123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130 |
- <!DOCTYPE html>
- <html>
- <head>
- <title>root</title>
- <meta charset="utf-8">
- <link href="./manual.css" rel="stylesheet" type="text/css" />
- </head>
- <body>
- <div id="container">
- <h1>About root, spot and fido</h1>
- <p>
- This is a short explanation of why users run as the administrator (root) in Puppy Linux, and/or use the non-root spot and fido accounts.
- </p>
- <section>
- <h2>root, spot, fido</h2>
- <p>
- In a nutshell, root login gives you total access to everything, whereas a non-root login gives you restricted access (that is configurable for each user by the administrator).<br>
- Puppy is not a multi-user system as are most other Linux distributions, in which there is a root login plus any number of non-root login accounts.<br>
- Puppy on the other-hand, has root, plus just two non-root logins, named spot and fido.
- </p>
- <section>
- <h2>root</h2>
- <p>
- There are two main objections to running as root: firstly, that you might accidentally do something dumb, such as delete important files, secondly that if someone gains access to your computer, either remotely via the Internet/network, or locally, they will be at root-level and able to do much more damage than if they gained access as a non-root user.
- </p>
- <section>
- <h3>Doing something dumb</h3>
- <p>
- In the case of accidentally wiping important files, which files are important to you? Your own personal files and data of course, which regardless of whether you are logged in as your non-root account, or logged-in as root, you are just as prone to doing the same dumb thing.<br>
- That is, your personal files, settings, applications, are all owned by the non-root user, and can just as easily be deleted by the non-root user as can be deleted by the administrator.<br>
- In other words, this argument against running as root is itself dumb. At least in respect to the safety of your own files.
- </p>
- <p>
- Where the "doing something dumb" argument is valid is in a multi-user system, where the administrator could accidentally delete or otherwise compromise another user's files. However, Puppy is not multi-user.
- </p>
- <p>
- With regard to system files, they can easily be restored, in fact Puppy makes this easy as the entire system is in one Squashfs file.
- </p>
- </section>
- <section>
- <h3>Remote access as root</h3>
- <p>
- What are you afraid of? Someone getting at your personal files and data, especially such things as identification and login/password data. Much of this is on your computer, and if you run a distro in which you login as a non-root user, are in files owned by your non-root account, meaning they are accessable equally by someone breaking in as non-root user or as root.
- </p>
- <p>
- However, there are two scenarios in which running as root has a security risk, only one of which applies to Puppy.
- </p>
- <p>
- Firstly, if you login non-root, you could bump up to root-level to perform certain operations such as keep a file of usernames and passwords. There are some applications also that use secret files owned by root, that non-root users are not supposed to read. Thus, anyone gaining access as root, can read all of those files.
- </p>
- <p>
- A note on the side about the above paragraph: major distros such as Ubuntu allow the first user account to bump up to root just by prefixing commands with "sudo" or "su", without requiring root password, which makes the whole protection mechanism a joke. Considering that most Ubuntu users are using this first login account as their regular login.
- </p>
- <p>
- Secondly, in a multi-user environment, the enemy may be another user. You would never have users logging in as root in that scenario. But, I repeat, Puppy is not multi-user.
- </p>
- <p>
- Note, Puppy allows multiple session save-files, which are usually managed by one user for different usage profiles. However, this can also cater for different users, even with optional password protection on a save-file, however this is only intended to be used in a "friendly" local environment. It is a very light-weight alternative to a multi-user system.
- </p>
- <p>
- Puppy supposes a "friendly" local environment, and the main threat is from someone gaining access to your computer via the network ports while you are online.<br>
- Which is highly unlikely in Puppy, due to the firewall, minimal daemons (with network capability disabled). But, the concern is still there...
- </p>
- </section>
- </section>
- <section>
- <header class="logo-header">
- <img class="header-logo" alt="" src="../../../root/spot/spot.png">
- <h2>spot</h2>
- </header>
- <p>
- This brings us to 'spot', which is a classical name for a dog. But, spot is not a normal user, you don't login as user spot. Instead, you bootup in the normal way as the root user, but you can choose to run some Internet applications as the restricted user spot.<br>
- This means that you have unfettered access to your local system, all the benefits of root, no hassles with file/directory ownerships and permissions, no restrictions on access to all hardware.<br>
- But, you can run, for example, SeaMonkey (browser, Composer, mail&news, IRC-chat suite), as spot. The home directory for spot is /root/spot, and SeaMonkey will only be able to (normally) edit/create/write files inside /root/spot.
- </p>
- <p>
- With spot, you have the best of both worlds. Freedom in your local system, a restricted user for Internet access.
- </p>
- <p>
- Note, at the time of writing, Puppy offers only Didiwiki personal blog running as spot and Seamonkey optionally running as spot -- you can choose your level of web-browsing danger, via the <i>Login and Security Manager</i> in the System menu.<br>
- A fork of Puppy, FatDog64, features all Internet applications running as spot.
- </p>
- </section>
- <section>
- <header class="logo-header">
- <img class="header-logo" alt="" src="fido96.png">
- <h2>fido</h2>
- </header>
- <p>
- fido is another name for a dog, and is a full non-root login account, as you would get in any other Linux distro. With one peculiarity, it's home directory is /root (which may indeed seem <i>very</i> peculiar to you, but there is a reason for it!). As with other distros, you would use 'su' or 'sudo' to perform administrator activities.
- </p>
- <p>
- fido always requires administrator password to perform administrator-level operations.
- </p>
- <p>
- fido is offered as an option at the first shutdown of Puppy, when you are creating a save-file for the session. If you opt for fido, at next bootup you will be automatically logged in as fido. Note though, fido is not quite mature, so not yet recommended to be used.
- </p>
- </section>
- </section>
- <section>
- <h2>Final note</h2>
- <p>
- Puppy is designed for people who know what they are doing and what they want, and they want to do it with the least hassles. They also want exclusive use of their computer, or maybe will share with a trusted person. If you want to put a small child in front of your computer and let them wreak havoc, Puppy is not recommended, but then, they could wreak havoc regardless of operating system. <br>
- At least with Puppy, you can rescue an old PC, install Puppy, and let him/her do whatever. It is affordable for each user to have their own separate hardware.
- </p>
- </section>
- <section>
- <h2>Links</h2>
- <p>
- FatDog64, a fork of Puppy created by "kirk" and "jamesbond", has since its inception run all network apps as user spot. Those guys have created an excellent web page that explains why running as root is safe (or not less-safe than running non-root):
- </p>
- <p>
- <a href="http://distro.ibiblio.org/fatdog/web/faqs/login.html">http://distro.ibiblio.org/fatdog/web/faqs/login.html</a>
- </p>
- <p>
- Some more relevant links:
- </p>
- <p>
- <div><a href="http://igurublog.wordpress.com/2010/01/16/fear-not-root/">http://igurublog.wordpress.com/2010/01/16/fear-not-root/</a></div>
- <div><a href="http://web.archive.org/web/20080604034010/grafpup.org/news/?page_id=243">http://web.archive.org/web/20080604034010/grafpup.org/news/?page_id=243</a></div>
- </p>
- </section>
- <footer>
- Regards,<br>
- Barry Kauler
- <div class="legal">(c) Copyright Barry Kauler 2013</div>
- </footer>
- </div>
- </body>
- </html>
|