Puppy Linux Discussion Forum Forum Index Puppy Linux Discussion Forum
Puppy HOME page : puppylinux.com
"THE" alternative forum : puppylinux.info
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

The time now is Sat 19 Apr 2014, 15:55
All times are UTC - 4
 Forum index » Taking the Puppy out for a walk » Suggestions
Multi-users don't want to run as root...
Moderators: Flash, Ian, JohnMurga
Post new topic   Reply to topic View previous topic :: View next topic
Page 2 of 2 [30 Posts]   Goto page: Previous 1, 2
Author Message
p310don

Joined: 19 May 2009
Posts: 686
Location: Brisbane, Australia

PostPosted: Tue 22 Feb 2011, 17:58    Post subject:  

@ICPUG Having looked at pizzasgood instructions, I got a headache and went to bed. That's a lot of stuff, but I guess it means it can be done, and in fact, at the end of his first post says he hopes that someone can carry on from his work.

But, a re-read of this thread, maybe noryb009 is onto an idea. I know of user "spot" in puppy. How is this invoked? Can a save file be created that only has spot as a user? Is this simpler than a true multi user?

Upon boot, then there is the option of which pupsave to use, root or spot.
Back to top
View user's profile Send private message 
bugman


Joined: 20 Dec 2005
Posts: 2131
Location: buffalo commons

PostPosted: Wed 23 Feb 2011, 06:59    Post subject:  

perhaps you could combine with

http://www.murga-linux.com/puppy/viewtopic.php?t=65156

to have secured multi-user simulation without messing up puppy's inherent structures?

_________________
. . . the machines are clean
and the machines are not corrupted


- lee "scratch" perry
Back to top
View user's profile Send private message Visit poster's website 
nooby

Joined: 29 Jun 2008
Posts: 10522
Location: SwedenEurope

PostPosted: Wed 23 Feb 2011, 11:31    Post subject:  

Thanks indeed for this thread. So needed.

I have also read Pissasgood description and the fact that he or none else has done it since 2007 show how incredible hard it is to maintain such a system with the fast pace that Puppy change itself to some variety.

So the way around is to simulate it so they have to be a kind of extended Spot and log in at boot and a lot of such that makes these reviewers feel more at home.

I am also worried about all these reviews scaring away users that would love to use Puppy but now read that it is using root and therefore should only be used by extremely savvy programmers and not by newbies like Nooby.

Wow I did struggle with using Multi Ubuntu since 2006 up to 2008 or even later and totally failed to learn the sudo thing.

Puppy was my rescue from the MsWin world .Okay it took me one year to get free of Windows but now I never use it again unless it is the only way to get puppy going again.

So some kind of simulation of the "good" thing is needed. Something that does not need all the incredible tedious work that Pissasgood had to go through. Wow I did get a headache just reading how difficult it was. The Devil in the details indeed. So many things to keep track on.

So a kind of simulation would be a very good thing.


Re TinyCore and how they do it. Their approach seems a bit less strict than Ubuntu and other Linux distros. Sure TCL had sudo too but I could do things in TCL that I totally failed even to do in AntiX and other distros.

So TCL is not totally hopeless but very demanding if one know almost nothing.

But a distro that seems to think a bit like Puppy are CDLinux using a variety of Slax. There I could do almost every thing I am used to do in Puppy too so they must have set it up with that in mind. Latest Knoppix 6.4.3 was almost as easy as Puppy too.

So maybe we have supporters among other distros too.

_________________
I use Google Search on Puppy Forum
not an ideal solution though
Back to top
View user's profile Send private message 
noryb009

Joined: 20 Mar 2010
Posts: 529

PostPosted: Wed 23 Feb 2011, 16:26    Post subject:  

This is how I was thinking it would work, without adding too much to the size of the ISO:

- user runs puppy for first time
- asks user at shutdown to create save file, then asks if they want to create second account (second account is stored in user-username.sfs/2fs/3fs or something). If a user is created, then it asks what the root password should be.
- at second boot, puppy mounts savefile, then asks what user they want to log into: createdUser or root (this could be stored in puppy, or just a listing of the user-*.sfs/2fs/3fs files in the savefile folder) (the user could also be chosen from GRUB)
- there is a user control panel in puppy that lets you manage users

The user-username.sfs/2fs/3fs would have a folder /home (and all other user-only things) in it. It would be mounted like a sfs.

This is just an idea, but I don't see why it couldn't work.
Back to top
View user's profile Send private message 
nooby

Joined: 29 Jun 2008
Posts: 10522
Location: SwedenEurope

PostPosted: Wed 23 Feb 2011, 18:31    Post subject:  

noryb I think you are right. That you are on to something practical

Did not one of the members here in some other thread tell about his need to have different savefiles for different family members and that he had worked out something very close to what you suggest.

