Browse as user "Spot"

Browsers, email, chat, etc.
Message
Author
Jasper

#16 Post by Jasper »

Hi Luluc,

Thank you for your input. However, I apologize as my .mozilla folder is in /mnt/home and my .mozilla folder in root is an absolute link,

I have played with my absolute links without any success and I will amend your code for the different location and try it later today unless, meantime, anyone else has a definite solution.

My regards

nooby
Posts: 10369
Joined: Sun 29 Jun 2008, 19:05
Location: SwedenEurope

#17 Post by nooby »

Yes I need such too. I have the .mozilla on mnt/home and an absolute link to it. Does one need a relative link then?

How does one change the password for spot and what does it have now?

Thanks to L18L
Last edited by nooby on Fri 22 Apr 2011, 18:12, edited 1 time in total.
I use Google Search on Puppy Forum
not an ideal solution though

User avatar
L18L
Posts: 3479
Joined: Sat 19 Jun 2010, 18:56
Location: www.eussenheim.de/

#18 Post by L18L »

nooby wrote:How does one change the password for spot and what does it have now?

Code: Select all

# passwd spot
Changing password for spot
New password: 
Retype password: 
Password for spot changed by root
#

Code: Select all

# cat /etc/passwd | grep spot
Cheers
spot since 10 minutes :D

Edited: but more important is to change root's password :!:
by simply typing in a console

Code: Select all

passwd

User avatar
Bernie_by_the_Sea
Posts: 328
Joined: Wed 09 Feb 2011, 18:14

#19 Post by Bernie_by_the_Sea »

Dillo works under spot in Wary 500.

Code: Select all

# su spot
# whoami
spot
# dillo
Dillo is relatively secure as root but Spot digs the hole deeper to bury his paranoid bones.
[color=green]Frugal[/color]: Knoppix 6.4.4 DVD
[color=blue]USB[/color]: DSL 4.4.10
[color=red]Full[/color]: WinXP Pro
Puppy (Feb. 4 - May 12, 2011) led me back to Linux.

User avatar
Luluc
Posts: 200
Joined: Wed 16 Mar 2011, 07:10

#20 Post by Luluc »

Dillo is secure to the extreme. No Flash. No Javascript. It can't be hacked.

But it's too much of a sacrifice IMO. It's ugly, renders badly, has no features... :?

Jasper

#21 Post by Jasper »

Hi.

Yesterday I raised a query about add-ons and bookmarks (finally, I "cheated" by reinstalling those I wanted).

However,

if I click my desktop browsesafe icon it loads Firefox, but if I open my console on top of Firefox and then execute "whoami" the answer is always "root" (never "spot" as it presumably should be).

My regards

Addendum and correction:

rcrsn51 in a later post in this thread has kindly explained that Firefox, in this particular case, is actually running as user spot..

01micko has kindly explained in a later post in this thread that the code to use in this particular case is "ps|grep firefox" not "whoami".

--------------------------
However (as now underlined above was originally in large text and was followed in large bold text by the word "disturbingly"). This is now amended since all worked as was intended and nothing was "disturbing" except my faulty understanding.
Last edited by Jasper on Sun 24 Apr 2011, 09:33, edited 1 time in total.

nooby
Posts: 10369
Joined: Sun 29 Jun 2008, 19:05
Location: SwedenEurope

#22 Post by nooby »

Jasper you know computers much better than I do so if the following is totally out on the limb take it with a broad smile.

I only try to be logical and that usually fails when I do it.

On top of Firefox. My poor logic says you need to move .mozilla within the Spot directory and start it up there and then as you say on top open a terminal within spot and then ask who am I and it will say Spot :)

I am wrong most likely but that was what my confused brain came up with :)
I use Google Search on Puppy Forum
not an ideal solution though

User avatar
rcrsn51
Posts: 13096
Joined: Tue 05 Sep 2006, 13:50
Location: Stratford, Ontario

#23 Post by rcrsn51 »

Jasper wrote:However, disturbingly
Not at all. You are only the user spot in the temporary environment that is running Firefox. Outside of that, you are still root.

