Puppy is great except running as root?

[Bruce B]

But I have yet to see any argument that running as root is MORE secure than not doing so.

Things can be put on par in many ways.

Puppy is a multi-user operating system.

Is there a connectivity application you don't want to run as root? Then don't, run it as another user.

Also, no reason anyone needs to run the terminal emulator as root either, except by user choice.

[DaveS]

Root FOREVER!!!!!!!!!!!!!!!!!!

[Lobster]

Making Puppy not run as root would shut up a huge amount of the forum questions.

Ignorance of noobs [bless them] is not a reason.

To give you another example of a way Puppy is different.
New users run Puppy from CD (or DVD for extra speed) it runs fine and they can save their configuration to HD.
In the back of their heads (I used to have this), they insist that Puppy must be installed to hard disk. It is the way things are done after all . . .
Is it?
I gave up installing Puppy to HD several years ago. I run from DVD. Fast simple convenient. No spots before the eyes . . .
Forum admin Flash, runs from Multi-session quite happily.

The problem with 'root is bad' is people repeat it as a mantra without knowing why it is bad. On a shared network it makes perfect sense. That is where the mantra started. When people had Unix terminals.
We are Puppy and we have our own computers. Some of us even use them without wearing white coats.

If I was a tin-hat (terminal paranoid) I might change the permissions on my HD or encrypt my data or get a retina scan door for my computer room.

Pah!

. . . Meanwhile copyrighted material, government documents and peoples private facebook images are freely available . . .

The world is becoming transparent. I float up into the cloud . . . I am a tree, I am root
[my psychiatrist has been auto-dialled]

[Bruce B]

If the dangers of rm -rf is of actual concern, it is not the end of the story, not for me anyway.

Code: Select all

alias rm='echo rm is disabled, use del or deltree instead'

Type this on the command line and see what you get. It disables using the rm command on the command line. It tells you to use del or deltree instead. Put it in .bashrc and you will not have to type it thrice.

Aliases have precedence on the CLI, but not in scripts, so it won't break the scripts written to use rm.

del

Code: Select all

#!/bin
# file name del
# purpose to prove a point
# script tested, extra rm switches cannot be added and used
# forces confirmation for each file deletion
# can delete multiple files on one command line
# would be good to test in several ways, but purpose is to prove a point

for i in "$@"
do
if [ -f $i ] ; then
rm -i $i
fi
done

deltree

Code: Select all

#!//bin/sh
# filename deltree, deletes directories and contents
# requires two user confirmations just for fun, could make it ten
# purpose: simple script to make a point
# note: could probably be used after testing and debugging
# script not tested so don't use it as is

if [ ! $1 ] ; then
echo "The directory name to be deleted is required, no changes made"
exit
fi

a=n

if [ ! -d $1 ] ; then
echo "The directory $1 doesn't exist, exiting, no changes made"
exit
else
echo "Are you sure you want to delete $1 and all it's contents [y,n]?"
read a
fi

if [ "$a" = "y" ] ; then
echo "One last chance! Are you really sure you want to delete $1 [yes,no] ?"
read a
else
echo "Exiting, no changes made"
fi

if [ "$a" = "yes" ] ; then
echo "Too late, we gave you two chances and you blew it."
echo  "$1 is history"
rm -rf $1
else
echo "Exiting, no changes made"
fi

One last point. Root can make files read only, and even root can't delete them.

One last, very last point, root can build a system from scratch, root can modify a system to administrator specifications, root is administrator and in control.

[Bruce B]

Making Puppy not run as root would shut up a huge amount of the forum questions.

That would be a sad day. If it weren't for posts questioning running as root, what would be the stimulus for arguing in its behalf?

[tw296]

One last point. Root can make files read only, and even root can't delete them.

The following is in puppy, but I got the same in ubuntu:

Code: Select all

# touch test
# chmod 000 test
# ls -l test
---------- 1 root root 0 2008-11-19 10:39 test
# rm test
# ls -l test
ls: cannot access test: No such file or directory

So what's this method of root making files that it can't delete? (I believe SELinux can do it, but I also believe SELinux isn't in Puppy)

[Bruce B]

So what's this method of root making files that it can't delete? (I believe SELinux can do it, but I also believe SELinux isn't in Puppy)

One of the hardest things I've found in life to do is change people's beliefs.

I'm going to farm this one out to others. Use your favorite search engine and the following search critera:

linux file immutable

Please post back and let me know if you've been persuaded into new beliefs or not.

[tw296]

Yeah that works. But I'm thinking there has to be some gotcha somewhere. How is this implemented? Is there some circumstance in which it would be bypassed?

And more to the point, why isn't this used more widely? (Or is it? I don't tend to go trying to delete key system files)

[Bruce B]

Yeah that works. But I'm thinking there has to be some gotcha somewhere.

Why? This is not Microsoft.

How is this implemented?

By changing extended file attributes, not normally viewable with ls -l, lsattr shows them.

