What makes Linux safer than Windows?

For discussions about security.
Message
Author
PaulBx1
Posts: 2312
Joined: Sat 17 Jun 2006, 03:11
Location: Wyoming, USA

#46 Post by PaulBx1 »

If people want to install a live CD that is their lookout. I'm still intrigued enough by the possibility of a live-CD OS to be sad enough to want to use it that way.
Well I use it that way, too. But with persistent storage (pupsave). I don't deceive myself I'm getting a read-only installation by doing that.

Pizzasgood has a solution to ease the pain of going full read-only. IIRC not everything configured gets copied over in a remaster though.

User avatar
Pizzasgood
Posts: 6183
Joined: Wed 04 May 2005, 20:28
Location: Knoxville, TN, USA

#47 Post by Pizzasgood »

No, it doesn't. But the last time I used the remaster script it had a part where it paused and told you where the build tree was (somewhere in /tmp) to give you a chance to make manual changes that would not be discarded.

Nobody has to be limited by the remaster script. My Edit-SFS program has been around for three years now (and it just got a complete rewrite a month or so ago and is much nicer now). I think a couple other people have written similar tools over the years. And even without those, it's not all that hard to just run the commands to extract and rebuild a .sfs file by hand.


As for actually locating the changes to include in the remaster, I believe the network configuration is under /etc/network-wizard. But if you're just doing a personal remaster to be used on the same machine/network, you may as well just grab /etc in it's entirety. There's nothing in there that absolutely should not be included in that sort of remaster, unless you use wireless or dialup and don't want the key/password saved inside the CD as plaintext. This way you also get the keyboard, mouse, video, and timezone configurations too.
[size=75]Between depriving a man of one hour from his life and depriving him of his life there exists only a difference of degree. --Muad'Dib[/size]
[img]http://www.browserloadofcoolness.com/sig.png[/img]

User avatar
mojo558
Posts: 11
Joined: Wed 01 Apr 2009, 22:28

linux (Puppy) Security

#48 Post by mojo558 »

I may be considered to be "paranoid" by making the statement I am about to make here but, I've never been considered to be the brightest penny in the roll either.
I know of a VERY reputable Web-zine which broke the news that MS was installing software (I.E. "updates') on users machines even though their machine's security settings didn't allow it. IT WAS TURNED OFF and still MS installed software.
The next day they had a fire in their building and it shut them down.
MS is a ... what ......$800 billion company ????
They need to protect their assets. e.i. Windows . Which is a work in progress and always will be. MS made their money by selling this product. If they don't keep selling it and Coming up with bigger and better (Win 2,3, 95, 98, 2000, Milineum, XP , 7 , ect......) they would eventually go broke. So, how do you up-sell a product to the public ???
The newer system works "Better" it is more "Secure" and user friendly.
What convinces them ??
Viruses, Malware, S P Y WA R E and here is the kicker.
You ready for this ??
MS has a "Security" department manned with code writers whose sole job is to break Windows.
They get paid to intentionally write bad code.
You cant possibly believe that there are actually enough common people knowledgeable enough to produce the MILLIONS of viruses, etc that irritate you enough that you cant wait till something "better" comes out. And they are really successful at it.
That's part of why Puppy and Other Linux distros are more secure,...they are FREE.

User avatar
Pizzasgood
Posts: 6183
Joined: Wed 04 May 2005, 20:28
Location: Knoxville, TN, USA

#49 Post by Pizzasgood »

You cant possibly believe that there are actually enough common people knowledgeable enough to produce the MILLIONS of viruses, etc that irritate you enough that you cant wait till something "better" comes out. And they are really successful at it.
I haven't done any malware writing (it's on my to-do list though (for educational purposes!)). But considering what I do know about programming in general, and considering how many people there are on this planet who have computer and internet access, it doesn't seem remarkable to me. Also, I'm willing to bet that there really aren't that many viruses. Probably a lot of them are just rehashes of eachother, so that the total number could be knocked down by an order of magnitude or two.

I don't think the people who work at MS intentionally write insecure code, so much as that they intentionally don't write much secure code. Because writing and testing secure code takes time, and time is money. So they write code that is merely good enough, release it, and then patch it as needed later.

