Personal Development for Smart People Forums - View Single Post

Minsc · 12-10-2007, 11:14 PM

If you're going to be using Linux, you don't really have to worry about them screwing up your computer as long as your permissions are set up right(meaning the file permissions). Security in Windows is pretty much a joke although I hear it's better in Vista. (in XP they can either change settings or they can't)

For Linux, they should be fine downloading and running whatever as long as:
-Linux does support multiple accounts. You'll want them to have their own accounts.
-They shouldn't really need write access outside of their home directory(basically any random directory that's meant to be only for their files that you've configured as home, but it's usually in /home/) and with the sticky bit in some temp/var folders(which should already be configured).
-Without write access it's impossible for them to screw anything up but there could still be some data mining attempts. There's no reason to have read access to /etc/passwd and /etc/shadow if it exists since those have your user's passwords in them. Do the same for any other sensitive data. Users also probably shouldn't be able to read each other's home directories or yours.
-If you're really paranoid then you could make thier shell chroot.
-There aren't really any viruses for Linux.
-Make sure you don't let them change which commands grub executes if you use grub to boot.

Anyway, XP security is a joke and they'll probably be able to do whatever they want. I mean, there's even an Administrator account, with no password, that they can use to log in as an admin and basically do whatever. It's completely hidden normally... Now, anyone who boots your computer can pust F8 before they see the Windows loading bar and boot in safe mode, and then log in with the account without any password. To date I have no idea how to actually put a password on it. Never used Vista.

I think IE might force them to log in as an admin before they install it.

Users can change their own password. Not sure what you mean by monitoring them... You could log everything they do with some 3rd party program. Logging in as them from time to time sounds kind of ineffective.

12-10-2007, 11:14 PM	#2 (permalink)
Minsc Senior Member Join Date: Nov 2006 Posts: 336	If you're going to be using Linux, you don't really have to worry about them screwing up your computer as long as your permissions are set up right(meaning the file permissions). Security in Windows is pretty much a joke although I hear it's better in Vista. (in XP they can either change settings or they can't) For Linux, they should be fine downloading and running whatever as long as: -Linux does support multiple accounts. You'll want them to have their own accounts. -They shouldn't really need write access outside of their home directory(basically any random directory that's meant to be only for their files that you've configured as home, but it's usually in /home/) and with the sticky bit in some temp/var folders(which should already be configured). -Without write access it's impossible for them to screw anything up but there could still be some data mining attempts. There's no reason to have read access to /etc/passwd and /etc/shadow if it exists since those have your user's passwords in them. Do the same for any other sensitive data. Users also probably shouldn't be able to read each other's home directories or yours. -If you're really paranoid then you could make thier shell chroot. -There aren't really any viruses for Linux. -Make sure you don't let them change which commands grub executes if you use grub to boot. Anyway, XP security is a joke and they'll probably be able to do whatever they want. I mean, there's even an Administrator account, with no password, that they can use to log in as an admin and basically do whatever. It's completely hidden normally... Now, anyone who boots your computer can pust F8 before they see the Windows loading bar and boot in safe mode, and then log in with the account without any password. To date I have no idea how to actually put a password on it. Never used Vista. I think IE might force them to log in as an admin before they install it. Users can change their own password. Not sure what you mean by monitoring them... You could log everything they do with some 3rd party program. Logging in as them from time to time sounds kind of ineffective.