245 posts
Computer, Germany
Posted 17 September 2016 - 11:57 AM
cLinux, secure freedom.
Made by:
- Piorjade
- thecrimulo
Join our Gitter! : https://gitter.im/cL...aign=share-link
The idea:
Spoiler
- recreate the look of the Linux terminal
- only allow the root to edit stuff in sensitive places
- rewrite fs.open (and probably other functions, which could harm the OS) to only edit in allowed places, IF the user is not root
- commands are (like in linux and CraftOS) extra files saved in /bin/
- use 'packman' as something like 'apt-get'
- give the user(s) the ability to add their own Desktop-Enviroment (basically like a plugin, the DE will then have the basic functions of the OS in _G (more down below)
Spoiler
- Use it with the commandline, stock.
- Use it with the doorX DE (read more down below on how to install it and the extra steps, specific for doorX)
- Build your own DE
- Build your OS ontop of it (would be nice if you'd give me credit for the "kernel" )
- Mess around with it (and maybe report any bugs)
- other things I currently don't know of
Spoiler
- if the user is in "/home/[NAME]" (or something like /home/[NAME]/my/directory), the "/home/[NAME]/" will be cut to "~" and shows for example: "~/my/directory" –> this is to prevent having less space to write a command
- each user gets a dedicated home directory (currently I did NOT implement a way to create a second user)
- only the root is allowed to edit stuff in /boot, /vit, /bin, /sys and edit the /startup. In every other folder, the user has access too, as that doesn't affect the system
- basic commands are added: ls, mkdir, cd, clear, rm, edit
- 'packman' IS added and works, but you need to run as root (or sudo)
- you can add in your own library (put them in /lib), but they work different than os.loadAPI:
- example:
--myAPI function testfunc() print("Hello there") end _putLib('testfunc', testfunc) --OR-- _put('testfunc', testfunc)- _putLib(name, function) puts a function into _G.lib.NAME()
- _put(name, function) puts a function into _G.NAME()
- (You can still use os.loadAPI, the automatic libloading system wont work on a normal API if you put it in /lib tho)
- Log-In as root (password: toor)
- give temporarely rootaccess to a program with "sudo"
- EDITED/LIMITED FS API = These functions of the fs API are limited, if not logged in as root:
- fs.open(path, mode):
- mode "r" = allowed to ANYONE
- mode "br" = allowed to ANYONE
- mode "a" = only allowed to "root" IF the file is located in {"/boot", "/vit", "/bin", "/startup", "/sys"}
- mode "w" = only allowed to "root" IF the file is located in {"/boot", "/vit", "/bin", "/startup", "/sys"}
- mode "bw" = only allowed to "root" IF the file is located in {"/boot", "/vit", "/bin", "/startup", "/sys"}
- fs.makeDir(path):
- only allowed to "root" IF the file is located in {"/boot", "/vit", "/bin", "/startup", "/sys"}
- fs.move(oldPath, newPath):
- only allowed to "root" IF one of the paths is located in {"/boot", "/vit", "/bin", "/startup", "/sys"}
- fs.copy(oldPath, newPath):
- only allowed to "root" IF the newPath is located in {"/boot", "/vit", "/bin", "/startup", "/sys"}
- and finally fs.delete(path):
- only allowed to "root" IF the file is located in {"/boot", "/vit", "/bin", "/startup", "/sys"}
- Run something else instead of the commandline! (maybe interesting for running servers on computers or starting a Desktop Enviroment (scroll down to see how to install my DE))
- use "service core <path or name of service in /etc/services.d>" to set a main service.
- "service enable / disable <path or name of service>" to enable/disable services aside from the main one (–> they start at boot)
- "service start <full path>" start a program as a service for the current session
- "service stop <full path>" stop a program, which is running as a service (yes, you can stop services, which have been started at boot, too, you need to full path tho)
- Commandline:
- Customize the colors of the commandline using the file .bashcol in your home directory!
