Talking about VMs here…
Under the The Separate User "admin" Plan
. (grub boot menu to login into user user
or user admin
):
- Could we even go for autologin in X
and
virtual console for useruser
when booting into user-only (non-root) mode?- In this mode, user
admin
stays password locked by default.
- In this mode, user
- Could we even go for autologin in X
and
virtual console for useradmin
when booting into superuser mode?- In this mode, user
user
stays password locked by default.
- In this mode, user
- Could we even go for passwordless sudo for user
admin
when booting into superuser mode? - All passwords locked by default.
- No more default passwords for user
user
and no default password for useradmin
. - Still no root login.
implementation goals:
secure auto login
+ secure passwordless sudo
+ uncrackable user passwords
By using locked passwords by default, there wouldn’t be any passwords that adversaries could crack.
Could the use of autologin be abused by non-autologin, limited user accounts such as user web
? Could for example a compromised linux user account web
take advantage of user user
being autologin? I wouldn’t know. Maybe different for graphical applications running under a different user account? But then probably X is too broken to consider this anyhow.
Would an auto logged in virtual console offer any attack surface for compromised non-user user
accounts such as user web
?
Users will always be able to configure what they want. (Such as the current behavior of only user user
and ability to use sudo
.) In this post I am trying to find a design for the default which works good enough for most users.