[SOLVED] How can I keep my data secure if I take my laptop to a repair shop?

creendo · 10-06-2011, 10:02 PM

Hi there~
My linux-os laptop has a graphical hardware issue and I need to take it to a repair shop to this diagnosed. I've created an alternate user account for the repair person to login under- is this sufficient to ensure the security of my data, or should I do something more?
My initial assumption was that by doing this, the repair person (logged in under this alternate 'child account') would be unable to access any home drive information in my original 'parent account'. However, I read someplace that new user accounts, by default, are established with 'world-privileges', which I'm unclear on. Does this mean that the user would only have full privileges *within the new account they're logged into*, or that they would have access to the home-drive information of all other user accounts existing on the computer?
Thanks for any advice!

roger_heslop · 10-06-2011, 11:05 PM

There is also the possibility that he could boot to a live Knoppix disk, and mount your partitions with root privileges to get to any data he wanted. Unless you've encrypted your data, I wouldn't rely on it being safe.

I use gpg for encryption, LUKS may be more appropriate though. When my laptop needs warranty service, I wipe the hard drive by deleting and recreating the partition table, and reformatting.

Konphine · 10-07-2011, 12:10 AM

Quote:

roger_heslop:
There is also the possibility that he could boot to a live Knoppix disk, and mount your partitions with root privileges to get to any data he wanted. Unless you've encrypted your data, I wouldn't rely on it being safe.

Basically this. I would also encrypt my /home if you wanted it to be safe. I personally use Truecrypt but like roger_heslop said, there are quite a few out there.

As for giving users "world privileges" depends on your Linux distro. Some like Ubuntu (as far as I know) will do this hence they can just "sudo apt-get install [package]" but in other Distros such as Slackware, you would have to assign the group to the user in order for that user to have certain privileges.

Noway2 · 10-07-2011, 09:27 AM

In ubuntu, the first user will have sudo privilege and subsequent users will not unless it is explicitly granted. My first thought was you could change the permissions on the /home/your-user-name to turn off read access for others to prevent them from browsing your PC. As others have pointed out, they could simply bypass this by using a live cd.

Your two options would be to either encrypt information you don't want viewed. Ubuntu supports this with the 'private' folder which is decrypted when the user account is logged in. Otherwise, the next best option would be to purchase a small HDD and replace the drive. Remember the old axiom, physical access equals root access. This is one of those cases where this philosophy is true.

While a reputable place won't look through your HDD, you have no guarantee of the person's morals. They may even justify their actions claiming that they are looking for illegal activity to report to the authorities.

creendo · 10-15-2011, 06:12 PM

Thank you, all, for your responses- very helpful. I'm grateful that there's a place such as this where I can get this help

Cheers!