How to create isolated, underprevileged but standard user accounts?

Forum Forums New users New Users and General Questions How to create isolated, underprevileged but standard user accounts?

  • This topic has 49 replies, 10 voices, and was last updated Sep 1-7:37 am by masinick.
Viewing 15 posts - 1 through 15 (of 50 total)
  • Author
    Posts
  • #39739
    Member
    Avataranilkagi

    Hello there,

    Is it possible?

    I would like to create user accounts (for my different daily uses), which are; Underprivileged, isolated and standard.

    By this I mean, when one is logged in to such an account, one cannot bring any systemic changes. The user can’t install software, can’t access the system except making subjective configurations for the desktop and application use. But one can access all the standard applications and not the system. The account is so isolated from other user accounts that even if a Trojan happens to get into one underprivileged account it cannot access anything or any data from other accounts and cannot access the system.

    Here is an example. Suppose if this is possible, I will create three such underprivileged and isolated but standard accounts.

    One for needs like risky browsing. The browser is not optimized for security, can open all websites, play java & flash etc. Downloads take place here.

    Second for Banking, bill payments, online shopping and the like, where money is transacted and the browser is optimized for highest security such that only the required websites are accessed and no other browsing activity takes place.

    Third for work; like Libreoffice, editing images and video etc where there are important documents and the browser is optimized for medium security so that it does not hinder functioning of websites.

    Can I setup these accounts such that the second and third user accounts are safe and secure where the browser is optimized for security but yet do not have the privilege to make any systemic changes? If the first less or not secure user account is compromised, like some Trojan taking entry, it can only affect that account and cannot access anything of the other user accounts and the system.

    And then I have the fourth Administrative user account which is privileged but isolated, where I can install/uninstall software, make systemic changes. However any systemic changes that I make here reflect and sync with all other underprivileged accounts.

    Can this be achieved and how? I checked the control center, user account making utility. There are no options there to create underprivileged accounts. Or can this be achieved through creating user groups? I don’t know anything about creating groups and how to use them.

    Please guide me in this matter.

    Thanks & Regards

    #39745
    Member
    Avatarseaken64

    Yes, this can be achieved. But this is an advanced subject. Maybe there are some here who use antiX and are familiar with this type of setup. But you may have to do most of the research on your own. There are security focused distros that you can learn from and most of the “server” based distros have this type of security built in. antiX is probably mostly used for non-server and desktop use. It is capable but I think the default settings are not so locked down and will take some work to setup.

    Seaken64

    #39750
    Forum Admin
    DaveDave

    Hmm are all regular user accounts unprivileged compared to the root account? Maybe you are looking for application jails? Or making every user (but root) a “kiosk” user? Containerizing?

    To start perhaps learning/working with the user and group permissions, revoking inclusion in various groups like cdrom, scanner, sudo, the general users group. Adding specific groups for the functions you want and adding the user to them. Changing the users shell to a more limited shell would probably help. Altering the users PATH so they can only execute what you enable in their PATH. Possibly running the users in a chroot/jail having only the programs needed symlinked and/or bind mounted read only for the chroot. Maybe the users shell should be the chroot…

    Another option, run a virtual server and host several task specific installations that “reinstall” or reset every boot. When you need to do a certain task area load the relevant guest os. However, do you then need to harden every guest os?

    It is a broad subject. Not really sure how to guide you to your goal but perhaps this gives you a few research ideas… Others may be able to give you more valid and pointed information.

    • This reply was modified 1 month, 3 weeks ago by Dave.

    Computers are like air conditioners. They work fine until you start opening Windows. ~Author Unknown

    #39753
    Member
    AvatarModdIt

    Hi All, we have systems setup in the direction considered on kids computers.

    As Dave suggested you can remove your created users from groups to restrict them..

    I did try jailing processes but had a lot of problems with setup and maintenance. It kept breaking.

    Removing all menu/taskbar entrys for non required programmes including shell and making the config files read only will stop kids and less advanced users messing around. Not a knowledgable person with a stick or cd/dvd. Remove all config files in home for not needed programmes or corrupt them then make read only.

    Encrypt your system, make a strong password especialy for root. Root is the weakest link in the chain, you can block sudo not root. Shutdown when you leave the system alone

    If you are really paranoid or worried, Physicaly disable all usb ports not in use for keyboard mouse printer running the cables to inside the case, use mixed uncommon security screws to close case. Glue the printer cable in place if usb. Use gel instant glue never thin one which will leave you looking for a soldering iron.
    Network security as another smelly fish. I have little on that because all isp spy on users, cables and fibre is tapped etc. Ghacks and others are your ports of call there. Net guard for Phone.