- EXAMPLE:
{
mainBg = 1,
mainFg = 32768,
middleBg = 1,
middleFg = 32768,
pathBg = 1,
userBg = 1,
userFg = 16384,
}- middleBg and middleFg (the @ at between the current user and the path)
- userBg and userFg (the username)
- pathBg and pathFg (the path)
- mainBg and mainFg (the commandline at itself)
- EXAMPLE:
{
dir = "/bin/ls"
}
Spoiler
log in as root(default password will be toor, you will have to change that as normal user with a command, located in /usr/bin) <—- 50 % done :)/>/>, already DONE in doorXedit / add stuff under home as root (this is BASICALLY already implemented, you can't log in as root though)<– Done :)/>/>/>/>/>give the ability to edit files (I need to think of what I should use…. normal edit, homemade editor (probably a copy of nano) or something like LuaIDE)DONE :)/>/>
give the ability to run programs, which are not located in /usr/bin (e.g. : you are in home and there is a file called 'runme', you would just write 'runme' and it starts with limited access to the FS if you aren't root)DONE :)/>/>completely implement the option to run a DE at startupDONE :)/>/> , run the DE as a core service- start a script automatically, if it has a specific script (I think I will use /home/[name]/autorun for that)
Spoiler
- Every library in ("/lib") IF it is coded in my valid way (look above)
THIS OS HAS SHELL DUMMIES NOW:
Ok, but which do not and will not (probably ever, as I don't want to) work? :
- shell tabs = they all return nil, for the sake of not crashing most of the programs instantly, some will still tho
- NOTE: shell.complete does not return the last commands, will add that later but for now it does autocomplete
Changelog:
Spoiler
- 09/17/2016: initial release on GitHub & Pastebin
- 09/18/2016:
- Added the ability to login as root: name: "root" password: "toor"
- reworked FS system: fs.open, delete, move, copy, makeDir are LIMITED, if the user is NOT root
- made the system safer: if the user is not root and wants to edit _G.currentUsr to root (via external program) and then tries to run some of the limited FS functions, the functions automatically check if the user has the correct password entered in _G.currentPw (so you basically HAVE to log in root, except you try to edit the _G.currentPw too… but that is really safe enough
- fixed mkdir
- fixed cd
- added "rm" (you know what that is)
- 09/19/2016 (by Anavrins):
- Fixed how the BLAKE-256 API is used in passwords, so that older CC versions won't crash. (Thanks to Avavrins for making a pull request, but I will also look into his SHA-256 API, which is, as he says, more suitable for my password storage. :)/>/>/>/>)
- Removed BLAKE-256 and added SHA-256, made by the same person (Anavrins)
- A big thanks to the people, who helped me in ask a pro about sandboxing enviroments, especially Sewbacca. He showed me a code, which gives me the ability to restrict a normal user rootaccess without a password. Before he gave me the code, it was already implemented BUT if programs had replaced fs.open or even _G.currentUsr / _G.currentPw, meaning that they would grant every next program rootaccess. He even tried to explain metatables to me a bit :)/>/>/>/>
- Added "sudo" in. You basically have to enter the root password and the program gets temporarely rootaccess (until the program crashes / exits)
- 09/20/2016 (completely alone and a bit of help by Sewbacca):
- REWORKED INSTALLER: This doesn't use a compiled cLinux (made by my MSI-Maker), it uses apemanzilla's git-get now! (Thx, thecrimulo for merging stuff into the GitHub recently :)/>/> )
- REWORKED ROOTCHECK AND FS API:MAJOR: Added-in Shell API dummies:
- If the user is NOT root and uses something like fs.delete("/startup"), the FS API REDIRECTS "/" to —> "/usr/[YOURNAME]/home/" meaning that the outcome would be –> fs.delete("/usr/[YOURNAME]/home/startup"), I'd like to hear an opinion of you guys if I should keep that (would probably prevent programs from crashing), or returning to the old system –> returns an error if user tries to edit outside of home
- The rootcheck is now built INTO the OS, it is no longer inside the FS API (this prevents the user from using programs to get rootaccess)
- (In theory you could rewrite the FS API again inside your program, but that will always be possible, BUT you don't have the ability anymore to somehow get the original FS API)
- shell.run(path) = works as expected BUT you are not allowed to run programs in /rom/ (I couldn't test much, I only made a dummy file which executed another one, because I don't have time for now)
- shell.path() = works as expected (returns the path of the program you ran originally, OR the path of the program you ran with shell.run() )
- shell.setPath() = SHOULD work (I've just realized that I didn't test this one lol)
- shell.exit() = just returns, basically the original program, which called shell.run, is running again
- shell.resolve(foldername/filename in your current directory) = should work as expected
