I appreciate all that programming stuff that the guys have put in, it's too easy to be cynical about it, but there has to be a cutoff point. A time when you say it's finished. And then that is the time to hone it.

Edit: Thanks jamesbond will have a look at mozilla site when I get chance.
Last edited by Smithy on Tue 10 Mar 2015, 20:04, edited 1 time in total.

User avatar
mikeb
Posts: 11297
Joined: Thu 23 Nov 2006, 13:56

#18 Post by mikeb »

I like a good hone... well me 4.15 which is 4.12 with a slax kernel is around the 4.12 website...thats got slim login ... you rename the config to make it happen so by default it behaves in the traditional puppy root way but its actually running like a multiuser underneath...Ie no autologinroot and no X dangling of the profile cause strange happenings.

All this systemd stuff or course messes all that up so its already in the legacy bin it seems :D

Anyway bit of a pet subject...ie the paranoia which some people are trying to bring into linux land and I think that stinks .. :D

relax and have fun as thats the idea...

mike

jamesbond
Posts: 3433
Joined: Mon 26 Feb 2007, 05:02
Location: The Blue Marble

#19 Post by jamesbond »

Smithy wrote:Is there any way to alter the script so it just works on the firefox executable or does it have to use profiles(I suppose it does), keeps locking out, can't find the profile.
Anyway to make the script point to the profile?
http://kb.mozillazine.org/Profile_Manager
http://kb.mozillazine.org/Profile_folder_-_Firefox
Good luck.
Fatdog64 forum links: [url=http://murga-linux.com/puppy/viewtopic.php?t=117546]Latest version[/url] | [url=https://cutt.ly/ke8sn5H]Contributed packages[/url] | [url=https://cutt.ly/se8scrb]ISO builder[/url]

Post Reply