Follow Slashdot blog updates by subscribing to our blog RSS feed

 


Forgot your password?
Close
typodupeerror
×
Security Software Linux

Linux Desktop Security for New Users? 80

Posted by Cliff from the protecting-the-initiates dept.
theblkadder asks: "Our company is currently undergoing a company-wide transition to Linux on the desktop. While there are numerous excellent guides and tutorials for the admin crowd, I haven't been able to turn up much for the non-technical user. I'm looking for something that would cover such topics as basic desktop do's and don'ts, like 'do choose a non-dictionary password' and 'don't blindly drop to root and install an unverified/unauthenticated RPM that you receive via email,' etc. Anyone seen a guide like this?"
This discussion has been archived. No new comments can be posted.

Linux Desktop Security for New Users? More

Linux Desktop Security for New Users?

Comments Filter:

  • Sure I've read that guide (Score:3, Insightful)

    by Anonymous Coward on Friday April 23, 2004 @11:25PM (#8956884)
    It's called the don't-give-anyone-root.
    You don't give anyone root and let them do whatever they want.

  • You'll probably end up writing your own... (Score:4, Insightful)

    by toddlg ( 319712 ) on Friday April 23, 2004 @11:32PM (#8956906)
    I'm looking for something that would cover such topics as basic desktop do's and don'ts, like...'don't blindly drop to root and install an unverified/unauthenticated RPM that you receive via email,' etc.

    When you say non-technical and 'basic dos and don'ts,' that example seems pretty technical. You might just as easily say "don't double-click unverified email attachments."

    IMO you will probably be in the best position to write this documentation because you know your typical user and probably know what they are and aren't allowed to do already on their new desktop. I'd be interested in seeing what something like this looks like if it does exist...

    Todd

  • FP-First Point. (Score:2, Informative)

    by Anonymous Coward
    theblkadder asks: "Our company is currently undergoing a company-wide transition to Linux on the desktop."

    and

    "I'm looking for something that would cover such topics as basic desktop do's and don'ts, like 'do choose a non-dictionary password' and 'don't blindly drop to root and install an unverified/unauthenticated RPM that you receive via email,' etc."

    Um...excuse me. Why do your desktop users have the root password?

    Besides Linux can be set up to reject inappropriate passwords.

  • root (Score:5, Insightful)

    by BinLadenMyHero ( 688544 ) <binladen@9hel[ ]org ['ls.' in gap]> on Friday April 23, 2004 @11:42PM (#8956934) Journal
    don't blindly drop to root and install an unverified/unauthenticated RPM that you receive via email

    That would be nice to say to a home user.
    But on a work environment, why give the root password to the (non-linux-experienced) users in the first place?

    • Re:root (Score:3, Funny)

      by ManxStef ( 469602 )
      don't blindly drop to root and install an unverified/unauthenticated RPM that you receive via email

      That would be nice to say to a home user.
      ...and if a home user actually understood what the above phrase meant rather than looking at you like you just insulted their mother in a foreign language , that would be nice too! ;)
    • Unsuprising that this is the very first serious comment -- it was the first thing that came to my mind. Then I thought of an answer: you're always going to have users who demand SU access to their own machines, and inevitably this will include people who don't know as much as they think they do.

      OK, now for a SU war story. I used to work at Sun, and shortly before I was hired they instituted a policy that nobody got their machines root password unless they could convince IT they really needed it. This was

  • Dropping to root? (Score:5, Insightful)

    by Lochin Rabbar ( 577821 ) on Friday April 23, 2004 @11:52PM (#8956971)

    Why would non technical users have root access in a commercial environment. Not even management should have such access, beyond being able to get the password from a sealed package in a safe in an emergency, and then only with checks to ensure that no one can withdraw it without authority. No system is secure unless the root password is restricted to the admin that needs to use it, and ideally that should be a single person.

    • Re:Dropping to root? (Score:1, Informative)

      by Anonymous Coward
      Most universities allow staff, faculty, and students to plug their own computers into the network. Most of them control their own computers and have root access on platforms that have root. Many of these people are "non-technical" as well. This tends to make support and network administration more difficult, but that's why those guys get paid the big bucks.

      • Yes, but they don't hand out root access to the universities machines, and if they're wise they minimise the number of people with root access to any given machine. For example a computer lab will have a small team responsible for it but the people in that team won't have root access to the machines in the library. The central records database will have a dedicated admin and so on.

        • Yes, one of the big points with having a Unix based system is that you don't need root privilages to use a computer. You can install programs in user space and run them from there just fine.

  • Alice's Adventures in Wonderland (Score:3, Funny)

    by Anonymous Coward on Friday April 23, 2004 @11:59PM (#8956989)
    Someone once told me that _Alice's Adventures in Wonderland_ is the best book on any subject for the layman. Try that.

  • Why? (Score:5, Insightful)

    by Jerf ( 17166 ) on Saturday April 24, 2004 @12:04AM (#8957012) Journal
    I'm looking for something that would cover such topics as basic desktop do's and don'ts, like 'do choose a non-dictionary password' and 'don't blindly drop to root and install an unverified/unauthenticated RPM that you receive via email,' etc. Anyone seen a guide like this?

    Why?

    Do you expect anyone to actually read this document?

    Oh, I wish I were being sarcastic.

    Either enforce things (your password policy), or wait for people to have trouble so you know what to document (every installation is unique, and you're wasting time trying to predict how your users will react when you could just wait and see).

    The only purpose of such a document, in the end, is CYA anyhow. And again, I wish I were being sarcastic. If you can't enforce it, people are going to do it.

    The only possible exception is if this is a technical group of users who will be daily and strongly held accountable for violations. Basically, the only group of people who meet these two criteria are Computer Science (or related disciplines) students.

    Otherwise, don't bother. Not sarcasm.
    • Actually many people use various unices for certain things - 3D (PIXAR), analyzing data (Psychology students) -- my roommate for example is computer illiterate - she is a masters of Psychology student and she analyzzes all of her data on a Unix platform - she will be switching to linux because it "just makes sense" to her. (good thing I'm around to help with the transition)
    • Why shouldn't anyone read the document? Write a guide (1-2 pages) with the most important does and donts and put it on everyones desktop with an exclamation mark.

  • Let me get this straight... (Score:3, Interesting)

    by Brandybuck ( 704397 ) on Saturday April 24, 2004 @12:12AM (#8957036) Homepage Journal
    Let me get this straight. You're company is transitioning to Linux on the desktop, but they're leaving administrative policy to the user? Make sure your resume is in order, because you may need it.

    Password policy will already be determined by the IT department. Users will never have to worry about unauthenticated packages, because users will never be able to install them. Yada, yada, yada. This is so damned obvious I must be missing something in the question...

  • A couple of thoughts (Score:5, Informative)

    by Prior Restraint ( 179698 ) on Saturday April 24, 2004 @12:29AM (#8957100)

    Others have pointed out that root for an end-user is a bad idea, so here's a couple of other ideas off the top of my head.

    • Avoid putting . or ~/bin in your PATH if possible. If you absolutely must do so, put them at the end.
    • Don't walk away from the machine without locking it (not Linux-specific, but it bears mentioning).
    • "rm does not move a file to the trash; it's gone for real"
    • Don't hit Ctrl-Alt-Backspace.
    • "Copy and paste" can be as easy as "highlight and middle-click."

    When I try to come up with a list of Don'ts for computers, I think of my dad. He's the living embodiment of the phrase, "A little bit of knowledge can be a dangerous thing" (No, Dad, you can't save disk space by getting rid of that .dll). Most users won't ever bring up an xterm, but people get bored at work, and then they start looking for interesting ways to entertain themselves.

    • As I'm in the middle of a desktop linux rollout, let me amend your suggestions a bit:

      Don't hit ctrl-alt-anything, in fact disable all of them if you can.

      "Copy and paste" can be as easy as "highlight and middle-click."
      But frequently it isn't. The most *consistent* way to get copy/paste to work, especially between vastly different apps (wine/openoffice/mozilla/kde) is just to use the old hilight+right-click way and don't even tell them about the other way(s) unless they ask.

      Otherwise, good suggestions a

      • Historically you are correct, but an office should select which apps users run. One thing to select on is conformance with Freedesktop.org [freedesktop.org] standards. KDE and GNOME both follow this, as do most other modern X apps (which is a minority I grant)

      • Ctrl-Alt-Backspace & similar functions can be turned off.
        • Option "DontVTSwitch" in the appropriate section of your XF86Config file disables switching to text virtual terminals;
        • Option "DontZap" Neuters Ctrl-Alt-Backspace;
        • Option "DontZoom" Turns of resolution switching.

        Read the manual page for XF86Config for details. There are probably several things in here that you want to setup if you are trying to create a linux desktop for normal users.

        -- Ecks

    • Bah! Users will never figure out that 'rm' will very much eat their files. Personally, though, I find a misplaced shell redirect '> pron.txt' (Crap, I meant to overwrite plan.txt!) is even more trouble than that. Insta-wipe with no left-over data on the disk.

      I'd recommend looking into libtrash [m-arriaga.net]. Very handy, saves stretch on your tapes -- we are keeping regular backups, right?

      Another good tip that gets me sometimes is, when you use the paste buffer (explicit Ctrl-C), the originating program has to st

      • As long as we're on the topic...

        sed s/foo/bar/g < in.txt > in.txt

        Whoops! (had a coworker do this just yesterday)

        Also, I don't know if any distributions still do this, but I used to have an old version of RedHat that defaulted to aliasing rm to rm -i; ditto for cp and mv. It seems newbie-friendly, but it really just encourages carelessness in the event they find themselves on a different system.

    • Re:A couple of thoughts (Score:3, Informative)

      by Piquan ( 49943 )

      Avoid putting . or ~/bin in your PATH if possible.

      Huh? I can understand not putting . in your PATH-- icky nasty security issues abound-- but what's wrong with ~/bin?

      Don't hit Ctrl-Alt-Backspace.

      Again, why not? I've seen labs with notices to hit Ctrl-Alt-Backspace before leaving. (That's the only way to logout that works across WMs.)

      I also would expect that it's a good idea to hit it before logging in, to make sure you're really looking at XDM. This is why you hit Ctrl-Alt-Delete to log into NT: ap

      • That's the only way to logout that works across WMs

        Except it doesn't log out. It just kills everything very nastily. Unless you're trying to kick someone off, log out normally. All modern, and most ancient, window managers have a way to log out.

        • Re:A couple of thoughts (Score:4, Insightful)

          by Piquan ( 49943 ) on Saturday April 24, 2004 @02:14AM (#8957436)

          Except it doesn't log out. It just kills everything very nastily.

          Not too nastily. Less nastily than a kill -9, for sure. The apps still can do whatever shutdown operations they need to.

          But let me paint you a picture. A lab where most of the occupants aren't Unix people. Some of them aren't really computer people. They're hardware designers, or embedded systems programmers, or {domain} experts, or other such things. All of them are good at what they're hired for, but may not be good at other stuff. Like using a PC.

          Most of these people got their .profile and .xsession by copying somebody else's, if they're not just using the system default. They didn't pick their WM, because they don't really care much about their WM. They've never taken time to learn anything. They have their xterm start up when they log in, and a row of CDE-style buttons to launch other xterms, a web browser, and maybe Citrix. No easy button to log out.

          So they'll often log into a box, do what they need, then wander over to some piece of equipment they need to work on, without logging out. There's only six general-purpose PCs in the lab, so it doesn't take long before they run out if people stay logged in when they're not using them There's a new threat: people hitting the Reset switch when they come across a logged-in but unoccupied machine.

          Now, the lab manager needs to make a notice to log out. If there aren't concise, clear instructions on lab notices, they don't get followed. So that's the notice.

          Now the other end. What's the harm? Apps still get their notice to shut down. They can save user configs, send termination notices to network peers, whatever they need to do as long as it doesn't involve interaction with the X server.

          Sure, it'd be nice if everybody knew all about the tools they used. Hell, it'd be nice if they had basic understanding of their WMs. But they don't, and we don't expect most of them to any more than we expect them to play a trumpet. It's just not what they need to do for their job.

          • You can get xlock or xscreensaver to automatically logout anyone who's been inactive for 15 minutes -- plenty of universities use that for their computer rooms.
          • Losing the X connection results in Xlib terminating the app immediately, unless the app has trapped X errors and tries to do something with them, which almost nothing does because ctrl-alt-backspace is the wrong way to log out. If the WMs used are so confusing that it's not clear how to log out, use a better WM.

            It's like saying hitting reset is a good way to log out, It's not.

      • "Huh? I can understand not putting . in your PATH-- icky nasty security issues abound-- but what's wrong with ~/bin?"

        If your user account is compromised, you can be tricked into running a different program than you intend. Alternately, if you mess up the permissions on your ~, you can be made to run a different program, compromising the account.

        While I don't think it's a huge risk, it's not exactly good practice, and should definitely be disabled in a corp. desktop/multiuser environment.

        "I also would e
        • If your user account is compromised, you can be tricked into running a different program than you intend. Alternately, if you mess up the permissions on your ~, you can be made to run a different program, compromising the account.

          What's the difference? If someone is writing to ~/bin, my account has already been compromised. They can trick me into doing what? Deleting all my files? But they could have just done that themselves if they had write access to my home directory.

        • Re:A couple of thoughts (Score:3, Insightful)

          by Piquan ( 49943 )

          If your user account is compromised, you can be tricked into running a different program than you intend.

          If my user account is compromised, then I don't really need to be tricked; the attacker can just run the programs directly. Or if he's trying to spoof a password prompt, he can edit my .profile and set my PATH to whatever he wants anyway.

          Alternately, if you mess up the permissions on your ~, you can be made to run a different program, compromising the account.

          Again, if ~ has bad perms, then the att

          • Like I said, I don't think it's a huge risk. But how's this scenario for you? One of your commonly-used apps (say, Mozilla, or Evolution) has a security hole which allows a malicious user to have it write - but not execute - files. It could put a malicious program in ~/bin, thereby compromising your entire account, and possibly springboarding to get root. Sure, it could just write to your .ssh/authorized_keys, but it could install a trojan 'su' or 'sudo' binary that would save the passwords entered, comprom
    • This is how to enforce the machine locking rule:

      When you find a machine that is unlocked, open up the e-mail program and send a short mail to everyone in the company saying "Hi my name is [owner of unlocked machine] and I left my machine unlocked. Just thought you should know. Come laugh at me later, will you". Then you helpfully lock the machine for the person.

      The other employees will soon start policing themselves in an effort to embarass their colleagues.

    • Avoid putting . or ~/bin in your PATH if possible. If you absolutely must do so, put them at the end.

      I can't think of any reason you'd have to have . in your PATH. It's not that hard to type "./" before a command. (Though I admit, having learned Unix back in more innocent days, I still usually forget.) But I'd really balk at not being able to have a private bin directory, especially on a machine where I didn't have root access. Nor do I see the point. If you're sophisticated enough to write your own prog

      • how would one remove . from the path?

        some of the boxes I work on at school add it atomatically. I would just manually set the path, but that is annoying for two reasons.

        The first being that occasionally they add something, which would break things and I would have to then go and fix it manually.

        the second being that their script is all nicely machine independant and replicating that would take actual work

        it seems as though one sed line should do it, but I couldn't figure it out (hardware person, not so
    • "rm does not move a file to the trash; it's gone for real"
      Also, rm doesn't stand for rename. (oops)
  • With the hype around Linux's security, why are users allowed to do this? Would it not be easier to deny the ability to use a non-alpha+numperic password? This could be easily implemented into any distrobution.

