To Root or Not To Root

Non release banter
User avatar
wread
Module Guard
Module Guard
Posts: 1092
Joined: 09 Jan 2011, 18:48
Distribution: Porteus v3.2.5-kde5-64 bits
Location: Santo Domingo
Contact:

To Root or Not To Root

Post#1 by wread » 03 Sep 2016, 20:36

@all
I was testing Porteus-Cinnamon in VirtualBox. I loaded the iso in VB and pressed start. Our beloved splash popped in and as usual I selected "Always Fresh"....
After a while a nice desktop appeared, I opened "File" and saw only the iso. Good, I opened GParted, formated my virtual HD, copied my iso to the VHD, installed Cinnamon in my HD, rebooted without iso, :Yahoo!: Fine bussiness!

But what I haven't said is how many times I had to tip "toor" to authenticate myself.....at least ten times!

If I start in AF mode, it is supposed I know what I am doing! -or not?

If we offer a gratis basic operating system that the user should complete with custom modules and to install those custom modules one must be root, then I do not see why AF should start as guest.

Request For Comments 8)
Porteus is proud of the FASTEST KDE ever made.....(take akonadi, nepomuk and soprano out and you will have a decent OS).
The Porteus Community never sleeps!

User avatar
brokenman
Site Admin
Site Admin
Posts: 5563
Joined: 27 Dec 2010, 03:50
Distribution: Porteus v3.2rcX all desktops
Location: Brazil
Contact:

Re: To Root or Not To Root

Post#2 by brokenman » 03 Sep 2016, 21:41

Needless to say, this is going to start a flame war!
If I start in AF mode, it is supposed I know what I am doing! -or not?
This is a bold and very general assumption. It could mean you don't know what you're doing and you messed something up and someone on the forum asked you to boot into AF mode.
If we offer a gratis basic operating system that the user should complete with custom modules and to install those custom modules one must be root, then I do not see why AF should start as guest.
What you say is akin to a windows user being an admin, just because he has to authenticate when he installs downloaded software. What about a user who builds Porteus on our super friendly web builder? They didn't install anything. Nor did the person who downloaded modules and placed them in the modules folder (perhaps using windows to do so) when creating their custom Porteus. AF mode is not about knowing what you are doing, it is about having the freedom to do what you want without breaking the system EVEN IF you don't know what you are doing.

I use Porteus exclusively in AF mode. I would never use my day to day operating system as a root user in a desktop environment. I understand why some people would want to so here is what I have done. If one REALLY knows what they are doing they can give the guest user the privileges they require to do almost anything they need. The exceptions are some of the custom Porteus scripts such as xzm2dir which look specifically for a root user. In the next release I have added a function that will check to see if your are root OR you are in the wheel group. This will help those that want to boot as root. You will need to tell me which actions you use most that require elevated privileges and I will do my best to make it easier for you.
How do i become super user?
Wear your underpants on the outside and put on a cape.

User avatar
francois
Contributor
Contributor
Posts: 5073
Joined: 28 Dec 2010, 14:25
Distribution: kde xfce porteus manjaro kubun
Location: Enfin l'été, le changement climatique attendu: le soleil.

Re: To Root or Not To Root

Post#3 by francois » 03 Sep 2016, 22:06

@wread:
Sorry to ask such a question, what AF mode standing for?
Neophytes have the right to know. 8)

If you are uneased with guest mode? Just get to root mode:

Code: Select all

su
toor
nemo or whatever
:wink:
Voltaire: Le mieux est l'ennemi du bien.

User avatar
wread
Module Guard
Module Guard
Posts: 1092
Joined: 09 Jan 2011, 18:48
Distribution: Porteus v3.2.5-kde5-64 bits
Location: Santo Domingo
Contact:

Re: To Root or Not To Root

Post#4 by wread » 04 Sep 2016, 00:31

@brokenman
We must get back to the philosophy of Porteus...
Do we want to have ten million idiots using the system or do we want to have many thousands who know what they are doing?
As a teacher I know you learn by doing. You and I we have messed a system more than once working as root, right? If you don't let them be root they will never learn.

I myself have tough Informatics for Engineers with Porteus 2.0 - I think - and experienced the most unthinkable mistakes the students do!, but they learned by doing 8) . My students wanted to be root. Guest is thought for others "using my computer".

My experience....
Porteus is proud of the FASTEST KDE ever made.....(take akonadi, nepomuk and soprano out and you will have a decent OS).
The Porteus Community never sleeps!

