From: John Floren <slawmaster@gmail.com>
To: Fans of the OS Plan 9 from Bell Labs <9fans@9fans.net>
Subject: Re: [9fans] how to lock cpu console
Date: Tue, 31 Aug 2010 10:55:59 -0400 [thread overview]
Message-ID: <AANLkTinY9nvJ1b+crG+aqL7KZ0EpnvoycMFQBFNRqS=7@mail.gmail.com> (raw)
In-Reply-To: <E1OqRh3-0005IS-Nk@gouda.swtch.com>
On Tue, Aug 31, 2010 at 10:20 AM, <baux80@gmail.com> wrote:
>
> Hi all,
> how to lock (protect by password) the cpu console? In default install
> afterboot the console is logged by user bootes. Is there a way to avoid this?
>
> tia,
>
> bye
>
> --
> Maurizio Boriani
> irc: #defocus@freenode.net
> PGP key: 0xEBBFF70D
> => A5 96 C1 30 00 78 0C 78 57 5D 3E 05 C2 A4 6D 53 <=
> Crudelitas in animalia est tirocinium crudelitatis
> contra homines
>
>
Hi Maurizio
This seems to come up every so often. The usual answer, and the one
which I use, is "who cares?" :) Where is your CPU server located? Are
there that many untrustworthy types passing through every day? I left
one of my CPU/auth/file servers sitting in a campus lab, accessible by
grad students and some undergrad courses, for over two years and never
saw so much as an "ls" entered, even though I had the keyboard, mouse,
and monitor hooked up the whole time. My biggest problem was that
people kept unplugging the network cable to use with their laptops!
Right now, I have my CPU/auth/file server sitting in a different lab,
with no input or output devices connected. That in itself is good
enough to stop casual meddlers.
Of course, if you have non-casual meddlers, somebody who is willing to
drag over a monitor and a keyboard just to fiddle with your PC, you'll
want to take further steps. Although I've never done it, I expect you
should be able to modify /cfg/<sysname>/cpustart to prevent local
access. Maybe a simple while/sleep loop would do the job?
There is also, somewhere, a screen locker program that (I think) Rob
wrote a few years back; I compiled it and used it successfully last
year, and you could certainly stick that in your cpustart to
automatically lock the screen. However, for the life of me I can't
find the code right now, so maybe somebody else can point to it.
A lot of people ask this kind of thing when they start using Plan 9. I
did. I think it comes from the illusion of safety given by the way
Linux and Windows and Mac OS X all ask for usernames and passwords
when they boot, despite the fact that only the most casual of
"attacker" would be put off by that, rather than, say, rebooting with
a LiveCD and grabbing your data that way. There's something to be said
for deterring casual fiddlers who can't help but touch an open
computer, though, and luckily it's not too hard in Plan 9.
John
--
"With MPI, familiarity breeds contempt. Contempt and nausea. Contempt,
nausea, and fear. Contempt, nausea, fear, and .." -- Ron Minnich
next prev parent reply other threads:[~2010-08-31 14:55 UTC|newest]
Thread overview: 32+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-08-31 14:20 baux80
2010-08-31 14:31 ` Robert Raschke
2010-08-31 14:55 ` John Floren [this message]
2010-08-31 15:04 ` erik quanstrom
2010-08-31 15:25 ` David Leimbach
2010-08-31 15:25 ` Skip Tavakkolian
2010-08-31 18:18 ` Francisco J Ballesteros
2010-08-31 19:54 ` andrey mirtchovski
2010-08-31 20:45 ` Skip Tavakkolian
2010-09-01 4:21 ` Federico G. Benavento
2010-09-01 4:44 ` John Floren
2010-09-01 15:11 ` erik quanstrom
2010-09-01 16:57 ` Federico G. Benavento
2010-09-01 17:22 ` erik quanstrom
2010-09-01 17:44 ` John Floren
2010-09-01 18:14 ` erik quanstrom
2010-09-01 18:31 ` John Floren
2010-09-01 18:51 ` erik quanstrom
2010-09-01 19:41 ` John Floren
2010-09-01 18:24 ` frank
2010-09-01 17:56 ` Federico G. Benavento
2010-09-01 10:09 ` baux80
2010-09-01 10:09 ` baux80 at gmail.com
2010-09-01 9:56 ` baux80
2010-09-01 9:56 ` baux80 at gmail.com
[not found] ` <E1Oqk2g-0003Ze-1W@gouda.swtch.com>
2010-09-01 19:14 ` Corey
2010-09-01 19:52 ` erik quanstrom
2010-09-01 20:23 ` Corey
2010-09-01 9:48 ` baux80
2010-09-01 9:48 ` baux80 at gmail.com
2010-08-31 14:20 baux80 at gmail.com
[not found] <E1OqRh3-0005IS-Hi@gouda.swtch.com>
2010-08-31 14:29 ` erik quanstrom
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='AANLkTinY9nvJ1b+crG+aqL7KZ0EpnvoycMFQBFNRqS=7@mail.gmail.com' \
--to=slawmaster@gmail.com \
--cc=9fans@9fans.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).