[PLUG] Such a thing as a "single user" Linux?

Rich Shepard rshepard at appl-ecosys.com
Sat Sep 27 23:59:13 UTC 2014


On Sat, 27 Sep 2014, Richard Owlett wrote:

> I have read Debian security info suggesting that all unnecessary
> daemons/etc be deleted.

   In every distribution you can _disable_ services. Unlike the Microsoft
world you don't need to delete them. Just change the mode to remove the
executable permissions (chmod a-x <filename>) and it will no longer be
running when you next turn on your system.

> I have at least three distinct use cases:
>   0. for all cases - no known need for any "server" re internet
> (poorly phrased)

   So, don't run any. If you are not providing services (httpd, ftpd, smtpd,
etc) to other parties you just do not bring up the daemons when the system
boots.

>   1. my personal system - sub-cases
>      a. Maintenance mode - cf Runlevel=1

   What sort of maintenance? You can do everything you need (other than a
distribution upgrade) in runlevel 3/4 (multiuser).

>      b. Internet - no unsolicited incoming connection
>         as yet unspecified supervision of out going connections
> (cf COMODO on Windows)

   Turn off the execute bits on sshd; no one can access your network. Your
outgoing connections should be limited to your web browser and whatever you
use to get and send e-mail via your ISP.

>      c. Computer used to compute - *NO* networking _whatsoever_
> (ME, strange? ;/ )

   Ya know, if there are no other hosts connected to your working desktop
machine via wireless or Ethernet then you are not on a network. Consider the
folks you see working on portable computers at the local Fourbucks. They're
not networked unless they're accessing some web site via their browser. Now,
if you are "computing" and don't want any networking, shut down your web
browser.

>   2. system for a friend 1000 miles away
>      a. he has BSEE but no interest in computers except as a tool
>      b. his wife with a MS Education (minor in piano/organ IIRC)
>         probable use - browser, email, home office apps

   Have someone closer to them work with them on hardware and OS/software
with which they feel comfortable.

>   3. Church has received some computers to be used for instructional
> purposes. We have an outreach to an inner city school across the street
> and another outreach to adults with various needs. There is no networking
> infrastructure. It would be wise to actively prevent internet access if
> someone brought in a USB dongle etc. As I will likely be the one doing
> upkeep I would prefer disabling "su" and "sudo" *COMPLETELY". Required
> maintenance would be running from a "modified rescue cd".

   If you completely disable su and sudo you cannot do any system maintenance
unless you log in as root.

   To disable 'Net access do not install a wireless or other modem. Each
machine is a stand-alone unit. It does not matter what someone plugs into
the computer if there's no hardware connecting it to the outside world.

> Am I just clueles

   No, just beginning to learn. You might consider finding one of Carla
Schroeder's fine books at your local library or book store. She has several
that are great for those learning to run and use linux.

Rich



More information about the PLUG mailing list