Different actions on different passwords?

Robert Moskowitz rgm at htt-consult.com
Tue Dec 31 01:09:21 UTC 2013 

On 12/30/2013 08:03 PM, Bill Oliver wrote:
> On Tue, 31 Dec 2013, Patrick O'Callaghan wrote:
>
>>
>> On Mon, Dec 30, 2013 at 11:25 PM, Bill Oliver <vendor at billoblog.com> 
>> wrote:
>>
>>       In linux, is it possible to dictate two different actions upon 
>> login with different passwords?
>>
>>
>>
>> Short answer: no.
>>
>> Longer answer: in computing almost anything is possible if you really 
>> want to achieve it. Given that on Unix-style systems, including 
>> Linux, the login program can be changed, you can modify the source
>> to do what you want. Of course you'll need to have superuser 
>> privileges to install it in place of the system standard. Note that 
>> doing this may well open a can of worms, e.g. you might have to modify
>> the format of the password file (and hence the library routines that 
>> access it), possibly fiddle with SElinux settings, etc. etc.
>>
>> If the conditions are relaxed slightly you can get a partial solution 
>> using the standard login: write a Shell startup script (.profile or 
>> whatever) that allows the user to discriminate between the two
>> modes, e.g. by using a timeout, detecting the initial state of the 
>> Shift (or Control or whatever) key etc., in a way that is hopefully 
>> non-obvious to an observer. Probably not reliable enough for
>> serious use.
>>
>> Conclusion: better look for some other way to cover your tracks, and 
>> note that a forensic investigation can be carried out without having 
>> you log in at all.
>>
>> poc
>>
>>
>
> Yeah, that's what I thought.  I'm a little surprised that there hasn't 
> been a variant of linux developed for areas with intrusive government 
> surveillance.  I recently noticed that the government of Venezuela has 
> a government-developed distro (Canaima); think there's some back doors 
> in that?  One would think that there would be a movement to provide 
> anti-governmental variants.
>
> I know there's no perfect security.  Back in the day, I had an 
> acquaintance whose job was to break into houses and install keyloggers 
> on machines in people's homes.  Of course that was back when we still 
> believed in silly things like search warrants.
>
> Sigh.  I guess I'll just have to continue keeping my plans for world 
> domination on my brother-in-law's computer...  (Just kidding, NSA).

One approach is to put your important stuff on an encrypted partition 
that is not auto mounted.  Mount it only when needed, then unmount it.

More information about the users mailing list