Puppy Linux Discussion Forum Forum Index Puppy Linux Discussion Forum
Puppy HOME page : puppylinux.com
"THE" alternative forum : puppylinux.info
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

The time now is Wed 23 Jul 2014, 20:24
All times are UTC - 4
 Forum index » Off-Topic Area » Security
Puppy is great except running as root?
Post new topic   Reply to topic View previous topic :: View next topic
Page 1 of 3 [35 Posts]   Goto page: 1, 2, 3 Next
Author Message
TheTick

Joined: 14 Nov 2008
Posts: 7

PostPosted: Sat 15 Nov 2008, 13:34    Post subject:  Puppy is great except running as root?  

Hi,

I've tried Fedora, OpenSuSE, Mint Linux and was disgusted by the performance I got on my 900Mhz PIII 320G laptop. Damn Small Linux is nice but would take too much of my time to setup all the apps I would like to use. I just want to browse websites with firefox and look at email and dabble with basic Linux system admin.

I quickly installed Firefox and switched the menu fonts to something reasonable with the GTK theme chooser. Also I enabled the autohide in the .jwmrc-tray file. Afterwords I found the GUI config tool for jwm. Finally I setup my Prism 2 wireless card. All straight forward tasks that are not trivial for new Linux users.

As a long time UNIX user and backup sys admin as far back as 1992, I was a little disturbed puppy defaults to run as root? Now I know how to add users and can set that up , but root as default seems like a poor choice for security. Is there a reason root is the default?
Back to top
View user's profile Send private message 
HairyWill


Joined: 26 May 2006
Posts: 2949
Location: Southampton, UK

PostPosted: Sat 15 Nov 2008, 13:57    Post subject:  

why running as root is acceptable
http://murga-linux.com/puppy/viewtopic.php?t=29441
http://www.murga-linux.com/puppy/viewtopic.php?p=199344

there are plenty more

_________________
Will
contribute: community website, screenshots, puplets, wiki, rss
Back to top
View user's profile Send private message 
alienjeff


Joined: 08 Jul 2006
Posts: 2291
Location: Winsted, CT - USA

PostPosted: Sat 15 Nov 2008, 15:09    Post subject:  

OFFS ... the holy war that seems to never end. FMI, check:

http://www.murga-linux.com/puppy/viewtopic.php?t=29441&sid=4320be77d63b0bad0ab16e1ce314c1bd

_________________
hangout: ##b0rked on irc.freenode.net
diversion: http://alienjeff.net - visit The Fringe
quote: "The foundation of authority is based upon the consent of the people." - Thomas Hooker

Back to top
View user's profile Send private message 
Bruce B


Joined: 18 May 2005
Posts: 11080
Location: The Peoples Republic of California

PostPosted: Sat 15 Nov 2008, 15:45    Post subject:  

As a Unix user you know what Multi-Tasking, Multi-User machines are.

I trust me as root.

Like yourself, about all I'm really interested in, in terms of connectivity applications is the browsers. I do that as spot.

su spot
cd
. b -> .bashrc


And limited user spot has a full repertoire of alias, scripts, directories and etc. All which I made.

And spot runs the browsers. Also spot can run nearly all the apps, if I want, except some daemons. Then there are other users, seven or eight by default.

_________________
New! Puppy Linux Links Page
Back to top
View user's profile Send private message 
alienjeff


Joined: 08 Jul 2006
Posts: 2291
Location: Winsted, CT - USA

PostPosted: Sat 15 Nov 2008, 16:35    Post subject: Re: Puppy is great except running as root?  

Please excuse my earlier haste, but this issue keeps coming back to life. And quite honestly, it gets a little tired.

TheTick wrote:
Is there a reason root is the default?


My knee jerk answer to this is "to aid in simplicity of design." Instead of trusting the opinion of a mere user like myself, you might be interested in what the developer has to say.

Scroll down to Q: Security concerns on Barry's FAQ page. He goes on to reference this rather contentious, tedious, and protracted thread.

Hope that helps.

_________________
hangout: ##b0rked on irc.freenode.net
diversion: http://alienjeff.net - visit The Fringe
quote: "The foundation of authority is based upon the consent of the people." - Thomas Hooker

Back to top
View user's profile Send private message 
cthisbear

Joined: 29 Jan 2006
Posts: 3386
Location: Sydney Australia

PostPosted: Sat 15 Nov 2008, 18:35    Post subject:  

" My knee jerk answer "

But booted that one home AJ.
Good one.

What I would like to know is if all those
advocating this type of - Security -
actually shred all their post addressed letters,
bank statements, utilities bills etc
to stop anyone going through their garbage and using
all this freely available info to defraud people.

No firewalls etc in the old garbo bin.

If I want root I'll get out my gardening fork.

Chris.
Back to top
View user's profile Send private message 
TheTick

Joined: 14 Nov 2008
Posts: 7

PostPosted: Sat 15 Nov 2008, 23:47    Post subject:  

Yes I do shred all my mail. Anything with my address and/or name.

BTW I did read Barry's response and he does make sense in that puppy is NOT a server and all data except on your sfs files is read only. I just fear people see this and not understanding the unique puppy criteria think its OK for all Linux machines to boot to root.

Thanks for all the details .. and I will be running my browser and eamil client as spot. Thanks!
Back to top
View user's profile Send private message 
Flash
Official Dog Handler


Joined: 04 May 2005
Posts: 10927
Location: Arizona USA

PostPosted: Sun 16 Nov 2008, 00:09    Post subject:  

I'm still waiting for a report - from anyone anywhere, using any Linux distro - of a problem they had that would not have happened had they not been running as root. Without actual experience to analyze, we're just wasting our time guessing the worst that could occur.
_________________
Puppy Help 101 - an interactive tutorial for Lupu 5.25
Back to top
View user's profile Send private message 
cthisbear

Joined: 29 Jan 2006
Posts: 3386
Location: Sydney Australia

PostPosted: Tue 18 Nov 2008, 19:09    Post subject:  

" Yes I do shred all my mail. Anything with my address and/or name. "

Fair enough................Chris.
Back to top
View user's profile Send private message 
bugman


Joined: 20 Dec 2005
Posts: 2131
Location: buffalo commons

PostPosted: Tue 18 Nov 2008, 19:16    Post subject:  

Flash wrote:
I'm still waiting for a report - from anyone anywhere, using any Linux distro - of a problem they had that would not have happened had they not been running as root. Without actual experience to analyze, we're just wasting our time guessing the worst that could occur.


i deleted an essential file once, because i am an idiot

i suppose i could have deleted the file in a multi-user system too, but it would have taken longer

root still wins!

[more efficient idiot]
Back to top
View user's profile Send private message Visit poster's website 
tw296

Joined: 13 Nov 2008
Posts: 51

PostPosted: Tue 18 Nov 2008, 21:01    Post subject:  

Nth hand this one admittedly. But someone attempts to clear out a directory with
Code:
rm -fr *


Problem is, there's some keymap issues, so he actually does
Code:
rm -fr ~
. On this system, root's homedir was /

Bye bye system.

Also I seem to recall there's a gotcha with rm where something can match '..' (the parent directory) unexpectedly.

Finally, I don't have a major problem with puppy defaulting to root. What I have a problem with is it seems to make it inordinately difficult to login as NOT root.
Back to top
View user's profile Send private message 
Bruce B


Joined: 18 May 2005
Posts: 11080
Location: The Peoples Republic of California

PostPosted: Tue 18 Nov 2008, 21:18    Post subject:  

tw296 wrote:
Nth hand this one admittedly. But someone attempts to clear out a directory with
Code:
rm -fr *


Problem is, there's some keymap issues, so he actually does
Code:
rm -fr ~
. On this system, root's homedir was /

Bye bye system.

Also I seem to recall there's a gotcha with rm where something can match '..' (the parent directory) unexpectedly.

Finally, I don't have a major problem with puppy defaulting to root. What I have a problem with is it seems to make it inordinately difficult to login as NOT root.


In your if scenario, you are talking about a stupid or possibly an intentionally destructive user.

Don't let stupid users use your computer, they can get their own to mess up.

If it be intentionally destructive, it wouldn't matter what OS or how it was configured. You would pretty well have to put the computer out of access.

For example, some companies have their really important servers and other computers in air conditioned rooms, which only the administrators and probably the owner has keys to.

_________________
New! Puppy Linux Links Page
Back to top
View user's profile Send private message 
disciple

Joined: 20 May 2006
Posts: 6425
Location: Auckland, New Zealand

PostPosted: Tue 18 Nov 2008, 21:34    Post subject:  

I still think the best answer is Nathan's tinfoil hat article (BTW he actually converted Grafpup to a multiuser system).

