Attention all Puppy app developers

Does your application work in a non-root environment? With Puppy, we are accustomed to 'root' only, but if you want your app to run in other distros, or in the new 'fido' non-root account now offered with the latest Woof (and in the latest Wary 5.1.1.53), then please test your app and make any adjustments if necessary.

It should be pretty straightforward to "fix" your app, in fact it might already work fine in a non-root environment. Here are some things to think about:

Temporary and config files
Running non-root, you can't just write to anywhere in the directory hierarchy, as directories and files will only have write permission for the root account. This also includes /etc. However, you can write to /root, /tmp and /var.

/root
In the latest Woof, account 'fido' has /root as home directory, the same as 'root' (administrator) account. This means that all scripts that have hardcoded "/root" will continue to work. However, if you want your app to work in other distros, you should replace all occurrences of "/root" with "$HOME". $HOME is the best place to save setup/config info in a multi-user system.

/tmp
The thing about /tmp is that it is temporary. It is a tmpfs filesystem mounted on /tmp, so is in RAM. This means that it is the fastest place to have temporary files, but of course they are gone at shutdown.

/var
With 'fido' I have set all of /var owned by fido, so you can write anywhere in /var, however this is not the case with other distros and non-root may not be able to write into /var (but I am uncertain about that). I think that all distros generally preserve the contents of /var between boots but may delete some sub-directories, such as cache files. In the case of Puppy, I only guarantee that /var/local is preserved between boots. You can create any sub-directories inside /var/local for your permanent storage.

Sudo
If you find that your app needs to run at root level, you can use 'sudo' to bump it up. In a script, you can use 'whoami' to find out whether you are running as root or not. if not, one simple way that you can bump your app up to root is to insert this line right at the beginning of your application:

[ "`whoami`" != "root" ] && exec sudo -A ${0} ${@}

This will open a GUI asking for root password, unless /etc/sudoers is configured to not require a password for your app. The "${0}" relaunches the current app, with "${@}" being the same passed parameters -- but be careful as any double-quotes in the original commandline are lost (so a path with a space character cannot be read as $1).

If this is in the main script/executable of your app, then any sub-programs called by your app will also run as root. You may need to be careful about this, for example if you open a ROX-Filer window, it will be at root-level -- so if the user creates a file in such a window it will be owned by root.

However, think carefully before using sudo. It is the "easy way out" to just bump your app to root-level, whereas perhaps some simple changes will fix it running as non-root. In some cases it might be a matter of a particular device node belonging to a group that the non-root user has permission to use...

Device nodes
For example, if you look at /etc/group, you will see that 'fido' is a member of the 'cdrom' group. Then, if you look at /dev, you can see which device nodes belong to group 'cdrom':

# ls -l /dev/ | grep 'cdrom'

lrwxrwxrwx 1 root root 8 2011-05-07 16:11 cdrom -> /dev/sr0
brw-rw---- 1 root cdrom 11, 0 2001-02-14 21:57 scd0
brw-rw---- 1 root cdrom 11, 1 2001-02-14 21:57 scd1
brw-rw---- 1 root cdrom 11, 2 2001-02-14 21:57 scd2
brw-rw---- 1 root cdrom 11, 3 2001-02-14 21:57 scd3
brw-rw---- 1 root cdrom 11, 0 2001-02-14 21:57 sr0
brw-rw---- 1 root cdrom 11, 1 2001-02-14 21:57 sr1
brw-rw---- 1 root cdrom 11, 2 2001-02-14 21:57 sr2
brw-rw---- 1 root cdrom 11, 3 2001-02-14 21:57 sr3


...so, user 'fido' should be able to access the optical drives.



Posted on 8 May 2011, 8:47


Comments:

Posted on 8 May 2011, 9:38 by BarryK
Non-root forum thread
I have started a forum thread for feedback:

http://murga-linux.com/puppy/viewtopic.php?t=67612

There is of course also the Wary 5.1.1.53 forum thread:

http://murga-linux.com/puppy/viewtopic.php?t=67572



Posted on 8 May 2011, 13:15 by Terryphi
Fido: no thanks
Hopefully, fido is not going to be a feature of all future Puppy builds.

I understand that you are responding to demands from some people for a non-root user but speaking personally I do not want it or the limitations/complications it introduces.


Posted on 8 May 2011, 17:07 by zigbert
/tmp
Ages ago I tested Pburn in TinyMe and Ubuntu. /tmp was not writeable for me as user.


Posted on 8 May 2011, 17:25 by BarryK
Re /tmp
zigbert,
/tmp not writeable, oh that is weird. I don't see how the distro would be usable, I would have thought there are many apps that run non-root and use /tmp.

Probably /var is out of bounds also.



Posted on 8 May 2011, 17:37 by BarryK
Re /tmp
As I was posting the above, I was nagged by a memory back when I used Slackware, I think I recall /tmp as being world-writeable.

Yes, I think that is the standard for distros, /tmp is 777, however the sticky bit is set:

http://serverfault.com/questions/10353/what-is-the-sticky-bit-in-unix-file-systems-when-is-it-used

So, you should be able to create files in /tmp in a normal distro.

This got me thinking. /usr/bin/root2user changes /var ownership to fido:users, but I have removed that, instead have left it at root:root, 777 and set the sticky bit.



Posted on 8 May 2011, 17:40 by BarryK
/var/tmp
I think that I read somewhere that at least some distros set /var/tmp as world-writeable, but they also wipe it at shutdown I think.



Posted on 9 May 2011, 22:00 by Pizzasgood
It is optional
Terryphi, nobody is forcing you to actually use fido. The default is for everything to keep running as root like it always ran. This just gives an option to those who want it. Any added complications are experienced by developers, not by users. All that you should see is an extra entry in the menu and an extra option during the first shutdown after an install.


Posted on 16 May 2011, 14:02 by scsijon
/var/tmp
you reminded me of early suse
/tmp belonged to the system and root, but not users
/var/tmp belonged to the users
but /var/tmp was only a link to /tmp