User avatar
brokenman
Site Admin
Site Admin
Posts: 5563
Joined: 27 Dec 2010, 03:50
Distribution: Porteus v3.2rcX all desktops
Location: Brazil
Contact:

Re: To Root or Not To Root

Post#5 by brokenman » 04 Sep 2016, 04:30

AF = Always Fresh
We must get back to the philosophy of Porteus...
You will need to define the philosophy of Porteus further. One aspect of this, in my humble opinion, is to try to be as idiot proof as possible.
Do we want to have ten million idiots using the system or do we want to have many thousands who know what they are doing?
The second option would be ideal however, the fact is that the first option is more likely. If you are in the second group (you know what you are doing) then you will know how to get into root mode. If you are not in the second group then you shouldn't be root.
As a teacher I know you learn by doing. You and I we have messed a system more than once working as root, right?
Yes I have broken systems before during learning. Nobody is stopping a user from becoming root. That is not the issue.

It is true that a user won't learn without becoming root, but don't you think it is better to start with training wheels first? When I say training wheels I mean the option to elevate to root if and when you need it. Like I said, nobody is prevented from becoming root and those that know what they are doing can easily do this.
How do i become super user?
Wear your underpants on the outside and put on a cape.

Bogomips
Full of knowledge
Full of knowledge
Posts: 2563
Joined: 25 Jun 2014, 15:21
Distribution: 3.2.2 Cinnamon & KDE5
Location: London

Re: To Root or Not To Root

Post#6 by Bogomips » 04 Sep 2016, 10:03

brokenman wrote:nobody is prevented from becoming root and those that know what they are doing can easily do this.
Like in Mint where you can always sudo without pw to do the root thing. In fact it is the way I have my sudo set up. 8)
Linux porteus 4.4.0-porteus #3 SMP PREEMPT Sat Jan 23 07:01:55 UTC 2016 i686 AMD Sempron(tm) 140 Processor AuthenticAMD GNU/Linux
NVIDIA Corporation C61 [GeForce 6150SE nForce 430] (rev a2) MemTotal: 901760 kB MemFree: 66752 kB

donald
Full of knowledge
Full of knowledge
Posts: 1219
Joined: 17 Jun 2013, 13:17
Distribution: Porteus 3.2.2 XFCE 32bit
Location: Germany

Re: To Root or Not To Root

Post#7 by donald » 04 Sep 2016, 12:35

Nothing will prevent silly users from doing silly things.
BUT:
sudo = reducing security to make it more 'user friendly'.
Sudo is great for a live-CD but should not be installed on any working desktop.
Admin level control should only be available to admin level users, root.
sudo can be used IF you secure it properly, and IF you do everything right -- are you sure you did?

passwordless sudo, hell why not just have only a root user, no firewall
and leave all ports open too.

Bogomips
Full of knowledge
Full of knowledge
Posts: 2563
Joined: 25 Jun 2014, 15:21
Distribution: 3.2.2 Cinnamon & KDE5
Location: London

Re: To Root or Not To Root

Post#8 by Bogomips » 04 Sep 2016, 13:17

donald wrote:Sudo is great for a live-CD but should not be installed on any working desktop.
Sudo in AF mode no different from from live CD. Anyway instead of live CD loadng from ISO file. Also no problem from live CD to sudo rm -rf /mnt/sda1/*.
Linux porteus 4.4.0-porteus #3 SMP PREEMPT Sat Jan 23 07:01:55 UTC 2016 i686 AMD Sempron(tm) 140 Processor AuthenticAMD GNU/Linux
NVIDIA Corporation C61 [GeForce 6150SE nForce 430] (rev a2) MemTotal: 901760 kB MemFree: 66752 kB

donald
Full of knowledge
Full of knowledge
Posts: 1219
Joined: 17 Jun 2013, 13:17
Distribution: Porteus 3.2.2 XFCE 32bit
Location: Germany

Re: To Root or Not To Root

Post#9 by donald » 04 Sep 2016, 13:36

^
Same is true for the login=root cheatcode
That's why porteus is a nice little OS to carry on an usb-flash.
Ofcourse one can use it as the main/only OS but one should be the "one and only" user then.