- shell.resolveProgram(program name) = should work as expected + lists programs in /usr/bin too
- shell.aliases() = This one simulates the aliases table AS LONG AS THE ORIGINAL PROGRAM RUNS (because every shell API function gets reset after a new program starts)
- shell.setAlias(alias, program) = Inserts into the simulated aliases table
- shell.clearAlias(alias) = Removes from the simulated table
- shell.programs(true/false) = Returns a table of the files in /rom/programs AND /usr/bin (+ the hidden ones, if true is entered)
- shell.getRunningProgram() = works
- shell.openTab(), switchTab() = doesn't work, just returns — NOTE: I won't add them, as that would destroy my future plans for multitasking
- shell.complete() = the same as above, returns a empty table
- shell.completeProgram(prefix) = works, returns a table with every program name containing that prefix (IN /usr/bin/ ONLY)
- shell.setCompletionFunction() = doesn't work, returns false
- shell.getCompletionInfo() = doesn't work, returns nil
- ALMOST FINISHED: Something like a bluescreen, which shows the error of the os.lua, if it crashes
- MINOR:
- The user is now able to run programs, which are not located in /usr/bin (the #1 priority is the program in your location.)
- 09/21/2016:
- Fixed many bugs
- Added in bluescreen of death (well I don't know how to trigger it now, as I didn't found ANY code issues and programs can't trigger it, BUT it works)
- Added, but not used yet: Windowmanager ("/sys/API/wm") and Taskmanager ("/sys/API/tasks") (I guess they are documented enoug, as they aren't really something incredible)
- 10/14/2016: (BIG REWRITE!)
- Rewrote the system from scratch, with some help coming from thecrimulo
- Made the system as modular as I could
- 2 Layers of built in task-managers (1 restricted, 1 kinda accessable):
- TLCO Level: Not accessable, starts the /boot/load file and /vit/alive, which restarts the system if something goes wrong
- service level / shell.lua level: Half-accessable: You can have services (basically programs) in /etc/services.d/ and enable or disable them in /etc/services.conf (NOTE: services.l (/lib/services.l) updates the config everytime on boot, it inserts services from /etc/services.d into the config, which are not yet in there, and disables them)
- services.conf NEEDS a service with "core" as it's value, as it will be the "front" of all the services. IF that service is stopped, the os should try to restart. (That's why it says ["/sys/cmdbak"] = "core")
- It is NOT recommended to have more than ONE service as core, as I think it would mess up the windows and you don't want that…
- To start a file as a service for the current session: shell.startServ(pathToFile[, table with arguments])
- To stop a service (you need to know the path of the file, which is running): shell.stopServ(path)
- To add a file into the service list or enable / disable / set a service as core: lib.serv.set( <pathToFile | nameOfServiceInServices.d> <true | false | "core" >
- To get a list of all services in the config in form of a table: lib.serv.giveList() (it returns the table)
- NOTE: Services don't have access directly access to the servicelayer, these functions above are the only one interacting with them and please if you find a way to interact with the servicelist and manage to do something that is not intended, write it down so I can fix it
- The 3rd is totally optional, as you'd have to implement your own as a library or hardcode it in your files (/sys/cmdbak has it's own version of sThread.l, for example)
- CommandLine is optional, as you can add a DE as a service and disable CommandLine. ( I'll consider making a DE later)
- Shell dummies are better now (tho things like autocompletion are straight copied over and tabs do and will not work, I don't want that)
- CommandLine:
- Background/Foreground processes:
- To start a process in the background: (–> runs at the same time as commandline and doesn't affect it, except writing on the screen) [sudo] bg <command/pathToFile> <…>
- To start a process in the foreground: (–> commandline is paused until it crashes or finishes) [sudo] <command/pathToFile> <…>
- Kill processes:
- View the list of processes with: ps
- To kill a process: kill <UID>
- Will add more points l8er, don't have time now…
- 10/15/2016:
- Polished packman and added in a clinux repository, where tested programs (and maybe fixed) will be added in
- Currently in the repo:
- edit (the vanilla one)
- luaide (works flawless, of course opening files in forbidden places crashes the app)
- Fixed bugs with the CommandLine:
- Fixed a bug where arguments could have things like : "/&#46;&#46;/////&#46;&#46;/" , etc. Commands and arguments aren't allowed to have more than one "/" in a row and having more than ".." in an argument at the same time is also forbidden
- Example: cd &#46;&#46;/ –> doesnt work
- cd // –> doesnt work
- cd /home/&#46;&#46;/ –> doesnt work
- cd /home// –> doesnt work
- etc.
