(old)Puppy Linux Discussion Forum

Hi,

I've tried Fedora, OpenSuSE, Mint Linux and was disgusted by the performance I got on my 900Mhz PIII 320G laptop. Damn Small Linux is nice but would take too much of my time to setup all the apps I would like to use. I just want to browse websites with firefox and look at email and dabble with basic Linux system admin.

I quickly installed Firefox and switched the menu fonts to something reasonable with the GTK theme chooser. Also I enabled the autohide in the .jwmrc-tray file. Afterwords I found the GUI config tool for jwm. Finally I setup my Prism 2 wireless card. All straight forward tasks that are not trivial for new Linux users.

As a long time UNIX user and backup sys admin as far back as 1992, I was a little disturbed puppy defaults to run as root? Now I know how to add users and can set that up , but root as default seems like a poor choice for security. Is there a reason root is the default?

why running as root is acceptable
http://murga-linux.com/puppy/viewtopic.php?t=29441
http://www.murga-linux.com/puppy/viewtopic.php?p=199344

there are plenty more

OFFS ... the holy war that seems to never end. FMI, check:

http://www.murga-linux.com/puppy/viewto ... 1ce314c1bd

As a Unix user you know what Multi-Tasking, Multi-User machines are.

I trust me as root.

Like yourself, about all I'm really interested in, in terms of connectivity applications is the browsers. I do that as spot.

su spot
cd
. b -> .bashrc

And limited user spot has a full repertoire of alias, scripts, directories and etc. All which I made.

And spot runs the browsers. Also spot can run nearly all the apps, if I want, except some daemons. Then there are other users, seven or eight by default.

Please excuse my earlier haste, but this issue keeps coming back to life. And quite honestly, it gets a little tired.

TheTick wrote:Is there a reason root is the default?

My knee jerk answer to this is "to aid in simplicity of design." Instead of trusting the opinion of a mere user like myself, you might be interested in what the developer has to say.

Scroll down to Q: Security concerns on Barry's FAQ page. He goes on to reference this rather contentious, tedious, and protracted thread.

Hope that helps.

" My knee jerk answer "

But booted that one home AJ.
Good one.

What I would like to know is if all those
advocating this type of - Security -
actually shred all their post addressed letters,
bank statements, utilities bills etc
to stop anyone going through their garbage and using
all this freely available info to defraud people.

No firewalls etc in the old garbo bin.

If I want root I'll get out my gardening fork.

Chris.

Yes I do shred all my mail. Anything with my address and/or name.

BTW I did read Barry's response and he does make sense in that puppy is NOT a server and all data except on your sfs files is read only. I just fear people see this and not understanding the unique puppy criteria think its OK for all Linux machines to boot to root.

Thanks for all the details .. and I will be running my browser and eamil client as spot. Thanks!

I'm still waiting for a report - from anyone anywhere, using any Linux distro - of a problem they had that would not have happened had they not been running as root. Without actual experience to analyze, we're just wasting our time guessing the worst that could occur.

" Yes I do shred all my mail. Anything with my address and/or name. "

Fair enough................Chris.

Flash wrote:I'm still waiting for a report - from anyone anywhere, using any Linux distro - of a problem they had that would not have happened had they not been running as root. Without actual experience to analyze, we're just wasting our time guessing the worst that could occur.

i deleted an essential file once, because i am an idiot

i suppose i could have deleted the file in a multi-user system too, but it would have taken longer

root still wins!

[more efficient idiot]

Nth hand this one admittedly. But someone attempts to clear out a directory with Problem is, there's some keymap issues, so he actually does . On this system, root's homedir was /

Bye bye system.

Also I seem to recall there's a gotcha with rm where something can match '..' (the parent directory) unexpectedly.

Finally, I don't have a major problem with puppy defaulting to root. What I have a problem with is it seems to make it inordinately difficult to login as NOT root.

tw296 wrote:Nth hand this one admittedly. But someone attempts to clear out a directory with

Code: Select all

rm -fr *

Problem is, there's some keymap issues, so he actually does

Code: Select all

rm -fr ~

. On this system, root's homedir was /

Bye bye system.

Also I seem to recall there's a gotcha with rm where something can match '..' (the parent directory) unexpectedly.

Finally, I don't have a major problem with puppy defaulting to root. What I have a problem with is it seems to make it inordinately difficult to login as NOT root.

In your if scenario, you are talking about a stupid or possibly an intentionally destructive user.

Don't let stupid users use your computer, they can get their own to mess up.

If it be intentionally destructive, it wouldn't matter what OS or how it was configured. You would pretty well have to put the computer out of access.

For example, some companies have their really important servers and other computers in air conditioned rooms, which only the administrators and probably the owner has keys to.

I still think the best answer is Nathan's tinfoil hat article (BTW he actually converted Grafpup to a multiuser system).

I'm still waiting for a report - from anyone anywhere, using any Linux distro - of a problem they had that would not have happened had they not been running as root.

That's pretty much what I say every time someone mentions this.

tw296 - we want real world examples of something someone has done, not theoretical examples of what they can do

What I have a problem with is it seems to make it inordinately difficult to login as NOT root.

