Users online right now: 99 - Login  » search  » forum index  

Add a user called "slax" in SLAX 6.1.0

imate900
wrote 5 years ago


reply
Being root is dangerous, and being root, you can't play some games (like my Freeciv module). The solution is that we put sudo in Slax Core, add the user "slax", then grant sudo access to "slax".
 
tonio
wrote 5 years ago


reply
imate900 wrote:
Being root is dangerous, and being root, you can't play some games (like my Freeciv module). The solution is that we put sudo in Slax Core, add the user "slax", then grant sudo access to "slax".

dangerous? How so?
Yes I have heard of such things :), but from a livecd? You can use the password ask boot prompt and change the password to whatever you want, is that hard to do?
Sudo (please let sudo stay there with Ubuntu and Debian :)

Of course all this is Tomas' choice, he can choose to accomodate your request or put it behind him(safely ignore it )
 
alMubarmij
wrote 5 years ago


reply
Yes, booting from root for command-line it's accepted, but for desktop users is not a good idea, and it's maybe a reason to crash the system with any wrong usage.
Most other Linux distros put a normal user for LiveCDs.
 
anrix
wrote 5 years ago


reply
me too actually.... i've been installing slax on HDD and its better to have a non root account running thought
 
markds
wrote 5 years ago


reply
It is a linux concept not to use root for day to day activities - search any forum and you'll find that people frown apon you using root for normal stuff like surfing, etc. I don't really find a problem with it, especially if you know what you're doing. The issue maybe with new users who don't know what they are doing and inadvertanly do something unrecoverable. Like for example mistakenly deleting a windows partition while trying out slax? Accidents can happen. While I have no problems with people using root, all I can say is be careful and be mindful of what you're doing.
 
Ivshti
wrote 5 years ago


reply
Add this code to /etc/rc.d/rc.slax:

GUEST=$(cmdline_value "guest")
if [ "$GUEST" ]; then
useradd $GUEST -m -d /home/$GUEST -G floppy,audio,video,cdrom,plugdev,scanner -p ""
fi

Then, edit /etc/kdm/kdmrc to login with the new user. This can happen in the script very easily with sed.
 
burninbush
wrote 5 years ago


reply
dangerous? How so?
Yes I have heard of such things :), but from a livecd? You can use the password ask boot prompt and change the password to whatever you want, is that hard to do?
Sudo (please let sudo stay there with Ubuntu and Debian :)

+++++++++++++

Yeah, prohibitions against root amuse me, too. Like I'm ever gonna refuse to give myself permission to do something because I have to enter 'sudo' first.

The whole notion of learning from your mistakes requires that you actually make those mistakes.
 
markds
wrote 5 years ago


reply
Personally I don't care for those forums and users who denounce using root to do stuff. It becomes more irritating when users go into forums saying that they know the dangers of being root, but STILL want to use it anyway, and then the forum users give them crap instead of helping them out (http://gnomesupport.org/forums/viewtopic.php?t=13211). Using root is FINE, but like I said above, just becareful.
 
jcsoh
wrote 5 years ago


reply
@markds "Using root is FINE, but like I said above, just becareful. "

I am not worry running as root so far as my own action are concern , meaning screwing my system due to my own action , but is there really addtional increase risks so due to the actions of others , say a hacker ?.

My security concern arise due to what I feel is some security weakness (in fact it's astounding) .
For example , I am running slax from a frugal install on a hard disk and my changes are saved to a partition.
I connect to the internet using ppp0e setup.

In my changes partition , in /etc/ppc , I can see 4 files named chap-secrets, chap-secrets-bak , pap-secrets and pap-secrets-bak. The files can be read with a text editor , and in it is my user /login name (to my internet service provider) and user password !.

From the security point of of view anyone hacking into my system can read the files and get my user/login in name and pass word.

For the moment , each time I log in , I run a simple script to del the file (using wipe) , and copy over4 files with the same name but substituing xxxxx to hide the user /login name and pass word.
 
markds
wrote 5 years ago


reply
I understand the security point of view on this, but for slax I fail to see the significance. Slax is of course for the personal workstation, therefore if you're concerned about someone accessing your system from the console when you leave the laptop alone, there is little you can do about it. In this case with full access to the console it makes no difference if you're root or not. Just booting up with another slax cd/usb, I can mount your changes partition and read whatever I want. If you're worried about people hacking INTO your machine via the internet, then thats an issue of the relevant ports being closed/firewalled.

