Re: Seriously, now that I got Linux LiveCD running, what can I do with it? Newbie questions
- From: RayLopez99 <raylopez88@xxxxxxxxx>
- Date: Thu, 25 Nov 2010 16:48:28 -0800 (PST)
On Nov 25, 11:52 pm, David Brown
<david.br...@xxxxxxxxxxxxxxxxxxxxxxxxxx> wrote:
When things are dumbed down, people dumb them down in different ways,
and then may disagree about what's important. I also don't think anyone
here is claiming to be infallible - mistakes are made. For example,
there are some differences in the way distributions handle updates,
configuration, root access, etc. - bbgruff is probably used to other
distributions and was a little inaccurate about the way sudo is used in
Ubuntu and Mint.
OK. BTW what distro do YOu like? I got so many opinions now my head
spins.
It's probably easier for you to understand if I translate things roughly
into windows terms. They are not entirely equivalent - MS didn't get
things quite right when they copied user access from Linux for use in
NT, or when they copied sudo as "user account control" in Vista. But
it's close enough to help you here.
In Linux, there are three sorts of users - root, system users, and
"real" users.
"Real" users typically correspond to real people, and are like normal
non-administrator users on Windows. Like on windows, you can make as
many as you like, and they can match real people or more general
concepts (such as "guest"). They also have their own area of the file
system, such as /home/ray, roughly like "c:\Documents and Settings\ray".
A major difference, however, is that they can normally only write
files to their home directory, not everywhere else on the disk. And you
can use user names and group membership to control who can access what
within directories (think of it like ACLs on NTFS, only clearer, more
completely implemented, robust and secure, and actually used).
"System" users are installed along particular programs or services. For
example, I have a postgresql database server running on this system.
There is a system user called "postgres" that owns the database files,
and is used to run the server. This is done to help keep services and
software separate and ensure that if something goes wrong, the damage is
limited - the database server can't overwrite the web server's files,
and vice versa, and ordinary users can't overwrite either of them. And
if someone breaks into the database server or the web server, they only
have access as the limited system user, and can't get at the rest of the
files. These system users have disabled passwords - you can't log in as
them.
Windows doesn't really have an equivalent of *nix system users, but the
"SYSTEM", "LOCAL SERVICES" and "NETWORK SERVICES" do a bit of the same job.
Aha! This makes sense since I have IIS running as well (I program
with databases and I also own a website that I run web services out
of).
Then there is the super-user, "root". This user has the power to do all
sorts of things - it access any files (except encrypted files, of
course), run any program, and generally do things that affect the whole
system or any other users. It's a bit like "Administrator" in windows,
although it also encompasses some of the aspects of "SYSTEM" in windows.
As I say, there are differences between the windows way and the *nix way.
There are other more advanced ways of controlling and limiting access by
user, program, and resource, but they are not often useful for home
machines.
So in normal use, you log on as a real user. When you want to do
something that affects the system, such as installing a program in the
normal places, your normal user does not have the rights to do that.
Thus you need the extra privileges of being "root" for that operation.
The traditional method is to use the "su" command to "switch user" to
root - then you enter the "root" password, and run the desired command.
For power users, this is still the most popular method - but there is
more scope for doing something badly wrong. Being logged in as "root"
is like being logged in as Administrator in windows - you can easy have
an accident and cause a lot of damage. So the alternative method is to
use "sudo <command>", which runs just the one "command" as root. The
normal setup is to require your own user password to be able to use "sudo".
OK, got it. BTW RedHat back in the days (I think, around 1996) had it
slightly different as I recall, more along the lines of Administrator
in Windows, though I may be mistaken.
When you are using gui software that needs root privileges, such as for
adding or removing software, adding new users, etc., the "su" or "sudo"
commands are hidden - you just get a dialog box asking for your root
password or user password (depending on the preferences for that
distribution - Mint will ask for your user password).
"sudo" is very configurable - when you make a new user in Mint, you can
choose whether that user will have "sudo" privileges or not. Advanced
users can allow specific users to use specific programs in specific
ways, but again it's not often needed for a home machine.
OK
"User Account Control" introduced in Windows Vista is a sort of limited
version of the graphical version of sudo.
I notice MINT Linux also had a graphical Sudo BTW.
OK, that's nice to know. I guess you can even specify how the
template is run, to automatically add a directory "/Chess" for every
user etc. But that's not my concern at this point.
Correct.
2) Firewall--why do I need one? I notice under Menu | Favorites
there is one--why?
Just so you would have the option.
OK, got it. I think Kent is right on this, or was it Ballard, who
said not really needed for my level, and I agree.
It is not really needed, especially if you have a hardware firewall
anyway. I don't normally configure a firewall on desktop or laptop
Linux machines, and only do so on servers if they are internet-accessible..
OK, so you contradict the previous poster in this thread, but you
sound credible. Then again he said he prefers adding everything to
the firewall as 'it does not hurt' so I guess it's not inconsistent.
