SlackwareThis Forum is for the discussion of Slackware Linux.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I am exercising my mind over user permissions, as I may have to lend my laptop shortly.
Slackware has all files 0644 and all directories 0755. So all /home/ directories can be read and accessed by any other user. Issues start if I tighten permissions on my homedir - notably 'startx' pukes badly. While not having porn, I do have restricted information in my homedir and rely on the fact that I am the only user on my box.
Can I tighten homedir permissions, and to what extent?
Distribution: Debian Sid AMD64, Raspbian Wheezy, various VMs
Posts: 7,680
Rep:
I read this thread and noticed that Debian seems to do the same (I'm guessing the derivatives do also). So I'm interested myself as, at some point, I may share one of my computers with another human. As a quick fix I would just chmod the "sensitive" directories.
By the way, I understand this completely and realise it's not about "hiding" things just about not exposing everything all the time.
I don't have slackware but I set the home directories to be most restrictive 0700. And startx works fine.
So it does, and thank you kindly. 0700 was one number I hadn't tried.
I take the point about encryption, but I'm not having to deal with hackers, just guys without security clearance to see certain stuff. They don't know linux at a console level and will not have root.
They have physical access, and I hadn't thought about POSIX ACLs. Nearly everything I am familiar with in Posix doesn't work fully or isn't implemented or different on every machine (e.g. regexes), and I would not have been thinking that way. Why don't they deprecate _that_ stuff instead of the things I know my way around?
They have physical access, and I hadn't thought about POSIX ACLs.
When mancha wrote...
Quote:
POSIX ACLs afford no protection if they'll have physical access to the machine.
I don't believe he was zeroing in on ACLs (POSIX compliant or not), but rather pointing out that file & directory permissions of a file system won't protect data if one has physical access to the computer.
For example, boot the machine from a CD or flash drive then as root mount the storage devices (hard disk) copy any data you want.
EDIT: Maybe I shouldn't have brushed away the "POSIX" aspect so quickly in my comment. Are there file systems out there that allow you to set up access control lists that include encryption control as part of the access control list?
Last edited by TracyTiger; 03-30-2015 at 04:27 PM.
Reason: Added Quote, Had another Thought
Distribution: Debian Sid AMD64, Raspbian Wheezy, various VMs
Posts: 7,680
Rep:
I've a feeling that encryption may not really be required in this set-up? Of course if there is some transparent encryption available then I'm sure that will work fine?
I take the point about encryption, but I'm not having to deal with hackers, just guys without security clearance to see certain stuff. They don't know linux at a console level and will not have root.
Anything that requires security clearance to see requires encryption. As said above, having physical access to the machine means that virtually all other methods can be bypassed.
Quote:
Originally Posted by 273
I've a feeling that encryption may not really be required in this set-up? Of course if there is some transparent encryption available then I'm sure that will work fine?
I would say it is definitely required. I recommend cryptsetup as it is very flexible.
Yes, encryption makes sense.
But it is a PITA to set up, and at the moment I just do not have time. These guys will only have the use of my pc to show a presentation, while surrounded by others who would not approve of them snooping/hacking.
On April 25th/26th, we have a multimedia event streamed from London to be viewed by speakers of English,Portuguese, Chinese, & Romanian. The event is in English; Our equipment allows translating for the smallish Chinese group; For the larger Romanian & Portuguese, they want a Portuguese/Romanian simultaneous translation in our main hall but the interpreter needs headphones with English to translate, and in one case, they need English in our second room as well. I have arranged the hardware, but it requires HDMI with the sound on the earphone jack. I have yet to find out if this is possible in windows. I am getting very blank looks from guys running windows pcs so far. We are having six showings of the program in the weekend. They may have to use my pc.
So, no usb stick; Chemfire kindly posted me an asoundrc for hdmi which resamples the sound, and inserting/removing this switches sound crudely, via a script.. I do not want to make a software project out of this - I do have a life.
Well, if you are watching them while they use your computer then just set the permissions as said above and that should be enough. I thought you were going to let them use it for an extended period unsupervised.
Distribution: Debian Sid AMD64, Raspbian Wheezy, various VMs
Posts: 7,680
Rep:
Quote:
Originally Posted by metaschima
Well, if you are watching them while they use your computer then just set the permissions as said above and that should be enough. I thought you were going to let them use it for an extended period unsupervised.
Just to clarify, this was what I was envisioning. I agree with you for recommending encryption as you are correct that it is the only way to prevent those with physical access from accessing data. However, I also realise that sometimes simplicity does well.
However, and this is a more important one: I seriously suggest, business_kid, that you encrypt your home partition with the likes of LUKS anyhow since anybody stealing that laptop would steal your data. This thread just reminded me I must check what I have stored on my laptop as I have some data (photocopy of passport and similar) I simply should not have on it -- I don't store it on my desktop since I don't encrypt my home drive or data drive.
Last edited by 273; 03-31-2015 at 12:18 PM.
Reason: Typo's.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.