I hope I haven't misunderstood your concerns.

jcsoh wrote:
@markds "Using root is FINE, but like I said above, just becareful. "

I am not worry running as root so far as my own action are concern , meaning screwing my system due to my own action , but is there really addtional increase risks so due to the actions of others , say a hacker ?.

My security concern arise due to what I feel is some security weakness (in fact it's astounding) .
For example , I am running slax from a frugal install on a hard disk and my changes are saved to a partition.
I connect to the internet using ppp0e setup.

In my changes partition , in /etc/ppc , I can see 4 files named chap-secrets, chap-secrets-bak , pap-secrets and pap-secrets-bak. The files can be read with a text editor , and in it is my user /login name (to my internet service provider) and user password !.

From the security point of of view anyone hacking into my system can read the files and get my user/login in name and pass word.

For the moment , each time I log in , I run a simple script to del the file (using wipe) , and copy over4 files with the same name but substituing xxxxx to hide the user /login name and pass word.
 
jcsoh
wrote 5 years ago


reply
@markds

Thanks . Ok , I think I feel better (but I hope this isn't some misplaced confidence). I am not worry about physical access to the computer , as I am a freelancer working from home , so there is no one else to physically access my computer . If a thief break in, I assumed he will just cart away the whole computer.

As for hackers , I don't know anything about firewall . I am using the firewall module by Gusterrapolis.
http://www.slax.org/modules.php?action=detail&id=53

I put it in /module so it auto load. As far as I can tell (I am booting up slax with vga=normal so I can the screen messages) , it's loading properly . There is some message about sanity check , ok.

I tried using the Guard dog module , I can't make sense of the configuration , so I don't change anything.
When running pppoe-setup , I opt for firewall option 1 for stand alone computer.

I don't quite know if this contradict / clash with the earlier firewall module. I guess , the next step would be to use encrypted partion to save changes.

I guess my main question is why slax save the pass word in text readable form in the first place . Why can't it save it like when it save root password in shadow , where you get a bunch aplphabet /symbols.
 
fundamental
wrote 5 years ago


reply
I would say that if you want a firewall, then you should just make sure the /etc/rc.d/rc.Firewall is running.
It is a short script written by Tomas M with IPTables to block the majority of incoming requests.

If you are worried about the contents of /etc/ppc/* then there might be some tools, which do not save the settings, so you could login to the service later on.
If there are not, then having another user which does not have read access to that file would prevent anyone who was logged into the machine from that account from finding out your password.
 
markds
wrote 5 years ago


reply
Speaking of hacking into someone's Slax, I've always wanted to warn users about accepting/using modules without checking them by extracting them first. Take a look at this scenario :

1) Create a normal module for something useful (eg: graphic card drivers)
2) In the module additionaly put
- socat/netcat/nc binary
- a script that autoruns when system starts which essentially
a) turns off your firewall (if any)
b) listens on an open port ready to give a shell on connection
c) gets your ip address and mail the hacker

Hacker on his side receives the mail, sees your ip address and runs netcat/nc and gets a root shell to your system.

(I actually wrote the full script here, but decided I should not post it)

This of course only works if you get a public IP and you're not behind a router with NAT or the router's firewall. But then again its rather simple to modify the script to even get around that, just that the script will be a whole lot more complex.

So I would suggest that users extract the modules with lzm2dir FRIST, before putting them into your modules/ folder.
 
tonio
wrote 5 years ago


reply
markds wrote:
Speaking of hacking into someone's Slax, I've always wanted to warn users about accepting/using modules without checking them by extracting them first. Take a look at this scenario :

1) Create a normal module for something useful (eg: graphic card drivers)
2) In the module additionaly put
- socat/netcat/nc binary
- a script that autoruns when system starts which essentially
a) turns off your firewall (if any)
b) listens on an open port ready to give a shell on connection
c) gets your ip address and mail the hacker

Hacker on his side receives the mail, sees your ip address and runs netcat/nc and gets a root shell to your system.

(I actually wrote the full script here, but decided I should not post it)

This of course only works if you get a public IP and you're not behind a router with NAT or the router's firewall. But then again its rather simple to modify the script to even get around that, just that the script will be a whole lot more complex.

So I would suggest that users extract the modules with lzm2dir FRIST, before putting them into your modules/ folder.


