Single User Security

[dilberts_left_nut]

1337 for dirs with the wrong permissions ...

[bw123]

1337 for dirs with the wrong permissions ...

I ran windows that way for yrs. When I tried it on linux, I found out that it's just too easy to delete/edit/create something somewhere that hoses some part of the system, without realizing it, sometimes days or even weeks later. Mysteriously, the system just starts to degrade, and you really don't understand what error you made and where the problem is. Group ownership in particular seems to be somewhat important, in ways that can be hard to understand.

The problem with the strategy of setting everything up to run as root, and implementing user permissions later, is like driving all nails with the biggest sledgehammer you have. The nails are hard to remove later. You don't drive a nail unless you're sure.

[millpond]

HeadOnASticks "solution" (to a problem i still don't understand) is that he doesn't have to type a password

Yeah, pretty much, along with forbidding `su` access to users not in the wheel group, which I think is a great idea.

Unfortunately, in SID, at least for this system: There is no wheel group in /etc/group

[millpond]

1337 for dirs with the wrong permissions ...

I ran windows that way for yrs. When I tried it on linux, I found out that it's just too easy to delete/edit/create something somewhere that hoses some part of the system, without realizing it, sometimes days or even weeks later. Mysteriously, the system just starts to degrade, and you really don't understand what error you made and where the problem is. Group ownership in particular seems to be somewhat important, in ways that can be hard to understand.

The problem with the strategy of setting everything up to run as root, and implementing user permissions later, is like driving all nails with the biggest sledgehammer you have. The nails are hard to remove later. You don't drive a nail unless you're sure.

Good points, and my apparent surprise here is that there has been no FAQs around as to how to restore a system, that has been say, backed up to an NTFS system. A script to restore default permissions and groups. I remember a decade ago on Jaunty something like that happened, and I had to install it on a second drive and note the permissions in /etc/ and i believe, /usr/lib.

In order to gain total control over a system we needs must *understand* it, Not 'obey' it.
I am not persuing NO security. I am trying to make security issues at my own discretion. Isnt this one of the Four Freedoms?
Perhaps its changed in Lennux.


For example, there are plenty of 'hacking' books for taking control over Win systems, and modding them to taste.
Looking for something like that for Linux.

I do like that in Buster the /usr and /lib trees have been simplified. Perhaps that can be expanded to allow for more interaction with other platforms.

[Head_on_a_Stick]

There is no wheel group in /etc/group

Code: Select all

# groupadd wheel

[GarryRicketson]

For example, there are plenty of 'hacking' books for taking control over Win systems, and modding them to taste.
Looking for something like that for Linux.

It is hard to explain things to a windows user, Linux does have so called "hacking books", they are called the manual, IE :

Code: Select all

man man 

and for example the

millpond wrote:
There is no wheel group in /etc/group

Obviously if a group does not exist one needs to create it, but I don't think windows uses or has those options, don't really know since I don't use it, and never have really.
H-O-A-S showed the command, but for more details, and a example of using the 'man' command:

Code: Select all

man groupadd

or http://man7.org/linux/man-pages/man8/groupadd.8.html

[millpond]

So I'm doing my best to be patient with the newfangled (in comparison) best practices I've developed over time and not let them interfere with others developing their own methods. Try to give pointer when I can and learn as much as possible from others too. It is the Linux/Gnu/Debian way to let anyone that wants to hacker on the software.

Linux was originally designed to be used for a student on a laptop. He adopted the prior sysv structure, including permissions - but the user was typically root and the idea of logging in as a user did not come till much later, and accounts were generally reserved for apps.
In other words the emphasis on file system security was based on keeping *apps* from superuser access, more than users - as it was originally a single user system.

Of course as it advanced and became used in production and enterprise the need for more and better security models became required.

The problem I have is that a clustered Wan systen designed to handle thousands of users, might not be appropriate for my needs, as the security measures can be stifling.

Imagine a system that by default does not even recognize insertion of USB stiicks?
(Strike one, for polkit).

[Head_on_a_Stick]

@OP, have you tried Puppy Linux? That runs as root OOTB.

http://bkhome.org/archive/puppylinux/technical/root.htm

See also https://xkcd.com/1200/

[millpond]

So far the only real option appears to be a VM, or a VT for non-gui stuff.

How about systemd-nspawn?

Adopt, adapt & improve: http://forums.debian.net/viewtopic.php?f=16&t=129390

Now this is exactly what I have been looking for

https://wiki.archlinux.org/index.php/Systemd-nspawn
https://dabase.com/e/12009/

Thinking about using it with /opt.
Or making an /opt2

Might even add email to the system.

Cage all the possiible/probable vectors.

This system has 2 processors, and 4G - so the Lennux method might be preferable to a VM.

Spasibo.

[millpond]

I never thought of this thread as a post asking for a solution to a specific issue, but rather as a discussion thread to probe for ideas on different ways to secure a box and also learn more about the ways Debian is changing currently.


su man page is one of the manuals I keep a close eye on, it's changed several times making for some unusual advice/depreciation statements in stable testing and sid.

With all these "Path problems" and "Directory merge and link" issues rearing their ugly hacks, changing policy, initializing CoC's everywhere, and implementing new tools that obfuscate the changes made, even pottering can't find simple commits in systemd.

I see huge changes being made with little to no regard to backward compatibility.


.

Indeed, I think it a good idea for some key issued to be raised: Particularly how much power devs should have over a user's desktop.
Nothing infuriates me more than as root, the 'access denied' message.
Security issues are quite important, but its the user who should determine the risks. For example I know full well the risks of rm -f / .foo.
My solution is not to restrict my access, but to either use a scripted alias, or in practice use one of my file managers for system management.

I beleive apps, and not users should be sandboxed on a single user system.