This is not like Ubuntu where you can log in as a completely new user.

While you are running your spot-Firefox, download a file and try to save it to /mnt/home or /bin. What happens?

Jasper

#24 Post by Jasper »

Hi rcrsn51,

Thank you very much for your encouraging explanation.

My regards

User avatar
rcrsn51
Posts: 13096
Joined: Tue 05 Sep 2006, 13:50
Location: Stratford, Ontario

#25 Post by rcrsn51 »

rcrsn51 wrote:While you are running your spot-Firefox, download a file and try to save it to /mnt/home or /bin. What happens?
What happened?

nooby
Posts: 10369
Joined: Sun 29 Jun 2008, 19:05
Location: SwedenEurope

#26 Post by nooby »

And Rcrsn51 can you explain better. Does it mean there is no added security or was this your way to assure that it is safer to run as spot then? I fail to be sure what you say to Jasper.

I agree that it is as you say I only fail to get the implications of that fact.
Last edited by nooby on Sat 23 Apr 2011, 13:26, edited 1 time in total.
I use Google Search on Puppy Forum
not an ideal solution though

nooby
Posts: 10369
Joined: Sun 29 Jun 2008, 19:05
Location: SwedenEurope

#27 Post by nooby »

rcrsn51 wrote:
rcrsn51 wrote:While you are running your spot-Firefox, download a file and try to save it to /mnt/home or /bin. What happens?
What happened?
As I remember it can only be saved within spot and then I need to start up Rox as root for to get access to it and move it elsewhere.
I tested this with a picture from a site and it ended up in spot and not on mnt/home as I wanted it to be :)


As I wrote I have tested with other pic and what happened was that I failed to place it outside of Spot. So that is something I like but others say it does not help much due to the criminals know all the tricks something.

But I find it likely it is a bit safer so oklay I will wait for Jasper's answer then :)
Last edited by nooby on Sat 23 Apr 2011, 13:36, edited 1 time in total.
I use Google Search on Puppy Forum
not an ideal solution though

User avatar
rcrsn51
Posts: 13096
Joined: Tue 05 Sep 2006, 13:50
Location: Stratford, Ontario

#28 Post by rcrsn51 »

nooby wrote:And RC can you explain better
Not until Jasper answers my question above. With all due respect, talk is cheap. The only way to resolve issues is with actual physical testing.

Have you tried my suggestion yet?

1. Run a browser as spot.

2. Download this file. DON'T install it!

3. Try to save it to /mnt/home or /bin. What happens?

User avatar
rcrsn51
Posts: 13096
Joined: Tue 05 Sep 2006, 13:50
Location: Stratford, Ontario

#29 Post by rcrsn51 »

nooby wrote:I tested this with a picture from a site and it ended up in spot and not on mnt/home as I wanted it to be :)
Exactly. That's because the user spot does not have write permission on /mnt/home. Similarly, a piece of malware could not install itself into a system folder like /bin. However, it could still destroy all your personal files in spot.

Clearly, you don't want to save lots of files in spot because it fills up your savefile. So go to /mnt/home and make a folder called "spot-download". Give its ownership to spot

Code: Select all

chown spot:spot /mnt/home/spot-download
Now you have a better place to download files. Of course, this folder is now theoretically vulnerable to attack.

You could also symlink spot's .mozilla profile into this area because spot has the correct permissions to use it. Or for that matter, you could delete the current spot user and create a new one whose home directory was a subfolder of /mnt/home. I haven't tested this yet.
Last edited by rcrsn51 on Sat 23 Apr 2011, 13:39, edited 1 time in total.

User avatar
01micko
Posts: 8741
Joined: Sat 11 Oct 2008, 13:39
Location: qld
Contact:

#30 Post by 01micko »

To test if you are browsing as spot run this:

Code: Select all

ps|grep firefox
(replace firefox with seamonkey if required)
Puppy Linux Blog - contact me for access

User avatar
Luluc
Posts: 200
Joined: Wed 16 Mar 2011, 07:10

#31 Post by Luluc »

rcrsn51 wrote:1. Run a browser as spot.

