[Freedombox-discuss] Why four users with passwords on the freedombox?
pere at hungry.com
Thu Mar 20 07:08:22 UTC 2014
> Yeesh. It should run as a non-privileged user, now tracked as a 2.0
> release goal :
> : FreedomBox 2.0: Plinth: Run as non-root user.
> It probably should run as a service-specific user, to compartmentalize
> the permissions as much as possible.
I suspect it should be a 0.3 goal, as it seem simple to fix and have
serious security implications. :)
> Removing and disabling "root" and "fbx" are currently 2.0 release goals:
> : FreedomBox 2.0: Infrastructure: Remove or Disable "root/fbx"
It is not put the freedombox on the net with these accounts, so I
suspect this should be a 0.3 goal too.
> The "plinth" user should be the only administrative user on the box, and
> the user should be able to direct the plinth user through the Plinth UI.
> Pere, if you feel that Plinth is ready for the role, please remove the
> known users and passwords. I'm not convinced we're there yet, but
> removing them might be the only way we'll get there...
It isn't, as there is no way to get into the machine without the root or
fbx password. I guess we should change plinth to make it possible to
create unix users using plinth, and upload a ssh certificate to be able
to log in as this user. And allow the user sudo access as an option.
If we do this, there will be no need for ssh login using passwords.
Another option is to use plinth to set the unix password, and not set
any passwords by default.
More information about the Freedombox-discuss