LinuxQuestions.org
Go Job Hunting at the LQ Job Marketplace
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 01-26-2011, 02:32 PM   #1
texasone
Member
 
Registered: Jun 2008
Location: /home/lorax
Distribution: Debian Testing
Posts: 141

Rep: Reputation: 18
How to configure guest account (for computer repair)


Okay, story is I spill my soda on my keyboard and ended up in a 4 day war with my pc. Now my tab, capslock, left shift, and down vol no longer works. I'm going to take it into the shop in the next couple of days to probably replace the keyboard. (If only lenovo kept the easy access keyboards like ibm had on the thinkpads). Something tells me that they will want to log in and test out the keyboard. So I created a guest account with a simple password. I changed my normal user home dir to 770 permissions and changed guest's shell to /bin/rbash. (both found in other posts.) Is there anything else I should do to secure the computer while it is in the shop?
[I use su, sudo isn't configured to work (its a dependency so I can't uninstall)]. I have a pretty decent root password.

Thank you in advanced,
Kyle
 
Old 01-26-2011, 02:35 PM   #2
repo
LQ 5k Club
 
Registered: May 2001
Location: Belgium
Distribution: Linux Mint
Posts: 8,501

Rep: Reputation: 883Reputation: 883Reputation: 883Reputation: 883Reputation: 883Reputation: 883Reputation: 883
If they boot from a linux cd......
You could use encryption.

Kind regards

Last edited by repo; 01-26-2011 at 02:38 PM.
 
Old 01-26-2011, 02:48 PM   #3
texasone
Member
 
Registered: Jun 2008
Location: /home/lorax
Distribution: Debian Testing
Posts: 141

Original Poster
Rep: Reputation: 18
repo: I'm not sure if they use live cd's. However, I did forget to use encryption on my partitions. (I need to reinstall anyways as I screwed up the current install.)
 
Old 01-26-2011, 02:50 PM   #4
repo
LQ 5k Club
 
Registered: May 2001
Location: Belgium
Distribution: Linux Mint
Posts: 8,501

Rep: Reputation: 883Reputation: 883Reputation: 883Reputation: 883Reputation: 883Reputation: 883Reputation: 883
Quote:
repo: I'm not sure if they use live cd's
I mean, if they want access to your data, a live cd is enough.

Kind regards
 
Old 01-26-2011, 02:54 PM   #5
H_TeXMeX_H
Guru
 
Registered: Oct 2005
Location: $RANDOM
Distribution: slackware64
Posts: 12,928
Blog Entries: 2

Rep: Reputation: 1269Reputation: 1269Reputation: 1269Reputation: 1269Reputation: 1269Reputation: 1269Reputation: 1269Reputation: 1269Reputation: 1269
Indeed, with a live CD and no further protection, like you disabling boot from anything but HDD and putting a password for the BIOS, they can use a live CD to root it. If the HDD is not encrypted, they can take it out, mount it, and access data.
 
Old 01-26-2011, 02:57 PM   #6
texasone
Member
 
Registered: Jun 2008
Location: /home/lorax
Distribution: Debian Testing
Posts: 141

Original Poster
Rep: Reputation: 18
Ah, got it. meh, not enough to get me more than 5 years. haha
I'm just looking at non liveCD and without taking out the hard drive, at the moment.
Is there any way to restrict 'guest' from accessing su? (entirely, not just to root)
 
Old 01-26-2011, 03:00 PM   #7
repo
LQ 5k Club
 
Registered: May 2001
Location: Belgium
Distribution: Linux Mint
Posts: 8,501

Rep: Reputation: 883Reputation: 883Reputation: 883Reputation: 883Reputation: 883Reputation: 883Reputation: 883
Quote:
Is there any way to restrict 'guest' from accessing su? (entirely, not just to root)
A strong password

Kind regards
 
Old 01-26-2011, 03:03 PM   #8
texasone
Member
 
Registered: Jun 2008
Location: /home/lorax
Distribution: Debian Testing
Posts: 141

Original Poster
Rep: Reputation: 18
repo: not exactly what I was looking for, but to quote Tom Lehrer:
Quote:
You ask a silly question, you get a silly answer
I like to think its a secure password. its 10 characters including caps/lowercase, numbers and symbols.
 
Old 01-26-2011, 03:13 PM   #9
repo
LQ 5k Club
 
Registered: May 2001
Location: Belgium
Distribution: Linux Mint
Posts: 8,501

Rep: Reputation: 883Reputation: 883Reputation: 883Reputation: 883Reputation: 883Reputation: 883Reputation: 883
However, if they boot in single user mode or via a live cd they can change the password :-)
You could do a
Code:
chmod -x su
But then they can try to login as root .....

Kind regards
 
Old 01-26-2011, 04:18 PM   #10
TobiSGD
Moderator
 
Registered: Dec 2009
Location: Hanover, Germany
Distribution: Main: Gentoo Others: What fits the task
Posts: 15,592
Blog Entries: 2

Rep: Reputation: 4046Reputation: 4046Reputation: 4046Reputation: 4046Reputation: 4046Reputation: 4046Reputation: 4046Reputation: 4046Reputation: 4046Reputation: 4046Reputation: 4046
Wouldn't it be the easiest thing to backup your data (I assume that you have done that already ), wipe the disk, and install a minimal system, such as FreeDOS, Tinycore or Slitaz? You should in every case backup your data, just because they may wipe the disk.
 
Old 01-26-2011, 04:30 PM   #11
Noway2
Senior Member
 
Registered: Jul 2007
Distribution: Ubuntu 10.10, Slackware 64-current
Posts: 2,124

Rep: Reputation: 776Reputation: 776Reputation: 776Reputation: 776Reputation: 776Reputation: 776Reputation: 776
If you really don't want them to see what is on the HD, remove it before taking it in. They shouldn't need it to test the keyboard and if they really want to boot it up and run it, then they can put a HD in it or even use a liveCD. Otherwise, play it cool. The most likely scenarios are that either they are honest and won't look or have already looked at enough people's dirt that they have grown bored with trying and may not even bother with yours.

Unless you previously encrypted the home partitions, I can't think of anything you can do at this stage to prevent them from getting at your data. In fact, making it look like you were concerned about it is likely only going to entice them into wanting to see find your obviously trying to hide. Sometimes low key is almost as good as Fort Knox grade measures.
 
1 members found this post helpful.
  


Reply

Tags
guest, repair


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
securing guest account mattydee Slackware 11 02-04-2008 10:36 AM
Is there a Guest account on FC5? Antarctica Fedora 1 09-04-2006 11:59 PM
samba guest account questions gsgleason Linux - Software 1 10-21-2005 08:59 PM
creating a guest account tardigrade Linux - General 2 02-04-2005 03:33 PM
Understanding the guest account calabash Linux - Networking 16 03-06-2004 02:49 AM


All times are GMT -5. The time now is 01:47 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration