How to create isolated, underprevileged but standard user accounts?

Forum Forums New users New Users and General Questions How to create isolated, underprevileged but standard user accounts?

  • This topic has 49 replies, 10 voices, and was last updated Sep 1-7:37 am by masinick.
Viewing 15 posts - 16 through 30 (of 50 total)
  • Author
    Posts
  • #39806
    Forum Admin
    rokytnjirokytnji

    Macondo posted his sudoers file .

    https://antixlinux.com/forum-archive/mx-antix-technical-documentation-wiki-t5890.html

    Many thanks to macondo.

    Sudo is installed by default in antiX
    Edit the file / etc/sudoers
    # nano / etc/sudoers
    and added the last 2 lines for myself and my wife (the only other user) and left it looking like this:
    # sudoers file.
    # # This file MUST be edited with the”visudo” command as root.
    #
    # See the man page for details on how to write a sudoers file.
    #
    # Host alias specification
    # User alias specification
    # Cmnd alias specification
    # User privilege specification
    root ALL=(ALL) ALL
    onthego ALL=/usr/sbin/mesm
    %users ALL=/usr/bin/apt-get -s upgrade
    macondo ALL = NOPASSWD : ALL
    giovi ALL = NOPASSWD: /sbin/halt, /sbin/reboot
    saved/exit
    then I tested it, as user:
    $ sudo apt-get update && sudo apt-get dist-upgrade
    works fine. My wife can only shutdown and reboot.

    • This reply was modified 1 month, 3 weeks ago by rokytnji.

    Sometimes I drive a crooked road to get my mind straight.
    Not all who Wander are Lost.
    I'm not outa place. I'm from outer space.

    Linux Registered User # 475019
    How to Search for AntiX solutions to your problems

    #39838
    Member
    Avataranilkagi

    Thank you Xecure, Sybok and Rockytnji for coming. I was calmly going through all the interesting discussions going on between you knowledgeable guys. Now I thought, I should perhaps post.

    stay away from fear and paranoia. Privacy is important, but obsession is worse

    That’s a sound piece of advice. It made me relax too.

    However actually, I am not paranoid or obsessed, but I am entering the danger zone I suppose, by trying to integrate my Android phone with my Computer. So I am venturing into learning to create secure environment to do such risky activities. This question popped up during that discussion and I started this thread.

    I consider integrating an Android phone with my computer risky because, the Android phone that I paid for plus the data plan that I paid for, is used by Google and other Android apps, more than me, for their corporate goals, without me knowing it. Their opaque affairs, which I can’t see through, gives them immense power, to do what they choose to do with me and my data and lifestyle. (Do they own all that, just because they give me those free services?) We know the risks involved and we handle it accordingly. However integrating an Android phone with computer, opens up the computer too, to all that. I want to minimize if not annul the risks there.

    I find that the suggestions offered by Seaken64, Dave, Moddit, Olsztyn, Sybok, Rockytnji and yourself are great. And Xecure, thanks for the link. I read further also.

    And Sybok’s;

    you can do a lot of the requirements by properly selecting groups to which the user belongs to (a current user can list the group they belong to using the command ‘groups’).
    E.g. definitely remove the restricted-user from ‘sudo’.
    READ-ONLY ROOT:
    Also, it seems that Debian (and hence I guess that also antiX) allows to mount parts of the filesystem, e.g. root as read-only

    Though I didn’t understand much of the link Sybok provided, Olsztyn’s reply…

    So after the entire system is finalized in terms of installed applications and fully configured, there is no need for further changes to these vital parts of OS and these folders can be made read-only.

    … gave an idea. That’s really interesting.

    I didn’t understand most of Rockytnji’s post, what I could make out. if I am right, from it is, by editing the /etc/sudoers file we can restrict the abilities of users. It was apparent from the last line;

    works fine. My wife can only shutdown and reboot.

    Now I feel, I can get to where I want to, almost effectively. So finally I decided to come down to this; I will adopt the best of all the worlds.

    For affairs like Banking, where significant security is necessary, I could adopt Olsztyn’s model of having a live USB, easily. And for my daily work I will do the following, with the guidance from you knowledgeable guys. I am afraid I would need a bit of hand-holding too. So I would require a lot of compassion from you guys too. I hope Rockytnji, won’t hate me for this.

