On Tue, Aug 31, 2010 at 10:20 AM, <[email protected]> wrote: > > Hi all, > how to lock (protect by password) the cpu console? In default install > afterboot the console is logged by user bootes. Is there a way to avoid this? > > tia, > > bye > > -- > Maurizio Boriani > irc: #[email protected] > PGP key: 0xEBBFF70D > => A5 96 C1 30 00 78 0C 78 57 5D 3E 05 C2 A4 6D 53 <= > Crudelitas in animalia est tirocinium crudelitatis > contra homines > >
Hi Maurizio This seems to come up every so often. The usual answer, and the one which I use, is "who cares?" :) Where is your CPU server located? Are there that many untrustworthy types passing through every day? I left one of my CPU/auth/file servers sitting in a campus lab, accessible by grad students and some undergrad courses, for over two years and never saw so much as an "ls" entered, even though I had the keyboard, mouse, and monitor hooked up the whole time. My biggest problem was that people kept unplugging the network cable to use with their laptops! Right now, I have my CPU/auth/file server sitting in a different lab, with no input or output devices connected. That in itself is good enough to stop casual meddlers. Of course, if you have non-casual meddlers, somebody who is willing to drag over a monitor and a keyboard just to fiddle with your PC, you'll want to take further steps. Although I've never done it, I expect you should be able to modify /cfg/<sysname>/cpustart to prevent local access. Maybe a simple while/sleep loop would do the job? There is also, somewhere, a screen locker program that (I think) Rob wrote a few years back; I compiled it and used it successfully last year, and you could certainly stick that in your cpustart to automatically lock the screen. However, for the life of me I can't find the code right now, so maybe somebody else can point to it. A lot of people ask this kind of thing when they start using Plan 9. I did. I think it comes from the illusion of safety given by the way Linux and Windows and Mac OS X all ask for usernames and passwords when they boot, despite the fact that only the most casual of "attacker" would be put off by that, rather than, say, rebooting with a LiveCD and grabbing your data that way. There's something to be said for deterring casual fiddlers who can't help but touch an open computer, though, and luckily it's not too hard in Plan 9. John -- "With MPI, familiarity breeds contempt. Contempt and nausea. Contempt, nausea, and fear. Contempt, nausea, fear, and .." -- Ron Minnich
