Slashdot Mirror

← Back to Stories (view on slashdot.org)

Linux Desktop Security for New Users?

Posted by Cliff on from the protecting-the-initiates dept.

theblkadder asks: "Our company is currently undergoing a company-wide transition to Linux on the desktop. While there are numerous excellent guides and tutorials for the admin crowd, I haven't been able to turn up much for the non-technical user. I'm looking for something that would cover such topics as basic desktop do's and don'ts, like 'do choose a non-dictionary password' and 'don't blindly drop to root and install an unverified/unauthenticated RPM that you receive via email,' etc. Anyone seen a guide like this?"

80 comments

  1. Sure I've read that guide by Anonymous Coward · · Score: 3, Insightful

    It's called the don't-give-anyone-root.
    You don't give anyone root and let them do whatever they want.

    1. Re:Sure I've read that guide by endx7 · · Score: 1

      Don't give yourself root either. :P

  2. Congratulations by SpaceLifeForm · · Score: 0, Redundant

    Good news that you're making the switch to Linux.

    --
    You are being MICROattacked, from various angles, in a SOFT manner.
    1. Re:Congratulations by SpaceLifeForm · · Score: 2, Funny
      Nice to see the moderators ready to crack the whip.

      So, moderators, how does a first post become 'Redundant' again?

      --
      You are being MICROattacked, from various angles, in a SOFT manner.
  3. You'll probably end up writing your own... by toddlg · · Score: 4, Insightful

    I'm looking for something that would cover such topics as basic desktop do's and don'ts, like...'don't blindly drop to root and install an unverified/unauthenticated RPM that you receive via email,' etc.

    When you say non-technical and 'basic dos and don'ts,' that example seems pretty technical. You might just as easily say "don't double-click unverified email attachments."

    IMO you will probably be in the best position to write this documentation because you know your typical user and probably know what they are and aren't allowed to do already on their new desktop. I'd be interested in seeing what something like this looks like if it does exist...

    Todd

  4. FP-First Point. by Anonymous Coward · · Score: 2, Informative

    theblkadder asks: "Our company is currently undergoing a company-wide transition to Linux on the desktop."

    and

    "I'm looking for something that would cover such topics as basic desktop do's and don'ts, like 'do choose a non-dictionary password' and 'don't blindly drop to root and install an unverified/unauthenticated RPM that you receive via email,' etc."

    Um...excuse me. Why do your desktop users have the root password?

    Besides Linux can be set up to reject inappropriate passwords.

  5. root by BinLadenMyHero · · Score: 5, Insightful

    don't blindly drop to root and install an unverified/unauthenticated RPM that you receive via email

    That would be nice to say to a home user.
    But on a work environment, why give the root password to the (non-linux-experienced) users in the first place?

    1. Re:root by ManxStef · · Score: 2, Funny
      don't blindly drop to root and install an unverified/unauthenticated RPM that you receive via email

      That would be nice to say to a home user.
      ...and if a home user actually understood what the above phrase meant rather than looking at you like you just insulted their mother in a foreign language , that would be nice too! ;)
  6. Dropping to root? by Lochin+Rabbar · · Score: 4, Insightful

    Why would non technical users have root access in a commercial environment. Not even management should have such access, beyond being able to get the password from a sealed package in a safe in an emergency, and then only with checks to ensure that no one can withdraw it without authority. No system is secure unless the root password is restricted to the admin that needs to use it, and ideally that should be a single person.

    1. Re:Dropping to root? by Anonymous Coward · · Score: 1, Informative

      Most universities allow staff, faculty, and students to plug their own computers into the network. Most of them control their own computers and have root access on platforms that have root. Many of these people are "non-technical" as well. This tends to make support and network administration more difficult, but that's why those guys get paid the big bucks.

    2. Re:Dropping to root? by Lochin+Rabbar · · Score: 2, Insightful

      Yes, but they don't hand out root access to the universities machines, and if they're wise they minimise the number of people with root access to any given machine. For example a computer lab will have a small team responsible for it but the people in that team won't have root access to the machines in the library. The central records database will have a dedicated admin and so on.

    3. Re:Dropping to root? by Hast · · Score: 1

      Yes, one of the big points with having a Unix based system is that you don't need root privilages to use a computer. You can install programs in user space and run them from there just fine.

  7. Suggest sage wisdom like this... by Anonymous Coward · · Score: 0

    * Choose a password as long as the one on your credit card.
    * Protect confidential information as much as airlines keep their customers information private.

