Fixing Fido..

Under development: PCMCIA, wireless, etc.
Message
Author
amigo
Posts: 2629
Joined: Mon 02 Apr 2007, 06:52

#61 Post by amigo »

BarryK wrote:
I don't see why having /root as fido's home is a problem

Wow, simply wow!

Further content deleted -I'm speechless and dumb-founded...

nooby
Posts: 10369
Joined: Sun 29 Jun 2008, 19:05
Location: SwedenEurope

#62 Post by nooby »

Oops I must have done something wrong. Suddenly all the actions stopped so I edit my post to not offend anybody.

Get going again folks!
I use Google Search on Puppy Forum
not an ideal solution though

nooby
Posts: 10369
Joined: Sun 29 Jun 2008, 19:05
Location: SwedenEurope

#63 Post by nooby »

Double post sorry. I want to know more. I tested Lupu 528 but found no
Fido.

Do we have some list of which puppies that have Fido?

Wary 514?
Snow puppy 20.
Polar puppy 5
Slacko Beta II

These are the only ones one can test Fido on?

Get going again folks! :Friendly Smile:
To not disturb the flow here I try to only be active in my own thread
about fido and spot for noobs and beginners.
http://www.murga-linux.com/puppy/viewtopic.php?t=67885
I use Google Search on Puppy Forum
not an ideal solution though

Peterm321
Posts: 411
Joined: Thu 29 Jan 2009, 14:09
Location: UK

#64 Post by Peterm321 »

01micko

Sun 11 Sep 2011, 06:47

BarryK wrote:
I don't see why having /root as fido's home is a problem



Of course I realise why fido was sharing root's HOME.. for size, but I reckon if users want the added "security" (note loose use of term) of a "user" account then they have to pay the price, both in kilobytes and time. (my password is 4 chars.. not very "secure" eh? It's certainly taking it's toll on those 4 corresponding keys!)
If someone had the time maybe it could be determined what dotfiles in /root actually get modified during a typical session, so that those that don't can be just symlinked back to root from the $HOME directory of fido or whatever username is being used. That might be one idea to save space.

I find that if you are only running firefox as a restricted user then the amount of writable files at issue aren't so great. Mainly they are in $HOME/.mozilla directory (firefox profile etc) (and the files .gtk-bookmarks, .gtk-custom-papers and .gtkrc-2.0 need to be copied from /root to $HOME to keep the theme if it differs from default).

Someone that knows enough about unionfs, aufs etc might be able to figure out a way to mirror the root directory with a writable one for a restricted user. which may or not be an idea worth looking at. Sorry don't know enough to do this, if it can be done at all.

mcewanw
Posts: 3169
Joined: Thu 16 Aug 2007, 10:48
Contact:

#65 Post by mcewanw »

01micko wrote:... I would like to get the current implementation of Fido fixed such that it works as painlessly as possible. This at least gives the "root" nay sayers no excuse not to at least try Puppy. If it's not fixed then Fido will be disabled in Slacko.
I'm at work just now and don't have a copy of Puppy to look at. However, as far as I remember user fido is by default a member of the group users.

That being the case, getting programs (including config files for these programs to work) with fido could be pretty much achieved by:

giving group "users" group-ownership to all relevant files in /root and /tmp, and read, write and execute permissions to directories /root and /temp, so that members of group "users" have rights to create/modify files in these directories (I did something like that to get Precord working with fido in a test I did at home).

Then any normal user (spot or whoever created) could run any app currently available for Puppy if these "normal" users were made to be members of group "users"

Having said that, I don't personally like any group (or fido for that matter) having such rights and would prefer fido to have its own home directory (/home/fido), its own copies of relevant program config files in there, and Puppy scripts/gtkdialogs and so on to eventually be modified accordingly ...
github mcewanw

gerry
Posts: 986
Joined: Thu 26 Jul 2007, 21:49
Location: England

#66 Post by gerry »

My problem with all this Fido stuff is that my computer gets used by young grandchildren- so I need things to be arranged so that if one of them boots up the computer, they are unable, without my password, to wreck things. Like in Debian or other distros that need administrator privileges to change or delete vital software.

nooby
Posts: 10369
Joined: Sun 29 Jun 2008, 19:05
Location: SwedenEurope

#67 Post by nooby »

Gerry that is why them provided Fido in the first place.

But you could protect yourself without fido too.

You set up one version of puppy that you use that are password
protect so it does not even boot without your username and password.

Another puppy for guests but there it should be set up with Fido.
But the Devs don\t seem to be happy about Fido.
Too many details to take care of, too many unknown complications?
I use Google Search on Puppy Forum
not an ideal solution though

User avatar
Aitch
Posts: 6518
Joined: Wed 04 Apr 2007, 15:57
Location: Chatham, Kent, UK

#68 Post by Aitch »

Gerry

My solution would be to have a separate save file for yourself which the kids can't access [e.g. on a usb stick]

Then if they mess it up you can still run your puppy

Having a backup for them also would be a good idea, as you could also 'give them back their computer' very quickly....by using the backup, after creating a fresh copy...

