Multi-users don't want to run as root...
First off, I see my link to Pizzasgood instructions had the desired effect - to show how complicated it is - and Pizzasgood was a genius!
There are two issues being discussed here and I am not sure if they are getting intermingled.
The one issue is having user logins. The other issue is having non-root permissions. It will not satisfy the reviewers if we have user logins but they still have root permissions. I think the having non root permissions is the tricky bit! I am not sure what noryb's suggestion will do with regard to permissions.
I don't know much about this at all really. Can a user with non-root permissions access the setup of a puppy easily. I suspect much of Pizzasgood stuff was making sure they could.
One thing I really don't understand. If you do a full install of Puppy isn't it just like any other Linux with a proper linux file system - you don't have to worry about access to the various layers. Could you then add a user with non-root permissions and access things properly? I've never seen anybody try but maybe this is a way to appease the reviewers.
I used to think like noryb for a long time on this topic. Why don't we just make a non-root user and keep everyone happy. When Pizzasgood came along and showed how difficult it was I began to question whether the reviewers really had a point or is it like religious fanaticism. I came to the comclusion that it was the latter. Puppy is DIFFERENT from other linuxes. It has lots of mechanisms in place (the save file, the OS in an sfs, the frugal install) to make it safer than Windows and as safe as those full installed linuxes without the need for a non-root user. Unfortunately a fanatic will not listen to any reasoned argument.
One thing we don't do is provide enough documentation on this topic to put forward the puppy view. One of the things reviewers say is that it runs as root but we don't make the user aware of this point. In that they are right.
I think there needs to be a readme in the package (in plain talk) that says puppy runs as root and why it is considered OK. This readme should be easily visible to users and should be highlighted in the release announcement so reviewers might read it. This will still not satisfy the Caitlin Martin's of the world but at least it will allow users and reviewers to see another point of view and not take these naysayers views without question.
Personally I see the real problem these days is not hackers hijacking your OS but drive by attacks from legitimate web sites. Nobody has convinced me yet that being non-root solves this!
There are two issues being discussed here and I am not sure if they are getting intermingled.
The one issue is having user logins. The other issue is having non-root permissions. It will not satisfy the reviewers if we have user logins but they still have root permissions. I think the having non root permissions is the tricky bit! I am not sure what noryb's suggestion will do with regard to permissions.
I don't know much about this at all really. Can a user with non-root permissions access the setup of a puppy easily. I suspect much of Pizzasgood stuff was making sure they could.
One thing I really don't understand. If you do a full install of Puppy isn't it just like any other Linux with a proper linux file system - you don't have to worry about access to the various layers. Could you then add a user with non-root permissions and access things properly? I've never seen anybody try but maybe this is a way to appease the reviewers.
I used to think like noryb for a long time on this topic. Why don't we just make a non-root user and keep everyone happy. When Pizzasgood came along and showed how difficult it was I began to question whether the reviewers really had a point or is it like religious fanaticism. I came to the comclusion that it was the latter. Puppy is DIFFERENT from other linuxes. It has lots of mechanisms in place (the save file, the OS in an sfs, the frugal install) to make it safer than Windows and as safe as those full installed linuxes without the need for a non-root user. Unfortunately a fanatic will not listen to any reasoned argument.
One thing we don't do is provide enough documentation on this topic to put forward the puppy view. One of the things reviewers say is that it runs as root but we don't make the user aware of this point. In that they are right.
I think there needs to be a readme in the package (in plain talk) that says puppy runs as root and why it is considered OK. This readme should be easily visible to users and should be highlighted in the release announcement so reviewers might read it. This will still not satisfy the Caitlin Martin's of the world but at least it will allow users and reviewers to see another point of view and not take these naysayers views without question.
Personally I see the real problem these days is not hackers hijacking your OS but drive by attacks from legitimate web sites. Nobody has convinced me yet that being non-root solves this!
The trouble is that a lot of work was purposefully done in Puppy to remove the normal, sane way of doing things. Undoing some of this is fairly easy by using the full normal version of things like shadow, passwd, etc. The harder part is that so many of the applications created for puppy rely on installing things under /root, when they should be in the normal PATH of any user, or at least installed into their $HOME dir.