  8. Alice's Adventures in Wonderland by Anonymous Coward · · Score: 3, Funny

    Someone once told me that _Alice's Adventures in Wonderland_ is the best book on any subject for the layman. Try that.

    1. Re:Alice's Adventures in Wonderland by Jerf · · Score: 1

      Hey, how about a link?

    2. Re:Alice's Adventures in Wonderland by Smallpond · · Score: 1

      This saying was attributed to Perlis in 1982.

  9. Why? by Jerf · · Score: 4, Insightful

    I'm looking for something that would cover such topics as basic desktop do's and don'ts, like 'do choose a non-dictionary password' and 'don't blindly drop to root and install an unverified/unauthenticated RPM that you receive via email,' etc. Anyone seen a guide like this?

    Why?

    Do you expect anyone to actually read this document?

    Oh, I wish I were being sarcastic.

    Either enforce things (your password policy), or wait for people to have trouble so you know what to document (every installation is unique, and you're wasting time trying to predict how your users will react when you could just wait and see).

    The only purpose of such a document, in the end, is CYA anyhow. And again, I wish I were being sarcastic. If you can't enforce it, people are going to do it.

    The only possible exception is if this is a technical group of users who will be daily and strongly held accountable for violations. Basically, the only group of people who meet these two criteria are Computer Science (or related disciplines) students.

    Otherwise, don't bother. Not sarcasm.

    1. Re:Why? by ColeNielsen · · Score: 1

      Actually many people use various unices for certain things - 3D (PIXAR), analyzing data (Psychology students) -- my roommate for example is computer illiterate - she is a masters of Psychology student and she analyzzes all of her data on a Unix platform - she will be switching to linux because it "just makes sense" to her. (good thing I'm around to help with the transition)

    2. Re:Why? by Anonymous Coward · · Score: 0

      I think you hit the wrong "reply" button; your message seems to have no bearing on mine.

    3. Re:Why? by q3inu · · Score: 1

      Why shouldn't anyone read the document? Write a guide (1-2 pages) with the most important does and donts and put it on everyones desktop with an exclamation mark.

  10. oo! oo! I know this one ! by Zork+the+Almighty · · Score: 0, Offtopic

    ???) PROFIT!!!

    I'm guessing the ??? is "Microsoft" ?

    --

    In Soviet America the banks rob you!
  11. Let me get this straight... by Brandybuck · · Score: 2, Interesting

    Let me get this straight. You're company is transitioning to Linux on the desktop, but they're leaving administrative policy to the user? Make sure your resume is in order, because you may need it.

    Password policy will already be determined by the IT department. Users will never have to worry about unauthenticated packages, because users will never be able to install them. Yada, yada, yada. This is so damned obvious I must be missing something in the question...

    --
    Don't blame me, I didn't vote for either of them!
  12. A couple of thoughts by Prior+Restraint · · Score: 5, Informative

    Others have pointed out that root for an end-user is a bad idea, so here's a couple of other ideas off the top of my head.

    • Avoid putting . or ~/bin in your PATH if possible. If you absolutely must do so, put them at the end.
    • Don't walk away from the machine without locking it (not Linux-specific, but it bears mentioning).
    • "rm does not move a file to the trash; it's gone for real"
    • Don't hit Ctrl-Alt-Backspace.
    • "Copy and paste" can be as easy as "highlight and middle-click."

    When I try to come up with a list of Don'ts for computers, I think of my dad. He's the living embodiment of the phrase, "A little bit of knowledge can be a dangerous thing" (No, Dad, you can't save disk space by getting rid of that .dll). Most users won't ever bring up an xterm, but people get bored at work, and then they start looking for interesting ways to entertain themselves.

    1. Re:A couple of thoughts by benjamindees · · Score: 1

      As I'm in the middle of a desktop linux rollout, let me amend your suggestions a bit:

      Don't hit ctrl-alt-anything, in fact disable all of them if you can.

      "Copy and paste" can be as easy as "highlight and middle-click."
      But frequently it isn't. The most *consistent* way to get copy/paste to work, especially between vastly different apps (wine/openoffice/mozilla/kde) is just to use the old hilight+right-click way and don't even tell them about the other way(s) unless they ask.

      Otherwise, good suggestions all around.