Each family member logged in to their pup savefile and I don't remember how he protected them from changing his accounts. I remember vaguely that he made a humerous remark that one or two of the household was into pranks so he had to protect them from destroying important files he had so some kind of protection between users seems to have been implemented.

It is 11.30PM here now So I will not search for his post but it should be able to find it and compare with yours and combine them and take the best and ask how difficult is this to set up for everybody and then present it as an alternative to those that have that need.

Now it is 10.50AM and I've spent some hour or more using search but fail to guess the right search word to find that post.

He described that he had not money enough to let each family member to have their own computer so instead all of them had their own savefile that they chose at boot so they get into their own set up and personal stuff.

that way he at least got some separation of each user without needing a multiuser linux. So if each family member have their pupsave file encrypted would that not satisfy some need for those that love to be non root. A kind of work around?

Edit again. Maybe I found something my poor memory mix up. Nathan express himself in the way I remember here:

http://puppylinux.org/wikka/Security

I quote that part

Quote:
I have five kids, and three of them are of an age that computer use is a regular activity.

We are not wealthy enough that each person has their own computer, so individual accounts make it easier to segregate email, web bookmarks, etc.


So if I get it. By letting each user have their own pupsave file which they should have back up on a usb memory just in case then one get a certain security if someone mess up things and one have to start all over. Now that or this is not the same as being a non root user which theReviewers asks of Puppy but it does let each user have their own password to their encrypted pupsave file.

_________________
I use Google Search on Puppy Forum
not an ideal solution though
Back to top
View user's profile Send private message 
ICPUG

Joined: 24 Jul 2005
Posts: 1288
Location: UK

PostPosted: Thu 24 Feb 2011, 09:46    Post subject:  

First off, I see my link to Pizzasgood instructions had the desired effect - to show how complicated it is - and Pizzasgood was a genius!

There are two issues being discussed here and I am not sure if they are getting intermingled.

The one issue is having user logins. The other issue is having non-root permissions. It will not satisfy the reviewers if we have user logins but they still have root permissions. I think the having non root permissions is the tricky bit! I am not sure what noryb's suggestion will do with regard to permissions.

I don't know much about this at all really. Can a user with non-root permissions access the setup of a puppy easily. I suspect much of Pizzasgood stuff was making sure they could.

One thing I really don't understand. If you do a full install of Puppy isn't it just like any other Linux with a proper linux file system - you don't have to worry about access to the various layers. Could you then add a user with non-root permissions and access things properly? I've never seen anybody try but maybe this is a way to appease the reviewers.

I used to think like noryb for a long time on this topic. Why don't we just make a non-root user and keep everyone happy. When Pizzasgood came along and showed how difficult it was I began to question whether the reviewers really had a point or is it like religious fanaticism. I came to the comclusion that it was the latter. Puppy is DIFFERENT from other linuxes. It has lots of mechanisms in place (the save file, the OS in an sfs, the frugal install) to make it safer than Windows and as safe as those full installed linuxes without the need for a non-root user. Unfortunately a fanatic will not listen to any reasoned argument.

One thing we don't do is provide enough documentation on this topic to put forward the puppy view. One of the things reviewers say is that it runs as root but we don't make the user aware of this point. In that they are right.

I think there needs to be a readme in the package (in plain talk) that says puppy runs as root and why it is considered OK. This readme should be easily visible to users and should be highlighted in the release announcement so reviewers might read it. This will still not satisfy the Caitlin Martin's of the world but at least it will allow users and reviewers to see another point of view and not take these naysayers views without question.

Personally I see the real problem these days is not hackers hijacking your OS but drive by attacks from legitimate web sites. Nobody has convinced me yet that being non-root solves this!
Back to top
View user's profile Send private message 
amigo

Joined: 02 Apr 2007
Posts: 2169

PostPosted: Thu 24 Feb 2011, 13:16    Post subject:  

The trouble is that a lot of work was purposefully done in Puppy to remove the normal, sane way of doing things. Undoing some of this is fairly easy by using the full normal version of things like shadow, passwd, etc. The harder part is that so many of the applications created for puppy rely on installing things under /root, when they should be in the normal PATH of any user, or at least installed into their $HOME dir.
It's really pretty easy to make a normal distro autologin you in as root if you want -Linux is first of all flexible and versatile. Undoing the ad-hoc mess that Puppy arbitrarily implements to log you in as root means *lots* more work.
Back to top
View user's profile Send private message 
nooby

Joined: 29 Jun 2008
Posts: 10522
Location: SwedenEurope

PostPosted: Thu 24 Feb 2011, 14:18    Post subject:  

But PissasGood efforts show that it was not easy to add multiuser.

So could one make a Linux that behave as good at puppy but not being a clone of puppy but that one can do as you say. Autologin as root?

Sorry if I am too dense. I sure get the part that it is very hard to keep added multi user capability up do date on every Puppy.

But can one do a linux distro that use save files in same way as Puppy that boot in frugal mode like Puppy and that is as small as puppy?

We can not name it Puppy Linux but if it can do all the things Puppy is famous for then why should it not be done. Would be a top ten hit instantly?

EDIT the two distros that give most freedom but not as much as Puppy are Knoppix and CDLinux.

Could someone smart explain how they relate to the multiuser issue and if they are root when one boot up? I don't get such.

Did not someone complain that NimbleX was root?

_________________
I use Google Search on Puppy Forum
not an ideal solution though
Back to top
View user's profile Send private message 
technosaurus


Joined: 18 May 2008
Posts: 4134

PostPosted: Thu 24 Feb 2011, 16:59    Post subject:  

basic (not complete) steps:
use find and sed to replace all occurances in scripts of /root with $HOME
mv/cp/ln the base /root dir to /etc/skel -needed for adduser to create a working home directory (need to tweak ppm & pets for /etc/skel too)
add a dialog for user login

... or you could use pupngo with tinycore packages

bigger issue is properly putting sudo, su, [ "whoami" == "root" ] and [ "whoami" != "root" ] etc ...

for my purposes, separate save file == separate user

what I would _like_ to see is the ability to mount a remote directory as the save layer ... for thin clients in schools, when combined with pxe boot

_________________
Web Programming - Pet Packaging 100 & 101
Back to top
View user's profile Send private message 
jamesbond

Joined: 26 Feb 2007
Posts: 1876
Location: The Blue Marble

PostPosted: Thu 24 Feb 2011, 18:40    Post subject:  

technosaurus wrote:
what I would _like_ to see is the ability to mount a remote directory as the save layer ... for thin clients in schools, when combined with pxe boot
Like this? http://murga-linux.com/puppy/viewtopic.php?t=63718&start=45
_________________
Fatdog64, Slacko and Puppeee user. Puppy user since 2.13
Back to top
View user's profile Send private message 
technosaurus


Joined: 18 May 2008
Posts: 4134

PostPosted: Thu 24 Feb 2011, 20:00    Post subject:  

jamesbond wrote:
technosaurus wrote:
what I would _like_ to see is the ability to mount a remote directory as the save layer ... for thin clients in schools, when combined with pxe boot
Like this? http://murga-linux.com/puppy/viewtopic.php?t=63718&start=45
I was aware of that one already. It needs to have the save files with a per user authenticated read access so that other users can't read or write to another save file other than their own. Using an encrypted save file prevents use, but not from deletion by another user....AFAIK
_________________
Web Programming - Pet Packaging 100 & 101
Back to top
View user's profile Send private message 
gcmartin

Joined: 14 Oct 2005
Posts: 3631
Location: Earth

PostPosted: Thu 24 Feb 2011, 21:27    Post subject: Approaches to for Netboot clients  

I'm late here. And, I don't possess nearly the skillset that you Gentlemen have. But, it you want to think a little outside of the box, look at this.

There is a running out-of-the-box package that has been in existence for the past 5 years. I have installed it in a Parish Campus for K-8 grades.

Its Edubuntu. Its a very very clean interface to providing just what is being discussed here. You MAY want to look at it.

Jamesbond made an excellent easy to use packaging for Netbooint. From my point of view, even though I see JamesBond's Netboot utility as a simple solution, in order for me to keep things separate, I have to put a CD in each system so that I can save the "session" to in order to isolate work by particular system. This is NOT A USER BASE SOLUTION, but, it does work for individual PCs. Now, when I have to Netboot that machine again, Puppy is smart enough to find the saave session and continue the booting with those changes and files I made at the last boot.

Puppy is NOT a muli-user platform. It is specifically designed to be a "root" user platform.

Fedora has an equally great implementation of Netbooting multi-users and managing each user individually, too. I am sure that there are others. As I remember it, the LTSP started with RedHat and expanded.

So, for a "best" solution, until Puppy changes its base the Edubuntu/Fedora Education/Suse's implementaion are world class, well thought thru, and simply implemented.

Let's look at those to see what's being done right and where we can replicate or improve here in Puppyland.

Lastly, the mentioned education systems have been around for many years and have a plethora of very good pieces-parts. Puppy will have to rethink its username-password management structure to support the efforts that you come up with. I would recommend SAMBA here, but that would require an altogether "new" way of managing users sessions and making those sessions available at boot time for a user to enter a userID and password so that his sessions files will appear appropriately..

I believe that is one of several things that they are looking at in the upcoming version 4....how to make user folders available to users at boot time. That still even years away, maybe. That is, If they can get past Microsoft's patents blocking them.