This is one thing that makes *me* wonder why would people do such things?
Are there any trojan horses in the linux world?
This is why Tomas has taken a looooooooo-----ong time verifying modules right? to make sure that the modules follow the rules, to make sure that the modules do not have crapware/trojans installed and executed, right?

I have never had troubles running as root from slax live cd, but from other distros i.e, slackware and fedora I run as regular user and su -, whenever I need to :)

Thanks markds for your post to look for such things :)
 
markds
wrote 5 years ago


reply
tonio wrote:
This is one thing that makes *me* wonder why would people do such things? Are there any trojan horses in the linux world? This is why Tomas has taken a looooooooo-----ong time verifying modules right? to make sure that the modules follow the rules, to make sure that the modules do not have crapware/trojans installed and executed, right?

Coming from a security background I can tell you sometimes they do just be they *can*. Script kiddies especially, they find something that they think makes them look cool and they just go ahead and do it, oblivious to the inconvenience or trouble they cause others.

Ensuring safety I guess is why the verification process for modules takes a long time, but Tomas is only one person and there are hundreds if not thousands of modules. The responsibility should rightfully fall on the user to be *fully* aware of what he or she is installing onto their own machine. It hardly takes 30 seconds to do

unsquashfs -l <modulename.lzm> | more
and read through the list of directories/files in the module (unless its a huge module). Just look out especially for hidden directories (those starting with . or .. such as .xxx or ..xxxx).

After activating a module, if you are connected to the internet, do a

netstat -a | more
to check what ports your machine is listening on (only need to look at the top portion for "Active Internet Connections"). Anything that looks fishy, google for "TCP PORT XXXX" where XXXX is the port number shown in the netstat and find out what exactly that port does. If its not supposed to be open, you need to get the 'lsof' program (not sure if slax has it by default) - stands for "list open files". Do

lsof |grep XXXX
where XXXX is the port number you're searching for to determine what application is running that is opening that port. The 2nd column of 'lsof' gives you the process id or PID of the application and you do can stop the process by doing

kill -9 <PID>
or

killall <application_name>

So as an example, I do a "netstat -a" and I see this :

tcp 0 0 *:1111 *:* LISTEN
and I find it fishy. So I do "lsof | grep 1111" and get this :

socat 2671 root 5u IPv4 7546 TCP *:1111 (LISTEN)
So the application opening up port 1111 is socat and the PID of socat is 2671. A quick check on the web tells me that socat can be used to open up backdoors into my system, so I need to kill it

kill -9 2671
or

killall socat
and the process is gone. You can check again with netstat to ensure that the port is no longer opened.

This is just a simple security tip that won't take you more than 30 seconds to do but it will save you a whole lot of trouble if someone really planted a backdoor trojan on your system.
 
fundamental
wrote 5 years ago


reply
That method of detection is relying too heavily on the fact that the nc/socat/netcat binary has its name unchanged.

The netstat output is definitely a tool that I have used in the past, when my computer has acted fishy.

I would say just look for things that might be out of place.
ie
If you download an OpenOffice module, and it has a kernel module in it, then you might want to investigate.
If you have a module, which seems to start daemons/edit configurations, when it should not be necessary, then question the content.
Another example, if you are downloading a wallpaper module, and it has an executable in it, think twice before activating it.

If someone does not like how a module looks, then they should be able to give the slaxbuild a quick check.
If they trust the origin of the source, they should be able to quickly recreate the module, knowing exactly how it was made.
 
markds
wrote 5 years ago


reply
Very true, but I'm just giving an example. With this example even a newbie will know how to search for the app thats opening the suspect port and terminate the process, doesn't matter what the app was named or renamed.

It needs a lot more experience to be able to visually detect something amiss, which is what users like yourself will be able to do, but I'm more or less gearing the example for the users who haven't got that experience.

fundamental wrote:
That method of detection is relying too heavily on the fact that the nc/socat/netcat binary has its name unchanged.

The netstat output is definitely a tool that I have used in the past, when my computer has acted fishy.

I would say just look for things that might be out of place.
ie
If you download an OpenOffice module, and it has a kernel module in it, then you might want to investigate.
If you have a module, which seems to start daemons/edit configurations, when it should not be necessary, then question the content.
Another example, if you are downloading a wallpaper module, and it has an executable in it, think twice before activating it.