      --
      "I assumed blithely that there were no elves out there in the darkness"
    2. Re:A couple of thoughts by hattmoward · · Score: 2, Informative

      Bah! Users will never figure out that 'rm' will very much eat their files. Personally, though, I find a misplaced shell redirect '> pron.txt' (Crap, I meant to overwrite plan.txt!) is even more trouble than that. Insta-wipe with no left-over data on the disk.

      I'd recommend looking into libtrash. Very handy, saves stretch on your tapes -- we are keeping regular backups, right?

      Another good tip that gets me sometimes is, when you use the paste buffer (explicit Ctrl-C), the originating program has to still be running to make the paste.

    3. Re:A couple of thoughts by Piquan · · Score: 2, Informative

      Avoid putting . or ~/bin in your PATH if possible.

      Huh? I can understand not putting . in your PATH-- icky nasty security issues abound-- but what's wrong with ~/bin?

      Don't hit Ctrl-Alt-Backspace.

      Again, why not? I've seen labs with notices to hit Ctrl-Alt-Backspace before leaving. (That's the only way to logout that works across WMs.)

      I also would expect that it's a good idea to hit it before logging in, to make sure you're really looking at XDM. This is why you hit Ctrl-Alt-Delete to log into NT: apps can't intercept it.

      As far as that goes one of your tips is to lock your box, another is to never hit C-A-BS. In a lab environment, these can be mutually exclusive. Many times, somebody will walk off and leave their computer locked, so C-A-BS can be the only way for somebody else to use the computer.

    4. Re:A couple of thoughts by Brandybuck · · Score: 2, Informative

      That's the only way to logout that works across WMs

      Except it doesn't log out. It just kills everything very nastily. Unless you're trying to kick someone off, log out normally. All modern, and most ancient, window managers have a way to log out.

      --
      Don't blame me, I didn't vote for either of them!
    5. Re:A couple of thoughts by Piquan · · Score: 3, Insightful

      Except it doesn't log out. It just kills everything very nastily.

      Not too nastily. Less nastily than a kill -9, for sure. The apps still can do whatever shutdown operations they need to.

      But let me paint you a picture. A lab where most of the occupants aren't Unix people. Some of them aren't really computer people. They're hardware designers, or embedded systems programmers, or {domain} experts, or other such things. All of them are good at what they're hired for, but may not be good at other stuff. Like using a PC.

      Most of these people got their .profile and .xsession by copying somebody else's, if they're not just using the system default. They didn't pick their WM, because they don't really care much about their WM. They've never taken time to learn anything. They have their xterm start up when they log in, and a row of CDE-style buttons to launch other xterms, a web browser, and maybe Citrix. No easy button to log out.

      So they'll often log into a box, do what they need, then wander over to some piece of equipment they need to work on, without logging out. There's only six general-purpose PCs in the lab, so it doesn't take long before they run out if people stay logged in when they're not using them There's a new threat: people hitting the Reset switch when they come across a logged-in but unoccupied machine.

      Now, the lab manager needs to make a notice to log out. If there aren't concise, clear instructions on lab notices, they don't get followed. So that's the notice.

      Now the other end. What's the harm? Apps still get their notice to shut down. They can save user configs, send termination notices to network peers, whatever they need to do as long as it doesn't involve interaction with the X server.

      Sure, it'd be nice if everybody knew all about the tools they used. Hell, it'd be nice if they had basic understanding of their WMs. But they don't, and we don't expect most of them to any more than we expect them to play a trumpet. It's just not what they need to do for their job.

    6. Re:A couple of thoughts by Phexro · · Score: 1

      "Huh? I can understand not putting . in your PATH-- icky nasty security issues abound-- but what's wrong with ~/bin?"

      If your user account is compromised, you can be tricked into running a different program than you intend. Alternately, if you mess up the permissions on your ~, you can be made to run a different program, compromising the account.

      While I don't think it's a huge risk, it's not exactly good practice, and should definitely be disabled in a corp. desktop/multiuser environment.

      "I also would expect that it's a good idea to hit it before logging in, to make sure you're really looking at XDM. This is why you hit Ctrl-Alt-Delete to log into NT: apps can't intercept it."

      If you disable it in your X config, apps can intercept it, so it's foolish to assume that you're looking at a genuine X/K/GDM after hitting it.

      But it's ugly and unnecessary, really. If you're rolling out Linux desktops, you should be training users how to log out anyways.

    7. Re:A couple of thoughts by gnu-generation-one · · Score: 1

      You can get xlock or xscreensaver to automatically logout anyone who's been inactive for 15 minutes -- plenty of universities use that for their computer rooms.