Quote:
I'm still waiting for a report - from anyone anywhere, using any Linux distro - of a problem they had that would not have happened had they not been running as root.

That's pretty much what I say every time someone mentions this.

tw296 - we want real world examples of something someone has done, not theoretical examples of what they can do Smile
Quote:
What I have a problem with is it seems to make it inordinately difficult to login as NOT root.

The reason this is so is because no one has taken the time to make it easier. Perhaps you would like to volunteer? There are some people who would thank you.

_________________
DEATH TO SPREADSHEETS
- - -
Classic Puppy quotes
- - -
Beware the demented serfers!

Last edited by disciple on Wed 07 Oct 2009, 02:51; edited 1 time in total
Back to top
View user's profile Send private message 
tw296

Joined: 13 Nov 2008
Posts: 51

PostPosted: Tue 18 Nov 2008, 23:40    Post subject:  

Bruce B wrote:
In your if scenario, you are talking about a stupid or possibly an intentionally destructive user.

Don't let stupid users use your computer, they can get their own to mess up.
It makes sense to accept that anyone, while not stupid, can and will make mistakes. This includes ourselves. And actually, I have hosed my system while running as root - though what I was doing couldn't NOT have been done as root. I was working from a live cd trying to copy everything from my root partition to somewhere else for a backup; naturally, this can't be done from within the system. It failed, so I went to delete it, but was in the original not the backup when I did the rm -fr *. Kerblam.

Also, seeing as how Grafpup is a multiuser system - can't we (by which I mean me if I get the time) backport whatever changes make that possible to Puppy?

EDIT: Yes, Ubuntu's default setup is stupid. I change things so that sudo wants the ROOT password, that should make things a bit more secure (though how much?), though it defeats the real point of sudo - but who uses its full power on desktop systems anyways?
In any case, being 'as secure as Ubuntu' is hardly something to brag about. Remember that openssh bug? Inherited from Debian, true. But it shows that even Free Software can have seriously nasty things lurking in it that don't get picked up.

Making Puppy not run as root would shut up a huge amount of the forum questions. It's easily the most asked question about the distro.

In most distributions, the effort required to not run as root is so minimal that even if the security advantage is small, it's still worth doing. In Puppy that's not the case - running as root requires effort on the user's part, and it's perhaps effort not well spent. But I have yet to see any argument that running as root is MORE secure than not doing so.
Back to top
View user's profile Send private message 
disciple

Joined: 20 May 2006
Posts: 6425
Location: Auckland, New Zealand

PostPosted: Wed 19 Nov 2008, 01:46    Post subject:  

Quote:
In most distributions, the effort required to not run as root is so minimal that even if the security advantage is small, it's still worth doing.

Maybe for you, but for me it is not worth it - I just find it annoying Smile

Quote:
Also, seeing as how Grafpup is a multiuser system - can't we (by which I mean me if I get the time) backport whatever changes make that possible to Puppy?

Well I'm not sure how much would be easy backporting and how much you would have to do from scratch. Grafpup 2 is a lot more different from puppy than Grafpup 1.x (which wasn't multi-user) was, and is also closer to the Puppy 2.x series than 4.x. So it wouldn't be a simple matter of copying and pasting.

I don't think there would be any big disadvantages (size or whatever) in Puppy having multi-user ability, so no one should complain about it.

You might like to:
1. ask around for people that are running Puppy as something other than root, and see what they had to do. There has been at least one forum thread about how to do it, but I don't think it was the sort of complete solution you would want.
2. talk to Nathan and see if he has any more notes or advice.
3. talk to the people working on Puppy. WhoDo is coordinating the next 4.x release, but this might be too big a change for it, so it may have to wait a release. I think there are also people working on new 3.x and 2.x releases, but IMNSHO the future is with 4.x

_________________
DEATH TO SPREADSHEETS
- - -
Classic Puppy quotes
- - -
Beware the demented serfers!
Back to top
View user's profile Send private message 
Display posts from previous:   Sort by:   
Page 1 of 3 [35 Posts]   Goto page: 1, 2, 3 Next
Post new topic   Reply to topic View previous topic :: View next topic
 Forum index » Off-Topic Area » Security
Jump to:  

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group
[ Time: 0.0956s ][ Queries: 12 (0.0040s) ][ GZIP on ]