    First I will install Antix on the computer, which I already have done. After the system is totally ready, I will make the “vital parts of OS” read-only as suggested by Sybok. And then I will edit the /etc/sudoers file to restrict the abilities of all other users except me as suggested by Rockytnji.

    Next, I will create an underprivileged user account. This underprivileged user account, is for doing all my work. Then, I will install VirtualBox on this same underprivileged account. I will also install firejail in this same user account. Next, I will create an Antix-core VM on the VirtualBox. And in that Antix-core VM, I will install GSconnect and connect it to the KDEconnect on my Android phone. I will start the VirtualBox / Antix-core VM in firejail.

    Can this setup be created?

    Would it not provide sufficient security for integrating my Android phone with my Computer, through KDEconnect & GSconnect?

    If this is sufficient; to achieve this, to begin with, I will have to first create an underprivileged user account. I don’t find an option to create an underprivileged user account through the, Control center > Maintenance > User Manager. How do I do it?

    By underprivileged user account, I mean, one where the user cannot install any software, does not have access to root, sudo, admin etc. I shall remove the privilege to install software after installing VB, Fire jail and Antix-core VM, GS-connect in the VM and any other necessary applications. How do I make this underprivileged user account?

    #39891
    Member
    Avataranilkagi

    Hi there,

    I think I found, how to create an underprivileged user.

    For other newbies like me, I think you should refer to the following links to get to know about it.

    To put it in simple words;

    Groups are privilege domains. Each group gives certain privileges to the user who is member of that group. For example, if the system administrator has made you the member of the 'cdrom' group, you get access to 'a CDROM drive and other optical drives', you can play CDs/DVDs, otherwise you won't be able to. The system admin can add or remove you from these groups. This is how a Linux system is secured from users affecting it in the wrong way. An user can be a malicious program too, trying to break into the system. If the malicious program has entered the system through the underprivileged user account, it cannot do anything to the system, because that user's account does not have sufficient privileges to do anything.

    System Groups – Debian wiki
    Privileges – Ubuntu wiki
    Beginners Guide to User and Group Administration in Linux – The geek diary
    Linux Users and Groups – Linode

    What I did on my Antix is, I created an user with username ‘test’ with Control center from the Menu. In the groups tab I unchecked the groups to make that user underprivileged. And finally I gave the following command to check which were the groups assigned to the user ‘test’;

    $ groups test
    test : test lp dialout cdrom floppy audio dip video users netdev scanner vnstat

    I added the user to the ‘vnstat’ group, to give access to vnstat, to check internet usage.

    Now my doubts here are;

    Does adding the user to vnstat, give any special hidden privileges, unknown to me?

    If the user ‘test’ is assigned to only these groups, does it deprive ALL the abilities to break the system, even when the user invites a malware due to reckless usage? Or how far does it deprive? What other measures regarding group assignment, can be taken, to improve the situation?

    • This reply was modified 1 month, 2 weeks ago by anilkagi.
    #39894
    Member
    Avatarolsztyn

    By underprivileged user account, I mean, one where the user cannot install any software, does not have access to root, sudo, admin etc. I shall remove the privilege to install software after installing VB, Fire jail and Antix-core VM, GS-connect in the VM and any other necessary applications. How do I make this underprivileged user account?

    It is sufficient that you remove sudo entitlement as shown in the picture above by Xecure.

    #39896
    Member
    Avataranilkagi

    It is sufficient that you remove sudo entitlement as shown in the picture above by Xecure.

    Thanks Olsztyn, that brought confidence in me, to move ahead.

    Now I think I realized, how to create an underprivileged user.

    For other newbies like me, I think you should refer to the following links to get to know about it. Unless you read on this subject a bit at least you cannot come to terms with it.

    To put it in simple words;

    Groups are privilege domains. Each group gives certain privileges to the user who is member of that group. For example, if the system administrator has made you the member of the 'cdrom' group, you get access to 'a CDROM drive and other optical drives', you can play CDs/DVDs, otherwise you won't be able to. The system admin can add or remove you from these groups. This is how a Linux system is secured from users affecting it in the wrong way. An user can be a malicious program too, trying to break into the system. If the malicious program has entered the system through the underprivileged user account, it cannot do anything to the system, because that user's account does not have sufficient privileges to do anything.