    8. Re:A couple of thoughts by IamTheRealMike · · Score: 1
      Losing the X connection results in Xlib terminating the app immediately, unless the app has trapped X errors and tries to do something with them, which almost nothing does because ctrl-alt-backspace is the wrong way to log out. If the WMs used are so confusing that it's not clear how to log out, use a better WM.

      It's like saying hitting reset is a good way to log out, It's not.

    9. Re:A couple of thoughts by Profane+MuthaFucka · · Score: 2, Funny

      This is how to enforce the machine locking rule:

      When you find a machine that is unlocked, open up the e-mail program and send a short mail to everyone in the company saying "Hi my name is [owner of unlocked machine] and I left my machine unlocked. Just thought you should know. Come laugh at me later, will you". Then you helpfully lock the machine for the person.

      The other employees will soon start policing themselves in an effort to embarass their colleagues.

      --
      Fascism trolls keeping me up every night. When I starts a preachin', he HITS ME WITH HIS REICH!
    10. Re:A couple of thoughts by Frizzle+Fry · · Score: 1
      If your user account is compromised, you can be tricked into running a different program than you intend. Alternately, if you mess up the permissions on your ~, you can be made to run a different program, compromising the account.

      What's the difference? If someone is writing to ~/bin, my account has already been compromised. They can trick me into doing what? Deleting all my files? But they could have just done that themselves if they had write access to my home directory.
      --
      I'd rather be lucky than good.
    11. Re:A couple of thoughts by Piquan · · Score: 2, Insightful

      If your user account is compromised, you can be tricked into running a different program than you intend.

      If my user account is compromised, then I don't really need to be tricked; the attacker can just run the programs directly. Or if he's trying to spoof a password prompt, he can edit my .profile and set my PATH to whatever he wants anyway.

      Alternately, if you mess up the permissions on your ~, you can be made to run a different program, compromising the account.

      Again, if ~ has bad perms, then the attacker can edit my .profile, so again it's irrelevant what I set my PATH to.

      If you disable it in your X config, apps can intercept it, so it's foolish to assume that you're looking at a genuine X/K/GDM after hitting it.

      Uh... If the X config has been edited, then that means that root was already compromised. Besides, you can see the monitor mode switch if you hit a C-A-BS and it takes effect.

    12. Re:A couple of thoughts by paul248 · · Score: 1

      "rm does not move a file to the trash; it's gone for real"
      Also, rm doesn't stand for rename. (oops)

    13. Re:A couple of thoughts by Anonymous Coward · · Score: 0

      I can understand not putting . in your PATH-- icky nasty security issues abound-- but what's wrong with ~/bin?

      Well, the original question assumes that you're gonna give ordinary users root access - maybe they're gonna change permissions on their home directory to chmod 777? :o)

    14. Re:A couple of thoughts by Phexro · · Score: 1

      Like I said, I don't think it's a huge risk. But how's this scenario for you? One of your commonly-used apps (say, Mozilla, or Evolution) has a security hole which allows a malicious user to have it write - but not execute - files. It could put a malicious program in ~/bin, thereby compromising your entire account, and possibly springboarding to get root. Sure, it could just write to your .ssh/authorized_keys, but it could install a trojan 'su' or 'sudo' binary that would save the passwords entered, compromising other accounts, either of yours or others on the system.

      If your account is compromised, a trojan or other malicious program could install, say, a keylogger and sniff your online banking password. Having your account completely compromised may not be the end of the world, but it may not be the end of the attack, either.

      As for the ~ comment, you're right; what I meant to say was ~/bin. If you accidently open permissions on ~/bin, someone could trick you into running a malicious program, the implications of which have been outlined already.

      The last comment has little to do with malicious intrusion - perhaps the site admin just doesn't want his users killing X with C-A-BS and has disabled it. The point is, X can be configured to allow apps to intercept that sequence, so you should not assume that pressing it means that you have a clean terminal.

  13. Don't Choose a Dictionary Password by oO+Peeping+Tom+Oo · · Score: 2, Insightful

    With the hype around Linux's security, why are users allowed to do this? Would it not be easier to deny the ability to use a non-alpha+numperic password? This could be easily implemented into any distrobution.

    1. Re:Don't Choose a Dictionary Password by Lochin+Rabbar · · Score: 1

      You mean like John the Ripper?

    2. Re:Don't Choose a Dictionary Password by Brandybuck · · Score: 2, Insightful

      There's some hype about Linux's security, but unless you're using SE Linux or something, it really isn't that spectacular. Unix security in general is pretty lame. It's just that it was so much better than DOS/Win9x that people thought it was great.

