|
|
(25 intermediate revisions by 19 users not shown) |
Line 1: |
Line 1: |
− | == Mutiple Logins in Knoppix ==
| + | {{delete|outdated}} [[User:WPSchulz|WPSchulz]] ([[User talk:WPSchulz|talk]]) 19:08, 11 April 2016 (EDT) |
− | | + | |
− | I recently had an idea for non-server type computers. This would be
| + | |
− | implementable on Knoppix, but could be applied to any distribution.
| + | |
− | | + | |
− | Right now, "knoppix home=scan" will scan media for a knoppix.img file.
| + | |
− | | + | |
− | <newidea>
| + | |
− | | + | |
− | It would be cool if the system looked for all files called
| + | |
− | "home-*.img". For example, I might have a home-hal.img file which
| + | |
− | would be an encrypted filesystem containg the user hal's home
| + | |
− | directory.
| + | |
− | | + | |
− | Suppose it found two files: home-hal.img and home-dave.img. Then the
| + | |
− | login screen would show four user options: default, hal, dave, and
| + | |
− | new. Default would create a home directory in the ramdisk using the
| + | |
− | default settings, just like Knoppix does now.
| + | |
− | | + | |
− | If I chose hal, it would ask for a passphrase. If that passphrase
| + | |
− | works on the encrypted home directory, then it would add hal to
| + | |
− | /etc/passwd, mount the encrypted filesystem at /home/hal, and log me
| + | |
− | in.
| + | |
− | | + | |
− | The "new" option would create a new user and a new encrypted home
| + | |
− | directory on whatever media is chosen.
| + | |
− | | + | |
− | </newidea>
| + | |
− | | + | |
− | The advantages are:
| + | |
− | | + | |
− | # One is not limited to the "knoppix" user.
| + | |
− | # There can be mutliple home-directory images for multiple users on the same hard drive.
| + | |
− | # This encourages use of encryption for security.
| + | |
− | # It seems more natural security model. In the old model of enforcing security, the kernel is expected to respect /etc/passwd and home-directory permissions. User A could always use a live-cd to read User B's private files, even if User B had set the permissions on those files to keep them private.
| + | |
− | | + | |
− | This idea needs work. But I think it has some promise.
| + | |
− | | + | |
− | ----
| + | |