Page 2 of 2
Posted: Wed 19 Nov 2008, 10:43
by tw296
Bruce B wrote:One last point. Root can make files read only, and even root can't delete them.
The following is in puppy, but I got the same in ubuntu:
Code: Select all
# touch test
# chmod 000 test
# ls -l test
---------- 1 root root 0 2008-11-19 10:39 test
# rm test
# ls -l test
ls: cannot access test: No such file or directory
So what's this method of root making files that it can't delete? (I believe SELinux can do it, but I also believe SELinux isn't in Puppy)
Posted: Wed 19 Nov 2008, 11:20
by Bruce B
tw296 wrote:So what's this method of root making files that it can't delete? (I believe SELinux can do it, but I also believe SELinux isn't in Puppy)
One of the hardest things I've found in life to do is change people's beliefs.
I'm going to farm this one out to others. Use your favorite search engine and the following search critera:
linux file immutable
Please post back and let me know if you've been persuaded into new beliefs or not.
Posted: Wed 19 Nov 2008, 21:59
by tw296
Yeah that works. But I'm thinking there has to be some gotcha somewhere. How is this implemented? Is there some circumstance in which it would be bypassed?
And more to the point, why isn't this used more widely? (Or is it? I don't tend to go trying to delete key system files)
Posted: Wed 19 Nov 2008, 22:25
by Bruce B
tw296 wrote:Yeah that works. But I'm thinking there has to be some gotcha somewhere.
Why? This is not Microsoft.
tw296 wrote:How is this implemented?
By changing extended file attributes, not normally viewable with
ls -l,
lsattr shows them.
tw296 wrote:Is there some circumstance in which it would be bypassed?
Formatting the partition, but those tools can be set aside once the disk is setup.
Otherwise by root only, or the fake root Ubuntu sudo, using the chattr command. Root can hide or rename the file, how about spelling it backward?
rttach, who would guess?
tw296 wrote:And more to the point, why isn't this used more widely? (Or is it? I don't tend to go trying to delete key system files)
I don't think it is widely used
Also, you can also protect completed user documents, music files and other things you don't want accidentally deleted.
For me, the system files are not of great concern, because I have the setup cd. It's the lost user files, I'm more concerned about.
Posted: Wed 19 Nov 2008, 23:41
by tw296
Bruce B wrote:tw296 wrote:How is this implemented?
By changing extended file attributes, not normally viewable with
ls -l,
lsattr shows them.
Ah right.
A quick bit of searching seems to show that this is controlled by a kernel compile option - so the only way for it to 'fail' (in terms of being a safety net for a careless admin or user) would be if the kernel got changed. That's not going to happen.
There's the user-xattr mount option, but I'm assuming that's for something slightly different.
Back on topic:
Does having Puppy run mainly as root make the
developers' lives easier? Because that's the only thing I can think of to justify it. It's at best neutral for security, gives a negligible improvement in convenience, and makes it harder to have a multi-user system.
Posted: Thu 20 Nov 2008, 01:56
by Flash
tw296 wrote:...Does having Puppy run mainly as root make the developers' lives easier? Because that's the only thing I can think of to justify it. It's at best neutral for security, gives a negligible improvement in convenience.....
It's a huge improvement in convenience for me. I tried Knoppix several years ago before I discovered Puppy. Seemed like the need for a password, which was not supplied, kept me from doing most everything I wanted to try. I found Puppy to be so much simpler to use that there is no comparison. If you need separate user accounts, fine, but keep in mind that Puppy grew up as a single user live CD. If that's the way I use it then there's no reason to run as a user with limited privileges, and plenty of reasons to run as root, as far as I'm concerned.
Posted: Thu 20 Nov 2008, 03:03
by Bruce B
tw296 wrote:Does having Puppy run mainly as root make the developers' lives easier?
If we consider traditional distribution design, it is not harder to login as root, than it is to login as any other user. Developers can login as they please, provided the administrator allows it. Depending on the type of operation, the administator may give developers a sandbox to work with.
I send this post via one of Puppy's restricted users, spot. As a multiple-user operating system, it allows me to be many users at the same time, doing what multi-tasking operating systems do, run multiple tasks at the same time.
Posted: Thu 20 Nov 2008, 10:15
by disciple
Quote:
Making Puppy not run as root would shut up a huge amount of the forum questions.
Ignorance of noobs [bless them] is not a reason.
These are not newbies. Apart from people who want multi-user for the sort of reasons Nathan wants it, these are mostly tin-foil hat people who have been indoctrinated by other distributions
For me, the system files are not of great concern, because I have the setup cd. It's the lost user files, I'm more concerned about.
That is a most important point
Does having Puppy run mainly as root make the developers' lives easier? Because that's the only thing I can think of to justify it. It's at best neutral for security, gives a negligible improvement in convenience, and makes it harder to have a multi-user system.
I would separate this into two issues, and these are my guesses at the answers:
1. Why does Puppy run as root by default?
- The average computer user that Puppy was targetted at wants to be able to just do things (e.g. install new software) without having to log on as an administrator or put a password into 47 dialogues or something. (Are the Vista people listening?) Puppy was intended to be convenient, and a lot of users used to come from Win98, where they didn't have passwords or multiple users or things stopping them from being in control of their own computer. Incidentally, a lot of businesses around here (the ones that have some trust in their employees) still set their computers up as much like the Win98 way of doing things.
- I look at it this way -
not running as root gives a negligible improvement in security and is thoroughly inconvenient.
2. Why is Puppy a single user system (i.e. why is it not easy to run it as a multi-user system)?
- tradition - it has always been this way, and no one has changed it. I guess it has always been this way because it is believed that the target audience does not need a multi-user system, and it makes it easy for the developers
If someone made Puppy multi-user friendly I would support them, but hopefully Puppy will always run as root by default.
Nathan's tinfoil hat article on running as root
Posted: Wed 07 Oct 2009, 06:50
by disciple
Nathan's tinfoil hat article can still be read at
http://web.archive.org/web/200806040340 ... age_id=243, even though grafpup.org doesn't work currently
Posted: Wed 11 Nov 2009, 01:27
by PaulBx1
Actually, there is one very good reason that Puppy should default as multi-user: to stop people nagging about it.
Actually, it would eliminate the single most important bitch about Puppy that I've read in reviews, thus possibly boosting Puppy in the ratings. I wouldn't mind a Puppy that defaulted as multiuser, but could be converted back to the old way with a simple little utility for the 90% of users who like it that way. And Pizzasgood has even paved the way for us.
Posted: Thu 19 Nov 2009, 13:18
by gposil
Lets change the name of root to Admin...that will make everyone happy...and doze people will think why haven't we thought of that............
Posted: Thu 19 Nov 2009, 13:29
by dejan555
Hehe
Multiuser puplet 
The ultimate solution for running as root 
How many threads do we have to open on this issue yet?
Posted: Thu 19 Nov 2009, 13:37
by gposil
I think we need many more threads about root....I think I might start one now...no.....can't be bothered........
Posted: Thu 19 Nov 2009, 16:15
by alienjeff
Posted: Fri 20 Nov 2009, 03:33
by cthisbear
AJ:
I reported you to the RSPCA.....
after I stopped laughing.
Chris.