- 10/16/2016:
- Fixed many bugs
- Fixed even more bugs
- Almost broke my table while fixing os.loadAPI()
- Noticed that I didn't update os.unloadAPI, don't have the time anymore
- HUGE ADD-ON (which is optional, cuz it has a problem):
- OPTIONAL Desktop Enviroment:
- ported the doorOS3.0 Desktop Enviroment over
- with cLinux together, it is big AS F*CK
- you need to expand the available space for computers to install it
- Commands to install it:
> sudo packman install doorx
> InstallDoorX
> service core /doorOS/sys/os.lua
- text = ignores the services.conf and boots cmdbak (Command Line)
- Added commandline color customization:
- Create the file .bashcol in your home directory
- Example:
{
mainBg = 1,
mainFg = 32768,
middleBg = 1,
middleFg = 32768,
pathBg = 1,
userBg = 1,
userFg = 16384,
}- Make the file .aliases in your home directory
- EXAMPLE:
{
dir = "/bin/ls"
}
- middleBg and middleFg (the @ at between the current user and the path)
- userBg and userFg (the username)
- pathBg and pathFg (the path)
- mainBg and mainFg (the commandline at itself)
- Fixed bug with permission API
- Fixed bug with shell API (setDir especially)
- Fixed bug with rm
- Fixed bug with mkdir
- Fixed bug with cd
- Added addusr (–> syntax: addusr <name> <password>; doesn't need root privileges)
- Added rmusr (–> syntax: rmusr <name>; DOES need root privileges)
- Fixed some bugs with the perm library
- As always, you should be good with launching
sudo UpdateCLinux
- Changed 'rmusr' to 'delusr' (Thank you Redall!)
Screenshots:
Spoiler
[attachment=2673:Capture.PNG][attachment=2678:InstallingDE.PNG]
[attachment=2674:page1.PNG]
[attachment=2675:2.PNG]
[attachment=2676:3.PNG]
[attachment=2677:4.PNG]
How to get it:
pastebin run d6fC8hBd How to get the doorX Desktop Enviroment (maybe a problem for people on public servers..):
Spoiler
- There is one problem in CC that affects my DE: space.
- You will need to expand the available space for computers (%appdata%/.minecraft/config/ComputerCraft.cfg > I:computerSpaceLimit=999999999, for example)
- If you play on a server, the server owner needs to do that
- And here is a command tutorial to install the DE:
> sudo packman fetch
> sudo packman install doorx
> InstallDoorX
> service core /doorOS/sys/os.lua
> service core /sys/cmdbak
Where is the code? :
https://github.com/Piorjade/cLinux
Credits:
Anavrins - For SHA-256 & contributing in GitHub :3
Lyqyd - For packman
apemanzilla - For gitget (the installer)
Nevercast (& me) - For Top Level Coroutine Override
Sewbacca - For various things and mainly this till' now
thecrimulo - Mainly for contributing in GitHub :)/>/>/>
Funfact:
I did this because I love Linux and finally completely destroyed my Windows 10 partition and installed Manjaro on it <3
Edited on 08 May 2017 - 10:02 AM
