Puppy Linux Discussion Forum Forum Index Puppy Linux Discussion Forum
Puppy HOME page : puppylinux.com
"THE" alternative forum : puppylinux.info
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

The time now is Thu 23 Oct 2014, 00:52
All times are UTC - 4
 Forum index » House Training » HOWTO ( Solutions )
How-to Require password / login at startup
Moderators: Flash, Ian, JohnMurga
Post new topic   Reply to topic View previous topic :: View next topic
Page 1 of 2 [18 Posts]   Goto page: 1, 2 Next
Author Message
Subito Piano


Joined: 27 May 2007
Posts: 488
Location: UPSTATE New York

PostPosted: Thu 19 Jan 2012, 13:02    Post subject:  How-to Require password / login at startup  

Somebody smarter than me must have realized this long ago....

If you want to keep your Puppy private, requiring a password at bootup, try this simple fix:
    1. Click on lock (xlock) to set up your password, if you haven't already
    2. Drag "xlock" from /usr/bin/ to ~/Startup. Choose "Link (absolute)" from the choices given in the pop-up menu.
Now, whenever you start Puppy, you will see the desktop only for a moment, then xlock will kick in to lock everyone else out. Sure, you could use a BIOS password if you only use one computer, but this fix will work even if you keep Puppy on a USB stick and use it in different computers.
Back to top
View user's profile Send private message Visit poster's website 
Barkin


Joined: 12 Aug 2011
Posts: 727

PostPosted: Thu 19 Jan 2012, 14:43    Post subject:  

Xlock had (has?) a security weakness ...

Quote:
... When you click the 'lock' icon at top-right of screen, you get a screensaver. The main usage is if you leave your desk, this will prevent others from accessing your computer -- however, ctrl-alt-backspace exits to the console and then they can type "xwin" to bring back the desktop, then they can snoop around

http://bkhome.org/blog/?viewDetailed=01653

Last edited by Barkin on Thu 19 Jan 2012, 14:48; edited 1 time in total
Back to top
View user's profile Send private message 
8-bit


Joined: 03 Apr 2007
Posts: 3382
Location: Oregon

PostPosted: Thu 19 Jan 2012, 15:04    Post subject:  

How about just using an encrypted pupsave file?
On booting, you are asked for your password and your personal stuff is protected.
Of course if you forget your password your pupsave cannot be accessed at all.
Back to top
View user's profile Send private message 
Subito Piano


Joined: 27 May 2007
Posts: 488
Location: UPSTATE New York

PostPosted: Thu 19 Jan 2012, 15:32    Post subject:  

CTRL+ALT+BACKSPACE no longer brings up the console (not in my 5.28 lucid, anyway), so that's not a problem.

Don't recall learning about an encrypted pupsave file -- but then, there are other ways to do this anyway. This one is pretty straightforward, even for newbies.
Back to top
View user's profile Send private message Visit poster's website 
8-bit


Joined: 03 Apr 2007
Posts: 3382
Location: Oregon

PostPosted: Fri 20 Jan 2012, 03:30    Post subject:  

Since all your personal data is in your pupsave, if you boot another puppy version, you could then click on that pupsave file to mount it and completely bypass your xlock modification.
Or for that matter, you would just mount it, remove or change executable permissions on the file in Startup and you are in.

That is why I suggested using a password protected pupsave file.
To gain access to it in booting Puppy or mounting it externally, one would have to know the password.

And when you boot Puppy, it still would ask you for a password before it loaded the pupsave file.

And it is a feature that is part of puppy without having to modify any other files.

There was a problem with encrypted pupsave files on a USB installed Puppy, But Barry fixed that with Warry and also added the ability to mount an encrypted pupsave file by clicking on it and supplying the password.
Of course there was a restriction that the pupsave could not be the one in use by puppy at the time.
Back to top
View user's profile Send private message 
Barkin


Joined: 12 Aug 2011
Posts: 727

PostPosted: Fri 20 Jan 2012, 04:33    Post subject:  

If anyone requires encryption of the pupsave file, read this first before choosing between "heavy" and "light" encryption.
Back to top
View user's profile Send private message 
Flash
Official Dog Handler


Joined: 04 May 2005
Posts: 11120
Location: Arizona USA

PostPosted: Fri 20 Jan 2012, 08:57    Post subject:  

Encryption is the most extreme form of access control. If you lose the encryption key, there is essentially no hope of recovering the encrypted information.