That is the way I implement multi-users on my PC, as I have friends who often want to try puppy, so I make saves named Tom, Bill, and Mary....and away they go....

Everything else just seems complicated....??
[I only run frugal or liveCD, now]

Aitch :)

disciple
Posts: 6984
Joined: Sun 21 May 2006, 01:46
Location: Auckland, New Zealand

#69 Post by disciple »

It's good to let them mess it up - it will help them learn :)
Do you know a good gtkdialog program? Please post a link here

Classic Puppy quotes

ROOT FOREVER
GTK2 FOREVER

User avatar
L18L
Posts: 3479
Joined: Sat 19 Jun 2010, 18:56
Location: www.eussenheim.de/

Fixing Fido..

#70 Post by L18L »

Working on internationalization, see
http://murga-linux.com/puppy/viewtopic.php?p=583084

I have found a bug fix for permissions of /dev/console.

Apply

Code: Select all

chgrp users /dev/console
chmod g+w /dev/console 
And fido may use /dev/console too

:) :) :)

User avatar
Lobster
Official Crustacean
Posts: 15522
Joined: Wed 04 May 2005, 06:06
Location: Paradox Realm
Contact:

#71 Post by Lobster »

Barry working on Fido
http://bkhome.org/blog/?viewDetailed=02644

Five steps to a more secure SSH
http://thinkhole.org/wp/2006/10/30/five ... ecure-ssh/

Everything I know about security (found on a tin of dog food)
http://tmxxine.com/sound/secbrief.mp3 Security Podcast http://youtu.be/_uZ_qZgOwg4 Youtube version

With Fido fixed, crackers will not be able to access the server running on your computer . . .
:oops: . . . except of course Puppy does not run a server as default. We were running MORE securely all along? :oops:

Any other FIDO tips?
Puppy Raspup 8.2Final 8)
Puppy Links Page http://www.smokey01.com/bruceb/puppy.html :D

nooby
Posts: 10369
Joined: Sun 29 Jun 2008, 19:05
Location: SwedenEurope

#72 Post by nooby »

I know that I am very annoying and that many tells me that I post too often.

So I have tried to stay way from nagging you guys to solve this
Fido and Spot thing.

But now I have to speak up. The solution is presented here:


http://murga-linux.com/puppy/viewtopic.php?p=608511#608511
you can use

Code:
su spot


This will give you user level access to start applications from the terminal...
Sounds like a KISS solution does it not? I know nothing and have no
idea how to test it either so I hope you clever guys test this and tell
if it works and if it does how to make use of it as a noob.

Does it help us be more secure that way? When does it not work?
How does it work with doing install of pets and using SFS-load on the fly and so on?

testing and info needed.
The Nagging Nooby :)
I use Google Search on Puppy Forum
not an ideal solution though

User avatar
L18L
Posts: 3479
Joined: Sat 19 Jun 2010, 18:56
Location: www.eussenheim.de/

su spot

#73 Post by L18L »

nooby wrote:...
Sounds like a KISS solution does it not? I know nothing and have no
idea how to test it...
No, it is KSASNSAA: Kept Simple And Surely Not Sure At All :wink:

Test yourself:

Open a virtual console by klicking on the icon labeled "Console"
Type into this :
su spot
and press the Enter key

Then your are user spot (but on this one console only)
You can start application if you know their name. 2 examples:
Let us start rox and geany.
Here is how this is looking on my system:
# su spot
# rox
#
** (ROX-Filer:5938): CRITICAL **: Unable to save '/root/.config/rox.sournet/ROX-Filer/panels.new'

** (ROX-Filer:5938): CRITICAL **: Unable to save '/root/.config/rox.sournet/ROX-Filer/panels.new'

** (ROX-Filer:5938): CRITICAL **: Unable to save '/root/.config/rox.sournet/ROX-Filer/panels.new'

** (ROX-Filer:5938): CRITICAL **: Unable to save '/root/.config/rox.sournet/ROX-Filer/panels.new'
^C
# geany
symlink: Permission denied
#

You see?
Yes the application has started. But be sure they cannot be used like intended.

And it was just the console where spot is acting.

Take a recent puppy and use fido.
There you can use a console and change to Administrator if you like to do so

Code: Select all

su 
How does it work with doing install of pets and using SFS-load on the fly and so on?
Installing and so on is an Administrator´s job. You have the power to delete and wipe out everything on your computer

:)

nooby
Posts: 10369
Joined: Sun 29 Jun 2008, 19:05
Location: SwedenEurope

#74 Post by nooby »

So what was/where he proposing?
Does he actually know more than Barry about how Puppy works
or did he misunderstand or not realize that Puppy being a special
version of a single user Linux that it would not act like his other linux OS?

