Hi, I would like to have 1 user account dedicated to running sketchy closed source programs that could potentially contain spyware or malware, without those programs being able to read files in other user accounts or alter important system files.

I realize with an executable, I can just log in as that user, copy the file to somewhere in /home, open folder in terminal, and type ./filename I believe that would be isolated to a single user's permissions?

Unfortunately some programs are only available as .deb files. After doing some research, it appears there's no easy way to install a package for a single user only. Is it safe to install normally, then immediately edit user permissions of files? For example typing this into the terminal: sudo dpkg -i filename.deb
Then changing permissions in /usr folders so that it can only run under the user account dedicated to running sketchy programs (no accidental clicks by other users). Or has the damage already been done during the install?

I'm currently running Linux Mint and plan on switching to Debian. Appreciate any help or suggestions.

If you run a program as a certain user, you run that program with the credentials and thus the permissions of that user.

Linux is pretty secure, so most users are not allowed to change any system files. You won't see any user (or any application run by that user) change system settings, log files, system time, system services, databases etc.

But read permissions is a different thing. Read permissions are usually fairly relaxed. The passwd file (containing encrypted passwords) can be read by everyone. Files of users belonging to the same group are readable. Generally I would consider a system being fully open to be read by every user. Although this is not strictly true.

In addition, every ordinary user is generally allowed to access the network and therefore the internet. Any application can "phone home".

If you really suspect programs, run them in a VM. In addition there are so-called sandbox mechanisms available which are designed just for the use you mention.

jlinkels

i just saw the buzzword "Linux containers" somewhere.
maybe that's what you need.
the approach you describe seems ok as long as you don't enter your password (and you will have to do it to install the program system wide), but has the disadvantage that you'd need to basically have a separate user for each application, otherwise they could mess each other up.
(and the previous posters points do apply, very strongly indeed)

but maybe we should ask, what is it you want to do? why do you want to install applications that you know are sketchy? maybe there are non-sketchy alternative solutions?

I agree with your post in general, but encrypted passwords are these days kept in /etc/shadow which is not world readable.

man 5 shadow

Thanks. It looks like I need to learn about these other options. I believe all installs require a password, but if it doesn't, that might be a simple solution. Read permissions are easy to edit with filemanager as root, or fairly easy in terminal.

I would like to run Google Earth inside Chrome Browser. As we know, Google sure likes to collect data, and we don't know what kind of vulnerabilities there might be, intended or not, because nobody can see the code.

I would also like to play some open source games on Source Forge that may not be as thoroughly reviewed as the packages approved for the official Debian library. I believe Commander Genius is not in a well-reviewed library due to old copyrights that nobody really cares about but are technically copyrights.

Also, there's a Windows program by Leap Frog that's needed for one of my daughter's toys. I thought about running in WINE under a dedicated user name, but from reading here on LQ the safer way to do this is a virtual machine or sandbox which I know nothing about. It seems easier to just find a secondhand computer or throw away the toy. It doesn't contain a microphone, but these electronic toys are still creepy and feel invasive. I have to ask why they don't release a Linux-based executable?

But back to the .DEB file issue, it seems that I need to learn about containers, VM's, sandboxes or just set up another computer running Linux to physically isolate sketchy programs from financial transactions and private documents.

aah, that kind of sketchy.
it won't matter if you install it to only your home folder in that case.
i'm not sure if even a virtual machine will help much, unless you also manage to appear from a different IP and google cannot connect you to any existing account etc.
so, a vm plus vpn would be the safest solution.
or simply don't use google earth.
because as always, security is a tradeoff with convenience.
maybe: https://alternativeto.net/software/google-earth/

I think that "containers" would be an appropriate technology to use here.

Containers conveniently employ a number of now built-in Linux features to create an environment that is both "a padded cell" and "rose-colored glasses." The application sees only what you want it to see, and it cannot escape the confines of the box. It sees a directory structure that is mapped to the host's, and it runs as a user-id that is mapped to a host id, and so on.

Containers bundle-up all of the necessary settings for all the various kernel subsystems that contribute to the illusion, and do so in a manageable way. In the end, the application does run directly on the host Linux environment, as opposed to a virtual machine.

https://en.wikipedia.org/wiki/Qubes_OS

You are right and I even did not have to look that up in the reference you gave. I was just not sure if shadow is used by every current distro/version. Too lazy to look it up Probably shadow has been switched on by default for a long time.

jlinkels

A lot of things to think about. Thanks for all the replies. It's going to take me some time to research all this and decide which routes to take. Learning is always good, but it also takes time to learn.

It is kind of silly for me to be concerned about Google, but it's the principle of the matter. And it wouldn't surprise me if some rogue employee of a major software company or government agency is viewing files on people's computers and using that private info to invest and divest in the stock market.

This idea may be laughable, and please excuse me if this sounds naive, but is it possible to convert a .DEB file into an executable file? That would be really nice if somebody wrote a program to do that.

oh, i think you'll find that many people agree with your stance on all things google.

this doesn't make sense.
please explain.

Great to hear. This community is different. Too many people in the general public are overly trusting of "technology" these days and not thinking about the potential consequences, big picture privacy issues. Another example is political campaigns and activism. It's hard to go anywhere if your opposition can see the cards you're holding and what moves you plan to make. Doesn't affect me directly, but I believe in the principle of privacy. Imagine if a doctor's bill was mailed on a postcard.

What I mean is, for example with Arduino software I can just download the compressed file, extract, open the folder in the terminal, type ./arduino and run it under a user account with only the user's permissions. Even if it was malicious (very unlikely with Arduino), it could only damage the /home directory of that account, and with permissions changed prior to running, it could only view files on that account.

With Chrome, it's only available as .DEB, so I believe I have to install using the root password (there seems to be conficting info on that). It's my understanding that these packages have install scripts and also use other packages that may or may not be installed already. Seems like maybe a conversion program could figure out the install process of a .deb file and convert everything into a file that runs with a ./filename command.

You can certainly manually open a deb file, extract its contents and take a look. The problem is that most programs are not as easy as a stand-alone static executable. A badly written install script could certainly overwrite a system dependency with a version that isn’t compatible with the rest of the software.

https://askubuntu.com/questions/339/...ut-root-access
https://unix.stackexchange.com/quest...home-directory