  • The other half of... (Score:4, Informative)

    by zcat_NZ ( 267672 ) <zcat@wired.net.nz> on Saturday April 24, 2004 @01:12AM (#8957272) Homepage
    The other half of 'don't give users root' - you need to set permissions or assign users to groups so that they never need root in normal use. And you should leave sshd running so that when a user calls, you can make these changes without leaving your desk.

    Some examples; /dev/floppy, /dev/cdrom; needs to automount when a disk is inserted, or be mountable and ejectable by a desktop icon.

    dialup networking; use modemlights, kppp, or set up dial-on-demand.

    shutting down; some distros require the root password to shutdown. If yours does, reconfigure this.

    The end user shouldn't need root _ever_ for day-to-day computer use. If they want anything more than the basic 'look and feel' desktop settings changed, they should call tech support.

    You might also want to make the machine console-secure as far as possible. Boot only from HDD, set a password on the bootloader and BIOS, replace the case screws with torx screws, etc. It depends who has physical access, and how secure you need to be.

    • If you are gonna require a password on the BIOS and/or bootloader, why would you let anyone but root shut the machine down?
      • You could require a password for getting into the edit portion of the BIOS, or to alter the command line on the boot loader.

        (cause linux init=/bin/bash is tons of fun, but not something you want someone else to do :)

    • Think carefully about putting automount on the floppy and CD. Most users won't need it. Writable media opens up the possibility that a spy is selling your secrets. (Of course they still can sell them without write access, but it is harder) Other users will use the floppy/CD to install non-work related things (games, or pirated software because they have decided foo is better than what the company legally has).

      There are a few other arguments against having user accessable media drives on the desktop, w

    • shutting down; some distros require the root password to shutdown. If yours does, reconfigure this.

      These are end users. Configure your systems to shut down cleanly when they press the off switch. Have a look in /etc/acpi to find out how to do this.

      • Dude, you rock! I never knew you could to do that in Linux :)

        (Yeah, I'm an idiot, I should have known it was possible but I've got used to crap like my TV-out being unsupported, so I never thought about it. Why isn't this the default on major distro's already?)
        • This feature is actually enabled by default in SuSE Linux. So, all someone has to do is pass by a SuSE Linux box and hit the power button and as long as the box supports ACPI, it does a graceful shutdown of the machine and powers it off. If the machine doesn't support ACPI or has problems with ACPI that requires you to leave ACPI turned off, it instantly shuts it off when the power button is pressed. :(

  • Are you a Windows administrator? (Score:4, Insightful)

    by flabbergast ( 620919 ) on Saturday April 24, 2004 @01:57AM (#8957399)
    I'm not asking the subject question to poke fun at you or flame. From your description and discerning how you plan to setup Linux on the desktop it sounds like you're missing one of the benefits of Unix because you're looking at it as a Windows admin. But I could be completely wrong.
    You can set up desktop as basically a terminal using X. I know, what a waste of a desktop right? But, that's how Unix is built. You can setup a server (or multiple servers of necessary) to act as your main server and each desktop is really logging into the server using XDMCP [tldp.org]. Or look at the Linux Terminal Server Project [ltsp.org]You lock out logging into the local machine and poof! All user files are forced onto the server so there's no pesky phone calls like "Well I saved the file onto c:\pron\pron\pron\pron2\pron2 but the hard disk just went bad! YOU need to get it back for my board meeting in five minutes!" I realize this is a lot of overhead, but you can gain alot of control this way like upgrading OO.org for everyone without having to update every single desktop.

    Perhaps XDMCP is too insecure for you or you have so many users that XDMCP would be too difficult. That doesn't mean you can't set it up like I've described. It just gets complicated, which means its beyond my meager expertise, but I've seen it set up that way at school.
    • Don't wanna waste the power you've got in all those desktop systems? Set 'em up as an OpenMOSIX cluster. And dude... never give your users root access.
    • AOL.

