SlackwareThis Forum is for the discussion of Slackware Linux.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Yeah, I would like a very locked-down Linux that don't require password. Lets say I am building a Linux laptop for my parents (who is computer illiterate). Would be great if they don't have to mess with passwords, but still surf the web safely.
Just like my mom bought an iPad from Apple Store and just started using it. No passwords needed.
what you missed, you don't need root access, just start a browser as a regular user, even without password. That is possible, more or less like on android (or ios).
But in such cases you need to protect your root account. Also you can switch on automatic updates (like on smartphones).
Use a live-distro (get one here: https://download.liveslak.org/slackware64-15.0-live/ and modify it to auto-login.
Use it on a separate network from all your other devices.
Turn it off when you are done "surfing the internet".
Nothing is absolutely safe.
The most you can do is to make it the least unsafe possible.
Please note that a passwordless computer is more unsafe than one with a password...
Yes, this is absolutely the best solution for users not suitable or capable of maintaining their OS installation. With a live CD/DVD/BluRay on a read-only media in a computer without any other internal storage no one will be able to permanently tamper with any files.
Even for someone who only needs the computer to "surf the web" maintenance of the system is mandatory. Slackware 15.0 was released Feb 2 2022, less than two years ago. Since then there have been no less than 31 security updates for Mozilla Firefox in Slackware 15.0 at the time of this writing, the last update only a few days ago:
Code:
+--------------------------+
Tue Dec 19 21:24:05 UTC 2023
...
patches/packages/mozilla-firefox-115.6.0esr-x86_64-1_slack15.0.txz: Upgraded.
This update contains security fixes and improvements.
For more information, see:
https://www.mozilla.org/en-US/firefox/115.6.0/releasenotes/
https://www.mozilla.org/security/advisories/mfsa2023-54/
https://www.cve.org/CVERecord?id=CVE-2023-6856
https://www.cve.org/CVERecord?id=CVE-2023-6865
https://www.cve.org/CVERecord?id=CVE-2023-6857
https://www.cve.org/CVERecord?id=CVE-2023-6858
https://www.cve.org/CVERecord?id=CVE-2023-6859
https://www.cve.org/CVERecord?id=CVE-2023-6860
https://www.cve.org/CVERecord?id=CVE-2023-6867
https://www.cve.org/CVERecord?id=CVE-2023-6861
https://www.cve.org/CVERecord?id=CVE-2023-6862
https://www.cve.org/CVERecord?id=CVE-2023-6863
https://www.cve.org/CVERecord?id=CVE-2023-6864
(* Security fix *)
It does require some responsibility to let someone out on the internet. The responsibility is not only about protecting them and their data, but also about protecting the rest of internet from them. Most serious Internet Service Providers will take some responsibility and block users which maliciously or unknowingly is spreading spam or malware.
However, if you are willing and capable to do at least weekly maintenance and support of their system the auto-login feature of SDDM or other login managers might be useful.
what you missed, you don't need root access, just start a browser as a regular user, even without password. That is possible, more or less like on android (or ios).
But in such cases you need to protect your root account. Also you can switch on automatic updates (like on smartphones).
Ok. So, I uninstalled sudo. Now the user does not have root access.
Last edited by Alfred-Augustus; 12-23-2023 at 10:20 PM.
[...]Apple's control over the operating system ensures a consistent and secure user experience. [...]
False propaganda! Apple even colludes with government/police to abuse/monitor users, such as when there were protests in a certain area/country, Apple turned off people's cameras, and does other things to harm people's security! This is why why Free/Libre/Opensource Software (FLS, OSS, FOSS, FLOSS) is superior to harmful proprietary software, which also tends to inconsistently change interfaces with no way to get old features back.
False propaganda! Apple even colludes with government/police to abuse/monitor users, such as when there were protests in a certain area/country, Apple turned off people's cameras, and does other things to harm people's security! This is why why Free/Libre/Opensource Software (FLS, OSS, FOSS, FLOSS) is superior to harmful proprietary software, which also tends to inconsistently change interfaces with no way to get old features back.
How do you know your executable is acutally built from Opensource code? And not have something like a backdoor added in.
Last edited by Alfred-Augustus; 12-24-2023 at 03:11 AM.
How do you know your executable is acutally built from Opensource code? And not have something like a backdoor added in.
That is a different question, in general you need to know the source of that executable (not the source code, but where it was downloaded from). The content of official package repositories are documented, so you can check them.
I think it's best to proceed on the basis that disabling the login or enabling sudo for root on a machine others have access to will never be safe. The experience of raising youngsters will teach you that!Offer any motivation and they'll figure it out fast.
To autologin when booting to console (runlevel 3), edit /etc/inittab. Something like this:
c1:12345:respawn:/sbin/agetty --autologin <username> --noclear 38400 tty1 linux
--noclear 38400 tty1 linux
Consult the respective display manager docs to autologin when booting to runlevel 4 with a display/login manager. With sddm that comes packaged with Slackware, edit /etc/sddm.conf:
Code:
[Autologin]
User=<username>
There is no requirement to directly edit /etc/sddm.conf. Autologin can be configured with the KDE System Settings tool, Startup and Shutdown --> Login Screen (SDDM) --> Behavior button.
Most display/login managers support autologin and password-less logins. Some display/login managers are designed not to support root logins. Logging in as root with sddm is supported.
Surfing the web without credentials is straightforward because most web browsers support storing credentials. Similarly, email clients support storing credentials too.
I hope that helps. Have fun!
The default (internal one used if no other /etc/inittab exists) in busybox https://elixir.bootlin.com/busybox/l...amples/inittab just uses askfirst and straight to /bin/sh that might be another alternative to using getty
Unlike others who suggest "don't do that" IMO if you just use the laptop/whatever for general browsing (no banking etc.) then I don't see any harm in treating it as a 'open' device (no password). If its stolen then unless there's a strong password and encryption the thief could see whatever was on the device anyway.
I more often run as root on a passwordless bootup. As am I happy to telnet into BBS's that any in-middle 'attacker' could see/modify. Doesn't tend to happen, more of just a bother rather than a critical issue if it did.
Any dark hat of any esteem is hardly likely to spend the time/effort targeting a individual, are more inclined to go after bigger fish (servers).
But yes, when it comes to banking or other sensitive data then you should have a separate system/method for that. I boot a pristine freshly pre-configured setup for that, where no changes are saved and its just used to go direct to my banks web site, nowhere else before or after.
Much of security is the identification and fixing of security issues that 'COULD' happen, and directing towards everything (all data) being secure, even stuff you or nobody else cares about. Whilst in the background there's google whose recording everything about you, totally in the open - and many simply don't care about that. Consider for instance that you're about to go to some-site.com and you enter that into your browser that requests the IP associated with that from a 8.8.8.8 dns server i.e. google controlled. So google knows where you're headed and can pull in the unencrypted front page of that web site. They may even get to see your encrypted data flow of that - which yields what type/method of encryption might have yielded that encrypted data sequence from that unencrypted sequence. Alongside a million other tricks/measures that they make.
False propaganda! Apple even colludes with government/police to abuse/monitor users, such as when there were protests in a certain area/country, Apple turned off people's cameras, and does other things to harm people's security! This is why why Free/Libre/Opensource Software (FLS, OSS, FOSS, FLOSS) is superior to harmful proprietary software, which also tends to inconsistently change interfaces with no way to get old features back.
My intention was not and is not to make propaganda in favor of Apple.I just explained how the iPad works and why it can work like that.I say clearly that Root is Apple and not the user.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.