View previous topic :: View next topic |
Author |
Message |
ggaaron Apprentice
Joined: 10 May 2007 Posts: 217
|
Posted: Tue Jul 03, 2007 10:12 am Post subject: Secure mail client [solved] |
|
|
I'm using thunderbird to get my mail. Is there a way that I could put a password on running thunderbird, and probably other apps? So such app won't run without a password given.
Last edited by ggaaron on Tue Jul 03, 2007 12:46 pm; edited 1 time in total |
|
Back to top |
|
|
PaulBredbury Watchman
Joined: 14 Jul 2005 Posts: 7310
|
Posted: Tue Jul 03, 2007 10:20 am Post subject: |
|
|
Use a screensaver. |
|
Back to top |
|
|
Mantaar Apprentice
Joined: 17 May 2007 Posts: 219
|
Posted: Tue Jul 03, 2007 10:41 am Post subject: |
|
|
... or you could add another user who 'owns' executable permissions on thunderbird. You would have to log in as this user to be able read your mail (i.e. - open up a shell, su to this user and then execute thunderbird from within the shell. You don't have to have graphical access for that.)
You could also scramble this user's passwd and put yourself in the sudoers as the only one who can execute stuff with his permissions - so you only would get to execute tbird with your own passwd.
Why do you want to have it this way anyways? Doesn't make much sense to me... _________________ Error compiling committee.c: too many arguments to function. |
|
Back to top |
|
|
ggaaron Apprentice
Joined: 10 May 2007 Posts: 217
|
Posted: Tue Jul 03, 2007 10:45 am Post subject: |
|
|
There are many programs (like thunderbird) that when run give too much information - firefox uses a password only for getting new mail, the old can be read without a password. If this computer was used only by me, I would lock everything, but other people also use this computer so I can't lock it while I'm out.
Thanks for help though. |
|
Back to top |
|
|
PaulBredbury Watchman
Joined: 14 Jul 2005 Posts: 7310
|
Posted: Tue Jul 03, 2007 10:57 am Post subject: |
|
|
ggaaron wrote: | I can't lock it while I'm out. |
Yes you can. This is the point of having separate logins. I think you want "new-login" in:
Code: | $ emerge -pv xscreensaver
x11-misc/xscreensaver-5.02-r2 USE="gnome jpeg offensive opengl pam -insecure-savers -new-login -xinerama" |
|
|
Back to top |
|
|
ggaaron Apprentice
Joined: 10 May 2007 Posts: 217
|
Posted: Tue Jul 03, 2007 11:04 am Post subject: |
|
|
But... This is not what I'm trying to do, I can make separate accounts, for example a guest account that couldn't touch my files, but that's not the point=/ Maybe I could encrypt the file and make a script to decrypt it when run and delete the decrypted file afterwards... |
|
Back to top |
|
|
PaulBredbury Watchman
Joined: 14 Jul 2005 Posts: 7310
|
Posted: Tue Jul 03, 2007 11:19 am Post subject: |
|
|
A user who is logged in as you could do exactly the same thing. Or a "trojan horse" similar thing. Or lots of other nastiness.
There's no point in implementing Mickey Mouse security, when you've got a decent security model waiting to be used. |
|
Back to top |
|
|
ggaaron Apprentice
Joined: 10 May 2007 Posts: 217
|
Posted: Tue Jul 03, 2007 11:24 am Post subject: |
|
|
Could do this providing that he knew the password. |
|
Back to top |
|
|
timeBandit Bodhisattva
Joined: 31 Dec 2004 Posts: 2719 Location: here, there or in transit
|
Posted: Tue Jul 03, 2007 12:17 pm Post subject: |
|
|
You do realize, don't you, that Thunderbird's mail stores are per user, not system-wide? That is, two users (two separate login accounts) who each run Thunderbird will not be able to read each other's mail. All mail is stored in separate directories accessible (by default) only by the owner. Ditto for all applications that store state in the home directory: browser history, window manager customizations, most recently used files in office suites/editors, etc.
Sorry, but I'm completely failing to see how a separate user account fails to meet your need. Can you clarify how it does not? _________________ Plants are pithy, brooks tend to babble--I'm content to lie between them.
Super-short f.g.o checklist: Search first, strip comments, mark solved, help others. |
|
Back to top |
|
|
ggaaron Apprentice
Joined: 10 May 2007 Posts: 217
|
Posted: Tue Jul 03, 2007 12:46 pm Post subject: |
|
|
One user -one configuration system wide=) I think I solved this by using encfs.
Moreover any livecd can read my mail... |
|
Back to top |
|
|
PaulBredbury Watchman
Joined: 14 Jul 2005 Posts: 7310
|
Posted: Tue Jul 03, 2007 12:55 pm Post subject: |
|
|
So can any keylogger, installed by anyone with your user permissions. |
|
Back to top |
|
|
timeBandit Bodhisattva
Joined: 31 Dec 2004 Posts: 2719 Location: here, there or in transit
|
Posted: Tue Jul 03, 2007 1:44 pm Post subject: |
|
|
ggaaron wrote: | One user -one configuration system wide | Well of course, so why not give every user their own account? If it's a matter of wanting communal access to most files but not all (like mail), create a /shared directory for the common stuff. If you just don't want to be bothered with logins, well then good luck to you.
Encryption is a valid defense against LiveCDs but I concur with PaulBredury on this one. You're running a multi-user OS, it's counterproductive to start by throwing that basic feature out the window. _________________ Plants are pithy, brooks tend to babble--I'm content to lie between them.
Super-short f.g.o checklist: Search first, strip comments, mark solved, help others. |
|
Back to top |
|
|
|