I'll stick with no firewall then.
Got it. That's interesting, that Windows does listen on every port by
default; no wonder they have occasional security breaches--that's not
good design. So be it.
No system listens to every port. For both Windows and Linux, ports are
only open if there is a service that is bound to that port. Thus port
80 is always closed, unless you are running a web server on the machine.
The difference lies in the ports that are open. On a typical Linux
desktop installation, there are very few services that are running that
allow incoming traffic from outside. You only get open ports if you
actively install a server (such as a secure shell server, or a samba
server). And even if you install such a server, it is common for them
to limit themselves to access from local addresses until you have
explicitly enabled remote access from the internet.
So on a Linux desktop, setting up a firewall is typically optional as
external traffic can't go anywhere much anyway.
On Windows, there are many more services that are enabled automatically,
such as file sharing services, and they typically allow in anyone. The
windows firewall is the only way to stop outsiders getting in, thus it
is essential to use it if you don't have an external hardware firewall.
Interesting. Windows is more open and less secure. Ok then.
Having said that, there is nothing to stop you configuring and using the
firewall in Linux. Most distributions, including Mint, have graphical
tools to make it easy to configure.
Right I noticed.
OK, the kernel is part of the firewall, got it.
No, the firewall is part of the kernel. The actual "firewall" is a set
of tables that the network stack uses to see which packets are allowed
in, out or through the system. The firewall configuration programs you
see in the Mint menu are interfaces to let you configure the firewall.
On windows, the firewall itself is also part of the OS, but it is not as
much a fundamental part of the network core - it was added as an
afterthought (originally in W2K, IIRC).
OK.
I disagree a little here - I think a hardware firewall (of at least the
level of cheapo home NAT router) is a good idea anyway. Yes, you /can/
connect a desktop Linux system directly to the Internet (or over PPPoE)
with no hardware firewall, and no Linux firewall enabled. But it's good
to have one to prevent accidents - even experts make mistakes in their
configuration at times. So if you don't have a hardware firewall, then
you should enable the Linux firewall - but buying a hardware firewall is
a minor investment, saves you thinking about anything else, and lets you
use multiple machines on the same network.
OK...I'll check the DSL modem model when I'm back in the USA to see
what hardware firewall it has.
Your website will be running Linux (or possibly a BSD - at this level
they are very similar). Very few hosting companies use Windows except
for customers who specifically ask for it (and pay for it).
Right because Windows is superior for hosting IMO, as they support
among other things SOAP. But let's move on from politics.
Sort of - the first user you define for Mint has "sudo" privileges, and
can thus run as root when needed, when you re-enter the user password
(in the windows world, it can run Administrator access programs using
UAC). I don't know whether Puppy uses the same system, or a traditional
root password.
Right, some minor differences exist apparently.
I'm not sure what you mean by Linux Mint "aping" the windows layout -
there has been plenty of inspiration and ideas taken from Windows to
Linux desktops, and vice versa. Windows, Apple and *nix have been
copying ideas from each other since their first inception. I am not
sure, but I think KDE's login manager showed a list of names and
pictures before XP came out.
OK.
OK, got it. If you know how Mint, a derivative of Ubuntu, does it,
please let me know--no big deal but I like the Windows "Icon" plus
password that you enter.
Yes, it has a similar arrangement.
OK good.
You don't need to customize - it's a personal choice.
As a side note, if you are the sort of person who thinks Windows 7's "3D
desktop effects" are cool, then you might some day like to try the
original - KDE. You can download a KDE version of the Mint Live CD and
try it. But be warned - just like on Windows, powerful 3D effects
require a powerful computer.
Nope. I don't like 3D.
OK, so how do you log onto if no password?
Normally you don't log on with no password, but you can arrange to
automatically log on as a user on boot up.
OK, very flexible I see.
Thanks for your help Mr. Brown. I hope you don't mind that you've
been wasting your time in this entire thread talking to a troll. (I'm
kidding!)
Bye,
RL
.
- Follow-Ups:
- References:
- Re: Seriously, now that I got Linux LiveCD running, what can I do with it? Newbie questions
- From: Aragorn
- Re: Seriously, now that I got Linux LiveCD running, what can I do with it? Newbie questions
- From: RayLopez99
- Re: Seriously, now that I got Linux LiveCD running, what can I do with it? Newbie questions
- From: David Brown
- Re: Seriously, now that I got Linux LiveCD running, what can I do with it? Newbie questions
- Prev by Date: Re: Seriously, now that I got Linux LiveCD running, what can I do with it? Newbie questions
- Next by Date: Re: Seriously, now that I got Linux LiveCD running, what can I do with it? Newbie questions
- Previous by thread: Re: Seriously, now that I got Linux LiveCD running, what can I do with it? Newbie questions
- Next by thread: Re: Seriously, now that I got Linux LiveCD running, what can I do with it? Newbie questions
- Index(es):
Relevant Pages
|