    System Groups – Debian wiki
    Privileges – Ubuntu wiki
    Beginners Guide to User and Group Administration in Linux – The geek diary
    Linux Users and Groups – Linode

    What I did on my Antix is, I created an user with username ‘test’ with Control center from the Menu. In the groups tab I unchecked the ‘sudo’ as suggested by Olsztyn and other groups, I thought are unnecessary (I am just experimenting. I will see the results.) to make that user underprivileged. And finally I gave the following command to check which were the groups assigned to the user ‘test’;

    $ groups test
    test : test lp dialout cdrom floppy audio dip video users netdev scanner vnstat

    I added the user to the ‘vnstat’ group, to give access to vnstat, to check internet usage.

    Now my doubts here are;

    Does adding the user to vnstat, give any special hidden privileges, unknown to me?

    If the user ‘test’ is assigned to only these groups, does it deprive ALL the abilities to break the system, even when the user invites a malware due to reckless usage? Or how far does it deprive? What other measures regarding group assignment, can be taken, to improve the situation? Or, is this sufficient as far as User-Groups are concerned?

    #39903
    Member
    Avatarolsztyn

    If the user ‘test’ is assigned to only these groups, does it deprive ALL the abilities to break the system, even when the user invites a malware due to reckless usage? Or how far does it deprive? What other measures regarding group assignment, can be taken, to improve the situation? Or, is this sufficient as far as User-Groups are concerned?

    My opinion is the following:
    I do not think there is 100% guarantee that nothing can break the system. However you can reduce such chance to the very minimum with sufficient security precautions discussed above. Furthermore, with the method in the second point below, any such breaks would be for the current session only and return your system to the healthy state after reboot:

    – If your antiX system is installed as often linux systems are, then any malicious program that infected your system usually survives reboots and continues doing what it is designed to do with the next session after reboot.
    – If your antiX system is set up on your hard drive as Frugal (Similar to Live USB, but on hard drive) and is finalized with no persistence then any malicious infection acquired during session will be automatically gone after reboot. And if such malicious code manages to make any changes to the system during that first session, such changes will be also gone after reboot and your system will return to the your finalized pristine state as before.
    In other words no permanent malicious changes can be made to your system in such scenario.

    There is a hardly better way to harden your system against malicious changes.
    Best of luck!

    #39919
    Member
    Avataranilkagi

    Hello Olsztyn, thanks for your efforts to help me.

    …. I do not think there is 100% guarantee that nothing can break the system. However you can reduce such chance to the very minimum with sufficient security precautions discussed above. ….

    …. There is a hardly better way to harden your system against malicious changes.

    I understand. I should have made this clear before. I thank you Olsztyn, for bringing it up.

    I address this to all the honorable members of the forum. When I ask questions like; “Is this sufficient?” or “Is that all?” or “Will it be enough?”; I am not seeking any guarantees, I am just seeking to know whether I have completed the standard, accepted, prevalent, generally and normally conducted procedures that the Linux community, the world over, would take in that particular situation. I want to know whether I have completed the normal procedure to do a certain thing. I also understand that there is no fool-proof method for anything in the computing world. Only widely accepted precedents exist. I ask those questions, because I don’t know those well accepted precedents, as I am new to the Linux world. I am aware that this is FOSS and nobody gives guarantees, but almost all the Supercomputers and servers run FOSS Linux, if that is any guarantee.

    Moreover, what I am doing here is just experimentation. I have nothing to loose and I am not going to hold anyone liable. I know the risks involved and I have accepted them and I am ready to persevere through the makes and breaks or install and re-install as many times as it takes to achieve the proposed goal.

    At the end of the day, what I want is, “the know-how”, to create a system like the one I described in the OP. If that is made possible, we win. If not, we are successful in knowing that this is not the way, to do it or in knowing it is not achievable.

    Someone has said it aptly. The most secure computer is the one that has not been powered on. So, I request the honorable forum members to please feel free to suggest and direct me. After all, we are experimenting.

    Thanks and Regards.