    I saw above had been done done in a lawyers office some time ago, his box was also fitted with smartass breakup telltale seals. Facit it is a long way to go.

    Please post on what you do and how, it may be of interest to groups living in certain countrys as well as those pissed off with being treated as criminals by governments for going about their normal daily work.

    #39756
    Member
    Avataranilkagi

    Thank you seaken64 for coming,

    I understand and agree with what you said. I would like to try and create an Antix system like the one I mentioned above.

    #39757
    Member
    Avataranilkagi

    Thanks for coming Dave,

    That was a nice one. It gives the bird’s eye view of, what all can be done to secure a system.

    I will discuss about application-jails and Containerizing which are great ideas and powerful tools, later. Moreover, I wonder if an user account that works like a “limited kiosk” can be created in an Antix system?

    To start understanding this concern better, I wanted to know, if suppose there is an user account which is not in the groups sudo, adm and root, (Are there any other groups that I should exclude that user from?) making the terminal inaccessible etc, can that user’s activities like risky browsing, downloading etc still do harm to the system? And/or if a Trojan gets into that user’s account can it extract data from, and do harm to, the entire system including /home of other user accounts?

    To put it in another way, if I exclude the user from sufficiently necessary groups, will it not make that user’s activities, or any malware invited by that user, totally incapable of harming the system and extracting data from the system?

    #39758
    Member
    Avataranilkagi

    Thanks for coming Moddit.

    Hi All, we have systems setup in the direction considered on kids computers.

    As Dave suggested you can remove your created users from groups to restrict them..

    Removing all menu/taskbar entrys for non required programmes including shell and making the config files read only will stop kids and less advanced users messing around. Remove all config files in home for not needed programmes or corrupt them then make read only.

    Encrypt your system, make a strong password especialy for root.

    These ideas seem promising.

    Not a knowledgable person with a stick or cd/dvd.

    Considering the fact that my system is not physically accessible to anyone other than me, I am concerned about risky or ignorant browsing methods. My system is more prone to attack through the web than physical access. Further I am tethered to my Android phone Hotspot for sharing internet. As you said in the other thread, phone is the weakest link. I am concerned about that. Moreover, as I mentioned in my other thread, I would like to integrate my phone with my Antix system, in a secure way.

    #39761
    Member
    Avatarolsztyn

    I would like to create user accounts (for my different daily uses), which are; Underprivileged, isolated and standard.

    By this I mean, when one is logged in to such an account, one cannot bring any systemic changes. The user can’t install software, can’t access the system except making subjective configurations for the desktop and application use. But one can access all the standard applications and not the system. The account is so isolated from other user accounts that even if a Trojan happens to get into one underprivileged account it cannot access anything or any data from other accounts and cannot access the system.

    I am following this thread with great interest as this is something I was thinking of in the past. As originally described this would be great to have from theoretical perspective but IMHO appears to be quite challenging to accomplish in practice.
    However from your later post I infer that the purpose of such distinction of entitlements is to actual use in practice rather than theoretical project, just to have dedicated setups for use such as work/banking/… etc., with their own security setups and entitlements, antiX is a unique OS that makes this easy to accomplish and to some degree I am actually using such concept in practice:
    Namely:
    Rather than looking at such task from a complicated and challenging setup of user entitlement, their lock-downs and application access, I have simply created separate Live USB keys:
    – Separate keys for banking, system maintenance, multimedia, etc.
    – Such keys are encrypted with their password. Separate passwords can be used e.g. for banking key than for multimedia, but in my case I am just one real user so I made the same password for all.
    – Such separate live systems are configured to their requirements, so e.g. banking key has all the security configured to the max, such as firewall, browser security restrictions, etc.
    – Once all applications and security/privacy setups are finalized for each USB key according to their requirements these USB keys are then set to have no persistence for banking key or to have some home persistence for typical work key. No persistence means no chance for rogue code or virus to make any permanent change. Should this unlikely happen during session – just reboot.

    The reason I mentioned that antiX is a unique OS that make such task easy to accomplish in practice is that:
    – antiX has all the needed tools already included and easy to use.
    – Memory requirements are very low – USB keys can be used an any laptop
    – Boots very fast from USB. Hard drives are optional.
    – Mostly operates from memory so writes to USB are minimal

    Just my two cents added to this interesting subject…

    #39765
    Member
    Avataranilkagi

    Hello there Olsztyn, thanks for sharing.

