WelcomeWelcome | FAQFAQ | DownloadsDownloads | WikiWiki

Author Topic: Multi-user system?  (Read 15859 times)

Offline fladd

  • Jr. Member
  • **
  • Posts: 65
Multi-user system?
« on: August 20, 2009, 08:27:25 PM »
Hi there,

does TC support a usual multi-user system? If so, can everyone have its own persistent home?

Regards,
fladd

Offline ^thehatsrule^

  • Retired Admins
  • Hero Member
  • *****
  • Posts: 1726
Re: Multi-user system?
« Reply #1 on: August 20, 2009, 11:42:29 PM »
If you use the home= boot option, it will store all of them on there as /home is mounted there (assuming all user homes are /home/...)

Offline jpeters

  • Restricted
  • Hero Member
  • *****
  • Posts: 1017
Re: Multi-user system?
« Reply #2 on: August 21, 2009, 01:07:59 AM »

Offline ^thehatsrule^

  • Retired Admins
  • Hero Member
  • *****
  • Posts: 1726
Re: Multi-user system?
« Reply #3 on: August 21, 2009, 05:03:47 PM »
FYI, the adduser/addgroup commands are available in the base

Offline Guy

  • Hero Member
  • *****
  • Posts: 1089
Re: Multi-user system?
« Reply #4 on: August 22, 2009, 08:19:34 AM »
Someone correct me if I am wrong, but using this method, users can access each other's files.

If you use the cryptohome= option, it can be set up so users don't have access to each other's files.

You need a different partition for each encrypted home.
Many people see what is. Some people see what can be, and make a difference.

Offline jpeters

  • Restricted
  • Hero Member
  • *****
  • Posts: 1017
Re: Multi-user system?
« Reply #5 on: August 22, 2009, 10:56:42 AM »
You can see files, but many of the apps won't work and you don't have root access to change permissions.   
« Last Edit: August 22, 2009, 11:04:18 AM by jpeters »

Offline ^thehatsrule^

  • Retired Admins
  • Hero Member
  • *****
  • Posts: 1726
Re: Multi-user system?
« Reply #6 on: August 22, 2009, 01:26:24 PM »
Guy: if you prefer a stricter setup, use chmod to get rid of the r/x permissions for g/o on the home directories

As for full access to specific files, it depends on the permissions on those.

Offline Guy

  • Hero Member
  • *****
  • Posts: 1089
Re: Multi-user system?
« Reply #7 on: August 23, 2009, 03:25:28 AM »
Quote
if you prefer a stricter setup, use chmod to get rid of the r/x permissions for g/o on the home directories

This doesn't make the system completely secure, as people can still log in using other's names, and can have root access to other's files or to change permissions.

This is probably not the first priority as effort is being put in to develop other aspects of Tiny Core. But at some time in the future It think it will be a good idea to require passwords to log in, and for root access.
Many people see what is. Some people see what can be, and make a difference.

Offline ^thehatsrule^

  • Retired Admins
  • Hero Member
  • *****
  • Posts: 1726
Re: Multi-user system?
« Reply #8 on: August 23, 2009, 03:37:19 AM »
That's something different.  If you don't trust your users with root access, don't give them such privileges.  (thought you were referring to file permissions)

Offline Guy

  • Hero Member
  • *****
  • Posts: 1089
Re: Multi-user system?
« Reply #9 on: August 23, 2009, 03:51:04 AM »
The way Tiny Core is at present, it is good for personal use.

In the future, as it becomes more developed, it could also be used for non-personal use. For example, on networks in large organizations.

In that situation, these issues will need to be addressed.

Tiny Core actually has advantages over mainstream operating systems.

Everyone is doing a great job. I understand it will take time for all that is needed to get to that stage.
Many people see what is. Some people see what can be, and make a difference.

Offline bmarkus

  • Administrator
  • Hero Member
  • *****
  • Posts: 7183
    • My Community Forum
Re: Multi-user system?
« Reply #10 on: August 23, 2009, 04:03:40 AM »
The way Tiny Core is at present, it is good for personal use.

In the future, as it becomes more developed, it could also be used for non-personal use. For example, on networks in large organizations.

