https://bugs.kde.org/show_bug.cgi?id=461614
--- Comment #2 from Lt-Henry <quique...@gmail.com> --- (In reply to Nate Graham from comment #1) > The use case seems legitimate for this to be an issue. > > The thing is, ultimately the way a computer is designed to withstand a > potentially hostile environment is with the screen locker used aggressively. > Like, with a one-minute timeout or something. Because it's going to be next > to impossible to secure a local machine against local attacks when the > screen is unlocked. You can also train your students to lock the screen when > they leave the machine, either with Meta+L or perhaps by putting a > Lock/logout widget on their panels, pre-configured to only have the Lock > action visible by default. That way it's just one click on something big and > obvious to lock the screen. Of course we encourage both teachers and students to lock screen whenever they leave. Also, LliureX always comes with default inactivity lock screen settings. I would like to be more aggressive here with a single minute of inactivity for locking but teachers already complain about that, so for the moment, we are trying to teach them about the risks rather than enforce them. Thing is, if you leave a linux desktop unattended an attacker will never get your unix password by any means, even with root privileges he will only get a hash. That's true even for email or cloud services, where the "only" thing he would achieve is a password reset. WiFi seems against this philosophy :\ > Another question: Do your students have Standard accounts or Administrator > accounts? No, neither students nor teachers accounts have administration privileges. We have the role of classroom administrator, the only one inside sudoers. Teachers are allowed for some tasks that students aren't but nothing critical. Using system wide NM connections and policy kit rules, users can connect to WiFi but can not see password. Password is stored on plain text on /etc, but at least is root protected. Not great, but good enough for me. We are using this trick to hide student credentials from snoopers. -- You are receiving this mail because: You are watching all bug changes.