Therefor, I do agree with this statement anyway:
That's part of why Puppy and Other Linux distros are more secure,...they are FREE.
[size=75]Between depriving a man of one hour from his life and depriving him of his life there exists only a difference of degree. --Muad'Dib[/size]
[img]http://www.browserloadofcoolness.com/sig.png[/img]

User avatar
xman
Posts: 144
Joined: Thu 24 Sep 2009, 06:31

#50 Post by xman »

Answer isn't browser?

Pwn2Own 2010 there is still no trace of Linux as possible target. Is it too harder to find exploits for Linux or a non commercial operating system has no interest for exploit hunters?

What is the Champion saying?
http://www.oneitsecurity.it/01/03/2010/ ... r-pwn2own/

Pwn2Own 2010 first day: Safari, IE8 and Firefox all fall but Chrome stands still.

DMcCunney
Posts: 889
Joined: Tue 03 Feb 2009, 00:45

#51 Post by DMcCunney »

Pizzasgood wrote:I don't think the people who work at MS intentionally write insecure code, so much as that they intentionally don't write much secure code. Because writing and testing secure code takes time, and time is money. So they write code that is merely good enough, release it, and then patch it as needed later.
They're fussier about writing secure code now. But when you have millions of lines of legacy code, there will be plenty of written-in-the-past code to patch for the foreseeable future.

A lot of the security issues are understandable oversights, like buffer overflow exploits. It never occurred to the programmers who who wrote the affected code that anyone might deliberately try to overflow a buffer with bad intent. Back then, such exploits weren't even gleams in bad guy's eyes.

They're fussier these days, because while it takes more time to do it right to begin with, it costs more to fix it later.
______
Dennis
Last edited by DMcCunney on Sat 27 Mar 2010, 00:42, edited 1 time in total.

DMcCunney
Posts: 889
Joined: Tue 03 Feb 2009, 00:45

Re: linux (Puppy) Security

#52 Post by DMcCunney »

mojo558 wrote: MS has a "Security" department manned with code writers whose sole job is to break Windows.
They get paid to intentionally write bad code.
You cant possibly believe that there are actually enough common people knowledgeable enough to produce the MILLIONS of viruses, etc that irritate you enough that you cant wait till something "better" comes out. And they are really successful at it.
That's part of why Puppy and Other Linux distros are more secure,...they are FREE.
Yes, I can believe there are enough people to write all those viruses and malware. Most of it is knock-off copies of earlier viruses, with minor changes. Some of it is done by "script kiddies" who can't write a line of real code, using hex editors to make changes in the binaries.

The amount of genuinely new code in the wild is a small fraction of the total, and with hundreds of millions of PCs running Windows around the world. hundreds of thousands of virus writers isn't beyond the realm of possibility.

Microsoft makes it's main living selling Windows and Office, but you have to remember who Microsoft thinks the customer is. They are a B2B company, and their idea of the customer is likely the corporate CIO who can sign off on a site license for thousands of copies of Windows. He's going to be fussy about what he buys. (Witness the slower than hoped for uptake of Vista, as most corporations waited for Win7.)

They aren't going to deliberately write insecure code, and upgrading to make things more secure isn't their pitch. Note that they issue regular security patches, free of charge, on "patch Tuesday", and you are encouraged to turn on Automatic Update to get them. Making those patches and distributing them costs money. I assure you MS would be just as happy if it wasn't necessary. they'd rather spend the money on new stuff that might spur sales and increase revenue, instead of fixing old stuff that won't add a dime to their bottom line.

My complaint isn't that Windows is insecure. When you have a system as big and complex as Windows, it's almost inevitable. It's that Microsoft didn't recognize the gravity of the situation, push for more secure code to begin with, and start issuing automatic security updates about 5 years earlier than they did.
______
Dennis

nooby
Posts: 10369
Joined: Sun 29 Jun 2008, 19:05
Location: SwedenEurope

#53 Post by nooby »

Apologize for not reading all postings in this thread.

Even if M$ are totally innocent I still care about security in linux.

I know too little to protect myself enough.

Puppy at least has a firewall that I can activate in set up while neither Elive nor Antix had such and the one in ubuntu and Mint I totally failed to understand if it was active or not.

