I’m in the process of configuring a “guest” account for houseguests to use my computer. I’ve got the file permissions set, but I’d also like to restrict their access to the terminal. It seems to me that most of the damage that can be done to a computer goes through the terminal.
I downloaded Pessulus (I use Gnome), but it doesn’t require a password. So the profiled user can just open Pessulus and alter their profile – what’s the point?
Is there a way I can require a user to enter a password, either for any terminal or Pessulus? I like Pessulus – it’s concise and easy to use. But it doesn’t seem very secure as I understand it.
Oh, I’ve just read that I can run Pessulus as root. However, when I type $ sudo pessulus
I get this message. Sorry for the long post – I couldn’t figure out how to place the text in a scroll box.
/usr/lib/python2.6/site-packages/gtk-2.0/gtk/init.py:57: GtkWarning: could not open display
warnings.warn(str(e), _gtk.Warning)
/usr/lib/python2.6/site-packages/Pessulus/main.py:49: Warning: invalid (NULL) pointer instance
message_format = _(“Cannot contact the GConf server”))
/usr/lib/python2.6/site-packages/Pessulus/main.py:49: Warning: g_signal_connect_data: assertion G_TYPE_CHECK_INSTANCE (instance)' failed message_format = _("Cannot contact the GConf server")) /usr/lib/python2.6/site-packages/Pessulus/main.py:49: GtkWarning: gtk_settings_get_for_screen: assertion GDK_IS_SCREEN (screen)’ failed
message_format = _(“Cannot contact the GConf server”))
/usr/lib/python2.6/site-packages/Pessulus/main.py:49: Warning: g_object_get: assertion G_IS_OBJECT (object)' failed message_format = _("Cannot contact the GConf server")) /usr/lib/python2.6/site-packages/Pessulus/main.py:49: Warning: value "TRUE" of type gboolean’ is invalid or out of range for property visible' of type gboolean’
message_format = _(“Cannot contact the GConf server”))
/usr/lib/python2.6/site-packages/Pessulus/main.py:55: GtkWarning: Screen for GtkWindow not set; you must always set
a screen for a GtkWindow before using the window
dialog.run ()
/usr/lib/python2.6/site-packages/Pessulus/main.py:55: GtkWarning: gdk_pango_context_get_for_screen: assertion GDK_IS_SCREEN (screen)' failed dialog.run () /usr/lib/python2.6/site-packages/Pessulus/main.py:55: PangoWarning: pango_context_set_font_description: assertion context != NULL’ failed
dialog.run ()
/usr/lib/python2.6/site-packages/Pessulus/main.py:55: PangoWarning: pango_context_set_base_dir: assertion context != NULL' failed dialog.run () /usr/lib/python2.6/site-packages/Pessulus/main.py:55: PangoWarning: pango_context_set_language: assertion context != NULL’ failed
dialog.run ()
/usr/lib/python2.6/site-packages/Pessulus/main.py:55: PangoWarning: pango_layout_new: assertion context != NULL' failed dialog.run () /usr/lib/python2.6/site-packages/Pessulus/main.py:55: PangoWarning: pango_layout_set_text: assertion layout != NULL’ failed
dialog.run ()
/usr/lib/python2.6/site-packages/Pessulus/main.py:55: PangoWarning: pango_layout_set_attributes: assertion layout != NULL' failed dialog.run () /usr/lib/python2.6/site-packages/Pessulus/main.py:55: PangoWarning: pango_layout_set_alignment: assertion layout != NULL’ failed
dialog.run ()
/usr/lib/python2.6/site-packages/Pessulus/main.py:55: PangoWarning: pango_layout_set_ellipsize: assertion PANGO_IS_LAYOUT (layout)' failed dialog.run () /usr/lib/python2.6/site-packages/Pessulus/main.py:55: PangoWarning: pango_layout_set_single_paragraph_mode: assertion PANGO_IS_LAYOUT (layout)’ failed
dialog.run ()
/usr/lib/python2.6/site-packages/Pessulus/main.py:55: PangoWarning: pango_layout_set_width: assertion layout != NULL' failed dialog.run () /usr/lib/python2.6/site-packages/Pessulus/main.py:55: PangoWarning: pango_layout_get_extents: assertion layout != NULL’ failed
dialog.run ()
/usr/lib/python2.6/site-packages/Pessulus/main.py:55: GtkWarning: gtk_icon_theme_get_for_screen: assertion GDK_IS_SCREEN (screen)' failed dialog.run () /usr/lib/python2.6/site-packages/Pessulus/main.py:55: GtkWarning: gtk_settings_get_for_screen: assertion GDK_IS_SCREEN (screen)’ failed
dialog.run ()
/usr/lib/python2.6/site-packages/Pessulus/main.py:55: GtkWarning: gtk_icon_size_lookup_for_settings: assertion `GTK_IS_SETTINGS (settings)’ failed
dialog.run ()
/usr/lib/python2.6/site-packages/Pessulus/main.py:55: GtkWarning: Invalid icon size 6
I’m skeptical about the feasibility of what you’re after. The terminal is
not evil… inappropriate rights assignments are evil. Even if you were
to delete all shells a user could throw in a thumb drive or download a new
one from the Internet. If you do not make a shell obvious chances are
guest users won’t use one. Even if you do hide it, though, somebody
wanting to do something nasty will not be in inhibited by your attempts
(imo). If you restrict permissions properly the most malicious of
commands will have no real effect.
Good luck.
On 09/21/2010 08:46 AM, xpacker wrote:
>
> I’m in the process of configuring a “guest” account for houseguests to
> use my computer. I’ve got the file permissions set, but I’d also like
> to restrict their access to the terminal. It seems to me that most of
> the damage that can be done to a computer goes through the terminal.
>
> I downloaded Pessulus (I use Gnome), but it doesn’t require a password.
> So the profiled user can just open Pessulus and alter their profile –
> what’s the point?
>
> Is there a way I can require a user to enter a password, either for any
> terminal or Pessulus? I like Pessulus – it’s concise and easy to use.
> But it doesn’t seem very secure as I understand it.
>
> Thanks in advance for any suggestions.
>
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.15 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
Exactly, and regardless of the presence of a terminal. The power button
along with a USB stick or bit of optical media can mean doom for your data
either by destruction or theft.
Good luck.
On 09/21/2010 12:06 PM, gogalthorp wrote:
>
> If someone with knowledge and bad intent has physical access to your
> machine the can do just about anything they want.
>
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.15 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/