Sharing $HOME between Ubuntu, Debian and CentOS
in [General Linux]
|
Prev: where is CentOS storing my hostname that it resets it on eachreboot?
Next: where is CentOS storing my hostname that it resets it on each reboot?
From: Bit Twister on 5 Apr 2010 12:39 On Mon, 05 Apr 2010 16:54:03 +0100, The Natural Philosopher wrote: > Bit Twister wrote: > > Good points. Why not have a /data area that you can exprt with samba to > fix all teh issues, or ount with group read/write.. and keep /home separate? For my user stuff I have $HOME/local and $HOME/.cron as example $ ls $HOME/local audio c html java perl proc qt sql work bin dialog icons msql php python shell $ ls $HOME/.cron cron.job daily flag hourly monthly todo.txt weekly For common root cron jobs, there are links in the /etc/cron* directories to /local/cron* directories. >> For thunderbird, I have separate user accounts for each email address. >> That keeps any malware confined just to that email address. >> > > On my separate server setup I remote mount the mail directory. No > malware that kills Linux . True to date, but, may not be true tomorrow. :) I have no desire for some new malware to read anything about/from my other email accounts.
From: Bit Twister on 5 Apr 2010 12:54 On Mon, 05 Apr 2010 12:59:14 +0000, Bill Bonde {Colourless green ideas don't sleep furiously) wrote: > > > Bit Twister wrote: >> > >> Any browser usage also has it's own user account (bank, surfing, >> credit card, ISP,...) >> > "its own user account" Yeah, I can never remember that. :) > Speaking of that, however, I'm doing that by ssh into the main > Firefox account. I used to do that, until I got sudo setup to let me in without password. > The confusion in switching between these accounts > on the desktop is partly fixed by having a scheme, or whatever it's > called, that looks different. For each browser account, I created an index.html with the links that account might visit. That way I can not mistype the url. For accounts with web login, I entered and invalid id/pw just to get the link of the secured login screen rather than using the web page's login box. If I misunderstand it correctly, two accounts launching firefox uses common stuff between the first firefox binary in memory. Because of that, any browser account needing a web login first checks if firefox is already running. If so I use xmessage to tell me to close the other firefox. That way malware on a web site will not have the ability to get anything from the other session do to an exploit in firefox.
From: Bill Bonde {Colourless green ideas don't sleep furiously) on 5 Apr 2010 12:21 Bit Twister wrote: > > On Mon, 05 Apr 2010 12:59:14 +0000, Bill Bonde {Colourless green ideas don't sleep furiously) wrote: > > > > > > Bit Twister wrote: > >> > > > >> Any browser usage also has it's own user account (bank, surfing, > >> credit card, ISP,...) > >> > > "its own user account" > > Yeah, I can never remember that. :) > > > Speaking of that, however, I'm doing that by ssh into the main > > Firefox account. > > I used to do that, until I got sudo setup to let me in without password. > I'm using ssh without typing a password because it is authenticated using one of the means that avoids having to type a password. I think we talked about this before and I, against the opinions of others, think that a sudo account is vulnerable. The main account, the one with the desktop, uses ssh to run firefox on another account. This is setup to automatically work without asking for a password. When trying to ssh back from that account, however, a password is demanded. So I think I've locked down, at least in that way, the various firefox accounts. I know I have more to do to really lock them down since I want them to have only minimal access to do their jobs and nothing more. > > The confusion in switching between these accounts > > on the desktop is partly fixed by having a scheme, or whatever it's > > called, that looks different. > > For each browser account, I created an index.html with the links that > account might visit. That way I can not mistype the url. > I was using bookmarks for this, although I can see value in having a custom start up page, especially for the securest version of firefox, which would only go to certain sites, like banks. > For accounts with web login, I entered and invalid id/pw just to get > the link of the secured login screen rather than using the web page's > login box. > > If I misunderstand it correctly, two accounts launching firefox uses > common stuff between the first firefox binary in memory. Because of > that, any browser account needing a web login first checks if firefox > is already running. If so I use xmessage to tell me to close the other > firefox. That way malware on a web site will not have the ability to > get anything from the other session do to an exploit in firefox. > This is something I'm going to have to look into more. I was hoping there was more separation. -- "It is illuminating for purposes of reflection, if not for argument, to note that one of the greatest 'fictions' of our federal system is that the Congress exercises only those powers delegated to it, while the remainder are reserved to the States or to the people. The manner in which this Court has construed the Commerce Clause amply illustrates the extent of this fiction.", Hodel v. Virginia Surface Mining, 452 U.S. 264, 307 (1981)
From: Bit Twister on 5 Apr 2010 13:40 On Mon, 05 Apr 2010 16:21:45 +0000, Bill Bonde {Colourless green ideas don't sleep furiously) wrote: > > > Bit Twister wrote: > The main account, the one with the desktop, uses ssh to run firefox > on another account. This is setup to automatically work without > asking for a password. When trying to ssh back from that account, > however, a password is demanded. Hmm, I set .bash_profile to run firefox $HOME/index.html and exit. ..bash_logout will submit an at job to delete files/subdirectories and untar a pristine setup. >> If I misunderstand it correctly, two accounts launching firefox uses >> common stuff between the first firefox binary in memory. Because of >> that, any browser account needing a web login first checks if firefox >> is already running. If so I use xmessage to tell me to close the other >> firefox. That way malware on a web site will not have the ability to >> get anything from the other session do to an exploit in firefox. >> > This is something I'm going to have to look into more. I was hoping > there was more separation. Hell, just sharing firefox's dns cache could be bad news. :(
From: Robert Heller on 5 Apr 2010 14:45
At Mon, 05 Apr 2010 09:02:03 -0500 Ignoramus25832 <ignoramus25832(a)NOSPAM.25832.invalid> wrote: > > On 2010-04-05, Bit Twister <BitTwister(a)mouse-potato.com> wrote: > > On Mon, 05 Apr 2010 08:30:28 -0500, Ignoramus25832 wrote: > >> > >> I would like to set up multiple boot on my laptop, booting Ubuntu, > >> Debian Lenny and CentOS 5. I would like to know how much of a trouble > >> will I have, with things like gnome settings, .mozilla directory, > >> etc. > > > > For starters, I recommend /home installed under / and not shared > > across distributions. > > > > Different distribution releases can have different UID/GID. Desktop > > managers can be different, not to mention applications. > > UID and GID I could take care of, I think. It is everything else that > I am worried about. If the base version of Gnome, etc. are much the same, there should not be serious problems. If FireFox's version is different, then rebooting to a different O/S will put you though FF's 'Checking Extentions for compatibility' process - anoying, but harmless, so long as the base version is compatible (eg FF 3.0.x vs FF 3.0.y, where x != y). I 'upgraded' from Ubuntu 8.4 to CentOS 5.2, using the same /home FS and nothing distrastorious happened (some desktop icons were 'lost', due to some distro shuffling of stuff under /usr/share/). I commonly have shuffled between 'adjenct' versions of RedHat when I have upgraded to a new major version. OTOH, *I* don't use gnome (or any other desktop manager). Worst was the need to re-compile personal applications and the corresponding issues there -- normally I defer that sort of thing until I am ready to abandon the older version and go 'production' with the new version. I've preserved /etc/passwd et. al. across versions (merged local users from the old /etc/passwd to the new /etc/passwd). > > > New desktop manager might munge configuration files in $HOME and old > > release might not run with new config files. > > > > For the UID/GID problem, I numbered all user accounts starting from 1500. > > I have a script to save id/passwords for new installs and to use with > > any distribution. > > http://groups.google.com/group/alt.os.linux.mandriva/msg/320ac28aeedc5649?dmode=source > > > > For thunderbird, I have separate user accounts for each email address. > > That keeps any malware confined just to that email address. > > > > Any browser usage also has it's own user account (bank, surfing, > > credit card, ISP,...) > > > > Third part apps like thunderbird and firefox in shared partition /local/opt > > That way I have the latest from the vendor and do not use the > > Distribution's copy. > > > > > > For common stuff shared across installs for $HOME, I link those back > > to a shared partition, /accounts/$USER. > > > > Some link snippets. > > .bash_logout -> /accounts/bittwister/.bash_logout > > .bashrc -> /accounts/bittwister/.bashrc > > lisp -> /accounts/bittwister/lisp > > local -> /accounts/bittwister/local > > mail -> /accounts/bittwister/mail > > .signature -> /accounts/bittwister/.signature > > .Skype -> /accounts/bittwister/.Skype > > .Xresources -> /accounts/bittwister/.Xresources > > > > Other option to consider, use a virutal machine app like VirtuaBox. > > http://virtualbox.org/ > > > > I created a large partition and put the VM distributions for testing in > > there. > > Another thing that I could do, is have /home directory confined to > every distro, and to have shared /data directory with movies and > music. It would not be as elegant, but may be less troublesome. > > i > -- Robert Heller -- Get the Deepwoods Software FireFox Toolbar! Deepwoods Software -- Linux Installation and Administration http://www.deepsoft.com/ -- Web Hosting, with CGI and Database heller(a)deepsoft.com -- Contract Programming: C/C++, Tcl/Tk |