Hope this helps

_________________
Get ACTIVE Create Circles; Do those good things which benefit people's needs!
We are all related ... Its time to show that we know this!
3 Different Puppy Search Engine or use DogPile
Back to top
View user's profile Send private message 
jamesbond

Joined: 26 Feb 2007
Posts: 1876
Location: The Blue Marble

PostPosted: Fri 25 Feb 2011, 04:29    Post subject:  

technosaurus wrote:
jamesbond wrote:
technosaurus wrote:
what I would _like_ to see is the ability to mount a remote directory as the save layer ... for thin clients in schools, when combined with pxe boot
Like this? http://murga-linux.com/puppy/viewtopic.php?t=63718&start=45
I was aware of that one already. It needs to have the save files with a per user authenticated read access so that other users can't read or write to another save file other than their own. Using an encrypted save file prevents use, but not from deletion by another user....AFAIK

Interesting ideas technosaurus, let's continue that discussion here http://murga-linux.com/puppy/viewtopic.php?p=498747#498747.

_________________
Fatdog64, Slacko and Puppeee user. Puppy user since 2.13
Back to top
View user's profile Send private message 
Colonel Panic


Joined: 16 Sep 2006
Posts: 1443

PostPosted: Fri 04 Mar 2011, 10:36    Post subject:  

rcrsn51 wrote:
p310don wrote:
If someone, or a group of someones could spend the time coding, checking, testing and all the other buggerising around needed to implement a multi-user, up to date, compatible system that is still puppy in all its awesomeness, then there's one less argument, valid or invalid, to not use it. If more people used it, more people would want to use it because it works so much better than windows etc.

For the sake of comparison, consider TinyCore Linux. Its default user is non-privileged and it gives you complete control over the size of your install. These are precisely the two features that new Puppy users supposedly want.

So you would expect that TInyCore would be the more desirable distro. Yet its forum membership is 1/10th the size of ours. Puppy must be doing something right.


Good point, I agree.

_________________
Compaq Deskpro Pentium III (866 MHz), 512 MB of RAM, 30 GB hard drive running Puppy Fire Hydrant Inferno, Puppy Precise 5.71 Retro, Puppy 5.5 Wary, Puppy Deeper Thought 4.20 and Puppy Legacy OS2.1 LTS.
Back to top
View user's profile Send private message 
RetroTechGuy


Joined: 15 Dec 2009
Posts: 2635
Location: USA

PostPosted: Fri 04 Mar 2011, 14:32    Post subject: Re: Multi-users don't want to run as root...
Subject description: but we do.
 

noryb009 wrote:
Puppy Linux is an awesome distro. It's small, fast, and awesome. But in most reviews the reviewer always comments on running as root and it's faults.

I'm not asking for a multiuser pup. I'm asking for an extra boot option, user="usernameHere" or similar (with root as default). The accounts would be created either automatically when they are logged into though grub, or a program in the menu to create extra users.

I'm not sure how much work it would be for the woof devs, but it would make a lot of complaints against puppy go away.

I know this will get bashed and ashed by some of you, but think about it: a few kilobytes for non-biased reviews.


I see that I'm late to the party, but...

I'm assuming that you are running a frugal install (I don't know how to do this in a full). And I'm assuming Lupu (otherwise the pupsave file names are different).

Boot your puppy CD to RAM (at the command prompt: "puppy pfix=ram"). Boot up and browse into your frugal install save folder. Copy lupusave-noryb009.2fs to lupusave-NorybJunior.2fs (for your kid).

Reboot normally (you don't need to save), and when it looks for your pupsave, it will see 2 of them, and so it will ask you which to load. I actually keep 3 or 4 around. lupusave-main.2fs, lupusave-04mar2011.2fs, lupusave-secure.2fs, lupusave-small.2fs (the last one is as small as I can make a save file, just to give a mount point for backng up the main copy -- the "04mar2011" is the backup of main, in case I break something. "secure" is a save file that is only used to accessing banks and credit cards -- no other site allowed)

Now each user has their own "computer" (their own OS, configured to their tastes), but can share the hardware it sits on. If your kid messes up his save file, your should still be intact. Not completely foolproof, but adequate for most situations (and you should keep backup copies of the configurations on an external drive).

The other thing you really should do, if you are concerned about OS security, is change your root password. Open a console window, and type:

Code:
passwd


You will be queried for a new password (the original is "woofwoof" for user "root" -- which everyone knows...)

_________________
Wellminded Search
Add swapfile
Back to top
View user's profile Send private message 
Display posts from previous:   Sort by:   
Page 2 of 2 [30 Posts]   Goto page: Previous 1, 2
Post new topic   Reply to topic View previous topic :: View next topic
 Forum index » Taking the Puppy out for a walk » Suggestions
Jump to:  

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group
[ Time: 0.1089s ][ Queries: 12 (0.0091s) ][ GZIP on ]