2. Download this file. DON'T install it!

3. Try to save it to /mnt/home or /bin. What happens?
"Data File Host
Accessing directly the download link doesn't work. The download only starts if you click from the download page."
It's what the page says! :lol: :lol: :lol:
nooby wrote:As I remember it can only be saved within spot and then I need to start up Rox as root for to get access to it and move it elsewhere.
I tested this with a picture from a site and it ended up in spot and not on mnt/home as I wanted it to be :)
You still can save files inside /mnt/home. Do it like this:

Create a new directory:

Code: Select all

# mkdir -p /mnt/home/spotfiles
Make spot the owner of that directory:

Code: Select all

# chown -R /mnt/home/spotfiles
Now you can download files with the browser, browse to /mnt/home/spotfiles and save the files there when prompted for a download location.

nooby
Posts: 10369
Joined: Sun 29 Jun 2008, 19:05
Location: SwedenEurope

#32 Post by nooby »

Thanks rcrsn51, Micko, Luluc all of you

My question is:
I have saved the following text and promised myself to test it out but I am so afraid of failure so I have postponed it the whole day. Can you guys confirm it is good advices. Apology to the author L18L that I failed to remember that you told me how to. :)

nooby wrote:
How does one change the password for spot and what does it have now?

Code:
# passwd spot
Changing password for spot
New password:
Retype password:
Password for spot changed by root
#

Code:
# cat /etc/passwd | grep spot

Cheers
spot since 10 minutes Very Happy

Edited: but more important is to change root's password Exclamation
by simply typing in a console
Code:
passwd

Running FF as spot

It's not hard to run Firefox or SeaMonkey as Spot, I just demonstrated how in a different thread.
Boot puppy normally.
Open the terminal.
enter "su spot" (no quotes) at the prompt.
enter "firefox" (no quotes) next.
When it launches, Firefox will be running under user Spot.
Link to screenshot
http://www.murga-linux.com/puppy/viewto ... 399#511399

Note, starting from default browser icon you are root.
dragging defaultbrowser.desktop to the desktop and then klicking that will start defaultbrowser as user spot.
Last edited by nooby on Sat 23 Apr 2011, 15:04, edited 1 time in total.
I use Google Search on Puppy Forum
not an ideal solution though

Jasper

#33 Post by Jasper »

Hi guys,

@ nooby - rscrn51 is saying that I was actually running Firefox as spot (even though it seemed (to me) I was running as root).

@ rcrsn51 - I have now tried two downloads and so I can personally confirm what you already knew and advised.

It is rare (perhaps the first time) that I have used large and emboldened text - but I was worried for other users (though I did say "presumably" as I'm only too aware I'm not all-knowing).

So now, thanks to you, I have a hugely improved understanding and confidence that browsesafe works.

My big, big mistake was in thinking that "whoami" would return my Firefox status. My apology for that and, with hindsight, for raising my query so strongly.

@ 01micko - thank you also for your pet and your help.

My regards
Last edited by Jasper on Sat 23 Apr 2011, 14:08, edited 1 time in total.

User avatar
rcrsn51
Posts: 13096
Joined: Tue 05 Sep 2006, 13:50
Location: Stratford, Ontario

#34 Post by rcrsn51 »

Deleted. See my post three down from here.
Last edited by rcrsn51 on Sat 23 Apr 2011, 16:27, edited 3 times in total.

nooby
Posts: 10369
Joined: Sun 29 Jun 2008, 19:05
Location: SwedenEurope

#35 Post by nooby »

rcrsn51 thanks for that one. Most instructive. The problem is that I have deleted .mozilla from root and reuse an old .mozilla that I placed in mnt/home and it would fail to link to that one from this new dir you made.

One would need to do what? Copy over a copy of that old one into that dir then?

Ahh now I get it "browsesafe " is a script or pet that Micko has made?
Last edited by nooby on Sat 23 Apr 2011, 14:13, edited 1 time in total.
I use Google Search on Puppy Forum
not an ideal solution though

Post Reply