    This is an effective tactic. It physically isolates the different systems.

    Can we not achieve this kind of isolation, with VirtualBox VMs, if the Hardware permits, i.e. having two to three VMs, Antix guests on Antix host?

    Certainly, how much ever we may try, we may not accomplish this kind of 100% physical isolation between different user accounts on the same system.

    I am glad you are interested in this topic. That gives me strength.

    #39768
    Member
    Avatarolsztyn

    Can we not achieve this kind of isolation, with VirtualBox VMs, if the Hardware permits, i.e. having two to three VMs, Antix guests on Antix host?

    I think theoretically such VMs would be relatively isolated between each other and can have their own settings. However such VMs run under a VM host, which would be common to them. Therefore such host and underlying OS would need to be sufficiently locked down to just operate VMs.
    Another way would be instead Virtual Box under Linux to run hypervisor type 1 infrastructure such as ESXi and OS systems under it running as VMs that can be separately configured to requirements.
    In other words hypervisor type 2 such as Virtualbox or VMware Player is not an ideal solution but hypervisor type 1 such as ESXi could be.

    • This reply was modified 1 month, 3 weeks ago by olsztyn.
    #39782
    Member
    XecureXecure

    I would set a different account as normal with the antiX User Manager (Control centre > Maintenance > User Manager), edit the group membership, and change the menu to launch all “compromisable applications” using firejail (included in antiX) to sandbox said application in a new x11 instance. This way it cannot see anything you do/have in your own system and has no access to other running applications and cannot “listen” to your keystrokes in other apps or read your password when used on other programs. It should be totally isolated.
    Read: https://firejail.wordpress.com/documentation-2/x11-guide/

    But I would also relax a bit and try to stay away from fear and paranoia. Privacy is important, but obsession is worse for your health than people spying on you. If you can manage a balance, better for you.

    #39798
    Member
    Avatarolsztyn

    But I would also relax a bit and try to stay away from fear and paranoia. Privacy is important, but obsession is worse for your health than people spying on you.

    I agree that too much sensitivity on privacy of browsing activity is not necessary in normal life. However privacy/security of data and financials can be quite important. Therefore it would be a good reason for setting different security settings for different purposes. Banking and financial transactions tend to require high security, while such systems as dedicated to playing local multimedia could be turnkey and easy…
    E.g. for remote government and military work there is so called TENS (Trusted End Node Security) Live USB made available by Department of Defense for public use, but it is so locked that nothing can be changed, so every time you need to set afresh your preferences and login. Perhaps this is secure but inconvenient. With antiX you can accomplish equally secure USB key but with all your preferences burned in…

    #39802
    Member
    syboksybok

    Hi.

    two comments.

    USER IN GROUPS:
    As Xecure has already written, you can do a lot of the requirements by properly selecting groups to which the user belongs to (a current user can list the group they belong to using the command ‘groups’).
    E.g. definitely remove the restricted-user from ‘sudo’.
    READ-ONLY ROOT:
    Also, it seems that Debian (and hence I guess that also antiX) allows to mount parts of the filesystem, e.g. root as read-only, see this link at wiki.debian.org.

    BTW: This is an interesting thread!

    #39804
    Member
    XecureXecure

    you can do a lot of the requirements by properly selecting groups to which the user belongs to (a current user can list the group they belong to using the command ‘groups’).
    E.g. definitely remove the restricted-user from ‘sudo’.

    As sybok mentions, controlling/assigning groups is the key for limiting access to a user account.
    Complementing sybok’s answer, for an easy gui way to manage them you can use antiX User Manager program. You can add/remove groups, and you can change group membership for each user.
    antiX User Management groups

    #39805
    Member
    Avatarolsztyn

    READ-ONLY ROOT:
    Also, it seems that Debian (and hence I guess that also antiX) allows to mount parts of the filesystem, e.g. root as read-only, see this link at wiki.debian.org.

    Excellent! This is very interesting and useful…
    So after the entire system is finalized in terms of installed applications and fully configured, there is no need for further changes to these vital parts of OS and these folders can be made read-only.
    Another significant step to make for security and reliability…

Viewing 15 posts - 1 through 15 (of 50 total)
  • You must be logged in to reply to this topic.