In that situation, these issues will need to be addressed.

Tiny Core actually has advantages over mainstream operating systems.

Everyone is doing a great job. I understand it will take time for all that is needed to get to that stage.

Most of the large organizations are using centralised user authenticantion. This is safe to expect it is MICROSOFT ACTIVE DIRECTORY. Integration of any LINUX system to AD is a pain actually. Without proper authentication and integration in a well maintaned corporate environment you can do nothing. No access to the net, no access to mails with EXCHANGE, ...

It works only if the infrastructure supports LINUX, but it is extra cost and risk, no centralized solution like in WINDOWS, ...

From the corporate IT perspective a live LINUX is a security risk which must avoided.

It is not about TC, it is about UNIX.
« Last Edit: August 23, 2009, 04:05:57 AM by bmarkus »
Béla
Ham Radio callsign: HA5DI

"Amateur Radio: The First Technology-Based Social Network."

Offline ^thehatsrule^

  • Retired Admins
  • Hero Member
  • *****
  • Posts: 1726
Re: Multi-user system?
« Reply #11 on: August 23, 2009, 04:08:38 AM »
Well, I suppose the focus may not be what you want it to be, but currently the autologin can be changed with a relatively simple remaster.
Adding "regular" users/groups that do not have super-user privileges can be done without a remaster.

@bmarkus: that's some heavy assumptions there...

[This is getting a tad off-topic... will split if needed]

Offline bmarkus

  • Administrator
  • Hero Member
  • *****
  • Posts: 7183
    • My Community Forum
Re: Multi-user system?
« Reply #12 on: August 23, 2009, 04:15:29 AM »

@bmarkus: that's some heavy assumptions there...

[This is getting a tad off-topic... will split if needed]

Well, large organizations were mentioned. Of course there are different practices. However I was working in large global corporate environment and know the issues, arguments and daily operational problems.

Anyhow, it is off topic here.
Béla
Ham Radio callsign: HA5DI

"Amateur Radio: The First Technology-Based Social Network."

Offline florian

  • Full Member
  • ***
  • Posts: 116
    • Home Page
Re: Multi-user system?
« Reply #13 on: August 25, 2009, 10:41:25 AM »
(perhaps deviating from the topic again)
Quote
Well, I suppose the focus may not be what you want it to be, but currently the autologin can be changed with a relatively simple remaster.

This makes me think that "How do I stop the auto login?" is a recurring question in this forum.  First, I guess it deserves one entry in the FAQ. Second, although a remaster isn't hard, would it be possible/desirable/feasible to introduce a 'noautologin' boot code?

Offline danielibarnes

  • Hero Member
  • *****
  • Posts: 548
Re: Multi-user system?
« Reply #14 on: August 25, 2009, 04:11:02 PM »
I tried this very thing. I discovered you cannot effect a change in /etc/inittab until after tc-config exits because it is run by init. Therefore there is no opportunity to prevent auto-login via this method unless you remaster. However, since extensions are processed before the autologin you have the opportunity to modify /root/.profile.

I created an extension that saves the current /root/.profile and replaces it with one which will:
1) Copy /etc/inittab-save over /etc/inittab (you may wish to copy a custom one or otherwise modify the original /etc/inittab)
2) Reload init (kill -SIGHUP 1)
3) Restore the original /root/.profile
4) Logout (via exit)

The autologin processes this new /root/.profile. It reloads the desired /etc/inittab and logs out. Thus, autologin never occurs more than once, and the user is never presented with a shell. The TC developers could modify the stock /root/.profile to detect a boot parameter and execute logic that effects the same changes.

With some other extensions to enable NIS, LDAP, or create local users, this can enable a conventional multi-user system. My extension contains two files:

usr/local/tce.installed/noautologin
mv /root/.profile /root/.profile.orig
mv /root/.profile.noautologin /root/.profile

root/.profile.noautologin
#!/bin/sh
if [ -e /root/.profile.orig ]; then
cp /etc/inittab-save /etc/inittab
kill -SIGHUP 1
mv /root/.profile.orig /root/.profile
exit
fi