If someone does not like how a module looks, then they should be able to give the slaxbuild a quick check.
If they trust the origin of the source, they should be able to quickly recreate the module, knowing exactly how it was made.
 
jcsoh
wrote 5 years ago


reply
A side note , while extracting then modules to look out for any " unusual / malicious" code as suggested by markds , users may as well take the opportunity to "trim" the modules.

You can remove or copy the the hard disk or elsewhere the manuals. You can delete unused locale, readme file , examples etc. For some module for printing or scanner , you can remove the library or files for models that you are not using.

In extreme case the final trimmed module maybe as small as 1/4 of the original size.
 
imate900
wrote 5 years ago


reply
Before this thread turns into a thread about how you can extract modules and get a look at them...
1. Some applications don't even start under root. That was Freeciv in my example.
2. Contrary to the fact that SLAX is a Live CD, if you were to installing a Linux distribution and as root in the Live CD, running a virus, will not only infect the current LiveCD environment, but the install of the distribution is also compromised too.
Just my few words of advice.
 
forum
wrote 5 years ago


reply
example, it's dangerous coz some noob can wrongly guide to fdisk/mkfs their harddrive without ever notice what they're actually doing.
and if they have wine and running infected windows apps, it might spread out too.
and if someone send a noob a module or even simple bash script with rm -rf /mnt will wipe out everything in the mounted drive. or to the extreme, a trojan that open a backdoor to let others access to their computers and all their data.
regular users, especially those came from windows will NOT understand that simple bash script. how can they notice "unusual/malicious" code?????

etc...
etc...
 
dennyhalim.com
wrote 5 years ago


reply
imho. it's in the mind set

stop thinking about linux users who knows about rm/fdisk/mkfs/etc....
think about a complete noob coming from ubuntu/windows/someprettygui who never use cli.

they never know about cli. they dont have to. everything is in the gui.
they never even ping or ifconfig (ipconfig in windows) etc...
they do not know about rm/fdisk/mkfs/etc.....

how can they know a module/script is malicious or not????

that's how today m$ windows world become.
coz they're all blinded with pretty gui, they just execute everything you sent to them without checking or even think once about it.

they expected everything safe and that they're protected by their expensive antivirus, firewall that they never configure, etc...


simply put.
dont expect the regular users (want) to learn how to secure their system.

the system should try to protect itself from the users.
 
markds
wrote 5 years ago


reply
forum wrote:
how can they notice "unusual/malicious" code?????


Hence they learn how to do so and learn to be more careful and if they aren't willing to learn and insist on being spoon fed, then they just have to deal with the fall out and incovinience.
 
markds
wrote 5 years ago


reply
dennyhalim.com wrote:the system should try to protect itself from the users.

That maybe true, but then it just gets annoying. Look at vista. Pop up after pop up asking for confirmation for every thing. It may not be what you envisioned as "the system protecting itself from the users" but that what they have SO far. Even then all the users usually do is click YES to everything, without even knowing what they are clicking for. In the end to "protect itself from the users", the system will basically have to lock the users out and that just makes things unusable.
 
fundamental
wrote 5 years ago


reply
@dennyhalim
The system should try to protect itself from the users
The day my OS tries to protect itself from me is the day I erase it from my hardware.

If I tell my computer to overwrite my hard drive with nonsense, I expect for it to do just that.

When people try to make programs do not do what the user has commanded, you end up with a system, which will not work as expected, will just annoy the users who know what they want, and will be plagued with the definition of 'what is something that the user should not do'.
(vista's user access controlls are a good example
(If I double clicked the program, I expect for it to run, not for the computer to ask me if it should run))

Also, the point is moot because a user could just be told to do something along the lines of su -c 'really stupid command'
If these regular users are as misinformed as you indicate, they will see no harm in running this command until it has done what it will.

In summation:
They who do not seek knowledge, do not deserve knowledge.
 
donito
wrote 5 years ago


reply
imate900 wrote:
Being root is dangerous, and being root, you can't play some games (like my Freeciv module). The solution is that we put sudo in Slax Core, add the user "slax", then grant sudo access to "slax".


Unless you place restrictions in the "User privilege specification" section of the sudoers file, it's no safer than running as root. A user can do the same amount of damage running "sudo rm -rf /" as they can as root.
 
forum
wrote 5 years ago


reply
donito wrote:
imate900 wrote:
Being root is dangerous, and being root, you can't play some games (like my Freeciv module). The solution is that we put sudo in Slax Core, add the user "slax", then grant sudo access to "slax".