      All good Unix installations I've used have had thin clients - either just enough disk to boot and NFS mount everything, or (more rarely) set up as X terminals.

      Any Windows install where all software is installed separately on hundreds of desktops looks stoneage compared to that.

      • As many people have suggested you will probably have to write this on your own. Users will not have access to root... is probably a good place to start.

        The Linux terminal server project [ltsp.org] would be a good place to look for ideas on how to build this. In my opinion the real bang for the buck from Linux on the desktop would come from leveraging X11, NFS, and NIS or the "thin client model", to create a graphical computing environment analogous to the VAX/VMS environment for vt-220 terminals from the mid 1980s.

    • It's a resonable question. No, I'm about the furthest thing from a Windows Admin you could find(unless you count the two Windows instances I have at home.) And I'm not responsible for the transition, I was just responding to seeing a mix of technical(but non-Linux experienced) & non-technical people in the organization doing Bad Things(TM). When said things were pointed out to them, they requested a do's&don't document, which I was elated to see them ask for.

      With regards to your suggestion, I appre

      • I was just responding to seeing a mix of technical(but non-Linux experienced) & non-technical people in the organization doing Bad Things(TM). When said things were pointed out to them, they requested a do's&don't document, which I was elated to see them ask for.

        I think I now understand why your users have root, at least for their own machines. It's still a mistake, at least for the non technical users. One of the great things about Linux is that a machine with a broadband connection can be admi

    • Going to XDMCP seems a bit on the extreme side; moving over to an NIS/NFS (or other more modern or secure systems like Kerberos/LDAP and AFS) and forcing all user files to be written to their home directory which is shared over NFS.

      There's enough tools out there (such as cfengine) to handle updating the desktops that, if you have decent desktops, I can't see why you'd want to make them all dumb terminals.
  • Which probably isn't as large a task as you might imagine. It will also give you the chance to customize it to your users, which makes it a whole lot more likely that people will read it. There is plenty of online material to use as a reference, especially when it comes to password choice. Also look around for documents from university computer labs or university computer support services. You may find some ideas there.

    You also might want to consider making people pass a quiz in order to get an account
  • It's really not much more complicated like that. If you can get everyone to choose good passwords, change them frequently, and not share them with each other, then you are good to go.

    You can hire network administrators to tell you which protocols are safe and which are not, and where you should use them and how. You can hire system administrators to watch your main systems and harden them as well. You can even get some internal tech support people to help out the users and make sure all the machines are up and secure.

    But it always comes down to the individual users: Get a good password, change it frequently, and never share it with anyone, period.
    • ...choose good passwords, change them frequently,...

      While I agree in principle, those two are almost mutally exclusive. Unless you have a super memory, it's going to be difficult to have genuinely good that change frequently. By good, I mean randomly generated, containing characters from different sets (uppercase, lowercase, numbers, symbols) and of sufficient length (6-8 characters).

      At the company I work, there is a password policy in effect that mandates password rotation every 90 days. When I first
  • If you are migrating from an existing infrastructure then you had policies in places before for desktop users, hadn't you?

    Common practices for desktops change very little from platform to platform and have more to do with your environment.

    Use the previous policies you surely had, addapt them to Linux, and add the bits that pertain only to Linux.

  • Simple Question (Score:2, Interesting)

    by mrcutrer ( 265376 )
    Has anyone in here ever recieved a unauthenticated RPM in email?

    I have never recieved one personally. It's always nasty window crap I get, and laugh at because I don't run windows.

    The only time I get ebuilds are from portage. And from the official websites of programs I am seeking, never in email attachments.

    This raises another question though. If linux takes off, will we see a huge influx of linux worms and general crap that are proliferating windows right now?

Slashdot Top Deals

UNIX is hot. It's more than hot. It's steaming. It's quicksilver lightning with a laserbeam kicker. -- Michael Jay Tucker

Close