      A properly secure Linux (even SE Linux) requires a good system administrator. Ditto for any other Unix like system.

      --
      Don't blame me, I didn't vote for either of them!
    3. Re:Don't Choose a Dictionary Password by Anonymous Coward · · Score: 1, Informative

      Would it not be easier to deny the ability to use a non-alpha+numperic password?

      I think pam_cracklib can do that, plus it automatically runs a quick dictionary attack before storing the chosen password. There's also pam_passwdqc, but I've never used it.

  14. The other half of... by zcat_NZ · · Score: 4, Informative

    The other half of 'don't give users root' - you need to set permissions or assign users to groups so that they never need root in normal use. And you should leave sshd running so that when a user calls, you can make these changes without leaving your desk.

    Some examples; /dev/floppy, /dev/cdrom; needs to automount when a disk is inserted, or be mountable and ejectable by a desktop icon.

    dialup networking; use modemlights, kppp, or set up dial-on-demand.

    shutting down; some distros require the root password to shutdown. If yours does, reconfigure this.

    The end user shouldn't need root _ever_ for day-to-day computer use. If they want anything more than the basic 'look and feel' desktop settings changed, they should call tech support.

    You might also want to make the machine console-secure as far as possible. Boot only from HDD, set a password on the bootloader and BIOS, replace the case screws with torx screws, etc. It depends who has physical access, and how secure you need to be.

    --
    455fe10422ca29c4933f95052b792ab2
    1. Re:The other half of... by Gilk180 · · Score: 1

      If you are gonna require a password on the BIOS and/or bootloader, why would you let anyone but root shut the machine down?

    2. Re:The other half of... by toast0 · · Score: 1

      You could require a password for getting into the edit portion of the BIOS, or to alter the command line on the boot loader.

      (cause linux init=/bin/bash is tons of fun, but not something you want someone else to do :)

      --
      Need a Catering Connection
    3. Re:The other half of... by bluGill · · Score: 1

      Think carefully about putting automount on the floppy and CD. Most users won't need it. Writable media opens up the possibility that a spy is selling your secrets. (Of course they still can sell them without write access, but it is harder) Other users will use the floppy/CD to install non-work related things (games, or pirated software because they have decided foo is better than what the company legally has).

      There are a few other arguments against having user accessable media drives on the desktop, which may or may not apply, so think creative to decide if they are issues for you.

      Note that I said think about it. There are also good reasons to give some or all users access to media on the desktop. There is no one size fits all.

    4. Re:The other half of... by JimDabell · · Score: 1

      shutting down; some distros require the root password to shutdown. If yours does, reconfigure this.

      These are end users. Configure your systems to shut down cleanly when they press the off switch. Have a look in /etc/acpi to find out how to do this.

    5. Re:The other half of... by zcat_NZ · · Score: 1

      Dude, you rock! I never knew you could to do that in Linux :)

      (Yeah, I'm an idiot, I should have known it was possible but I've got used to crap like my TV-out being unsupported, so I never thought about it. Why isn't this the default on major distro's already?)

      --
      455fe10422ca29c4933f95052b792ab2
    6. Re:The other half of... by ticktockticktock · · Score: 1

      This feature is actually enabled by default in SuSE Linux. So, all someone has to do is pass by a SuSE Linux box and hit the power button and as long as the box supports ACPI, it does a graceful shutdown of the machine and powers it off. If the machine doesn't support ACPI or has problems with ACPI that requires you to leave ACPI turned off, it instantly shuts it off when the power button is pressed. :(

  15. Here's what you do... by k4_pacific · · Score: 0, Insightful

    Under the "start" menu on whatever desktop you choose, name all the shortcuts after their Windows counterparts.

    e.g.
    Clicking on Word launches OO.org Writer.
    Clicking Internet Explorer launches Mozilla.
    Clicking Outlook launches KMail.
    Clicking My Documents launches Nautilus or Konqueror.
    etc.

    Given that most popular FOSS productivity software is functionally equivalent to its MS counterparts, the only major barrier for the non-technical user is learning new names for everything.

    --
    Unknown host pong.
    1. Re:Here's what you do... by prodangle · · Score: 4, Informative

      Clicking on Word launches OO.org Writer.
      Clicking Internet Explorer launches Mozilla.
      Clicking Outlook launches KMail.
      Clicking My Documents launches Nautilus or Konqueror.