Unless you place restrictions in the "User privilege specification" section of the sudoers file, it's no safer than running as root. A user can do the same amount of damage running "sudo rm -rf /" as they can as root.


Very good point. Any decent malware script for linux nowadays would do a "which sudo" and add sudo to the malware commands. False security, typically Ubuntu hyped crap.
 
forum
wrote 5 years ago


reply
markds wrote:

Hence they learn how to do so and learn to be more careful and if they aren't willing to learn and insist on being spoon fed, then they just have to deal with the fall out and incovinience.


tell that to most (if not all) windows user or perhaps your 10 year kid who only want to play some online games and just click on any links on their email that said 'online games' and then fed with all those malware or p0rns or worse...
 
markds
wrote 5 years ago


reply
Isn't it funny how users who don't think through their replies before posting like to hide behind the anonimity of the "forum" user?

Firstly, as a parent, I would never let my child get into the habit of finding their entertainment online. As far as I'm concerned, they will learn games that make them socialble and teach them how to interact and not coop them up in front of the PC.

Secondly, as a parent, if for some reason my child can't go out and play, I would never let my child go online (for games or otherwise) without adult supervision and an adult being there with them and I think I can find them a lot more games to play without having them go online. You may say there may not always be an adult there, then I tell you if there isn't an adult around, they will not go online. You are the parent, they are the child - you make the rules not them.

And by the way, what in the world is a 10 year old kid doing with an email address? Does he/she have clients trying to send them documents or a boss whom they need to send something to urgenly? Where I am, the primary schools are all very tech savy and some even have homework and instructions on-line, but you will NEVER find any school asking the children to "create an email address" so their teachers can contact them. At those ages, PRIVATE contact of any form with a child is DANGEROUS.

For the "regular" windows user who doesn't know how to protect his/herself and their system, that user has no one to blame but themselves if they get infected or lose data. If you get to a site that has porn/warez banners, etc, and you don't know how to get out of there ASAP, then you deserve whatever happens to you.

A system is only as smart as the user using it. People get hit by viruses and trojans because they do stupid things (visiting porn sites or warez sites trying to download serial numbers or cracks so they don't have to pay for software) or they just don't want to pay for an antivirus/antimalware/antiadware software. If you can't afford any of these, there are SOME freeware type apps that provide some type of protection, but the user needs to realise he/she has to BE CAREFUL where they surf. If they can't be bothered, then they will get infected and the lose their data and bitch and moan and hopefully learn a lesson. If they don't learn, then too bad.

No one is going to sympathize with a user who is ignorant and refuses to learn just because they make the excuse that "I'm only a regular windows user, not an expert". If you speed, lose control of your car and get into an accident and after you recover months later, you speed again, lose control of your car again and get into another accident, you think anyone is going to take pity on you because you tell them "I'm just a normal driver, I'm not a F1 driver, so I cannot control my car at high speeds"? Bottom line is you shouldn't have been speeding in the 1st damn place!

As fundemental said "They who do not seek knowledge, do not deserve knowledge."

What they do deserve is a good kick in the behind. Hopefully when they lose that important-promotion-guranteeing presentation or they lose their bank account details to a trojan they invariably let in themselves because of their "I'm just a regular user" attitude, they will get that well deserved kick.

So yeah, I AM telling it to "most (if not all) windows users"

forum wrote:
markds wrote:

Hence they learn how to do so and learn to be more careful and if they aren't willing to learn and insist on being spoon fed, then they just have to deal with the fall out and incovinience.


tell that to most (if not all) windows user or perhaps your 10 year kid who only want to play some online games and just click on any links on their email that said 'online games' and then fed with all those malware or p0rns or worse...
 
burninbush
wrote 5 years ago


reply
I'll just add a couple words, probably already mentioned up the thread "NAT router" -- which is cheap hardware protection if you have a cable or dsl network connection. Fits between the network modem and your puter(s).

That one item will go a long way toward insulating your machine from the kiddies playing on the net. And of course, you should immediately change the admin password on the router itself, and disable or protect the wifi hardware if it's that sort of router. I also then restrict the MAC addresses it will accept to those known to be inside the puters that live here.