It's really pretty easy to make a normal distro autologin you in as root if you want -Linux is first of all flexible and versatile. Undoing the ad-hoc mess that Puppy arbitrarily implements to log you in as root means *lots* more work.
It's really pretty easy to make a normal distro autologin you in as root if you want -Linux is first of all flexible and versatile. Undoing the ad-hoc mess that Puppy arbitrarily implements to log you in as root means *lots* more work.
But PissasGood efforts show that it was not easy to add multiuser.
So could one make a Linux that behave as good at puppy but not being a clone of puppy but that one can do as you say. Autologin as root?
Sorry if I am too dense. I sure get the part that it is very hard to keep added multi user capability up do date on every Puppy.
But can one do a linux distro that use save files in same way as Puppy that boot in frugal mode like Puppy and that is as small as puppy?
We can not name it Puppy Linux but if it can do all the things Puppy is famous for then why should it not be done. Would be a top ten hit instantly?
EDIT the two distros that give most freedom but not as much as Puppy are Knoppix and CDLinux.
Could someone smart explain how they relate to the multiuser issue and if they are root when one boot up? I don't get such.
Did not someone complain that NimbleX was root?
So could one make a Linux that behave as good at puppy but not being a clone of puppy but that one can do as you say. Autologin as root?
Sorry if I am too dense. I sure get the part that it is very hard to keep added multi user capability up do date on every Puppy.
But can one do a linux distro that use save files in same way as Puppy that boot in frugal mode like Puppy and that is as small as puppy?
We can not name it Puppy Linux but if it can do all the things Puppy is famous for then why should it not be done. Would be a top ten hit instantly?
EDIT the two distros that give most freedom but not as much as Puppy are Knoppix and CDLinux.
Could someone smart explain how they relate to the multiuser issue and if they are root when one boot up? I don't get such.
Did not someone complain that NimbleX was root?
I use Google Search on Puppy Forum
not an ideal solution though
not an ideal solution though
- technosaurus
- Posts: 4853
- Joined: Mon 19 May 2008, 01:24
- Location: Blue Springs, MO
- Contact:
basic (not complete) steps:
use find and sed to replace all occurances in scripts of /root with $HOME
mv/cp/ln the base /root dir to /etc/skel -needed for adduser to create a working home directory (need to tweak ppm & pets for /etc/skel too)
add a dialog for user login
... or you could use pupngo with tinycore packages
bigger issue is properly putting sudo, su, [ "whoami" == "root" ] and [ "whoami" != "root" ] etc ...
for my purposes, separate save file == separate user
what I would _like_ to see is the ability to mount a remote directory as the save layer ... for thin clients in schools, when combined with pxe boot
use find and sed to replace all occurances in scripts of /root with $HOME
mv/cp/ln the base /root dir to /etc/skel -needed for adduser to create a working home directory (need to tweak ppm & pets for /etc/skel too)
add a dialog for user login
... or you could use pupngo with tinycore packages
bigger issue is properly putting sudo, su, [ "whoami" == "root" ] and [ "whoami" != "root" ] etc ...
for my purposes, separate save file == separate user
what I would _like_ to see is the ability to mount a remote directory as the save layer ... for thin clients in schools, when combined with pxe boot
Check out my [url=https://github.com/technosaurus]github repositories[/url]. I may eventually get around to updating my [url=http://bashismal.blogspot.com]blogspot[/url].
Like this? http://murga-linux.com/puppy/viewtopic. ... 8&start=45technosaurus wrote:what I would _like_ to see is the ability to mount a remote directory as the save layer ... for thin clients in schools, when combined with pxe boot
Fatdog64 forum links: [url=http://murga-linux.com/puppy/viewtopic.php?t=117546]Latest version[/url] | [url=https://cutt.ly/ke8sn5H]Contributed packages[/url] | [url=https://cutt.ly/se8scrb]ISO builder[/url]
- technosaurus
- Posts: 4853
- Joined: Mon 19 May 2008, 01:24
- Location: Blue Springs, MO
- Contact:
I was aware of that one already. It needs to have the save files with a per user authenticated read access so that other users can't read or write to another save file other than their own. Using an encrypted save file prevents use, but not from deletion by another user....AFAIKjamesbond wrote:Like this? http://murga-linux.com/puppy/viewtopic. ... 8&start=45technosaurus wrote:what I would _like_ to see is the ability to mount a remote directory as the save layer ... for thin clients in schools, when combined with pxe boot
Check out my [url=https://github.com/technosaurus]github repositories[/url]. I may eventually get around to updating my [url=http://bashismal.blogspot.com]blogspot[/url].
