logoWhy am I logged in as root?

Fatdog is a 64-bit desktop operating system targeted for home desktop computer owners. It aims to give full control of the home computer to its users, without restriction.

As such, the primary user is "root". User logins as root. By default, not even a password is required - the system autologins as root upon boot-up. Logging in as root offers unparalleled convenience for the home users, so it is and always be the default mode of operation for Fatdog.

Before you say that logging in as root is "unsafe", please ask yourself - "unsafe" from who? Remember this is a home desktop computer we are talking about, not a shared server in large networked environments. In this context, logging in as non-privileged user only protects you from one person - yourself (ie from your own mistakes). It also protects you from doing exactly one thing: destroying the system.

But consider this:

What is more important and irreplaceable - your data, or the operating system files?


Question: But what about network programs? How about security holes in them? Especially, how do I ensure that whenever I use web browser / email / chat program / etc (insert your favorite network program name here), if there are security holes in them, they won't able to infect my system?"

Answer: Fatdog answer to this question is the same way that Android (yes, that Android) answers the question: Network security should not be equal to local security.

In Fatdog, most network programs runs as "spot", which is an non-privileged user. "spot" only have access to very limited places. If there are security holes in that network program that allow remote attacker to gain access to the system, they will only be able to access stuff which "spot" can access - which is not much. (Android goes even further - every process, not only network processes, is run by a separate randomised users).

How is this any different from standard non-privileged user login?

Consider this - let's say you log-in as your regular non-privileged user ("regular" means the user id you use for day-to-day work, so this is the user id that owns your home directory, owns your data, etc) and run network programs as that user too. This is how typical Linux distros do it. Now let's assume that there is a security hole in the network program that enables a remote attacker to gain access to your system. When a remote attacker manages to do this, he/she will gain access as your regular user id (because this is the user id used to run the network program, remember?).

What can the remote attacker not do? Among other things:

Big deal. Lets see what the remote attacker can do (among other things):

Thus - what exactly does logging in as non-privileged user protect? What is more important and irreplaceable - your data, or the operating system files?

For further discussions of of why logging in as root is not a problem and is in fact safer than what you think, please visit the following:


Question: But a computer, even though it is used in a home context, may have multiple users (e.g. families sharing one computer). How to ensure that they does not interfere with one another, when each is logging in as root with full access to the system?

Answer: Fatdog, which was originally derived from Puppy, continues to use Puppy paradigm for supporting multiple users: By using multiple savefiles --- encrypted if necessary. Every user has his/her own savefile to store the computer state (not only data, but entire computer state). Within his/her own savefile, the user runs as root; he/she has the full access of the computer, while safely avoiding stepping on other users' toes. Switching into another user's personality is accomplished by rebooting the system and choosing another savefile.

Question: But this does not protect one user from deleting another user's savefile!

Answer: Surprise !! None of the big branded OS does, too! That is an illusion. If you have physical access to the computer - you can always boot from a Live CD (any Live-CD) or Live-USB stick, run as root from there, and do anything you wish - including wiping out the disk of the computer, no matter what OS is installed there (in fact, this is what OS installers do).


Question: But I heard that Fatdog supports multiuser.

Answer: Yes. There are several perfectly good reasons for multiuser operation, though not for what is typically claimed (as explained above).

With Fatdog, one can:

All these capabilities (except the last one) are accessible through the User Manager in Control Panel.
Note: Fatdog multiuser capability is still considered experimental.

Question: How to create additional users?
Answer:

  1. Open Fatdog Control Panel.
  2. Choose the "System" tab.
  3. There is an icon called "User Manager". Launch it by selecting it and pressing Enter.
  4. Click "Add".
  5. Enter the name of the new user. Only use alphabetical characters.
  6. Note that the newly created user is assigned "/home/$USER" as home directory and "woofwoof" as default password.

Question: How to delete users?
Answer:

  1. Open Fatdog Control Panel.
  2. Choose the "System" tab.
  3. There is an icon called "User Manager". Launch it by selecting it and pressing Enter.
  4. Highlight the user you want to delete.
  5. Click "Delete".

Question: How to set it up so that at next boot I will login as a particular user instead of "root"?
Answer:

  1. Open Fatdog Control Panel.
  2. Choose the "System" tab.
  3. There is an icon called "User Manager". Launch it by selecting it and pressing Enter.
  4. Highlight the user you want to use.
  5. Click "Autologin as user".
When you do this, at next boot you will be logged in as this (non-privileged) user and boots straight to desktop. You will no longer run as root, and many operations that require privileged access will now ask you for the root password. You can change to login automatically as root by following the same process as above, choosing "root" as the user.

Note: "Autologin as user" button is only available when your log-in mode is "autologin" (which is the default, unless you change it).

Question: How to launch a secondary desktop?
Answer:

  1. Open Fatdog Control Panel.
  2. Choose the "System" tab.
  3. There is an icon called "User Manager". Launch it by selecting it and pressing Enter.
  4. Highlight the user you want to use.
  5. Click "Launch desktop as user".

When you do this, a new X server with its associated desktop are launched and created. You can switch between your original desktop and the new desktop using Ctrl-Alt-Fx (where x=4,5,6 etc). Your original desktop would most likely be associated with Ctrl-Alt-F4, while the new desktop will be at Ctrl-Alt-F5. You can launch multiple secondary desktops if your computer has the resources to do so, but each desktop must be associated with a different user.

Exit any secondary desktop(s) by choosing "Quit X Server" from the menu, or just press Ctrl-Alt-Backspace. If you wish, you can also terminate the original desktop and use a secondary desktop exclusively until you shutdown the system.

Question: But the system still logins automatically. I don't want auto-login - I want the system to ask for user id and password at every boot.
Answer:

  1. Open Fatdog Control Panel.
  2. Choose the "System" tab.
  3. There is an icon called "Login Manager". Launch it by selecting it and pressing Enter.
  4. Choose the login mode you want. There are three choices:
    • Autologin - this is the default login mode, the system will login automatically at boot. No password is required.
    • Graphical - this enables graphical login. The system will display a graphical login screen and ask for user id and password.
    • Console - this enables console login. The system will display a console login screen, and ask for user id and password.
In any case, when login is successful, Fatdog will proceed to run the graphical desktop, even when you enable "console login". If you want to say in console mode, please specify "pfix=nox" boot parameter. Note: If graphical login is enabled, "pfix=nox" is ignored and Fatdog will always start the graphical desktop.

Very Important Note: Before you enable any of the login modes, make sure you either remember Fatdog default root password (=woofwoof) or better yet, change it to your own password. Otherwise you will not be able to gain root access ever again without ditching your savefile.


Fatdog permissions model

Permissions

Users must be put into the following groups:

Other Notes