Nothing much will protect those people who will download and execute some unknown program from the web. That's just begging for problems.
 
rex.ster @ bigfoot.com
wrote 5 years ago


reply
never try to hide anything. not trying to start any war here too.
i never like register to any forum anywhere only to post 5 messages.

i know (most) everything you said is true.
coz you know your ways around. you know what to do, how to do, etc...

i'm only showing you the real world out there.
everyday, people come to me screaming...
my boy click something and it pop out dozens of p0rn screen.
my girl just chatting and suddenly all her friends yelling that she send out some p0rns.
i click this and now my pc infected. etc... etc...

everyday, i fix dozens of these case.
real world case.

that's how the real world out there.
that's all i'm showing to you.

all these people just regular users.
they only want to use their pc for works. for games. connect with friends. etc...
 
markds
wrote 5 years ago


reply
Funny, even my friends and other non-IT-literate people know better than to click on porn sites or warez sites and know how to have a *GOOD* antivirus installed. My friends kids, my clients, my students don't complain about any of what you complain about, maybe because their PCs are protected and they take measures to ensure safety as RESPONSIBLE users do. It strikes me as absurd how you claim what the "real world" is - as if non of us here live in it. Perhaps we are all a figment of your imagination.

If clicking stuff and chatting transmits porn, then its safe to say the machine being used is not protected or poorly protected and very likely hasn't been scanned for ages. If it has, you won't have "dozens of these cases" to fix. We all want to use our PCs "for works, for games, connetct with friends, etc", but that doesn't excuse us from protecting ourselves. You don't want to be safe then suffer for it - its that simple. You are probably the victim of these ignorant users who keep screwing up and running to you for help.

And just for the record, none of what I said in my earlier post has anything to do with "knowing my way around" - all of that - having adult supervision for kids using the internet, not clicking on porn or warez sites, not giving a minor an email address, having a good antivirus/antimalware/antispyware, etc - is COMMON SENSE that any responsible user/adult/parent would know.

rex.ster @ bigfoot.com wrote:
never try to hide anything. not trying to start any war here too.
i never like register to any forum anywhere only to post 5 messages.

i know (most) everything you said is true.
coz you know your ways around. you know what to do, how to do, etc...

i'm only showing you the real world out there.
everyday, people come to me screaming...
my boy click something and it pop out dozens of p0rn screen.
my girl just chatting and suddenly all her friends yelling that she send out some p0rns.
i click this and now my pc infected. etc... etc...

everyday, i fix dozens of these case.
real world case.

that's how the real world out there.
that's all i'm showing to you.

all these people just regular users.
they only want to use their pc for works. for games. connect with friends. etc...
 
imate900
wrote 5 years ago


reply
As far it goes, this is turning into a about security thread. I'd wanted the community to DISCUS the idea: Should Tomas add a user "slax" in the next release of SLAX?
 
markds
wrote 5 years ago


reply
My vote is YES. But if he does then have a boot parameter to enable the user, so the more experience users can boot straight to root if they wish and others who wish to, can boot to the non-root account.

For eg a boot parameter "user=slax" will tell slax to boot up and logon to kde as the non-root user "slax". If the "user=" parameter is not used, then it boots up in its current behaviour as "root".
 
t
wrote 5 years ago


reply
markds wrote:
My vote is YES. But if he does then have a boot parameter to enable the user, so the more experience users can boot straight to root if they wish and others who wish to, can boot to the non-root account.

For eg a boot parameter "user=slax" will tell slax to boot up and logon to kde as the non-root user "slax". If the "user=" parameter is not used, then it boots up in its current behaviour as "root".



I would never use it. Still I agree totally. Adding a new user is a 1 time minimum effort issue. The benefit is that it will get rid of threads like this one :=) and give these others the feeling of being on a "more" secure system, placebo or not.
 
markds
wrote 5 years ago


reply
I wouldn't use it either, and I'm in total agreement about the placebo.

t wrote:
markds wrote:
My vote is YES. But if he does then have a boot parameter to enable the user, so the more experience users can boot straight to root if they wish and others who wish to, can boot to the non-root account.

For eg a boot parameter "user=slax" will tell slax to boot up and logon to kde as the non-root user "slax". If the "user=" parameter is not used, then it boots up in its current behaviour as "root".