Puppy has promised me that it is active when I set it up.
I am at their mercy.

To be root seems to not the best thing to be. and there do exist a puppy that allow one to create users and passwords.

Maybe next puppy should be set up so one can chose if one want to be root or more protected.
I use Google Search on Puppy Forum
not an ideal solution though

User avatar
RetroTechGuy
Posts: 2947
Joined: Tue 15 Dec 2009, 17:20
Location: USA

#54 Post by RetroTechGuy »

nooby wrote:Apologize for not reading all postings in this thread.

Even if M$ are totally innocent I still care about security in linux.

I know too little to protect myself enough.
Fortunately, most of the problems come from the OS "helping" the user by automagically installing software. For example:

http://www.messagingnews.com/story/koob ... ons-rising

These sorts of bogus links are amusing from a Linux standpoint (and generally, even a Win98 standpoint) -- the dumb OS asks "what do you want to do with this executable?"... Then you can answer: "I'll tell you what to do with that F$*!@&ing virus infected executable..." ;)

I sometimes save those to disk, so I can scan them to see what kind of virus they're trying to push.
To be root seems to not the best thing to be. and there do exist a puppy that allow one to create users and passwords.
Although the core of the system is read only. So such a virus would have to install itself in your /usr/local/bin/ or some such.

That is effectively how you would infect a user on a multi-user system (except it would place the virus in your home directory, as it would not have write privilege to place it in /usr/local/bin/).

So, while running as root may not be ideal, it's not as bad as it looks, with this particular implementation.

Of course, your concern is a good reason to create multiple pupsave files. One for general browsing, one for more secure uses (email, etc), and/or perhaps a pupsave that is used only for online banking and such.

And for the latter use, if you were really paranoid, you could create a fully functional pupsave, then make a backup copy, and every few days copy that master-backup over the top of the secure banking pupsave (to erase any changes which might have been inserted into the system) -- or perhaps even after every use.

jamesbond
Posts: 3433
Joined: Mon 26 Feb 2007, 05:02
Location: The Blue Marble

#55 Post by jamesbond »

nooby wrote: To be root seems to not the best thing to be.
Read this: Fear Not Root, and tell us what you think. Many people regurgitate "running as root is bad", but they seldom back it up with the reasons to the point that it almost becomes a myth.
Fatdog64 forum links: [url=http://murga-linux.com/puppy/viewtopic.php?t=117546]Latest version[/url] | [url=https://cutt.ly/ke8sn5H]Contributed packages[/url] | [url=https://cutt.ly/se8scrb]ISO builder[/url]

DMcCunney
Posts: 889
Joined: Tue 03 Feb 2009, 00:45

#56 Post by DMcCunney »

nooby wrote:Even if M$ are totally innocent I still care about security in linux.

I know too little to protect myself enough.

Puppy at least has a firewall that I can activate in set up while neither Elive nor Antix had such and the one in ubuntu and Mint I totally failed to understand if it was active or not.

Puppy has promised me that it is active when I set it up.
I am at their mercy.
The first question you need to ask is what are you protecting yourself from.

On Windows. the answer is viruses and malware. On Linux, those aren't a concern as they don't really exist for the platform. They are specific to Windows, as they hook into Windows code to do their work.
To be root seems to not the best thing to be. and there do exist a puppy that allow one to create users and passwords.
And I wish that were standard in Puppy.

One of the changes Windows made as of Vista was to make the default user profile a "Power user" profile as a security measure. Previous versions of Windows through XP assumed the logged in user was administrator with full powers to modify the machine. A lot of viruses and malware require that access to do their dirty work, and bounce off if the user doesn't have it.

Vista's switch to defaulting to Power User caused much wailing and gnashing of teeth, but it's arguably what Windows should have done all along.

Puppy is like MS-DOS and older versions of Windows. It assumes the user running it is the administrator.

Viruses and malware aren't really problems in *nix, but casual root access can be. Historically, Unix systems were mullti-user, with more than one user logged on and working at a time, and I've spent time over the years locking down systems so users couldn't casually get get root access and possibly shoot somebody else in the foot. Normal users get the equivalent of power user profiles, can only install software and make changes in their own home directory and directories below it, and can't affect the rest of the system.