Approaches to for Netboot clients
I'm late here. And, I don't possess nearly the skillset that you Gentlemen have. But, it you want to think a little outside of the box, look at this.
There is a running out-of-the-box package that has been in existence for the past 5 years. I have installed it in a Parish Campus for K-8 grades.
Its Edubuntu. Its a very very clean interface to providing just what is being discussed here. You MAY want to look at it.
Jamesbond made an excellent easy to use packaging for Netbooint. From my point of view, even though I see JamesBond's Netboot utility as a simple solution, in order for me to keep things separate, I have to put a CD in each system so that I can save the "session" to in order to isolate work by particular system. This is NOT A USER BASE SOLUTION, but, it does work for individual PCs. Now, when I have to Netboot that machine again, Puppy is smart enough to find the saave session and continue the booting with those changes and files I made at the last boot.
Puppy is NOT a muli-user platform. It is specifically designed to be a "root" user platform.
Fedora has an equally great implementation of Netbooting multi-users and managing each user individually, too. I am sure that there are others. As I remember it, the LTSP started with RedHat and expanded.
So, for a "best" solution, until Puppy changes its base the Edubuntu/Fedora Education/Suse's implementaion are world class, well thought thru, and simply implemented.
Let's look at those to see what's being done right and where we can replicate or improve here in Puppyland.
Lastly, the mentioned education systems have been around for many years and have a plethora of very good pieces-parts. Puppy will have to rethink its username-password management structure to support the efforts that you come up with. I would recommend SAMBA here, but that would require an altogether "new" way of managing users sessions and making those sessions available at boot time for a user to enter a userID and password so that his sessions files will appear appropriately..
I believe that is one of several things that they are looking at in the upcoming version 4....how to make user folders available to users at boot time. That still even years away, maybe. That is, If they can get past Microsoft's patents blocking them.
Hope this helps
There is a running out-of-the-box package that has been in existence for the past 5 years. I have installed it in a Parish Campus for K-8 grades.
Its Edubuntu. Its a very very clean interface to providing just what is being discussed here. You MAY want to look at it.
Jamesbond made an excellent easy to use packaging for Netbooint. From my point of view, even though I see JamesBond's Netboot utility as a simple solution, in order for me to keep things separate, I have to put a CD in each system so that I can save the "session" to in order to isolate work by particular system. This is NOT A USER BASE SOLUTION, but, it does work for individual PCs. Now, when I have to Netboot that machine again, Puppy is smart enough to find the saave session and continue the booting with those changes and files I made at the last boot.
Puppy is NOT a muli-user platform. It is specifically designed to be a "root" user platform.
Fedora has an equally great implementation of Netbooting multi-users and managing each user individually, too. I am sure that there are others. As I remember it, the LTSP started with RedHat and expanded.
So, for a "best" solution, until Puppy changes its base the Edubuntu/Fedora Education/Suse's implementaion are world class, well thought thru, and simply implemented.
Let's look at those to see what's being done right and where we can replicate or improve here in Puppyland.
Lastly, the mentioned education systems have been around for many years and have a plethora of very good pieces-parts. Puppy will have to rethink its username-password management structure to support the efforts that you come up with. I would recommend SAMBA here, but that would require an altogether "new" way of managing users sessions and making those sessions available at boot time for a user to enter a userID and password so that his sessions files will appear appropriately..
I believe that is one of several things that they are looking at in the upcoming version 4....how to make user folders available to users at boot time. That still even years away, maybe. That is, If they can get past Microsoft's patents blocking them.