I would never use it. Still I agree totally. Adding a new user is a 1 time minimum effort issue. The benefit is that it will get rid of threads like this one :=) and give these others the feeling of being on a "more" secure system, placebo or not.
 
tonio
wrote 5 years ago


reply
rex.ster @ bigfoot.com wrote:
never try to hide anything. not trying to start any war here too.
i never like register to any forum anywhere only to post 5 messages.

i know (most) everything you said is true.
coz you know your ways around. you know what to do, how to do, etc...

i'm only showing you the real world out there.
everyday, people come to me screaming...
my boy click something and it pop out dozens of p0rn screen.
my girl just chatting and suddenly all her friends yelling that she send out some p0rns.
i click this and now my pc infected. etc... etc...

everyday, i fix dozens of these case.
real world case.

that's how the real world out there.
that's all i'm showing to you.

all these people just regular users.
they only want to use their pc for works. for games. connect with friends. etc...


Sad, but very true :(,
I also try to help out some of my students by cleaning their machines filled with virii, spyware/adware and trojan horses. Sometimes it is very hard to remove them that it is just better to start from scratch.

With regards to Slax, if a user is scared to run it as root(default), he/she can add a user and or use a special module that will set this up easily :) The other options are to use password=ask parameter at boot. I am comfortable using Slax as it is, but as others have said I won't use this new user 'slax' if is created in newer versions of slax.
 
tonio
wrote 5 years ago


reply
@all users that want a ``non root user''

Shane has created one in the other related thread:

http://www.slax.org/forum.php?logmein=1&action=view&parentID=31712

Module Link:
http://www.edu-nix.org/slaxcenter/lzms/modules/user_slax/user_slax-1.lzm

(user:slax passwd:linux)

He has created EDU-Nix Live CDs and they have featured a default non-root login. Great work Shane!
 
burninbush
wrote 5 years ago


reply
i'm only showing you the real world out there.
everyday, people come to me screaming...
my boy click something and it pop out dozens of p0rn screen.
my girl just chatting and suddenly all her friends yelling that she send out some p0rns.
i click this and now my pc infected. etc... etc... >concerned citizen

+++++++++++++++

I hear you when you say you see a problem -- but in truth there are only a couple things you can do. For one, educate yourself how to avoid those problems that concern you [to avoid panic], and two, supervise your children. Running as user instead of root will not prevent your children from surfing porn sites.

As far as virus infestation is concerned, using a machine without a hard disk, running a linux distro from cd, would go a very long way toward becoming virus-proof. You could surf anywhere with that painlessly.

I think the world is probably ready for add-on write-protect switches for their hard disks. You couldn't run windows from that, but a frugal install of slax or knoppix would work fine. You could use a usbstick with a linux filesystem for changes [the filesystem chosen so windows would ignore it].

And, to you windows users out there ... LEARN HOW TO USE IMAGE BACKUPS! It takes hours or days to restore a windows disk from source, but only minutes to restore that same load from an image.

Rex.ter, if you want your customers to send you xmas presents, offer a service to make them an image reinstall dvd. Partimage works fine for most machines, and it's perfectly simple to make a dvd that boots something like RIP, and includes a partimage copy of a windows root disk. In other words, a one-piece solution to 'getting back' from disaster.
 
imate900
wrote 5 years ago


reply
tonio wrote:
@all users that want a ``non root user''

Shane has created one in the other related thread:

http://www.slax.org/forum.php?logmein=1&action=view&parentID=31712

Module Link:
http://www.edu-nix.org/slaxcenter/lzms/modules/user_slax/user_slax-1.lzm

(user:slax passwd:linux)

He has created EDU-Nix Live CDs and they have featured a default non-root login. Great work Shane!


Tomas should integrate the module into Slax Core.
 
tonio
wrote 5 years ago


reply
imate900 wrote:
Tomas should integrate the module into Slax Core.


Why? Is it not up to the user, if he/she wants it. Many people are happy with Slax as it is, other than a few little things.
 
imate900
wrote 5 years ago


reply
tonio wrote:
imate900 wrote:
Tomas should integrate the module into Slax Core.


Why? Is it not up to the user, if he/she wants it. Many people are happy with Slax as it is, other than a few little things.


I mean by if a parameter is passed it will enable the account.
 
Bicephale
wrote 5 years ago


reply
The link from above may seem inconvenient, i prefer this form instead:

http://www.slax.org/forum.php?action=view&parentID=31712
 
MamaSlax
wrote 5 years ago


reply
I agree that a generic user should be built in to the Slax.
I completely disagree with the aims and motives of the others so there is something worth saying.