The whole point of a firewall is to prevent unauthorized access and control traffic between your system and others. Like other distros, Puppy uses iptables to implement a firewall. Do a search on iptables to get a better idea of what it does and how it does it.

Your real question is "Can someone from outside get unauthorized access to my Puppy system?" The general answer is "Probably not. First, they'd have to be aware it existed. Then, they'd have to have a way to get in. And last, they'd need a reason to try."

I don't worry about it on my Puppy box. At home, it's behind a hardware firewall as well as the software firewall Puppy makes, and it's one of many thousands of systems in my area. And if someone does manage to get into it, there's nothing of value for them to get at.

People trying to break into systems will be motivated by bragging rights or material gain. In either case, there's nothing of interest on my system. They won't get bragging rights breaking into a dinky single user Linux system, and they won't get access to anything that might get them money, like access to the userids and passwords to my bank and credit card accounts. I don't do that stuff from the Puppy machine.
Maybe next puppy should be set up so one can chose if one want to be root or more protected.
I'd be delighted if proper multi-user support got put back into Puppy. You don't have to be root to do the vast majority of things you normally do on Linux. You only need to be root to install software (and not always then) or make other changes that affect the whole system.

Puppy gets away with "All root, all the time", because it's an explicitly single-user system, and the person who installed and configured it is almost certainly that user. If you shoot yourself in the foot doing the wrong thing as root, hey, it's your foot. No one else suffers collateral damage.

In a different setting, like a corporate desktop where more than one person might use the machine, Puppy is the last Linux distro you would install. You need a distro with honest to God multi-user support, where each user can have their own ID, and the ID can be customized for what that user will do with the machine.

On current flavors on *nix, even the administrator doesn't run as root. They log in as a normal user, and if they need admin powers to do something, they use su or sudo to acquire them, and return to a normal ID when they are done. Solaris systems won't let you log on as root unless you are at the system console. From anywhere else, you must use a normal ID and then su to become root.

Does it take a few extra steps to do administrative stuff? Yes. Is this bad? No. It should be harder to make changes that can affect or even put down the whole system.

I've been an administrator responsible for multiple systems, logged into several at any given time. I took pains to do things like customize my prompts and use different color schemes in telnet session to make obvious just what box I was on in a session and whether I was on as root. It would have been way too easy to shoot everyone in the foot by typing the wrong commands into they wrong system.

I run as root in Puppy because I have to, and I wish I didn't. I'm used to being able to create IDs customized for various purposes and being able to use them to do specific things.

I've never quite understood the rationale behind making Puppy root only and removing the normal multi-user infrastructure, unless it was a matter of "It's easier to install and maintain the system if you don't have to worry about permissions problems". Perhaps, but you should worry about permissions, and there are at least a few applications out there that complain or refuse to run if you are root because of potential security problems.
______
Dennis

DMcCunney
Posts: 889
Joined: Tue 03 Feb 2009, 00:45

#57 Post by DMcCunney »

jamesbond wrote:
nooby wrote: To be root seems to not the best thing to be.
Read this: Fear Not Root, and tell us what you think. Many people regurgitate "running as root is bad", but they seldom back it up with the reasons to the point that it almost becomes a myth.
It's not a myth.

There's a critical distinction that gets overlooked. Linux is designed to be a work-alike for Unix. Unix and Linux are both inherently multi-user systems, that implicitly assume more than one person will be logged on and working on the system at any particular time. Puppy gets away with it's approach because it's explicitly a single-user system, and assumes the user running it is the one who installed and maintains it. If they make a mistake, they are the only one affected.

I started out on AT&T Unix System V back in the 80's. I've been the administrator of Unix systems where upwards of 300 users might be on the system at once. Can you imagine the chaos that might result if they were all running as root?

Most of the users I supported were non-technical. They didn't know how the system operated, and didn't want to. They accessed the system to perform work. The vast majority of them never saw a command line, and wouldn't know what to do if they did. I set them up with custom IDs. When they logged in, they were put directly into the program they needed to use. When they exited the program, they were logged off the system. They were quite happy with this. It made their lives easier, and reduced what they needed to know about the system to be able to do their jobs.