The reason this is so is because no one has taken the time to make it easier. Perhaps you would like to volunteer? There are some people who would thank you.

Bruce B wrote:In your if scenario, you are talking about a stupid or possibly an intentionally destructive user.

Don't let stupid users use your computer, they can get their own to mess up.

It makes sense to accept that anyone, while not stupid, can and will make mistakes. This includes ourselves. And actually, I have hosed my system while running as root - though what I was doing couldn't NOT have been done as root. I was working from a live cd trying to copy everything from my root partition to somewhere else for a backup; naturally, this can't be done from within the system. It failed, so I went to delete it, but was in the original not the backup when I did the rm -fr *. Kerblam.

Also, seeing as how Grafpup is a multiuser system - can't we (by which I mean me if I get the time) backport whatever changes make that possible to Puppy?

EDIT: Yes, Ubuntu's default setup is stupid. I change things so that sudo wants the ROOT password, that should make things a bit more secure (though how much?), though it defeats the real point of sudo - but who uses its full power on desktop systems anyways?
In any case, being 'as secure as Ubuntu' is hardly something to brag about. Remember that openssh bug? Inherited from Debian, true. But it shows that even Free Software can have seriously nasty things lurking in it that don't get picked up.

Making Puppy not run as root would shut up a huge amount of the forum questions. It's easily the most asked question about the distro.

In most distributions, the effort required to not run as root is so minimal that even if the security advantage is small, it's still worth doing. In Puppy that's not the case - running as root requires effort on the user's part, and it's perhaps effort not well spent. But I have yet to see any argument that running as root is MORE secure than not doing so.

In most distributions, the effort required to not run as root is so minimal that even if the security advantage is small, it's still worth doing.

Maybe for you, but for me it is not worth it - I just find it annoying

Also, seeing as how Grafpup is a multiuser system - can't we (by which I mean me if I get the time) backport whatever changes make that possible to Puppy?

Well I'm not sure how much would be easy backporting and how much you would have to do from scratch. Grafpup 2 is a lot more different from puppy than Grafpup 1.x (which wasn't multi-user) was, and is also closer to the Puppy 2.x series than 4.x. So it wouldn't be a simple matter of copying and pasting.

I don't think there would be any big disadvantages (size or whatever) in Puppy having multi-user ability, so no one should complain about it.

You might like to:
1. ask around for people that are running Puppy as something other than root, and see what they had to do. There has been at least one forum thread about how to do it, but I don't think it was the sort of complete solution you would want.
2. talk to Nathan and see if he has any more notes or advice.
3. talk to the people working on Puppy. WhoDo is coordinating the next 4.x release, but this might be too big a change for it, so it may have to wait a release. I think there are also people working on new 3.x and 2.x releases, but IMNSHO the future is with 4.x

tw296 wrote: But I have yet to see any argument that running as root is MORE secure than not doing so.

Things can be put on par in many ways.

Puppy is a multi-user operating system.

Is there a connectivity application you don't want to run as root? Then don't, run it as another user.

Also, no reason anyone needs to run the terminal emulator as root either, except by user choice.

Root FOREVER!!!!!!!!!!!!!!!!!!

Making Puppy not run as root would shut up a huge amount of the forum questions.

Ignorance of noobs [bless them] is not a reason.

To give you another example of a way Puppy is different.
New users run Puppy from CD (or DVD for extra speed) it runs fine and they can save their configuration to HD.
In the back of their heads (I used to have this), they insist that Puppy must be installed to hard disk. It is the way things are done after all . . .
Is it?
I gave up installing Puppy to HD several years ago. I run from DVD. Fast simple convenient. No spots before the eyes . . .
Forum admin Flash, runs from Multi-session quite happily.

The problem with 'root is bad' is people repeat it as a mantra without knowing why it is bad. On a shared network it makes perfect sense. That is where the mantra started. When people had Unix terminals.
We are Puppy and we have our own computers. Some of us even use them without wearing white coats.

If I was a tin-hat (terminal paranoid) I might change the permissions on my HD or encrypt my data or get a retina scan door for my computer room.

Pah!

. . . Meanwhile copyrighted material, government documents and peoples private facebook images are freely available . . .

The world is becoming transparent. I float up into the cloud . . . I am a tree, I am root
[my psychiatrist has been auto-dialled]

If the dangers of rm -rf is of actual concern, it is not the end of the story, not for me anyway.
Type this on the command line and see what you get. It disables using the rm command on the command line. It tells you to use del or deltree instead. Put it in .bashrc and you will not have to type it thrice.

Aliases have precedence on the CLI, but not in scripts, so it won't break the scripts written to use rm.

del deltree One last point. Root can make files read only, and even root can't delete them.

One last, very last point, root can build a system from scratch, root can modify a system to administrator specifications, root is administrator and in control.

tw296 wrote: Making Puppy not run as root would shut up a huge amount of the forum questions.

That would be a sad day. If it weren't for posts questioning running as root, what would be the stimulus for arguing in its behalf?