Is there some circumstance in which it would be bypassed?

Formatting the partition, but those tools can be set aside once the disk is setup.

Otherwise by root only, or the fake root Ubuntu sudo, using the chattr command. Root can hide or rename the file, how about spelling it backward? rttach, who would guess?

And more to the point, why isn't this used more widely? (Or is it? I don't tend to go trying to delete key system files)

I don't think it is widely used

Also, you can also protect completed user documents, music files and other things you don't want accidentally deleted.

For me, the system files are not of great concern, because I have the setup cd. It's the lost user files, I'm more concerned about.

[tw296]

How is this implemented?

By changing extended file attributes, not normally viewable with ls -l, lsattr shows them.

Ah right.
A quick bit of searching seems to show that this is controlled by a kernel compile option - so the only way for it to 'fail' (in terms of being a safety net for a careless admin or user) would be if the kernel got changed. That's not going to happen.

There's the user-xattr mount option, but I'm assuming that's for something slightly different.

Back on topic:

Does having Puppy run mainly as root make the developers' lives easier? Because that's the only thing I can think of to justify it. It's at best neutral for security, gives a negligible improvement in convenience, and makes it harder to have a multi-user system.

[Flash]

...Does having Puppy run mainly as root make the developers' lives easier? Because that's the only thing I can think of to justify it. It's at best neutral for security, gives a negligible improvement in convenience.....

It's a huge improvement in convenience for me. I tried Knoppix several years ago before I discovered Puppy. Seemed like the need for a password, which was not supplied, kept me from doing most everything I wanted to try. I found Puppy to be so much simpler to use that there is no comparison. If you need separate user accounts, fine, but keep in mind that Puppy grew up as a single user live CD. If that's the way I use it then there's no reason to run as a user with limited privileges, and plenty of reasons to run as root, as far as I'm concerned.

[Bruce B]

Does having Puppy run mainly as root make the developers' lives easier?

If we consider traditional distribution design, it is not harder to login as root, than it is to login as any other user. Developers can login as they please, provided the administrator allows it. Depending on the type of operation, the administator may give developers a sandbox to work with.

I send this post via one of Puppy's restricted users, spot. As a multiple-user operating system, it allows me to be many users at the same time, doing what multi-tasking operating systems do, run multiple tasks at the same time.

[disciple]

Quote:
Making Puppy not run as root would shut up a huge amount of the forum questions.

Ignorance of noobs [bless them] is not a reason.

These are not newbies. Apart from people who want multi-user for the sort of reasons Nathan wants it, these are mostly tin-foil hat people who have been indoctrinated by other distributions

For me, the system files are not of great concern, because I have the setup cd. It's the lost user files, I'm more concerned about.

That is a most important point

Does having Puppy run mainly as root make the developers' lives easier? Because that's the only thing I can think of to justify it. It's at best neutral for security, gives a negligible improvement in convenience, and makes it harder to have a multi-user system.

I would separate this into two issues, and these are my guesses at the answers:
1. Why does Puppy run as root by default?
- The average computer user that Puppy was targetted at wants to be able to just do things (e.g. install new software) without having to log on as an administrator or put a password into 47 dialogues or something. (Are the Vista people listening?) Puppy was intended to be convenient, and a lot of users used to come from Win98, where they didn't have passwords or multiple users or things stopping them from being in control of their own computer. Incidentally, a lot of businesses around here (the ones that have some trust in their employees) still set their computers up as much like the Win98 way of doing things.
- I look at it this way - not running as root gives a negligible improvement in security and is thoroughly inconvenient.
2. Why is Puppy a single user system (i.e. why is it not easy to run it as a multi-user system)?
- tradition - it has always been this way, and no one has changed it. I guess it has always been this way because it is believed that the target audience does not need a multi-user system, and it makes it easy for the developers

If someone made Puppy multi-user friendly I would support them, but hopefully Puppy will always run as root by default.

[disciple]

Nathan's tinfoil hat article can still be read at http://web.archive.org/web/200806040340 ... age_id=243, even though grafpup.org doesn't work currently

[PaulBx1]

Actually, there is one very good reason that Puppy should default as multi-user: to stop people nagging about it.

Actually, it would eliminate the single most important bitch about Puppy that I've read in reviews, thus possibly boosting Puppy in the ratings. I wouldn't mind a Puppy that defaulted as multiuser, but could be converted back to the old way with a simple little utility for the 90% of users who like it that way. And Pizzasgood has even paved the way for us.

[gposil]

Lets change the name of root to Admin...that will make everyone happy...and doze people will think why haven't we thought of that............

[dejan555]

Hehe

Multiuser puplet
The ultimate solution for running as root

How many threads do we have to open on this issue yet?

[gposil]

I think we need many more threads about root....I think I might start one now...no.....can't be bothered........

[alienjeff]

[cthisbear]

AJ:

I reported you to the RSPCA.....

after I stopped laughing.

Chris.