I run Ubuntu as well as Puppy. Ubuntu is like any other mainstream distro. By default, you log on as an ordinary user. If you need to perform administrative tasks, you temporarily acquire administrative powers with su or sudo. I could set that up to always run as root, but don't. (I did create a separate password for root to enable me to run as root in another virtual console, but seldom use it.)

I prefer the extra step to become administrator as a safety measure. It forces me to remember that I am performing administrative tasks, and to make sure I understand what I am attempting to do. This is a simple safety measure that cuts down on the likelihood I'll make a mistake I'll then have to recover from.

I have seen a tech manage to wipe an entire machine at a customer site by making the wrong move as root. Fortunately, he was able to recover because the customer had made a complete backup just before he arrived to do his work. But he made the error he did because of bad habits he'd accumulated as an administrator on a small Xenix system, where he always ran as root to avoid pesky permissions problems.

You don't have to fear root, but you do have to respect it, and showing respect by not running as root when you don't have to is a good idea.
______
Dennis

User avatar
Lobster
Official Crustacean
Posts: 15522
Joined: Wed 04 May 2005, 06:06
Location: Paradox Realm
Contact:

#58 Post by Lobster »

Read this: Fear Not Root, and tell us what you think.
I thought reading this was preferable to running around like a headless penguin
exclaiming, 'Beware the root'. :roll:
Dennis makes many similar points about the difference between Linux on a corporate network and individual Puppy and Linux desktop computers.

A reminder of the simple Puppy Growl security program:
http://murga-linux.com/puppy/viewtopic. ... 216#335216
Puppy Raspup 8.2Final 8)
Puppy Links Page http://www.smokey01.com/bruceb/puppy.html :D

jamesbond
Posts: 3433
Joined: Mon 26 Feb 2007, 05:02
Location: The Blue Marble

#59 Post by jamesbond »

Thank you Dennis.

Your posts are very clear, helpful, refreshing and educational. You give the context, and also the reasons in which running as root is a bad idea - this is in contrast to others who just say "because it's the best practice".
Hopefully wIth your posts and the Fear Not Root link, people running single-user desktop linux can then see whether or not these reasons apply them, and what additional security gains they get by running as non-root (and thus, whether root-vs-non-root is worthy of a heated debate).

cheers!
Fatdog64 forum links: [url=http://murga-linux.com/puppy/viewtopic.php?t=117546]Latest version[/url] | [url=https://cutt.ly/ke8sn5H]Contributed packages[/url] | [url=https://cutt.ly/se8scrb]ISO builder[/url]

jamesbond
Posts: 3433
Joined: Mon 26 Feb 2007, 05:02
Location: The Blue Marble

#60 Post by jamesbond »

Lobster wrote:
Read this: Fear Not Root, and tell us what you think.
I thought reading this was preferable to running around like a headless penguin exclaiming, 'Beware the root'. :roll:
Lob I can't stop laughing reading your post :D
Fatdog64 forum links: [url=http://murga-linux.com/puppy/viewtopic.php?t=117546]Latest version[/url] | [url=https://cutt.ly/ke8sn5H]Contributed packages[/url] | [url=https://cutt.ly/se8scrb]ISO builder[/url]

User avatar
Pizzasgood
Posts: 6183
Joined: Wed 04 May 2005, 20:28
Location: Knoxville, TN, USA

#61 Post by Pizzasgood »

I'd be delighted if proper multi-user support got put back into Puppy.
I agree, which is why I did it - for 4.2.1 anyway. And I documented the process to the best of my ability so that if/when Puppy decides to adopt it they won't have to figure as much out on their own.
http://www.murga-linux.com/puppy/viewtopic.php?t=47409

The average paranoid user doesn't really need it, but proper multiuser support would allow Puppy to spread into other niches. Even just being used as a family PC. Sure, Puppy can do the multiple save file deal, which is nice, but that doesn't stop Jr. from deleting the savefile itself, or reformatting the harddrive.

