Security-related questions

David McGlone d.mcglone at att.net
Fri Apr 25 12:41:01 UTC 2008


On Friday 25 April 2008 12:57:13 am Nils Kassube wrote:
> Larry Hartman wrote:
> > Is it possible to create two user accounts, one that shows up in the
> > KDM/GDM logon display with restricted accesses, and another that is
> > invisible to KDM/GDM with more accesses?
>
> At least for KDM the user isn't visible if the user ID is below 1000.
>
> > In the same vein, pertaining to these two accounts, is it possible to
> > restrict visibility to certain directories from the restricted
> > account
>
> This can be done with the usual file / directory permissions. However you
> can't hide essential directories like /usr/bin etc.
>
> Another option would be a chroot environment, but I don't know how to use
> it at login time and it is possible to escape from chroot.
>
> > to hide directories and files from view, even the "hidden"
> > options in the various file managers--so that only when logging into
> > the user account with more access do they become visible?
>
> The hidden attribute is only a sort of interpretation of file names
> starting with "." by the file managers or other programs. If there is no
> global configuration override, you probably can't make "hidden" files
> invisible. And in a terminal you can definitely see the files with the
> appropriate commands (e.g. "ls -A").
>
> > I am curious because I read a trial brief this week concerning a laptop
> > that was inspected by border control agents through actually turning it
> > on.
>
> If you want to hide something from border control agents, it is probably
> better to not have sensitive data on the machine. I read something the
> other day, that a laptop hard disk was cloned at border control. You
> can't really hide an account because the user name has to be listed
> in /etc/passwd. Maybe you want to read a bit about truecrypt at
> <http://www.truecrypt.org>, but I can't tell you how safe that would be
> at border control.

Stick a second HD in the machine and unplug it when going through border 
control.






More information about the kubuntu-users mailing list