      Changing the name of the Mozilla icon to 'Web Browser', and home to 'Home Folder' wouldn't be a bad idea, but giving them the names of Microsoft products is very misleading. Why not just rename Linux to 'Microsoft Windows' while your at it?

      Non-techy people have been able to successfuly using word processors since long before Word version 1.0. People can easily learn the name of a new application, as they did with MS Word, Claris Works, and Word Perfect.

      Even in the default Windows XP start menu, Internet Explorer's title is 'Internet', and Outlook's is 'Email'.

  16. Are you a Windows administrator? by flabbergast · · Score: 4, Insightful

    I'm not asking the subject question to poke fun at you or flame. From your description and discerning how you plan to setup Linux on the desktop it sounds like you're missing one of the benefits of Unix because you're looking at it as a Windows admin. But I could be completely wrong.
    You can set up desktop as basically a terminal using X. I know, what a waste of a desktop right? But, that's how Unix is built. You can setup a server (or multiple servers of necessary) to act as your main server and each desktop is really logging into the server using XDMCP. Or look at the Linux Terminal Server ProjectYou lock out logging into the local machine and poof! All user files are forced onto the server so there's no pesky phone calls like "Well I saved the file onto c:\pron\pron\pron\pron2\pron2 but the hard disk just went bad! YOU need to get it back for my board meeting in five minutes!" I realize this is a lot of overhead, but you can gain alot of control this way like upgrading OO.org for everyone without having to update every single desktop.

    Perhaps XDMCP is too insecure for you or you have so many users that XDMCP would be too difficult. That doesn't mean you can't set it up like I've described. It just gets complicated, which means its beyond my meager expertise, but I've seen it set up that way at school.

    1. Re:Are you a Windows administrator? by demmegod · · Score: 1

      Don't wanna waste the power you've got in all those desktop systems? Set 'em up as an OpenMOSIX cluster. And dude... never give your users root access.

    2. Re:Are you a Windows administrator? by jgrahn · · Score: 1
      AOL.

      All good Unix installations I've used have had thin clients - either just enough disk to boot and NFS mount everything, or (more rarely) set up as X terminals.

      Any Windows install where all software is installed separately on hundreds of desktops looks stoneage compared to that.

    3. Re:Are you a Windows administrator? by theblkadder · · Score: 1

      It's a resonable question. No, I'm about the furthest thing from a Windows Admin you could find(unless you count the two Windows instances I have at home.) And I'm not responsible for the transition, I was just responding to seeing a mix of technical(but non-Linux experienced) & non-technical people in the organization doing Bad Things(TM). When said things were pointed out to them, they requested a do's&don't document, which I was elated to see them ask for.

      With regards to your suggestion, I appreciate it, however it isn't at all applicable to this environment (highly distributed workforce.)

      --
      Earth is a single point of failure.
    4. Re:Are you a Windows administrator? by ameoba · · Score: 2, Interesting

      Going to XDMCP seems a bit on the extreme side; moving over to an NIS/NFS (or other more modern or secure systems like Kerberos/LDAP and AFS) and forcing all user files to be written to their home directory which is shared over NFS.

      There's enough tools out there (such as cfengine) to handle updating the desktops that, if you have decent desktops, I can't see why you'd want to make them all dumb terminals.

      --
      my sig's at the bottom of the page.
    5. Re:Are you a Windows administrator? by Lochin+Rabbar · · Score: 1

      I was just responding to seeing a mix of technical(but non-Linux experienced) & non-technical people in the organization doing Bad Things(TM). When said things were pointed out to them, they requested a do's&don't document, which I was elated to see them ask for.

      I think I now understand why your users have root, at least for their own machines. It's still a mistake, at least for the non technical users. One of the great things about Linux is that a machine with a broadband connection can be administered and updated remotely via a ssh pipe. If broadband isn't available to all users, burn the updates to a cd and post them out. All the user has to do is put the disc in the tray and close it, the remote admin can then update the machine and even reboot it if necessary.

  17. Re: shell redirects by Prior+Restraint · · Score: 2, Interesting

    As long as we're on the topic...

    sed s/foo/bar/g < in.txt > in.txt

    Whoops! (had a coworker do this just yesterday)

    Also, I don't know if any distributions still do this, but I used to have an old version of RedHat that defaulted to aliasing rm to rm -i; ditto for cp and mv. It seems newbie-friendly, but it really just encourages carelessness in the event they find themselves on a different system.