Limited accounts would at least make it more difficult. He could still try booting from a live CD, and if you disable that he could try resetting the bios, or just pulling the drive and mounting it from another machine - but he would have to be very intentionally malicious to do those things. If he's just cranky or an idiot, limited permissions will stop him.



I have to admit, I'm pretty used to root. And for good reason, because during the beginning I spent large amounts of my time screwing around with Puppy's boot scripts, installing stuff, deleting things, etc. Running as other than root would have been impractical.

I haven't been doing anywhere near as much of that lately though, other than recently as I have been working on making my own distro. But when not doing that, I've mostly been working on applications and utilities, and less of the core systems type stuff. So now it would be possible for me to be a user on a regular basis.

When I get CheesyRamHog usable enough, I intend to do that. I need to get used to not being root, because one of the career paths I may wind up following is being a sysadmin. Like DMcCunney's friend found out, bad habits can get you into trouble.


Puppy at least has a firewall that I can activate in set up while neither Elive nor Antix had such and the one in ubuntu and Mint I totally failed to understand if it was active or not.
Linux basically has one firewall program. IPtables. There are many frontends that you use to configure it, but they all do the same thing.

To see what is currently configured, on any modern Linux, you just run iptables -v -L and it will output the configuration to the terminal. Understanding what it means is another thing, but you can at least see that something is set up. If nothing is configured, it will look about like this:

Code: Select all

# iptables -v -L
Chain INPUT (policy ACCEPT 2 packets, 252 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain OUTPUT (policy ACCEPT 2 packets, 252 bytes)
 pkts bytes target     prot opt in     out     source               destination 
If you get anything more complex than that, you probably have the firewall enabled.

As long as the particular firewall configuration doesn't rely on some weird module that the average kernel doesn't have enabled, it can be used on nearly any modern distro (has to support iptables at least). You can use iptables-save > firewall_file to save it to "firewall_file", and then drop that into the other distro and run iptables-restore < firewall_file to restore it. Of course, you would probably need to configure the new distro to re-use that same firewall each boot. How you do that is a function of the distro, but the support people for whichever distro would probably be able to help you.
[size=75]Between depriving a man of one hour from his life and depriving him of his life there exists only a difference of degree. --Muad'Dib[/size]
[img]http://www.browserloadofcoolness.com/sig.png[/img]

nooby
Posts: 10369
Joined: Sun 29 Jun 2008, 19:05
Location: SwedenEurope

#62 Post by nooby »

Pizzasgood , I intended to thank Dennis and tell him to search for the member of this forum that there existed a description of how to implement it even in Puppy.

But I had forgotten that it was you who had a thread about it.

Very good you helped me out by reminding us about it.

Thanks for the description of the iptables. You are right that is how it looks in ubuntu, antiX and Debian Elive by default.

Not activated. Puppy after activation has Drop in the first one but accept in the other two.

That is as good as the default Windows XP and Vista and Win7 also have it.

should not Puppy be better than M$ :)

I am too much of a computer idiot to be able to set it up though. I tested the GUI of SuperOS (Ubuntu) and Linux Mint and Debian Elive and I did not understand if I was protected or not when I clicked on Deny.

did I deny any entry from outside or did I deny the firewall to be activated? Nothing explained it unless one is clever enough to think like the GUI developers way of thinking.

I am very spoiled by Puppy by being root. when I try out Debian or Ubuntu or some other distro I get stuck instantly by not being able even to mount my HDD to get to the text files I need to remember commands to use. Hahah

I wish Puppy to become the most attractive breed of distros there is. To at least being able to chose is better than to not chose.

At install one could be asked. Do you want to be an ordinary user like most Linux Distros are set up or do you want the freedom of being in complete control over everything but on your own risk? Yes protect me 1. or Yeah I am adventures or trust myself enough to be a 2.
I use Google Search on Puppy Forum
not an ideal solution though

User avatar
RetroTechGuy
Posts: 2947
Joined: Tue 15 Dec 2009, 17:20
Location: USA

#63 Post by RetroTechGuy »

DMcCunney wrote: I run Ubuntu as well as Puppy. Ubuntu is like any other mainstream distro. By default, you log on as an ordinary user. If you need to perform administrative tasks, you temporarily acquire administrative powers with su or sudo. I could set that up to always run as root, but don't. (I did create a separate password for root to enable me to run as root in another virtual console, but seldom use it.)
When testing software on such a system, I typically open a console window and do a normal login as root. Then with both the the user (me) and root (also me) logged in, I can test that "user" can see and run the programs installed. If not, root can tinker with things and try again.