    If your antiX system is set up on your hard drive as Frugal (Similar to Live USB, but on hard drive) and is finalized with no persistence then any malicious infection acquired during session will be automatically gone after reboot. And if such malicious code manages to make any changes to the system during that first session, such changes will be also gone after reboot and your system will return to the your finalized pristine state as before.
    In other words no permanent malicious changes can be made to your system in such scenario.

    Though I would like to stick to my previous plan, this Frugal install you suggested is really interesting. I would like to see if I can make use of it in this endeavor. However, I have not understood the Frugal-install completely, though I had heard about it before. Now I read from the following links, but still have some queries.

    Frugal Install
    Frugal install
    Booting antiX Frugal-only From HDD Without Any Full-Installed OS – with Extlinux

    AFAIK now, the Frugal install;

    Quote
    A frugal install is similar to running a live cd or live usb, except that it is running from a hard drive... antiX is able to run frugal with persistence which means you can run it (like Puppy linux), add/remove apps and changes will be saved...   
    Unquote

    With frugal-persistence installation on one of the partitions of the HD, can I mount another partition of the HD, say /data, and save documents on it that will remain there as long as I don’t remove them? If apps can be installed and removed in frugal-persistence, then how come, no permanent malicious changes can be made to the system? In frugal-persistence on HD, can I create symlinks to /home directories? What is the minimum size of the partition required for frugal-persistence install?

    #39921
    Member
    Avatarolsztyn

    With frugal-persistence installation on one of the partitions of the HD, can I mount another partition of the HD, say /data, and save documents on it that will remain there as long as I don’t remove them?

    For your objective of securing a finalized Frugal installation of antiX has several useful persistence modes, such as:
    – Frugal Home – all data you save as usual in Documents, Downloads, etc… will remain there after reboot. The same if you store files in other mounted partitions and devices, whether on the same hard disk or USB, they will remain. Any changes to programs will be gone after reboot.
    – Frugal Only means no persistence. Any changes in the standard Home folders will not survive reboot. The files you do want to save you must save on “Live-USB-Storage’ right there next to your typical Home folders, or on another partition or USB, or network share if you chose. All changes to programs will be gone after reboot.

    The above are the most useful Frugal modes for your objective. Personally I recommend to set Frugal boot as ‘Frugal Only’ after you install and configure everything you need. Most secure antiX installation where no unwanted or malicious changes will be permanent. Should such changes occur during session (whether acquired from network or by your own mistake) they will be gone upon reboot of such frugal instance.

    Just to expand the topic: Another beauty of Frugal installs is that you can have multiple such Frugal installs, whether in the same partition or multiple partitions and each such Frugal installs can be composed with different selection of programs, settings and security entitlements.
    I am running several Frugal antiX installs, each set up differently and selecting which one to boot during computer start. However to start with just one Frugal install it is very easy – Just select desired Frugal option pressing F5 during boot of Live USB. This will find your Frugal installation on your hard disk and boot it. The first time you press F5 and select desired Frugal persistence option it will create a Frugal installation. Subsequent times it will boot your Frugal installation.
    Frugal installations of antiX also use much less space than regular installs thanks to Frugal installation being compressed in one file.

    • This reply was modified 1 month, 2 weeks ago by olsztyn.
    #39940
    Member
    Avataranilkagi

    This is really interesting. Thanks a lot for this detailed and informative post, Olsztyn.

    I am reading more and thinking over this. I think this frugal install will be greatly useful.

    And then what about system wide updates and upgrades, changing the settings in an application, will they persist after reboot? And symlinks, can I create symlinks?

    Further, Anticapitalista says here.

    
    You can run frugal from within your running antiX.

    In this setup, what are the repercussions of running a frugal inside a running Antix? What actually is the purpose of running a frugal inside a running Antix? What are the benefits? How does it help in security?

    #39942
    Member
    Avatarolsztyn

    And then what about system wide updates and upgrades, changing the settings in an application, will they persist after reboot? And symlinks, can I create symlinks?

    Frugal is the same as Live but on hard drive instead of USB. All principles applicable to Live will apply to Frugal antiX install. So if you run Frugal antiX with persistence then updates and your changes will be kept according to persistence mode you use. So if e.g. you chose No Persistence (for maximum security of your antiX) then after running system updates and other changes you want to keep, you just run Remaster from the Control Center to permanently burn such updates and changes into antiX Frugal instance.

    what are the repercussions of running a frugal inside a running Antix? What actually is the purpose of running a frugal inside a running Antix? What are the benefits? How does it help in security?