As this and SO very very many of these threads here attest it is masquerade not security that actually gets used.
Give us a blank face. A sock for a puppet not a coin purse. The opposite of a superuser. A non entity.
We don't need firewalls and PGP we need the one or two click psudo user that leaves no trace on the machine used to incorporate. That is very useful. That will get used.

The security is philosophic pink bait fish.
The reason it seems incredible to read people concerned about the security of a live OS is...
Its not credible.
What information of value would a sane person store in a known volatile media? If it is not worth the price of a blank DVD it really is not valued very much.
Oh yes the hours and hours setting up my system.
...are not worth a can of Corporate Cola. But it is SO valuable?

The idea of not running as root and then storing ANY thing of value on a personal computer is just poor risk managment. If person X insists on smoking in bed must everyone sleep with a fire hose? Leave my root alone.
 
Steve92
wrote 5 years ago


reply
Hi!

"What information of value would a sane person store in a known volatile media? If it is not worth the price of a blank DVD it really is not valued very much."

LOL!
Don't you have hard disks (NTFS for example) connected to your system ?
Surfing on the Net as "root" may be very dangerous for these drives if you get a malicious code executed with "root" rights !!!

So it's a good idea to get a user with basic rigths for net surfing !

Regards,

Steve92.
 
henrus
wrote 5 years ago


reply
Dear All,

I am using user_slax-1.lzm from the http://www.edu-nix.org/slaxcenter/ with SLAX 6.1.1. Great product by the way.

user_slax-1.lzm works fine on its own but have trouble when I add my own own module (OpenFOAM-1.5-dev.linuxGccDPOpt_2009-05-07.lzm)

My module has one directory in the root (/OpenFOAM) and it's statistics look like this.

zip ----------

Parallel mksquashfs: Using 2 processors
Creating little endian 3.1 filesystem on OpenFOAM-1.5-dev.linuxGccDPOpt_2009-05-07.lzm, block size 262144.
lzmadic 262144
[========================================================================================\] 995/995 100%
Exportable Little endian filesystem, data block size 262144, compressed data, compressed metadata, compressed fragments, duplicates are removed
lzmadic 262144
Filesystem size 33020.70 Kbytes (32.25 Mbytes)
21.71% of uncompressed filesystem size (152075.14 Kbytes)
Inode table size 6837 bytes (6.68 Kbytes)
33.04% of uncompressed inode table size (20694 bytes)
Directory table size 4989 bytes (4.87 Kbytes)
52.60% of uncompressed directory table size (9485 bytes)
Number of duplicate files found 114
Number of inodes 573
Number of files 544
Number of fragments 69
Number of symbolic links 0
Number of device nodes 0
Number of fifo nodes 0
Number of socket nodes 0
Number of directories 29
Number of uids 1
root (0)
Number of gids 0

zip ----------

1) With both modules in /slax/modules, "Cannot open theme file /usr/../oxygen" pops up and the login screen keeps coming back when I try to log in as slax. However logging in as root works.

2) Booting only with user_slax-1.lzm is fine, but when I do

slax@slax> su -
root@slax> activate OpenFOAM-1.5-dev.linuxGccDPOpt_2009-05-07.lzm
root@slax> su - slax
Unable to cd to "/home/slax"

root@slax> ls -l /home/slax
drwx--x--x 7 slax users May 7 slax/

and it worked before anyway ...

Can somebody please give me a hint towards what is causing the trouble. Why does my module has any effect since it lives in its own directory world.

Henrik
 
henrus
wrote 5 years ago


reply
Dear All,

I know what is causing the problem ...

I am creating the modules on a seperate machine running suse 11.1 (squashfs-3.2-100.1).

mksquashfs dir dir.lzm -b 256K -lzmadic 256K -root-owned [fail, see above]
mksquashfs dir dir.lzm -b 256K -lzmadic 256K -root-owned [fail, see above]

mksquashfs dir dir.lzm -b 256K -lzmadic 256K [OK, but undesired ownership]

Is this a bug or am I doing something wrong here? At least I can navigate around the problem now.

Best Regards, Henrik
 

  » search  » forum index  

Post your reply

Your name (Login):

Message:

These HTML tags are allowed: <quote>, <b>, <u>, <i>, <pre>, <code>, <small>, <h1>, <h2>, <h3>, <li>



Slax is generously supported by: P&P Software GmbH and wisol technologie GmbH