But if you are truly the only user, that becomes fairly redundant (and occasionally tedious).
Fortunately, he was able to recover because the customer had made a complete backup just before he arrived to do his work.
This is a key point. Having a recent backup. You should do the same with Puppy, particularly before installing new software.

The really nice thing about Puppy, in frugal mode, is that it is incredibly easy to make a backup of the system (just copy the unmounted pupsave file). And it's so small, that it is also trivial.

Note also that making a "multi-user" machine isn't hard, with Puppy (I emphasize machine, as most don't care if it's an multi-user OS). Just copy your boilerplate pupsave over to a new username, and they then have their own system. Yeah, so you'll have to spend a few seconds performing a reboot to change users. Puppy is small enough that there isn't a real reason to leave it running when not in use, so the most likely scenario is that the user comes to the machine in the "off" state, and boots normally. Otherwise the 1st user will have to shut down, and the second reboot. No big deal.

DMcCunney
Posts: 889
Joined: Tue 03 Feb 2009, 00:45

#64 Post by DMcCunney »

jamesbond wrote:Thank you Dennis.
You're quite welcome.
Your posts are very clear, helpful, refreshing and educational. You give the context, and also the reasons in which running as root is a bad idea - this is in contrast to others who just say "because it's the best practice".
Hopefully wIth your posts and the Fear Not Root link, people running single-user desktop linux can then see whether or not these reasons apply them, and what additional security gains they get by running as non-root (and thus, whether root-vs-non-root is worthy of a heated debate).
I'm in the "don't run as root unless you must" camp, but I have a different perspective because I where I come from.

I first heard about Unix when the system I dealt with was an IBM mainframe, and Unix was AT&T Version 6, the first to see usage outside of AT&T. Single-user Unix systems effectively didn't exist, and installations were all multi-user.

My first "home computer" was a single-user Unix workstation. In the mid-80's, AT&T was still in the computer business, and issued the UNIX-PC and the 3b1. (I have a 3b1.) Both were attempts to compete with the IBM PC on the corporate desktop. They had a 10mhz 32 bit Motorola 68010 CPU (the first of that line with hardware memory management), a bit mapped GUI console, and would boot and run a port of AT&T System V Release 2 and perform useful work with acceptable performance in one megabyte of RAM. (Yes, you read that right. One megabyte, not one gigabyte.) Give it more RAM and it flew. (A client back then used a 3b1 with 3MB of RAM to support four simultaneous users and a printer, running a custom database application for distribution management. Users connected via dumb terminals using a character mode interface. Worked fine.)

The UNIX-PC had a root ID, but it wasn't what you normally used. You logged in as a normal user, and became root only as required to do system maintenance.

Most of the systems I've dealt with over 20+ years were multi-user, with many users on and working simultaneously.

So "Don't run as root unless you have to" is a conditioned reflex, acquired in the days when casually running as root was a Very Bad Idea indeed.

There are places where it is the norm, but they tend to be specialized. For example, my recently deceased Linksys WRT54G router used a Linux 2.4 kernel and Busybox. You never saw Linux if you used the stock firmware, because you dealt with an HTML based GUI that let you configure the router. But because it was Linux based, it was open source, and various developers grabbed the source and hacked, producing an assortment of replacement firmware. I ran one called Tomato, and I could telnet or ssh to the router and get a command line. (My SO was bemused to see me running vi on the router to edit scripts.) I was logged on as root because multiple users made no sense in that context. It was an embedded application with a specific purpose, and not a general usage device.

As mentioned, Puppy gets away with always running as root because it's explicitly a single user system, and I recall seeing a post stating Barry was originally working to create an embeddable distro, similar to the Linux implementation. It's no worse than MS-DOS or earlier versions of Windows which also assumed the logged on user was he administrator with all powers to change the system.

But systems where you can have other users can be useful.