  18. I suspect you'll have to write it. by munpfazy · · Score: 2, Insightful

    Which probably isn't as large a task as you might imagine. It will also give you the chance to customize it to your users, which makes it a whole lot more likely that people will read it. There is plenty of online material to use as a reference, especially when it comes to password choice. Also look around for documents from university computer labs or university computer support services. You may find some ideas there.

    You also might want to consider making people pass a quiz in order to get an account. Sure, it's irritating... but it actually does work. Make it part of the regular procedure for getting access, so that you catch new users.

    A presentation can also work, if you're a decent speaker or you are willing to hire one. Doing something flashy could be fun. Consider having everyone create an account for themselves on a test machine at the start of the presentation and then having a password cracker grind through them all while the meeting is in progress. If you've got a couple fast machines to spare, you could probably shock the hell out of people by guessing their passwords before the meeting ends. Better have a backup plan, in case your users are more savey than you think.

    And, to repeat what's already been repeated many times: you really shouldn't be letting new users choose arbitrary passwords nor giving them root access if you can help it. If you can't avoid giving them root, then try to give it to as few people as possible, and have a nice long talk with them about appropriate procedures first. (And make damned sure you have regular backups, so you can repair things when they screw up.) Sudo is your friend!

  19. Good password, changed frequently, never shared by jgardn · · Score: 2, Insightful

    It's really not much more complicated like that. If you can get everyone to choose good passwords, change them frequently, and not share them with each other, then you are good to go.

    You can hire network administrators to tell you which protocols are safe and which are not, and where you should use them and how. You can hire system administrators to watch your main systems and harden them as well. You can even get some internal tech support people to help out the users and make sure all the machines are up and secure.

    But it always comes down to the individual users: Get a good password, change it frequently, and never share it with anyone, period.

    --
    The radical sect of Islam would either see you dead or "reverted" to Islam.
    1. Re:Good password, changed frequently, never shared by theCoder · · Score: 1

      ...choose good passwords, change them frequently,...

      While I agree in principle, those two are almost mutally exclusive. Unless you have a super memory, it's going to be difficult to have genuinely good that change frequently. By good, I mean randomly generated, containing characters from different sets (uppercase, lowercase, numbers, symbols) and of sufficient length (6-8 characters).

      At the company I work, there is a password policy in effect that mandates password rotation every 90 days. When I first started there, I was good, and generated new random passwords each time. I quickly found this was unsustainable in the long run, since I'd only just have begun to learn the password really well (i.e., be able to enter it without thinking) when it was time to change again. I also had to write down the new random password when I changed it, in case I forgot it while I was learning it. Talk about a bad practice!

      Suffice it to say, I came up with a scheme whereby I reduced the randomness of my password from 8 charcters to 5 characters (3 characters must change every change). Granted, it's still mostly random, and I don't have to write it down, but I do consider it less secure than a good, truly random password that stays around for a while.

      So, either choose strong passwords, or change your weak ones often. Both is difficult, and often overkill.

      --
      "Save the whales, feed the hungry, free the mallocs" -- author unknown
  20. On Passwords. by Anonymous Coward · · Score: 0

    Make it easy on people before they make it easy for themselves. If you make it a hassle, I assure you there will be post-its under/in/behind desks/keyboards/drawers/trays/monitors. Offer simple mnemonic devices for constructing acceptable passwords.

  21. You are trolling, right? by jotaeleemeese · · Score: 1

    If you are migrating from an existing infrastructure then you had policies in places before for desktop users, hadn't you?

    Common practices for desktops change very little from platform to platform and have more to do with your environment.

    Use the previous policies you surely had, addapt them to Linux, and add the bits that pertain only to Linux.

    --
    IANAL but write like a drunk one.
  22. Wrong - copy and paste by bluGill · · Score: 1

    Historically you are correct, but an office should select which apps users run. One thing to select on is conformance with Freedesktop.org standards. KDE and GNOME both follow this, as do most other modern X apps (which is a minority I grant)

  23. Turning of Ctrl-Alt-foo in XFree86 by Ecks · · Score: 2, Informative
    Ctrl-Alt-Backspace & similar functions can be turned off.
    • Option "DontVTSwitch" in the appropriate section of your XF86Config file disables switching to text virtual terminals;
    • Option "DontZap" Neuters Ctrl-Alt-Backspace;
    • Option "DontZoom" Turns of resolution switching.
    Read the manual page for XF86Config for details. There are probably several things in here that you want to setup if you are trying to create a linux desktop for normal users.