    If you have antiX installed in a common way and have Frugal install as well on that partition where antiX install resides, such Frugal install is in a separate Frugal folder on that partition. It is not a part of the regular installed antiX file system. No advantages or disadvantages as they are separate systems. You can add such Frugal antiX to the grub menu alongside the installed antiX menu entry. However you do not need antiX installed in order to run your Frugal install.
    E.g. I have several Frugal antiX installs and all start from grub menu. I typically do not have antiX installed in a traditional way as I personally consider Frugal form of antiX far superior to traditional install in many respects, such as no persistence, stateless and security, in addition to being compact.
    From many Linux distros only antiX can do it correctly. This is a huge advantage of antiX not even being fully realized.
    And just to clarify, I am not one of antiX team. I am just an average user.

    #39964
    Member
    Avataranilkagi

    So if e.g. you chose No Persistence (for maximum security of your antiX) then after running system updates and other changes you want to keep, you just run Remaster from the Control Center to permanently burn such updates and changes into antiX Frugal instance.

    Olsztyn, this is probably, the most suitable for me and best setup for security. Thanks for taking all the pains to share your knowledge.

    Now I will do this.

    I will do a no-persistence-frugal install of Antix-base on a HD partition, then update, upgrade and customize it. To further harden the system to make it secure DURING a session, I will make the “vital parts of OS” read-only. And then I will edit the /etc/sudoers file to restrict the abilities of all other users/applications. I will also install firejail.

    Then, I will install VirtualBox in it. Next, I will create a no-persistence-frugal-Antix-core VM on the VirtualBox. And in that Antix-core VM, I will install GSconnect. Then connect it to the KDEconnect on my Android phone. There too, to further harden the VM system to make it secure during a session, I will make the “vital parts of VM OS” read-only. And then I will edit the /etc/sudoers file of the VM to restrict the abilities of all other users/applications. And then I will remaster Antix-core VM. I will start the VB in firejail, to isolate the VM.

    Though all the above description seems complex it is just a simple “Antix-VB-Antix” non-persistant-frugal-secured setup.

    Will this be feasible? I am thinking of putting this to test, …hoping for it to work.

    And just to clarify, I am not one of antiX team. I am just an average user.

    I thought so, but you are not an average user, you are an expert user… you have got yourself acquainted with so much of Antix.

    Edit: Edited after properly understanding the frugal install inside a running install.

    • This reply was modified 1 month, 2 weeks ago by anilkagi.
    • This reply was modified 1 month, 2 weeks ago by anilkagi.
    • This reply was modified 1 month, 2 weeks ago by anilkagi.
    #40025
    Member
    Avataranilkagi


    What is the difference between, a Read-Only-Root and No-persistence-Frugal-Instal

    Hello everybody,

    I just read more and realized some of my misconceptions.

    I know you guys went through a lot of irritation because of my stupid arguments and plans. Especially you, Olsztyn. I am sorry for that. Thank you all a lot, for bearing with me. Please forgive me for my ignorance and help me out of this.

    After reading further, I am wondering if there is any difference between Read-Only-Root and No-persistence-Frugal-Install?

    Hello @Sybok & @Olsztyn,

    READ-ONLY ROOT:
    Also, it seems that Debian (and hence I guess that also antiX) allows to mount parts of the filesystem, e.g. root as read-only, see this link at wiki.debian.org.

    I personally consider Frugal form of antiX far superior to traditional install in many respects, such as …., stateless and security, …..

    After reading further I found that;

    Read-only file systems are useful in situations in which you want the environment to revert to a pristine state at each boot

    So both, a Read-Only-Root and a No-persistence-Frugal-Instal are the same, as far as reverting to a pristine state at each boot, is concerned. If this all about the Read-Only-Root system and nothing more, then I suppose, the frugal install is better, since here we don’t make systemic changes, whereas we make problematic systemic changes in Read-Only-Root. I quote from the link given by Sybok;

    
    If you want a readonly root then you can select that there and the installer will create the fstab corretcly for you. This gives you a system that <strong>almost works</strong>.
    