Well I go the bed now and will read his answer tomorrow hopefully.

Will be interesting.
Thanks for explaining to me and giving examples. I did try Fido
and Spot too and I barely survived. I felt so intimidated not getting
a thing about how to get things going. I am a confused user.
I use Google Search on Puppy Forum
not an ideal solution though

User avatar
L18L
Posts: 3479
Joined: Sat 19 Jun 2010, 18:56
Location: www.eussenheim.de/

Fixing Fido..

#75 Post by L18L »

Think this can be reported here....

# sudo
sudo: >>> /etc/sudoers: syntax error near line 8 <<<
sudo: parse error in /etc/sudoers near line 8
sudo: no valid sudoers sources found, quitting
sudo: unable to initialize policy plugin
#

fix:
change line 8 of /etc/sudoers
from
#120110 added /usr/sbin/delayedrun to SYSTEM category. also, see sudo line added to script.
to
# 120110 added /usr/sbin/delayedrun to SYSTEM category. also, see sudo line added to script.

1 space after #

User avatar
BarryK
Puppy Master
Posts: 9392
Joined: Mon 09 May 2005, 09:23
Location: Perth, Western Australia
Contact:

Re: Fixing Fido..

#76 Post by BarryK »

L18L wrote:Working on internationalization, see
http://murga-linux.com/puppy/viewtopic.php?p=583084

I have found a bug fix for permissions of /dev/console.

Apply

Code: Select all

chgrp users /dev/console
chmod g+w /dev/console 
And fido may use /dev/console too

:) :) :)
Thanks, I have put this into /usr/sbin/root2user. Will upload Woof soon.
[url]https://bkhome.org/news/[/url]

User avatar
BarryK
Puppy Master
Posts: 9392
Joined: Mon 09 May 2005, 09:23
Location: Perth, Western Australia
Contact:

Re: Fixing Fido..

#77 Post by BarryK »

L18L wrote:Think this can be reported here....

# sudo
sudo: >>> /etc/sudoers: syntax error near line 8 <<<
sudo: parse error in /etc/sudoers near line 8
sudo: no valid sudoers sources found, quitting
sudo: unable to initialize policy plugin
#

fix:
change line 8 of /etc/sudoers
from
#120110 added /usr/sbin/delayedrun to SYSTEM category. also, see sudo line added to script.
to
# 120110 added /usr/sbin/delayedrun to SYSTEM category. also, see sudo line added to script.

1 space after #
Thanks, /etc/sudoers fixed. Will upload Woof soon.
[url]https://bkhome.org/news/[/url]

nooby
Posts: 10369
Joined: Sun 29 Jun 2008, 19:05
Location: SwedenEurope

#78 Post by nooby »

Does this mean that Fido now is fixed?
Can even people on my low level of Linux knowledge use it?
Any suggestions on how?
I use Google Search on Puppy Forum
not an ideal solution though

User avatar
01micko
Posts: 8741
Joined: Sat 11 Oct 2008, 13:39
Location: qld
Contact:

#79 Post by 01micko »

I've done some work on this.

Big problems with tty's

Fido had no permission to do anything so urxvt wouldn't run, nor sakura or lxterminal.

Had to change /dev/[pt]ty to 666
/dev/pts/ to 777
change ownership of a few to to root:tty to get it working.

I have given fido a home too in /home/fido.

Barry had ownership of /dev/tty1 as fido:tty. This isn't necessary so we can convert to root and back and not break stuff in the one session.

Lots of stuff works but even more doesn't.

More to come.
Puppy Linux Blog - contact me for access

Sailor Enceladus
Posts: 1543
Joined: Mon 22 Feb 2016, 19:43

#80 Post by Sailor Enceladus »

This topic interests me. I do use run-as-spot sometimes also. Though I think Barry's idea of keeping fido in root makes more sense organization-wise and should be respected, as that's where root and spot also live, instead of creating a new (and boring!) /home directory just for fido. Puppy is wacky, puppy is different, puppy is NOT Ubuntu! Security through obscurity! :lol:
BarryK wrote:I don't see why having /root as fido's home is a problem. There is some opposition to it, but as far as I can see that is only due to ingrained learning about how things should be.

When fido is chosen at first shutdown, everything in /root is set to have the correct permissions as required for fido. So, everything in /root is just as it would be as in any other home for fido.

The fundamental understanding is that Puppy is not a multi-user system, at least not in the normal way. Multiple users are accommodated by separate save-files, so there is no conflict in committing /root to be used by fido.

Except however if you want to jump from fido to administrator, and then perform some operation as administrator, in which case files with root permissions could get written into /root.
It might seem perverse, but why not set the administrator's home directory to something other than /root -- say /root0, or /administrator?
Apart from it being weird, I can't see anything wrong with doing that.

The thing is, there is so much dependency on the home directory being /root. So many PET packages have /root hard-coded.

Post Reply