Security-related questions

Nils Kassube kassube at gmx.net
Fri Apr 25 04:57:13 UTC 2008


Larry Hartman wrote:
> Is it possible to create two user accounts, one that shows up in the
> KDM/GDM logon display with restricted accesses, and another that is
> invisible to KDM/GDM with more accesses?

At least for KDM the user isn't visible if the user ID is below 1000.

> In the same vein, pertaining to these two accounts, is it possible to
> restrict visibility to certain directories from the restricted
> account

This can be done with the usual file / directory permissions. However you 
can't hide essential directories like /usr/bin etc.

Another option would be a chroot environment, but I don't know how to use 
it at login time and it is possible to escape from chroot.

> to hide directories and files from view, even the "hidden" 
> options in the various file managers--so that only when logging into
> the user account with more access do they become visible?

The hidden attribute is only a sort of interpretation of file names 
starting with "." by the file managers or other programs. If there is no 
global configuration override, you probably can't make "hidden" files 
invisible. And in a terminal you can definitely see the files with the 
appropriate commands (e.g. "ls -A").

> I am curious because I read a trial brief this week concerning a laptop
> that was inspected by border control agents through actually turning it
> on.

If you want to hide something from border control agents, it is probably 
better to not have sensitive data on the machine. I read something the 
other day, that a laptop hard disk was cloned at border control. You 
can't really hide an account because the user name has to be listed 
in /etc/passwd. Maybe you want to read a bit about truecrypt at 
<http://www.truecrypt.org>, but I can't tell you how safe that would be 
at border control.


Nils




More information about the kubuntu-users mailing list