Real men run as root
Real men run as root
Is Puppy still run as root?
There is a report on Gentoo forums about successful break-in into a computer ran as root.
Methinks the times when Linux was relatively secure to be run as root are over, for good.
There is a report on Gentoo forums about successful break-in into a computer ran as root.
Methinks the times when Linux was relatively secure to be run as root are over, for good.
Hello Emeritus.
Oh, I think in this forum we've been touching on this subject every 28
days. It's like PMS, IMO. Now it's your turn to have cramps...
Do a search with the forum search engine, the answers to your question
are already there.
As former member and Puppy developer gposil once said (or something
like it), about six years ago:
"If you think running Puppy as root is a risk,
don't use it."
Regards nevertheless.
Oh, I think in this forum we've been touching on this subject every 28
days. It's like PMS, IMO. Now it's your turn to have cramps...
Do a search with the forum search engine, the answers to your question
are already there.
As former member and Puppy developer gposil once said (or something
like it), about six years ago:
"If you think running Puppy as root is a risk,
don't use it."
Regards nevertheless.
musher0
~~~~~~~~~~
"You want it darker? We kill the flame." (L. Cohen)
~~~~~~~~~~
"You want it darker? We kill the flame." (L. Cohen)
Yes I think running as root is a risk. And this risk is increasing. The Gentoo computer that got owned wasn't taken over by a Windows virus. It was a piece of badware targeting Linux systems and it successfully encrypted user files.
The world is changing and IMHO you are hiding your head in the sand.
The world is changing and IMHO you are hiding your head in the sand.
It's here discussed, I guess:
https://forums.gentoo.org/viewtopic-p-8 ... 5e54e25294
Caused by browsing the net as root or...
Fred
https://forums.gentoo.org/viewtopic-p-8 ... 5e54e25294
Caused by browsing the net as root or...
Fred
Having moved over from DebianDog to a more pure form of Debian frugal ... and it was a right PIA at first. Kept hitting permissions failures after making edits - 'annoying' to put it politely.
After a while however and it became second nature. Clickable link/icon to open a root terminal. Right click option in PCmanFM to open as root. All the rest run under 'user'.
Some programs such as VLC, Pulse Audio ...etc. don't like to be run as root. You can fix that, at least for VLC with a relatively simple edit however. Many of the weaknesses of running as root equate to the risk of a local escalation of 'privileges risk' ... but if you can already easily access root anyway and just use your box as a single user box, those risks are immaterial.
Running a browser as user is a good idea IMO. As the browser is the more likely point of entry/weakness. Puppy (or other frugal boot alternatives such as the Debian frugal I run) that can be shutdown with no saving of changes however is a barrier to deeper level breaches/trojans. Such that one of Puppy's weaknesses (if you want to consider running as root as being such), is offset by one of its strengths (frugally booted).
After a while however and it became second nature. Clickable link/icon to open a root terminal. Right click option in PCmanFM to open as root. All the rest run under 'user'.
Some programs such as VLC, Pulse Audio ...etc. don't like to be run as root. You can fix that, at least for VLC with a relatively simple edit however. Many of the weaknesses of running as root equate to the risk of a local escalation of 'privileges risk' ... but if you can already easily access root anyway and just use your box as a single user box, those risks are immaterial.
Running a browser as user is a good idea IMO. As the browser is the more likely point of entry/weakness. Puppy (or other frugal boot alternatives such as the Debian frugal I run) that can be shutdown with no saving of changes however is a barrier to deeper level breaches/trojans. Such that one of Puppy's weaknesses (if you want to consider running as root as being such), is offset by one of its strengths (frugally booted).
Most importantly is **don't** run network programs with the same user account that keeps your data.
Explanations here: http://distro.ibiblio.org/fatdog/web/faqs/login.html.
Explanations here: http://distro.ibiblio.org/fatdog/web/faqs/login.html.
Fatdog64 forum links: [url=http://murga-linux.com/puppy/viewtopic.php?t=117546]Latest version[/url] | [url=https://cutt.ly/ke8sn5H]Contributed packages[/url] | [url=https://cutt.ly/se8scrb]ISO builder[/url]
Including wine network programs (wine-HQ recommend not to run wine as root at all).jamesbond wrote:Most importantly is **don't** run network programs with the same user account that keeps your data.