    You will have to correct /etc/mtab, ifupdown and, if you have no /tmp partition, add tmpfs to /etc/fstab to get a clean boot. Do that at the shell prompt at the second console (Ctrl-Alt-F2) in the installer or first before any other fixes from above and reboot. Before you fix ifupdown you will have no networking so don't go this way when installing remote.
    
    After the second boot you might get an error from exim4 that the panic log isn't empty. This is because the network didn't come up on the first boot (you fixed ifupdown now, right?). Check that it is just that, remove the file (see <file:///usr/share/doc/exim4/README.Debian.html>, section 2.5.1. “The daily cron job”, esp. logrotate -f /etc/logrotate.d/exim4-paniclog) and restart exim4.
    

    However (I suppose, I don’t know for sure), this is not all about the Read-Only-Root system, and the frugal install has its own drawbacks. That is;

    In a no-persistence-frugal install, if the system is infected with a malware, the malware can make changes to the system during the session. Of course its effects will be gone after next boot. However the malware can make changes to the system during the session, and make the system to malfunction, during that session. This does not happen to a Read-Only-Root system. No malware can bring any change to the system even during the session, since it is read only.

    This is my current perception, but I am not sure whether I am right in thinking so.

    Please kindly throw some light on this matter.

    Thank you

    #40027
    Member
    Avatarolsztyn

    And in that Antix-core VM, I will install GSconnect. Then connect it to the KDEconnect on my Android phone. There too, to further harden the VM system to make it secure during a session, I will make the “vital parts of VM OS” read-only. And then I will edit the /etc/sudoers file of the VM to restrict the abilities of all other users/applications. And then I will remaster Antix-core VM. I will start the VB in firejail, to isolate the VM.

    I am not familiar with KDEconnect, GSconnect and firejail, so perhaps someone else will be able to comment on whether such nested design will work. Question would be one of communication capabilities of KDEconnect and GSconnect, whether from VB VM inside firejail it will be able to talk to KDEconnect on phone connected to USB. It seems a lot depends on protocols being used and firejail sandbox restrictions.

    #40081
    Member
    syboksybok

    Hi anilkagi.
    I am not familiar with both read-only-root and frugal.
    The read-only-root is rather self-explaining.
    Unfortunately, one has to perform (e.g. security) updates via the package manager and therefore root has to be mounted as read-write.
    This opens a window of opportunity for same malware.
    Still, it seems to improve the situation most of the time (i.e. when you do not perform updates).

    This is all I can add for now since not knowing more.

    #40083
    Forum Admin
    rokytnjirokytnji

    Member response:

    I’m a gruff, dusty around the edges kind of admin.

    Not a hater. I can advise. It does not hurt my feelings as I have thick skin when some one goes what ever. Or rolls their eyes.

    It is their life. So I file it under ” I don’t care ”

    I hope Rockytnji, won’t hate me for this.

    Meh. If you irritate me. I’ll ignore you. Not hate you. I can be talked to reasonably and can change my mind easily also. Good Luck. I won’t be around for week or so.
    Most long time members know I am easy going and loosey goosey in my Linux usage.

    This distro taught me most everything I know about my computers. From how to search for solutions. To getting graphics to work on unsupported graphics chips with newer xorg. If you stick around. Ya might learn something something also. Just don’t be too sensitive. Most forum members hearts are in the right place.

    Some of our communications skills. Like me. Some times leaves much to be desired when it comes to manners. So frustration spills out online once a while.
    It is a human condition and I understand it completely. So I let it bounce off my chakra. Develop self confidence and people can’t hurt your feelings much anymore.
    Laterz. Time for fun.

    PS. Only reason I posted was one box here in the shop is loaner.
    PSss. I try and avoid being a help vampire also when I first started. Doing wbar and cairo dock back in the day on fluxbox.
    I read up first before asking a question.

    • This reply was modified 1 month, 2 weeks ago by rokytnji.

    Sometimes I drive a crooked road to get my mind straight.
    Not all who Wander are Lost.
    I'm not outa place. I'm from outer space.

    Linux Registered User # 475019
    How to Search for AntiX solutions to your problems

Viewing 15 posts - 16 through 30 (of 50 total)
  • You must be logged in to reply to this topic.