Multi-user system?

[fladd]

Hi there,

does TC support a usual multi-user system? If so, can everyone have its own persistent home?

Regards,
fladd

[^thehatsrule^]

If you use the home= boot option, it will store all of them on there as /home is mounted there (assuming all user homes are /home/...)

[jpeters]

http://forum.tinycorelinux.net/index.php?topic=836.0

[^thehatsrule^]

FYI, the adduser/addgroup commands are available in the base

[Guy]

Someone correct me if I am wrong, but using this method, users can access each other's files.

If you use the cryptohome= option, it can be set up so users don't have access to each other's files.

You need a different partition for each encrypted home.

[jpeters]

You can see files, but many of the apps won't work and you don't have root access to change permissions.   

[^thehatsrule^]

Guy: if you prefer a stricter setup, use chmod to get rid of the r/x permissions for g/o on the home directories

As for full access to specific files, it depends on the permissions on those.

[Guy]

if you prefer a stricter setup, use chmod to get rid of the r/x permissions for g/o on the home directories

This doesn't make the system completely secure, as people can still log in using other's names, and can have root access to other's files or to change permissions.

This is probably not the first priority as effort is being put in to develop other aspects of Tiny Core. But at some time in the future It think it will be a good idea to require passwords to log in, and for root access.

[^thehatsrule^]

That's something different.  If you don't trust your users with root access, don't give them such privileges.  (thought you were referring to file permissions)

[Guy]

The way Tiny Core is at present, it is good for personal use.

In the future, as it becomes more developed, it could also be used for non-personal use. For example, on networks in large organizations.

In that situation, these issues will need to be addressed.

Tiny Core actually has advantages over mainstream operating systems.

Everyone is doing a great job. I understand it will take time for all that is needed to get to that stage.

[bmarkus]

The way Tiny Core is at present, it is good for personal use.

In the future, as it becomes more developed, it could also be used for non-personal use. For example, on networks in large organizations.

In that situation, these issues will need to be addressed.

Tiny Core actually has advantages over mainstream operating systems.

Everyone is doing a great job. I understand it will take time for all that is needed to get to that stage.

Most of the large organizations are using centralised user authenticantion. This is safe to expect it is MICROSOFT ACTIVE DIRECTORY. Integration of any LINUX system to AD is a pain actually. Without proper authentication and integration in a well maintaned corporate environment you can do nothing. No access to the net, no access to mails with EXCHANGE, ...

It works only if the infrastructure supports LINUX, but it is extra cost and risk, no centralized solution like in WINDOWS, ...

From the corporate IT perspective a live LINUX is a security risk which must avoided.

It is not about TC, it is about UNIX.

[^thehatsrule^]

Well, I suppose the focus may not be what you want it to be, but currently the autologin can be changed with a relatively simple remaster.
Adding "regular" users/groups that do not have super-user privileges can be done without a remaster.

@bmarkus: that's some heavy assumptions there...

[This is getting a tad off-topic... will split if needed]

[bmarkus]

@bmarkus: that's some heavy assumptions there...

[This is getting a tad off-topic... will split if needed]

Well, large organizations were mentioned. Of course there are different practices. However I was working in large global corporate environment and know the issues, arguments and daily operational problems.

Anyhow, it is off topic here.

[florian]

(perhaps deviating from the topic again)

Well, I suppose the focus may not be what you want it to be, but currently the autologin can be changed with a relatively simple remaster.

This makes me think that "How do I stop the auto login?" is a recurring question in this forum.  First, I guess it deserves one entry in the FAQ. Second, although a remaster isn't hard, would it be possible/desirable/feasible to introduce a 'noautologin' boot code?

[danielibarnes]

I tried this very thing. I discovered you cannot effect a change in /etc/inittab until after tc-config exits because it is run by init. Therefore there is no opportunity to prevent auto-login via this method unless you remaster. However, since extensions are processed before the autologin you have the opportunity to modify /root/.profile.

I created an extension that saves the current /root/.profile and replaces it with one which will:
1) Copy /etc/inittab-save over /etc/inittab (you may wish to copy a custom one or otherwise modify the original /etc/inittab)
2) Reload init (kill -SIGHUP 1)
3) Restore the original /root/.profile
4) Logout (via exit)

The autologin processes this new /root/.profile. It reloads the desired /etc/inittab and logs out. Thus, autologin never occurs more than once, and the user is never presented with a shell. The TC developers could modify the stock /root/.profile to detect a boot parameter and execute logic that effects the same changes.

With some other extensions to enable NIS, LDAP, or create local users, this can enable a conventional multi-user system. My extension contains two files:

usr/local/tce.installed/noautologin
mv /root/.profile /root/.profile.orig
mv /root/.profile.noautologin /root/.profile

root/.profile.noautologin
#!/bin/sh
if [ -e /root/.profile.orig ]; then
cp /etc/inittab-save /etc/inittab
kill -SIGHUP 1
mv /root/.profile.orig /root/.profile
exit
fi