[url=http://murga-linux.com/puppy/viewtopic.php?t=117546]Fatdog64-810[/url]|[url=http://goo.gl/hqZtiB]+Packages[/url]|[url=http://goo.gl/6dbEzT]Kodi[/url]|[url=http://goo.gl/JQC4Vz]gtkmenuplus[/url]
Do I understand well?:jamesbond wrote:Most importantly is **don't** run network programs with the same user account that keeps your data.
All the files and folders (almost) on all the partitions of my computer are owned by root, also I'm logged-in as root, so I better should browse the net as another user, not as root?
Fred
From reading Jamesbond's posts in the past, I think his point is that no matter what user you are running as, for maximum security, you should browse as a different user.fredx181 wrote:Do I understand well?:jamesbond wrote:Most importantly is **don't** run network programs with the same user account that keeps your data.
All the files and folders (almost) on all the partitions of my computer are owned by root, also I'm logged-in as root, so I better should browse the net as another user, not as root?
Fred
So if you are running as a normal user, you should still use a different user to browse, since even if your normal user doesn't have root access it still has access to your data and your data is what is important.
Hopefully he'll correct me if I've completely misunderstood him.
About root, spot and fido
http://barryk.org/puppylinux/technical/root.htm
http://barryk.org/puppylinux/technical/root.htm
The things they do not tell you, are usually the clue to solving the problem.
When I was a kid I wanted to be older.... This is not what I expected
YaPI(any iso installer)
When I was a kid I wanted to be older.... This is not what I expected
YaPI(any iso installer)
- Lobster
- Official Crustacean
- Posts: 15522
- Joined: Wed 04 May 2005, 06:06
- Location: Paradox Realm
- Contact:
I have always run as root.
If I was a real man I would run Puppy and wearing a kilt.
Puppy are not totally geek but most know the historical difference between root on server and terminals and a savvy root user. That is why Puppys are safe and Gentoo and other big dogs are not. Too much yapping, not enough knowledge. Puppy is an education, not opinion, geek mantras and platitudes . . .
Read the first answer then keep reading for more insight
https://unix.stackexchange.com/question ... make-sense
I am not interested in security but provided GROWL (new version in beta) as a way to placate and educate - just as I am kindly supported and educated by our rottweilers in tin hats (protectors of Puppy).
If I was a real man I would run Puppy and wearing a kilt.
Puppy are not totally geek but most know the historical difference between root on server and terminals and a savvy root user. That is why Puppys are safe and Gentoo and other big dogs are not. Too much yapping, not enough knowledge. Puppy is an education, not opinion, geek mantras and platitudes . . .
Read the first answer then keep reading for more insight
https://unix.stackexchange.com/question ... make-sense
If you run Puppy in ram loading in from DVD/SD card/USB keydrive and save your data on a separate media, you are in a very robust system.Over 30yrs programming in dozens of languages from assembly to Oracle database administration, and I've found nothing more secure and reliable than Puppy Linux.
I am not interested in security but provided GROWL (new version in beta) as a way to placate and educate - just as I am kindly supported and educated by our rottweilers in tin hats (protectors of Puppy).
Lots of different opinions there and e.g. depends on.. etc..Lobster wrote:Read the first answer then keep reading for more insight
https://unix.stackexchange.com/question ... make-sense
Altogether (I **think**) still understand that going on the net as root would be insecure in most cases.
But I might have missed something.
Fred
fredx181 wrote:Lots of different opinions there and e.g. depends on.. etc..Lobster wrote:Read the first answer then keep reading for more insight
https://unix.stackexchange.com/question ... make-sense
Altogether (I **think**) still understand that going on the net as root would be insecure in most cases.
But I might have missed something.
Fred
Awe, shucks, Fred, here's the most foolproof system: James is always saying to not run network with the same user that has the data. Well, hmmm.......What if a person has NO DATA, as in his head is a blank slate. his brain too, which is reflected in his pup & pup-related uses, then he has no worries. Be Hapskee, he says, life is good. Even if they bio-magically came in thru the keyboard into his brain, they'd find NO DATA there either and would desparately be searching for his wife to find some data of value
.....Of course, I am not saying the above person is me......