The Ultimate Solution for running as root

For discussions about security.
Message
Author
dawg
Posts: 116
Joined: Sun 09 Aug 2009, 14:36
Location: still here
Contact:

#41 Post by dawg »

Luluc wrote:
dawg wrote:(1) - Imagine you have a single computer in a household populated by more than 1 person, all sharing that same computer, young kids and/or other computer-nonproficient and possibly naughty users included.
- The computer has a harddrive where a bunch of each user's stuff that doesn't fit on USB flash drives (videos, music...) is stored that none of the users wants screwed with by the rest of the users.
- Running as root will allow screwing with the said files by anyone (else) in the household, whereas having multiple users added to the system and proper access permissions set for each user's files who can then login separately, will not.
If your kids are... erm... curious enough, they could boot from a live CD and still have access to those precious files. Setting up user accounts in Puppy would not prevent that. The best way to prevent that is with encrypted partitions.
Unless one sets the BIOS to only boot from the HDD, and locks it with a password :)
I used to only like Puppy as a friend, but now I think our relationship is starting to develop into something more... :D

User avatar
WindUpToy
Posts: 87
Joined: Wed 22 Oct 2008, 03:28
Location: melbourne.au Slick525DVD

#42 Post by WindUpToy »

re: "Unless one sets the BIOS to only boot from the HDD, and locks it with a password"

I am not a security freak, altho I use IceCat as Spot, and have the mandatory minimum security, i.e: NoScript, BetterPrivacy, etc, and I don't mean to rain on your parade, but today's "curious" kiddies know that if you remove+replace the CMOS battery, when you boot up there is no password required and the CMOS sets the BIOS up automatically on modern computers, with CD-boot as the first option.

Don't underestimate your kids. :)
Last edited by WindUpToy on Sun 24 Apr 2011, 23:14, edited 1 time in total.

dawg
Posts: 116
Joined: Sun 09 Aug 2009, 14:36
Location: still here
Contact:

#43 Post by dawg »

WindUpToy wrote:re: "Unless one sets the BIOS to only boot from the HDD, and locks it with a password"

I am not a security freak, altho I use IceCat as Spot, and have the mandatory minimum security, i.e: NoScript, BetterPrivacy, etc, and I don't mean to rain on your parade, but today's "curious" kiddies know that if you remove+replace the CMOS battery, when you boot up there is no password required and the CMOS sets itself up automatically on modern computers, usually with CD-booting being the first option.

Don't underestimate your kids. :)
Well yeah, that obviously isn't gonna work for those, so a different approach may be needed (i.e. authority) :)
I used to only like Puppy as a friend, but now I think our relationship is starting to develop into something more... :D

User avatar
WindUpToy
Posts: 87
Joined: Wed 22 Oct 2008, 03:28
Location: melbourne.au Slick525DVD

#44 Post by WindUpToy »

heh heh.

Yup, its us vs them.

Just because they are smarter than us doesn't mean we let them rule.

forfyv
Posts: 4
Joined: Sat 23 Apr 2011, 22:21

user manager

#45 Post by forfyv »

well, I am chagrined.
I was invited to read the "Gory Details" that Pizzasgood wrote on his experience creating a multiuser puppy distro.

That was NOT a trivial project. And I can now see why creating a PET to do a similar change would be a fruitless endeavor.

I won't say that I would be unhappy to see Puppy become a distro with the multi user facilities built in, but I am no longer advancing the opinion that it *should* be.

I am happy with Puppy on my Dell mini 9 netbook, although I will no longer be using it on my desktop.

I may just have to get rid of ubuntu netbook remix altogether. :-)

I locked the boot with a password, and have set a password for root, on the mini, and I am comfortable enough in 'NIX to know I should never go to a terminal and rm -r stuff. LOL

Thanks for the patient discussion Musher0 and pizzasgood!!
Last edited by forfyv on Mon 25 Apr 2011, 03:34, edited 1 time in total.
45 Mike
www.45inx.com

forfyv
Posts: 4
Joined: Sat 23 Apr 2011, 22:21

kids

#46 Post by forfyv »

WindUpToy wrote:kiddies know that if you remove+replace the CMOS battery, when you boot up there is no password required and the CMOS sets the BIOS up automatically on modern computers, with CD-boot as the first option.
In my case I don't worry about "kids", and if I power up my system and it does NOT need a password, then I KNOW I have been hacked, cracked and compromised, I can then take steps to minimize the damage, ie, passwords, accounts, etc.

Without that boot protection, I may not know that my data has been compromised.

:-0
45 Mike
www.45inx.com

User avatar
Luluc
Posts: 200
Joined: Wed 16 Mar 2011, 07:10

#47 Post by Luluc »

WindUpToy wrote:re: "Unless one sets the BIOS to only boot from the HDD, and locks it with a password"

I don't mean to rain on your parade, but today's "curious" kiddies know that if you remove+replace the CMOS battery, when you boot up there is no password required and the CMOS sets the BIOS up automatically on modern computers
True, but instead I would worry about the fact that, assuming the BIOS password will be respected, then no one can use the computer at all except The Great Guardian of the Key, which defeats the purpose of having a multiple account system, which was being discussed.

Post Reply