 |
Puppy Linux Discussion Forum Puppy HOME page : puppylinux.com "THE" alternative forum : puppylinux.info
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in|
The time now is Wed 22 May 2013, 09:09 All times are UTC - 4 |
 Forum index » Off-Topic Area » Security |
|
Puppy is great except running as root?
|
 
|
View previous topic :: View next topic |
| Page 2 of 3 [35 Posts] | Goto page: Previous 1, 2, 3 Next |
| Author | Message | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
Bruce B
 Joined: 18 May 2005 Posts: 10817 Location: The Peoples Republic of California |
Things can be put on par in many ways. Puppy is a multi-user operating system. Is there a connectivity application you don't want to run as root? Then don't, run it as another user. Also, no reason anyone needs to run the terminal emulator as root either, except by user choice. _________________ New! Puppy Linux Links Page |
||||||||||
|
|||||||||||
 |
|||||||||||
DaveS
 Joined: 09 Oct 2008 Posts: 3669 Location: UK |
Root FOREVER!!!!!!!!!!!!!!!!!! _________________ Spup Frugal HD and USB Root forever! |
||||||||||
|
|||||||||||
|
|||||||||||
|
Lobster
Official Crustacean  Joined: 04 May 2005 Posts: 15109 Location: Paradox Realm |
Ignorance of noobs [bless them] is not a reason. 
To give you another example of a way Puppy is different. New users run Puppy from CD (or DVD for extra speed) it runs fine and they can save their configuration to HD. In the back of their heads (I used to have this), they insist that Puppy must be installed to hard disk. It is the way things are done after all . . . Is it? I gave up installing Puppy to HD several years ago. I run from DVD. Fast simple convenient. No spots before the eyes . . . Forum admin Flash, runs from Multi-session quite happily. The problem with 'root is bad' is people repeat it as a mantra without knowing why it is bad. On a shared network it makes perfect sense. That is where the mantra started. When people had Unix terminals. We are Puppy and we have our own computers. Some of us even use them without wearing white coats. If I was a tin-hat (terminal paranoid) I might change the permissions on my HD or encrypt my data or get a retina scan door for my computer room. Pah! . . . Meanwhile copyrighted material, government documents and peoples private facebook images are freely available . . . The world is becoming transparent. I float up into the cloud . . . I am a tree, I am root [my psychiatrist has been auto-dialled] _________________ Puppy WIKI |
||||||||||
|
|||||||||||
|
|||||||||||
|
Bruce B
Joined: 18 May 2005 Posts: 10817 Location: The Peoples Republic of California |
If the dangers of rm -rf is of actual concern, it is not the end of the story, not for me anyway.
Type this on the command line and see what you get. It disables using the rm command on the command line. It tells you to use del or deltree instead. Put it in .bashrc and you will not have to type it thrice. Aliases have precedence on the CLI, but not in scripts, so it won't break the scripts written to use rm. del
deltree
One last point. Root can make files read only, and even root can't delete them. One last, very last point, root can build a system from scratch, root can modify a system to administrator specifications, root is administrator and in control. _________________ New! Puppy Linux Links Page Last edited by Bruce B on Wed 19 Nov 2008, 05:48; edited 6 times in total |
||||||||||
|
|||||||||||
|
|||||||||||
|
Bruce B
Joined: 18 May 2005 Posts: 10817 Location: The Peoples Republic of California |
That would be a sad day. If it weren't for posts questioning running as root, what would be the stimulus for arguing in its behalf? _________________ New! Puppy Linux Links Page |
||||||||||
|
|||||||||||
|
|||||||||||
|
tw296
Joined: 13 Nov 2008 Posts: 51 |
So what's this method of root making files that it can't delete? (I believe SELinux can do it, but I also believe SELinux isn't in Puppy) |
||||||||||
|
|||||||||||
|
|||||||||||
|
Bruce B
Joined: 18 May 2005 Posts: 10817 Location: The Peoples Republic of California |
One of the hardest things I've found in life to do is change people's beliefs. I'm going to farm this one out to others. Use your favorite search engine and the following search critera: linux file immutable Please post back and let me know if you've been persuaded into new beliefs or not. _________________ New! Puppy Linux Links Page |
||||||||||
|
|||||||||||
|
|||||||||||
|
tw296
Joined: 13 Nov 2008 Posts: 51 |
Yeah that works. But I'm thinking there has to be some gotcha somewhere. How is this implemented? Is there some circumstance in which it would be bypassed? And more to the point, why isn't this used more widely? (Or is it? I don't tend to go trying to delete key system files) |
||||||||||
|
|||||||||||
|
|||||||||||
|
Bruce B
Joined: 18 May 2005 Posts: 10817 Location: The Peoples Republic of California |
Why? This is not Microsoft.
By changing extended file attributes, not normally viewable with ls -l, lsattr shows them.
Formatting the partition, but those tools can be set aside once the disk is setup. Otherwise by root only, or the fake root Ubuntu sudo, using the chattr command. Root can hide or rename the file, how about spelling it backward? rttach, who would guess?