With the current direction Lennux is heading, there will soon come a time when I will simply say WHOA! and stop. I've got the source and packages of the Debian archives, and I might then decide to freeze the system and selectively upgrade through source, or even possible switching to an arch/slackware model - if it is possible to migrate the system to it.

Has this ever been done before? With a system over 200G and 25k packages?

My prior 'fully stocked' system was 32 bit and was upgraded from squeeze to jessie, where I stopped. It was spread across 3 disks and worked fine until the primary seagate drive dropped dead suddenly. It was also heavily modded, but ran mostly through rooted tabs in Xterms.

Ultimately i would like to run all my Win apps in wine, after M$ kills off Win7 (like it did XP). Which is one reason to keep with SId so far and its latest RC versions.

[millpond]

As an exampke: I use personalized directories for my files. In running my P2p client and FF (as a user)

What are personalized directories?

I know in advance that the next comment will again make use of terms no one has heard of yet.
I am out.

For example I prefer my download directory to be off / and have evertthing dumped into that. Where I cannot change the dir location to it, I symlink it. This allows me to wite scripts using that directory to be much simpler. And run across multiple machines and architectures. (Same script for all).

There are others, such as a personalized CPAN directory that I use to access from all accounts.

I do not keep personal info or pictures in anything resembling a typical home/media directory fo example. An encryptor booger would have a hard time even finding that type of stuff.

[millpond]

... is that he doesn't have to type a password (?).
Prettty much the only application i need to run as root is gparted anyway.

See my first response for no passwords. See if you have a /etc/sudoers.d/ file. For gparted there is now a policy file for /usr/share/polkit-1/actions. With polkit installed, modify the org.gnome.gparted file with <allow_active>yes</allow_active>,

As of now i just left all systems as they were and it works like a charme.

Like my mint and magaeia systems.

No need to touch them. Not made for heavy lifting.

[millpond]

For example, there are plenty of 'hacking' books for taking control over Win systems, and modding them to taste.
Looking for something like that for Linux.

It is hard to explain things to a windows user, Linux does have so called "hacking books", they are called the manual, IE :

Code: Select all

man man [/quote]


Unfortunately most man pages are written in technogibberish, and many if not most lack realistic examples. 

I can pretty much figure them out with time, and google - but with the mess that Lennux has become, Its quite the chore to even know WHAT to look for. 

buster:/# man "magic cookie"
No manual entry for magic cookie

As for being a Win user, well I was using DOS/Win even before Linux existed. Its not a bad system, only a bad corporate model that its controlled by. Kinda like what RedHat is aspiring to be.

[bw123]

The criticism about man pages is common. It usually ranges from, "Hard to understand, cryptic, too technical" -or- "Not enough information and examples" and it seems like many people don't read them at all, and never try to help by contributing. I find it aggravating when documentation is missing, incomplete, or unavailable but I'd say man pages are a must if you're serious about running the system, especially in an unconventional way.

One of my favorite helpers for man pages is apropos, but there are many other tools to help find information on the system.

Code: Select all

$ apropos cookie

[Bulkley]

I beleive apps, and not users should be sandboxed on a single user system.

Have you tried appimages? They are self-contained and run quite nicely in user-space.

[ruffwoof]

I believe apps, and not users should be sandboxed on a single user system.

Have you tried appimages? They are self-contained and run quite nicely in user-space.

If they share the same X server ... then security is as good as non existent.

[llivv]

I do like that in Buster the /usr and /lib trees have been simplified. Perhaps that can be expanded to allow for more interaction with other platforms.

Can you easily elaborate on your reasons why you like the USR MERGE concept?
I say easily here because there are a lot of other posts with clues I have not fully digested yet....
I see below you mentioned download directory off / , with links used for your orgainzational
apporch, thus making scripts easier to reuse, etc ....

For example I prefer my download directory to be off / and have evertthing dumped into that. Where I cannot change the dir location to it, I symlink it. This allows me to wite scripts using that directory to be much simpler. And run across multiple machines and architectures. (Same script for all).

There are others, such as a personalized CPAN directory that I use to access from all accounts.

I do not keep personal info or pictures in anything resembling a typical home/media directory fo example. An encryptor booger would have a hard time even finding that type of stuff.
http://forums.debian.net/viewtopic.php? ... 45#p690057

sounds similar to how stow works on /usr/local currently.....

To me usrmerge is another step in the wrong direction as user....
in the direction of a unified directory sturcture, like C in win....
I've noticed the new files flying into /bin and the new multi /lib* /lib*arch directories showing
up on a non usrmerge sid.
The symlinks for /bin and /lib are way more than what anyone is telling they are.... ?????
And once impletemented a user will no longer be able to see
any difference between system and user.
And And will have to rely on mostly archaic hints buried and/or banned on the webs...
...to quote a phrase I used to use often when I first joined this forum
and doing my best to unlearn win bad habits "why am I so confused"?

@ xepan : just chat and not sure if this would make this better or worse...
I didn't get what P2p and FF meant when I first read the post either... To me they looked vaguly farmilar so I just skipped over them believing I would eventually put the puzzle that millpond presents here together later.. They looked like old slang used in these forums that has long been forgotten by most including me... I believe they mean Peer 2 peer and firefox ..... millpond please correct me if needed.....

[Head_on_a_Stick]

Sorry to interrupt but...

Can you easily elaborate on your reasons why you like the USR MERGE concept?

https://www.freedesktop.org/wiki/Softwa ... eUsrMerge/

I started out with Arch before moving to Debian and I've always preferred that approach, having stuff in /sbin (or whatever) just seems silly to me.

[llivv]

Sorry to interrupt but...

Yeah yeah
I already know why you like it

[Head_on_a_Stick]

Ah good, that's a relief