Root password set.

Is there any security reason to also have a password for the normal non-root user, given that only one person has physical access to the pc and it is used only for browsing the internet?

Using peppermint two.

If your computer is stolen, all your info is readily accessible, by the thief.
With a password, at least your info has a little chance of remaining private.
(A hacker, or rather cracker, as they should be known, can obviously bypass a simple password)

I would actually except the act of installing Linux in the first place would make data more secure from an opportunist thief than having a password!

Having a password is always a good idea, never a bad one. I think the example of a theft is a little pointless as once someone has physical access, the game is already going to be over. Remotely there is more perspective though. If you have an empty password, then it would be much easier for an intruder to connect, and then subsequently they could use sudo to become root without entering a root password either. As a scenario, it's hard to justify not having a password there I think, although in reality ssh will normally deny any SSH logins where there is no password.

In general, it's just such a good idea that you;d do well to just accept it!. You can configure many graphical login managers to automatically log you in on boot, and *bypass* the password, maybe that's a better middle ground for you?

Done.

Normal user is not in the /etc/sudoers.

I thought a service must be configured to enable this, why do we not disable the service once and for all so we do not have to worry about the password?

SSH is always something of a special case. It's about the only service I would always expect to be installed, and enabled by default. Just about everything else I'd be pissed if it was there without me asking, but it's the exact opposite for SSH.

Let me turn around what you asked... Why do we not just set a proper password as per security conventions so we do not have to worry about disabling various useful services?

Disabling services reduces the risk, setting a decent password increases the security, if you see the difference in the two perspective. And never forget a system is only as security, powerful, reliable, whatever... as its weakest link, and not having a password is a very very weak link.

Because disabling a service that exposes the machine to the outside world is done once. Whereas a password is typed all the time. Not to mention it has to be memorized, and ideally changed regularly.

Is the listening SSH service needed if the machine is only used for browsing?

Is any other service needed that is exposing an attack surface if the machine is only used for browsing?

Is any other service? Maybe... who knows... Do you know how to be SURE nothing else is running? Best set a password just in case... amirite? On my laptop, my password is not typed in all the time. I only ever use it routinely when unlocking it from the screensaver, and I can turn that off if I want, and then I'd go literally weeks without entering it, but it would still be there if someone tried to SSH into my laptop etc.

No, SSH isn't required at all if you don't want it, no other remotely accessible services are either.

Might be worth noting that with all this security talk, you've not mentioned firewalls once..?

Haven't, but the thought did cross my mind, listening services are no longer a concern with an easy firewall like ubfw, right?

Here's a shocker: the normal user's password is irrelevant when faced with real-world threats like malicious sites that exploit firefox faults to launch their own executables, the hacker has all the privileges of the normal user without ever typing a password.

A password keeps your visiting nephew off of exploit-city-porn.com. It keeps your mom from checking her email real quick and seeing the site you were on last night. Ot keeps the office visitor from quickly grabbing your confidential spreadsheet.


A hardcore hacker with physical access and enough time can get your data, bit most people with physical access aren't hackers, they may just dumb or nosy. I don't want dumb or nosy people on my system.

Except you forgot condition 1 of the OP and that is:

Even if one ignores the conditions of the question still the general reality of life is that many people live alone or share houses with others that do not enter their rooms uninvited. In this case the only threat is from the internet.

Now would you say that remembering and typing a password of a non-sudoer is sound practise when the only threat is from the internet, a simple firewall like gufw is set to block all incoming, and only the browser is used?

Yes. I also suggest having a PIN number on your ATM card even if you don't make a habit of knowingly giving it to other people.

A) If the building has windows or doors, other people CAN access the machine. People who live alone DO have guests. Pretending that you'll never have a house guest, invited or not, doesn't make it true. B) Even from the internet alone, you can not guarantee that no service will ever be started. The OP may very well decide to transfer files from his laptop by turning on FTP or SSH "just for a minute". Happens all the time. We have a script that turns on FTP and then automatically turns it off an hour later because people DO forget to turn off services when they are done using them for a minute. That's real world.

1 members found this post helpful.

ATM cash machines are exposed in public, not a good analogy.

A burglar may not be computer literate but other criminals they sell stolen computers to may well be. And once long-term physical access is gained, user passwords are hopeless we agreed here.

A guest in my case was either my girlfriend, to whom I gave full access to everything and not just my computer. Or housemates with whom it was unthinkable that they would enter my room without me being present. Maybe it is a cultural thing, privacy is respected in Britain at least.

FTP or SSH do not classify as browsing so a bit off-topic, but even ignoring the browser-only condition, with FTP and SSH you need no more than the client that makes outgoing connections to a server and it is the server that needs a password for FTP or SSH, not the local user on the client.

Why do you lock your front door? It won't stop a pro who has targeted you. But it will normally deter the majority of opportunistic ne'er do wells who, upon discovering it locked, will move on to an easier task.

I thought the ATM card analogy was appropriate. He wasn't suggesting that your ATM cash machine would get ganked. He was saying using a PIN on an ATM card makes it far less convenient to use it for nefarious purposes.

Are you really here asking for user password rationale? Or are you here to endlessly argue? I say: do what you like. You received advice from others who took the time to reply, and you seem to not agree with it. Very well, then.

Neither was I. An ATM cash machine (or the equivalent ATM with handheld keyboard at certain stores) is the only place I know where the PIN of an ATM card is typed, no other nefarious purposes for this PIN.

No, I am asking if a user password can be safely disabled if certain other conditions exist or are made to exist deliberately as a policy to avoid the trouble of the password and associated typing and remembering.

So answers about password rationale in other contexts such as a family sharing a house or a business environment or nosy tent-mates in Mongolia or something, are off-topic here.

In the US, debit card point-of-sale devices (i.e. those accepting PIN entry) are ubiquitous.

Without straining the analogy too far, look at it this way:

• If you have a debit card with no PIN, the hurdle for using it is lowered.
• If you have a user account with no password, the hurdle for using it is lowered.

If you trust that some browser exploit will not result in a back door (that may or may not otherwise require authentication), and if you trust that your girlfriend (or whoever) won't do something unexpected, then proceed as you'd planned. I don't recommend it. But it is your choice and your risk to assume.