For instance, back in the MS-DOS days, I ran the MKS Toolkit. The Toolkit was a collection of DOS versions of all of the standard Unix utilities that made sense in a single-user, single-tasking environment, including a very complete implementation of the Korn shell that had everything except asynchronous sub-processes (because DOS was single-tasking, and didn't do sub-processes.)

If you installed in full Unix compatibility mode, the Toolkit replaced COMMAND.COM as the boot shell with INIT.EXE. Boot, and init would run, and print a Login: message on your screen. Enter an ID and optional password, and init called login, which checked the ID you entered against an /etc/passwd file. If it found a match, it changed to whatever directory was specified as that ID's home diorectory, and ran whatever was specified as that ID's shell. Exit the shell you were logged into, and init regained control and put up another Login: message.

I found this incredibly useful. I could change environments without rebooting. Stuff common to all IDs, like mouse, ramdisk, and disk cache drivers got loaded in CONFIG.SYS. Everything else happened at the ID level.

I had IDs to run vanilla COMMAND.COM, the shareware 4DOS command com replacement, the MKS Korn shell for a Unix like environment, and the DesqView mulit-tasking environment. I could switch without rebooting - just log off and log back on with the right ID.

The setup stayed in place when Win 3.1 came around. In Win 3.1, the default "shell" was Program Manager, but an assortment of replacements existed. I used custom IDs handled by init, which modified the Windows SYSTEM.INI file to point to the shell I wanted to use before calling Windows. When Win95 hit the streets, switching was painless for my SO, because I normally used a replacement shell that already had the stuff Win95 brought to the table, like desktop icons.

If I have the option on a *nix system, I often create custom IDs intended for specific purposes, with a login profile and environment designed around that purpose. Switching is a matter of logging off and logging on again with a different ID.

I'd love to do that in Puppy, but can't, because Puppy doesn't support it. Someday...
______
Dennis

DMcCunney
Posts: 889
Joined: Tue 03 Feb 2009, 00:45

#65 Post by DMcCunney »

RetroTechGuy wrote:
DMcCunney wrote:I run Ubuntu as well as Puppy. Ubuntu is like any other mainstream distro. By default, you log on as an ordinary user. If you need to perform administrative tasks, you temporarily acquire administrative powers with su or sudo. I could set that up to always run as root, but don't. (I did create a separate password for root to enable me to run as root in another virtual console, but seldom use it.)
When testing software on such a system, I typically open a console window and do a normal login as root. Then with both the the user (me) and root (also me) logged in, I can test that "user" can see and run the programs installed. If not, root can tinker with things and try again.

But if you are truly the only user, that becomes fairly redundant (and occasionally tedious).
It's not redundant at all if you normally run as a regular user. I usually log on twice in different virtual consoles: once as root, and once as the user, and can hop back and forth with Ctrl-Alt-<number> to switch between them (and if necessary, killed the normal user login from root.)

Tedious? Maybe. But testing is by nature somewhat tedious.
Fortunately, he was able to recover because the customer had made a complete backup just before he arrived to do his work.
This is a key point. Having a recent backup. You should do the same with Puppy, particularly before installing new software.
The customer was a doctor's office, and the system he wiped contained patient records. The consequences if the customer hadn't had an up-to-the-minute backup don't bear thinking on. I suspect the employer we worked for would have been put out of business by the resulting lawsuit.
The really nice thing about Puppy, in frugal mode, is that it is incredibly easy to make a backup of the system (just copy the unmounted pupsave file). And it's so small, that it is also trivial.

Note also that making a "multi-user" machine isn't hard, with Puppy (I emphasize machine, as most don't care if it's an multi-user OS). Just copy your boilerplate pupsave over to a new username, and they then have their own system. Yeah, so you'll have to spend a few seconds performing a reboot to change users. Puppy is small enough that there isn't a real reason to leave it running when not in use, so the most likely scenario is that the user comes to the machine in the "off" state, and boots normally. Otherwise the 1st user will have to shut down, and the second reboot. No big deal.
I don't use frugal installs, so that's not applicable here. With proper multi-user support, using a different ID is a matter of log off, and log back on as the different ID. No reboot is required.
______
Dennis

Post Reply