Sharing a secured computer

4 replies [Last post]
GNUser
Offline
Joined: 07/17/2013

Hello.

I have a computer in which I will install either Trisquel or Debian (probably Debian, but still considering) and I want to use full disk encryption. Problem is, I have the need to share this computer with a person who knows very very little about computers, just the basic stuff. So, I am afraid of giving the password for he might pass it to someone else by accident (no matter how many times I explain the dangers of writing passwords down and on emails etc, he keeps doing it). So, I thought about creating two partitions and only encrypting mine, but that will require some extra work AND cause a bad impression ("if I am not trustworthy I would better not use your computer, thank you very much", this kind of thing). Any idea how I could solve this? Is there a way to use 2 passwords or something??
Thanks for any ideas.

onpon4
Offline
Joined: 05/30/2012

What would be the use in two passwords that do the same thing? If one password is compromised, the whole system is compromised.

Eemeli
Offline
Joined: 01/04/2014

You could do this:
1) partition the disk into three: a) grub-partition, b) your partition, c) his/her partition

2) first set the grub-partition as the one to boot from

3) install your system on your patition using LUKS and LVM or any other way you want to use with encryption
3a) configure grub to allow you to start your system

4) install his/her system on his/her partition and configure grub to allow to boot fYou could for example let the default choicerom there.

Some other considerations:
- you should probably set the default grub boot option to be his/her partition
- if that person has root on his/her system or is allowed to mount your partition with write permission then you may lose your data. Actually, thinking about this made my suggestion a really bad one.
- hence this option will only work if the person will not have root access and can't mount your partition. Thus you will need to create an admin account for yourself on his/her system and give out only the necessary permissions.
- another option is to have encrypted home folders, but this will leak information into cache and other accessible parts of the system

onetechbuddy
Offline
Joined: 05/26/2014

Add a new user for the time being untill someone comes up with a very plausible solution..

leny2010

I am a member!

I am a translator!

Offline
Joined: 09/15/2011

I know in some GNU/Linux encryption schemes you can secure the disk so it requires a USB security token of some sort. Use one but don't give him his own and make him come and 'borrow' yours when he has need, returning it promptly when finished.