I don't think it is widely used Also, you can also protect completed user documents, music files and other things you don't want accidentally deleted. For me, the system files are not of great concern, because I have the setup cd. It's the lost user files, I'm more concerned about. _________________ New! Puppy Linux Links Page |
||||||||||
|
|||||||||||
|
|||||||||||
|
tw296
Joined: 13 Nov 2008 Posts: 51 |
Ah right. A quick bit of searching seems to show that this is controlled by a kernel compile option - so the only way for it to 'fail' (in terms of being a safety net for a careless admin or user) would be if the kernel got changed. That's not going to happen. There's the user-xattr mount option, but I'm assuming that's for something slightly different. Back on topic: Does having Puppy run mainly as root make the developers' lives easier? Because that's the only thing I can think of to justify it. It's at best neutral for security, gives a negligible improvement in convenience, and makes it harder to have a multi-user system. |
||||||||||
|
|||||||||||
|
|||||||||||
|
Flash
Official Dog Handler  Joined: 04 May 2005 Posts: 9846 Location: Arizona USA |
It's a huge improvement in convenience for me. I tried Knoppix several years ago before I discovered Puppy. Seemed like the need for a password, which was not supplied, kept me from doing most everything I wanted to try. I found Puppy to be so much simpler to use that there is no comparison. If you need separate user accounts, fine, but keep in mind that Puppy grew up as a single user live CD. If that's the way I use it then there's no reason to run as a user with limited privileges, and plenty of reasons to run as root, as far as I'm concerned.
|
||||||||||
|
|||||||||||
|
|||||||||||
|
Bruce B
Joined: 18 May 2005 Posts: 10817 Location: The Peoples Republic of California |
If we consider traditional distribution design, it is not harder to login as root, than it is to login as any other user. Developers can login as they please, provided the administrator allows it. Depending on the type of operation, the administator may give developers a sandbox to work with. I send this post via one of Puppy's restricted users, spot. As a multiple-user operating system, it allows me to be many users at the same time, doing what multi-tasking operating systems do, run multiple tasks at the same time. _________________ New! Puppy Linux Links Page |
||||||||||
|
|||||||||||
|
|||||||||||
|
disciple
Joined: 20 May 2006 Posts: 6179 Location: Auckland, New Zealand |
These are not newbies. Apart from people who want multi-user for the sort of reasons Nathan wants it, these are mostly tin-foil hat people who have been indoctrinated by other distributions
That is a most important point
I would separate this into two issues, and these are my guesses at the answers: 1. Why does Puppy run as root by default? - The average computer user that Puppy was targetted at wants to be able to just do things (e.g. install new software) without having to log on as an administrator or put a password into 47 dialogues or something. (Are the Vista people listening?) Puppy was intended to be convenient, and a lot of users used to come from Win98, where they didn't have passwords or multiple users or things stopping them from being in control of their own computer. Incidentally, a lot of businesses around here (the ones that have some trust in their employees) still set their computers up as much like the Win98 way of doing things. - I look at it this way - not running as root gives a negligible improvement in security and is thoroughly inconvenient. 2. Why is Puppy a single user system (i.e. why is it not easy to run it as a multi-user system)? - tradition - it has always been this way, and no one has changed it. I guess it has always been this way because it is believed that the target audience does not need a multi-user system, and it makes it easy for the developers
If someone made Puppy multi-user friendly I would support them, but hopefully Puppy will always run as root by default. _________________ DEATH TO SPREADSHEETS - - - Classic Puppy quotes - - - Beware the demented serfers! |
||||||||||
|
|||||||||||
|
|||||||||||
|
disciple
Joined: 20 May 2006 Posts: 6179 Location: Auckland, New Zealand |
Nathan's tinfoil hat article can still be read at http://web.archive.org/web/20080604034010/grafpup.org/news/?page_id=243, even though grafpup.org doesn't work currently _________________ DEATH TO SPREADSHEETS - - - Classic Puppy quotes - - - Beware the demented serfers! |
||||||||||
|
|||||||||||
|
|||||||||||
|
PaulBx1
Joined: 16 Jun 2006 Posts: 2308 Location: Wyoming, USA |
Actually, there is one very good reason that Puppy should default as multi-user: to stop people nagging about it. 
Actually, it would eliminate the single most important bitch about Puppy that I've read in reviews, thus possibly boosting Puppy in the ratings. I wouldn't mind a Puppy that defaulted as multiuser, but could be converted back to the old way with a simple little utility for the 90% of users who like it that way. And Pizzasgood has even paved the way for us. |
||||||||||
|
|||||||||||
|
|||||||||||
| Page 2 of 3 [35 Posts] | Goto page: Previous 1, 2, 3 Next |
|
|
View previous topic :: View next topic |
|
Forum index » Off-Topic Area » Security |
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum You cannot attach files in this forum You can download files in this forum |
Powered by phpBB © 2001, 2005 phpBB Group