Bogomips
Full of knowledge
Full of knowledge
Posts: 2563
Joined: 25 Jun 2014, 15:21
Distribution: 3.2.2 Cinnamon & KDE5
Location: London

Re: To Root or Not To Root

Post#10 by Bogomips » 04 Sep 2016, 14:16

donald wrote:^ Same is true for the login=root cheatcode
Not by a long shot:
  • Not all instructions run as root. Only any which need elevated privilege. This allows stop and think time.
  • Any script invoked will also run with root privilege. Very easy to make wrong assumption about what a script will do, when writing one.
  • GUIs will also run with root privilege, meaning File Manager can delete anything, and very easy thru forced error to select wrong object for deletion. Same goes for text editor mangling important file in /etc, etc.
Linux porteus 4.4.0-porteus #3 SMP PREEMPT Sat Jan 23 07:01:55 UTC 2016 i686 AMD Sempron(tm) 140 Processor AuthenticAMD GNU/Linux
NVIDIA Corporation C61 [GeForce 6150SE nForce 430] (rev a2) MemTotal: 901760 kB MemFree: 66752 kB

User avatar
brokenman
Site Admin
Site Admin
Posts: 5563
Joined: 27 Dec 2010, 03:50
Distribution: Porteus v3.2rcX all desktops
Location: Brazil
Contact:

Re: To Root or Not To Root

Post#11 by brokenman » 04 Sep 2016, 14:41

One of the principal reasons people use a computer nowadays is to open a web browser. Can you think of any advantages of running a web browser as root? Now, can you think of any disadvantages?
How do i become super user?
Wear your underpants on the outside and put on a cape.

donald
Full of knowledge
Full of knowledge
Posts: 1219
Joined: 17 Jun 2013, 13:17
Distribution: Porteus 3.2.2 XFCE 32bit
Location: Germany

Re: To Root or Not To Root

Post#12 by donald » 04 Sep 2016, 15:17

@ Bogomips
Bogomips wrote:This allows stop and think time.
One should "think" before doing something, and that's exactly the problem,no?

However, what was meant is:
As long as one, (whatever kind of idiot may sit in front of the keyboard),
can invoke the login=root cheatcode, or use the, (most likely), not properly configured
sudo command, (read man sudo - security), you have lost.

So this OS is a nice one to carry in your pocket, but never, never allow it to boot
(or any other Live-CD/USB) on a maschine you are responsible for.(as an Admin)

To be fair, i do not care that much for Home-boxes,
but if your offspring is even a little clever, you should be aware that your Files/OS are/is not secure.

jssouza
DEV Team
DEV Team
Posts: 348
Joined: 09 Jul 2015, 14:17
Distribution: Porteus x86 arm
Location: Liechtenstein

Re: To Root or Not To Root

Post#13 by jssouza » 04 Sep 2016, 16:08

Bogomips wrote:Not all instructions run as root.
Hi Bogomips,

Just for my understanding (and learning) could you give an example for this? I thought anything could be run as root.

Thanks!

User avatar
wread
Module Guard
Module Guard
Posts: 1092
Joined: 09 Jan 2011, 18:48
Distribution: Porteus v3.2.5-kde5-64 bits
Location: Santo Domingo
Contact:

Re: [SOLVED] To Root or Not To Root

Post#14 by wread » 04 Sep 2016, 21:46

@all
For me the problem is already solved. I entered in text mode, switched to x and started cinnamon.
I extracted 003-cinnamon, opened /etc/slim.conf and modified the default user, setting root instead of guest; made the new 003-cinnamon.xzm and :Yahoo!:

Regards!
Porteus is proud of the FASTEST KDE ever made.....(take akonadi, nepomuk and soprano out and you will have a decent OS).
The Porteus Community never sleeps!

User avatar
ncmprhnsbl
DEV Team
DEV Team
Posts: 964
Joined: 20 Mar 2012, 03:42
Distribution: 3.2.2-64bit xfce/openbox
Location: australia
Contact:

Re: To Root or Not To Root

Post#15 by ncmprhnsbl » 04 Sep 2016, 22:40

heres a quote from another forum that i found to be to the point:
The security concern here is NOT that you as a user cannot be trusted with a root login, but that all the software associated with your DM of choice will then be running with root privileges and THEY cannot neccessarily be trusted. Every little bug in any of those tools might escalate to a systemwide threat when they have complete access to everything. That is why you should run only those tools with root privileges, that really need them to operate.
Forum Rules : http://forum.porteus.org/viewtopic.php?f=35&t=44

Post Reply