Hope this helps
Interesting ideas technosaurus, let's continue that discussion here http://murga-linux.com/puppy/viewtopic. ... 747#498747.technosaurus wrote:I was aware of that one already. It needs to have the save files with a per user authenticated read access so that other users can't read or write to another save file other than their own. Using an encrypted save file prevents use, but not from deletion by another user....AFAIKjamesbond wrote:Like this? http://murga-linux.com/puppy/viewtopic. ... 8&start=45technosaurus wrote:what I would _like_ to see is the ability to mount a remote directory as the save layer ... for thin clients in schools, when combined with pxe boot
Fatdog64 forum links: [url=http://murga-linux.com/puppy/viewtopic.php?t=117546]Latest version[/url] | [url=https://cutt.ly/ke8sn5H]Contributed packages[/url] | [url=https://cutt.ly/se8scrb]ISO builder[/url]
- Colonel Panic
- Posts: 2171
- Joined: Sat 16 Sep 2006, 11:09
Good point, I agree.rcrsn51 wrote:For the sake of comparison, consider TinyCore Linux. Its default user is non-privileged and it gives you complete control over the size of your install. These are precisely the two features that new Puppy users supposedly want.p310don wrote:If someone, or a group of someones could spend the time coding, checking, testing and all the other buggerising around needed to implement a multi-user, up to date, compatible system that is still puppy in all its awesomeness, then there's one less argument, valid or invalid, to not use it. If more people used it, more people would want to use it because it works so much better than windows etc.
So you would expect that TInyCore would be the more desirable distro. Yet its forum membership is 1/10th the size of ours. Puppy must be doing something right.
Gigabyte M68MT-52P motherboard, AMD Athlon II X4 630, 5.8 GB of DDR3 RAM and a 250 GB Hitachi hard drive running Ubuntu 16.04.6, MX-19.2, Peppermint 10, PCLinuxOS 20.02, LXLE 18.04.3, Pardus 19.2, exGENT 200119, Bionic Pup 8.0 and Xenial CE 7.5 XL.
- RetroTechGuy
- Posts: 2947
- Joined: Tue 15 Dec 2009, 17:20
- Location: USA
Re: Multi-users don't want to run as root...
I see that I'm late to the party, but...noryb009 wrote:Puppy Linux is an awesome distro. It's small, fast, and awesome. But in most reviews the reviewer always comments on running as root and it's faults.
I'm not asking for a multiuser pup. I'm asking for an extra boot option, user="usernameHere" or similar (with root as default). The accounts would be created either automatically when they are logged into though grub, or a program in the menu to create extra users.
I'm not sure how much work it would be for the woof devs, but it would make a lot of complaints against puppy go away.
I know this will get bashed and ashed by some of you, but think about it: a few kilobytes for non-biased reviews.
I'm assuming that you are running a frugal install (I don't know how to do this in a full). And I'm assuming Lupu (otherwise the pupsave file names are different).
Boot your puppy CD to RAM (at the command prompt: "puppy pfix=ram"). Boot up and browse into your frugal install save folder. Copy lupusave-noryb009.2fs to lupusave-NorybJunior.2fs (for your kid).
Reboot normally (you don't need to save), and when it looks for your pupsave, it will see 2 of them, and so it will ask you which to load. I actually keep 3 or 4 around. lupusave-main.2fs, lupusave-04mar2011.2fs, lupusave-secure.2fs, lupusave-small.2fs (the last one is as small as I can make a save file, just to give a mount point for backng up the main copy -- the "04mar2011" is the backup of main, in case I break something. "secure" is a save file that is only used to accessing banks and credit cards -- no other site allowed)
Now each user has their own "computer" (their own OS, configured to their tastes), but can share the hardware it sits on. If your kid messes up his save file, your should still be intact. Not completely foolproof, but adequate for most situations (and you should keep backup copies of the configurations on an external drive).
The other thing you really should do, if you are concerned about OS security, is change your root password. Open a console window, and type:
Code: Select all
passwd
[url=http://murga-linux.com/puppy/viewtopic.php?t=58615]Add swapfile[/url]
[url=http://wellminded.net63.net/]WellMinded Search[/url]
[url=http://puppylinux.us/psearch.html]PuppyLinux.US Search[/url]
[url=http://wellminded.net63.net/]WellMinded Search[/url]
[url=http://puppylinux.us/psearch.html]PuppyLinux.US Search[/url]