[PLUG] Such a thing as a "single user" Linux?

Richard Owlett rowlett at cloud85.net
Sun Sep 28 13:02:16 UTC 2014


Rich Shepard wrote:
> On Sat, 27 Sep 2014, Richard Owlett wrote:
>
>> I have read Debian security info suggesting that all unnecessary
>> daemons/etc be deleted.
>
>     In every distribution you can _disable_ services. Unlike the Microsoft
> world you don't need to delete them. Just change the mode to remove the
> executable permissions (chmod a-x <filename>) and it will no longer be
> running when you next turn on your system.

Its more a philosophical than strictly technical requirement. 
Debian developers are *POWER* users and presume everyone has 
terabyte storage, multi GHz multi-processors, and massive 
bandwidth. I take "small is ultimate elegance" in the other 
extreme. That my motivation for investigating debootstrap and 
multistrap.

>
>> I have at least three distinct use cases:
>>    0. for all cases - no known need for any "server" re internet
>> (poorly phrased)
>
>     So, don't run any. If you are not providing services (httpd, ftpd, smtpd,
> etc) to other parties you just do not bring up the daemons when the system
> boots.

My major problem there is where to I find a list.


>
>>    1. my personal system - sub-cases
>>       a. Maintenance mode - cf Runlevel=1
>
>     What sort of maintenance? You can do everything you need (other than a
> distribution upgrade) in runlevel 3/4 (multiuser).
>
>>       b. Internet - no unsolicited incoming connection
>>          as yet unspecified supervision of out going connections
>> (cf COMODO on Windows)
>
>     Turn off the execute bits on sshd; no one can access your network. Your
> outgoing connections should be limited to your web browser and whatever you
> use to get and send e-mail via your ISP.
>
>>       c. Computer used to compute - *NO* networking _whatsoever_
>> (ME, strange? ;/ )
>
>     Ya know, if there are no other hosts connected to your working desktop
> machine via wireless or Ethernet then you are not on a network. Consider the
> folks you see working on portable computers at the local Fourbucks. They're
> not networked unless they're accessing some web site via their browser. Now,
> if you are "computing" and don't want any networking, shut down your web
> browser.

Its probably not as much of a problem in Linux, but I've had 
Windows programs "helpfully" call home for updates etc.

>
>>    2. system for a friend 1000 miles away
>>       a. he has BSEE but no interest in computers except as a tool
>>       b. his wife with a MS Education (minor in piano/organ IIRC)
>>          probable use - browser, email, home office apps
>
>     Have someone closer to them work with them on hardware and OS/software
> with which they feel comfortable.

In an ideal world. I've known them for ~40 years and know how 
hard not to push. He is in an area of Upstate New York with a 
selection of user groups and SIGs. I was going to send him a 
selection of live CDs to play with. But yesterday I got an email 
telling me to expect his spare laptop with implied instruction of 
"fill 'er up".

>
>>    3. Church has received some computers to be used for instructional
>> purposes. We have an outreach to an inner city school across the street
>> and another outreach to adults with various needs. There is no networking
>> infrastructure. It would be wise to actively prevent internet access if
>> someone brought in a USB dongle etc. As I will likely be the one doing
>> upkeep I would prefer disabling "su" and "sudo" *COMPLETELY". Required
>> maintenance would be running from a "modified rescue cd".
>
>     If you completely disable su and sudo you cannot do any system maintenance
> unless you log in as root.
>
>     To disable 'Net access do not install a wireless or other modem. Each
> machine is a stand-alone unit. It does not matter what someone plugs into
> the computer if there's no hardware connecting it to the outside world.

I'm not quite being paranoid. I'm thinking in terms of preventing 
someone from using  a USB Bluetooth or WiFi adapter they have 
brought in.


>
>> Am I just clueless
>
>     No, just beginning to learn. You might consider finding one of Carla
> Schroeder's fine books at your local library or book store. She has several
> that are great for those learning to run and use linux.
>
> Rich
> _______________________________________________
> PLUG mailing list
> PLUG at lists.pdxlinux.org
> http://lists.pdxlinux.org/mailman/listinfo/plug
>




More information about the PLUG mailing list