If you just don't want anyone who has physical access to your Save file to be able to snoop in your business and you don't have anything in your Save file that would put you in Gitmo, or at least in court, I'd say be satisfied with password protecting the Save file. The fact that you can access it from another Puppy is a feature, not a bug. Smile If someone else somehow winds up with your USB flash drive and wants to see if anything is on it, he'll almost certainly stick it into a Windows computer, which won't be able to read it. At that point, he'll probably just delete the Save file or reformat the drive, and use it for something else.
Back to top
View user's profile Send private message 
Subito Piano


Joined: 27 May 2007
Posts: 488
Location: UPSTATE New York

PostPosted: Fri 20 Jan 2012, 10:22    Post subject:  

Wow - lots of good info here. When i posted this, i had in the back of my mind a user who wanted to keep his grandkids, etc., off his files -- def. a "low-security" issue.

This points to one of the best things about Puppy and Linux in general -- a wealth of choices. Smile
Back to top
View user's profile Send private message Visit poster's website 
sebus

Joined: 20 Jan 2012
Posts: 62

PostPosted: Sun 22 Jan 2012, 11:36    Post subject:  

Subito Piano wrote:
CTRL+ALT+BACKSPACE no longer brings up the console (not in my 5.28 lucid, anyway), so that's not a problem.


It definitely DOES in Fatdog 64 521

sebus
Back to top
View user's profile Send private message 
Subito Piano


Joined: 27 May 2007
Posts: 488
Location: UPSTATE New York

PostPosted: Mon 23 Jan 2012, 22:21    Post subject:  

But even if CTRL+ALT+BACKSPACE brings up the console, then haven't you exited from X? Then, if xlock is in your startup applications folder as above, as soon as you log back in (i.e., start X), xlock will kick in again and ask for your password -- making an endless loop unless you know the password. If that's not the case, OK, but it seems to me that it will work this way...
Back to top
View user's profile Send private message Visit poster's website 
sebus

Joined: 20 Jan 2012
Posts: 62

PostPosted: Tue 24 Jan 2012, 03:29    Post subject:  

It does kill X session. Sure. xwin will bring the SS back with need for password (if only the screensavers were a tad nicer...)

sebus
Back to top
View user's profile Send private message 
ozsouth

Joined: 01 Jan 2010
Posts: 143
Location: S.E Australia

PostPosted: Tue 24 Jan 2012, 07:17    Post subject: Require password via inittab  

Nice idea. Another option (which I use):

If you save the following as /etc/inittab , you will be asked for a password each login.


::sysinit:/etc/rc.d/rc.sysinit
#tty1::respawn:/sbin/getty -n -l /bin/autologinroot 38400 tty1
tty1::respawn:/sbin/getty 38400 tty1
tty2::respawn:/sbin/getty 38400 tty2
tty3::respawn:/sbin/getty 38400 tty3
::ctrlaltdel:/sbin/reboot
Back to top
View user's profile Send private message 
shadower_sc

Joined: 21 Apr 2010
Posts: 129
Location: Texas

PostPosted: Fri 27 Jan 2012, 11:00    Post subject: Disable Ctrl+Alt+Backspace  

The Following only works when using Xorg.
Edit the files "/etc/X11/xorg.conf" and "/etc/X11/xorg.conf0".

Find the Server Flags section and uncomment the following line:
Option "DontZap" "false"

Replace "false" with "true" to disable Ctrl+Alt+Backspace.
Back to top
View user's profile Send private message 
Subito Piano


Joined: 27 May 2007
Posts: 488
Location: UPSTATE New York

PostPosted: Fri 27 Jan 2012, 11:24    Post subject:  

IDK who's watching this thread -- but it seems to me that this ought to be set to true by default in all releases, no?
Back to top
View user's profile Send private message Visit poster's website 
shadower_sc

Joined: 21 Apr 2010
Posts: 129
Location: Texas

PostPosted: Fri 27 Jan 2012, 11:34    Post subject: Disabling Ctrl+Alt+Backspace  

The Ctrl+Alt+Backspace key-combo is a useful shortcut. It is somewhat troublesome for those that are wanting to lockdown their environment, but the option is there to disable it. I don't know that I would want it to be disabled by default in my main desktop release.
Back to top
View user's profile Send private message 
Display posts from previous:   Sort by:   
Page 1 of 2 [18 Posts]   Goto page: 1, 2 Next
Post new topic   Reply to topic View previous topic :: View next topic
 Forum index » House Training » HOWTO ( Solutions )
Jump to:  

You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group
[ Time: 0.0825s ][ Queries: 11 (0.0144s) ][ GZIP on ]