On 03-04 12:03, Luke A. Call wrote: > Partly as a possible approach, and partly for feedback/suggestions on > it: [....] > multiple user logins and their corresponding X sessions running > at the same time, among which I would switch with Ctrl-Alt-F* keys, > hoping that if one account (where I did most of the general browsing, > etc) was compromised, it would not compromise the other accounts, where > I restricted the activites to more trusted binaries or sites. Then, > text file sitting in /home where different accounts could read/write info. > > Now, on obsd, I do that sort of thing, but with ssh -X across users > in a single X session and a bit of scripted xclip usage where I can, > and a systemwide default of umask 0077, and limit my root access to > run only from a console -- which you can consider.
(PS: In doing this multi-account stuff in a single X session, I am careful not to put sensitive info on the clipboard, as then any other account could read it. Same for anything typed while any app requiring "ssy -Y..." is running.)