How-to Require password / login at startup

[Subito Piano]

Somebody smarter than me must have realized this long ago....

If you want to keep your Puppy private, requiring a password at bootup, try this simple fix:

• 1. Click on lock (xlock) to set up your password, if you haven't already
  2. Drag "xlock" from /usr/bin/ to ~/Startup. Choose "Link (absolute)" from the choices given in the pop-up menu.

Now, whenever you start Puppy, you will see the desktop only for a moment, then xlock will kick in to lock everyone else out. Sure, you could use a BIOS password if you only use one computer, but this fix will work even if you keep Puppy on a USB stick and use it in different computers.

[Barkin]

Xlock had (has?) a security weakness ...

... When you click the 'lock' icon at top-right of screen, you get a screensaver. The main usage is if you leave your desk, this will prevent others from accessing your computer -- however, ctrl-alt-backspace exits to the console and then they can type "xwin" to bring back the desktop, then they can snoop around

http://bkhome.org/blog/?viewDetailed=01653

[8-bit]

How about just using an encrypted pupsave file?
On booting, you are asked for your password and your personal stuff is protected.
Of course if you forget your password your pupsave cannot be accessed at all.

[Subito Piano]

CTRL+ALT+BACKSPACE no longer brings up the console (not in my 5.28 lucid, anyway), so that's not a problem.

Don't recall learning about an encrypted pupsave file -- but then, there are other ways to do this anyway. This one is pretty straightforward, even for newbies.

[8-bit]

Since all your personal data is in your pupsave, if you boot another puppy version, you could then click on that pupsave file to mount it and completely bypass your xlock modification.
Or for that matter, you would just mount it, remove or change executable permissions on the file in Startup and you are in.

That is why I suggested using a password protected pupsave file.
To gain access to it in booting Puppy or mounting it externally, one would have to know the password.

And when you boot Puppy, it still would ask you for a password before it loaded the pupsave file.

And it is a feature that is part of puppy without having to modify any other files.

There was a problem with encrypted pupsave files on a USB installed Puppy, But Barry fixed that with Warry and also added the ability to mount an encrypted pupsave file by clicking on it and supplying the password.
Of course there was a restriction that the pupsave could not be the one in use by puppy at the time.

[Barkin]

If anyone requires encryption of the pupsave file, read thisfirst before choosing between "heavy" and "light" encryption.

[Flash]

Encryption is the most extreme form of access control. If you lose the encryption key, there is essentially no hope of recovering the encrypted information.

If you just don't want anyone who has physical access to your Save file to be able to snoop in your business and you don't have anything in your Save file that would put you in Gitmo, or at least in court, I'd say be satisfied with password protecting the Save file. The fact that you can access it from another Puppy is a feature, not a bug. If someone else somehow winds up with your USB flash drive and wants to see if anything is on it, he'll almost certainly stick it into a Windows computer, which won't be able to read it. At that point, he'll probably just delete the Save file or reformat the drive, and use it for something else.

[Subito Piano]

Wow - lots of good info here. When i posted this, i had in the back of my mind a user who wanted to keep his grandkids, etc., off his files -- def. a "low-security" issue.

This points to one of the best things about Puppy and Linux in general -- a wealth of choices.

[sebus]

CTRL+ALT+BACKSPACE no longer brings up the console (not in my 5.28 lucid, anyway), so that's not a problem.

It definitely DOES in Fatdog 64 521

sebus

[Subito Piano]

But even if CTRL+ALT+BACKSPACE brings up the console, then haven't you exited from X? Then, if xlock is in your startup applications folder as above, as soon as you log back in (i.e., start X), xlock will kick in again and ask for your password -- making an endless loop unless you know the password. If that's not the case, OK, but it seems to me that it will work this way...

[sebus]

It does kill X session. Sure. xwin will bring the SS back with need for password (if only the screensavers were a tad nicer...)

sebus

[ozsouth]

Nice idea. Another option (which I use):

If you save the following as /etc/inittab , you will be asked for a password each login.


::sysinit:/etc/rc.d/rc.sysinit
#tty1::respawn:/sbin/getty -n -l /bin/autologinroot 38400 tty1
tty1::respawn:/sbin/getty 38400 tty1
tty2::respawn:/sbin/getty 38400 tty2
tty3::respawn:/sbin/getty 38400 tty3
::ctrlaltdel:/sbin/reboot

[shadower_sc]

The Following only works when using Xorg.
Edit the files "/etc/X11/xorg.conf" and "/etc/X11/xorg.conf0".

Find the Server Flags section and uncomment the following line:
Option "DontZap" "false"

Replace "false" with "true" to disable Ctrl+Alt+Backspace.

[Subito Piano]

IDK who's watching this thread -- but it seems to me that this ought to be set to true by default in all releases, no?

[shadower_sc]

The Ctrl+Alt+Backspace key-combo is a useful shortcut. It is somewhat troublesome for those that are wanting to lockdown their environment, but the option is there to disable it. I don't know that I would want it to be disabled by default in my main desktop release.

[Subito Piano]

Does that change TOTALLY disable CTRL+ALT+BACKSPACE or just disable it when xlock is running?

[shadower_sc]

That change totally disables the Ctrl+Alt+Backspace shortcut for restarting the X server.

[Subito Piano]

OK - for what it's worth for anyone still following this thread --

Interestingly, in Fluppy (Wary 5.2.2), CTRL+ALT+BACKSPACE works fine -- but it will not bypass xlock. IDK who did what to fix this weakness of xlock, but like i said, it seems this feature should be standard in all puppies...

Anyway, tested in Puppy 4.2R: If you drag xlock from /usr/bin (NOT from the desktop) to your startup folder in Home and choose "Link (absolute)" - then you will create the "endless loop" and be password-protected. Now, CTRL+ALT+BACKSPACE will stop the xlock screensaver and go to the prompt -- but typing "xwin" to restart X will only bring up the X window for a moment, then xlock will kick back in again, locking you out. You'll need to know the password to start X and do any work. Now, idk if it's the MOST secure method -- but it seems it should work for most ppl. It's not the only solution, of course, but again, there's a beauty in choices.