    -- Ecks
  24. Linux Terminal Server project by Ecks · · Score: 1

    As many people have suggested you will probably have to write this on your own. Users will not have access to root... is probably a good place to start.

    The Linux terminal server project would be a good place to look for ideas on how to build this. In my opinion the real bang for the buck from Linux on the desktop would come from leveraging X11, NFS, and NIS or the "thin client model", to create a graphical computing environment analogous to the VAX/VMS environment for vt-220 terminals from the mid 1980s. The current implementation would centralize user file storage and application storage to few servers. And then deploy a bunch of Linux machines which attach to that storage over the network. It would be really stupid of us as a community to repeat the mistakes made in the Microsoft Windows world by adopting the broken pieces of the windows model of computing.

    -- Ecks

  25. More items by Anonymous Coward · · Score: 0

    1. DO NOT JUST PUSH THE BUTTON TO RELEASE A
    FLOPPY OR CD-ROM ::: UNMOUNT IT FIRST

    2. If you are networked, it is possible/likely
    that others may be running sessions or
    processes on your machine - THUS DO NOT
    SHUT THE POWER OFF.

  26. rootie toot by fm6 · · Score: 1
    Unsuprising that this is the very first serious comment -- it was the first thing that came to my mind. Then I thought of an answer: you're always going to have users who demand SU access to their own machines, and inevitably this will include people who don't know as much as they think they do.

    OK, now for a SU war story. I used to work at Sun, and shortly before I was hired they instituted a policy that nobody got their machines root password unless they could convince IT they really needed it. This was actually a sensible policy, given some of the stupid stuff people who did have root access did (everybody who'd had it before the policy change was allowed to keep it). One person ran a MySQL-based web application served by her workstation, with no backups. IT innocently overwrote her data during routine maintenance. She was pissed. I was unsympathetic.

    Still, I found the policy frustrating -- I was a Solaris newbie, I wanted to learn as much about it as I could, and there's only so much you can learn without fiddling with the system innards.

    Finally, Captain Murphy intervened in my favor. My automount daemon kept crashing, and IT couldn't figure it out, and got tired of coming out just to restart it....

  27. No private bin? by fm6 · · Score: 1
    Avoid putting . or ~/bin in your PATH if possible. If you absolutely must do so, put them at the end.
    I can't think of any reason you'd have to have . in your PATH. It's not that hard to type "./" before a command. (Though I admit, having learned Unix back in more innocent days, I still usually forget.) But I'd really balk at not being able to have a private bin directory, especially on a machine where I didn't have root access. Nor do I see the point. If you're sophisticated enough to write your own programs, you should know enough not to install trojans.

    And if I'm wrong about that, then it's not enough to get rid of your private bin. You also have to hack the shell so it doesn't read startup scripts like .profile or .login. Cause if it does, then a trojan can simply re-write the scripts to add that private bin. Or define aliases.

    1. Re:No private bin? by norkakn · · Score: 1

      how would one remove . from the path?

      some of the boxes I work on at school add it atomatically. I would just manually set the path, but that is annoying for two reasons.

      The first being that occasionally they add something, which would break things and I would have to then go and fix it manually.

      the second being that their script is all nicely machine independant and replicating that would take actual work

      it seems as though one sed line should do it, but I couldn't figure it out (hardware person, not software)

  28. Not entirely... by Anonymous Coward · · Score: 0

    I mean, how about if a a user types in this:

    while : ; do echo "HAXORED!!!" >> file ; done &

    and hit up and enter a few hundred times and your machine is trashed.
    quotas, process limiting, and other factors come into play.

  29. "linux security newbies" by Anonymous Coward · · Score: 0

    At oreilly.com a search on "linux security newbies" came up with some good possibilities, including:

    http://www.linuxdevcenter.com/pub/a/linux/2000/0 4/ 12/summary412.html

    Good luck.

  30. Simple Question by mrcutrer · · Score: 2, Interesting

    Has anyone in here ever recieved a unauthenticated RPM in email?

    I have never recieved one personally. It's always nasty window crap I get, and laugh at because I don't run windows.

    The only time I get ebuilds are from portage. And from the official websites of programs I am seeking, never in email attachments.

    This raises another question though. If linux takes off, will we see a huge influx of linux worms and general crap that are proliferating windows right now?

    --
    "When I look back, my life is not a foreign country, it's more like a library book returned long ago." - ????