1

I created a persistent live drive with Ubuntu 16.04.1 using mkusb. It does boot into the live user session account. I tried to create a new user and gave it admin privileges. But it behaves strangely, for example firefox and thunderbird are not opening and shutdown is not possible.

Is it possible with a persistent drive to create a user account or set up a encrypted home and password prompt at boot for the live user session account?

Zanna
  • 70,465
derdon
  • 21
  • 1
  • 3

1 Answers1

2

Yes, I have created such an account, and at least one other person has done it too. I did it while running the persistent live system and macho3 did it via chroot.

See these links

Posts #428-432 in 'Howto make USB boot drives'

Post #708 # in 'Howto make USB boot drives' - Persistent live drive with a standard user, that cannot mount internal drives

Persistent live drive with a standard user, that cannot mount internal drives

I made a persistent live drive with mkusb from ubuntu-16.04.1-desktop-amd64.iso, which has the longest support of the present iso files.

A standard user ID (alongside the normal live system's user 'ubuntu') cannot run programs that need sudo: 'standard is not in the sudoers file. This incident will be reported.' Partitions on the internal drive are not mounted. To mount them, you need sudo permissions both for mount and udisksctl.

The persistent live system will boot into the ubuntu user, and you log out in order to switch to the standard user.

Encrypted home

It is possible to create the standard user ID with encrypted home and login with a [good] password. This can be done easily, if the program users-admin is installed by activating the repository universe and installing the package gnome-system-tools.

sudo add-apt-repository universe
sudo apt update
sudo apt install gnome-system-tools

Tick the box according to the screenshot in order to create the new user with encrypted home.

enter image description here

The computer should be shut down or rebooted after using the encrypted home. Otherwise the live user (or another user) gets access to encrypted data.

Persistent live drive with a standard user and a user with administration permissions

I made a persistent live drive with mkusb from ubuntu-16.04.2-desktop-amd64.iso, which is a newer LTS iso file, in order to test that these tasks work with more than one iso file.

In some computers, the system may leave you with a black screen after logging in (after a logout). This might depend on the graphics driver. If it happens, you can do something with the mouse or keyboard to get to the desktop. If still no luck you can enter a text screen and then return to the graphics screen with the hotkey combinations

Ctrl + Alt + F1 Ctrl + Alt + F7

It is possible to create another user ID with administration permissions, that can manage system tasks, for example install and upgrade program packages (if you want to separate the tasks because of security reasons). One (or both) user ID(s) can be made with encrypted home if you wish.

With these two user IDs it will be possible to remove the live system's normal user 'ubuntu'. You can do it from the user ID with administration permissions after killing the processes that are running with the user 'ubuntu'

ps -Af | grep ubuntu  # identify which processes to kill   
sudo kill <the PID numbers that you found (without any brackets)>  

sudo deluser ubuntu

After that you can also remove the content in the 'casper-rw' partition (or file) concerning the deleted user (if you wish), but there is probably not much data, so not very important unless you suspect there is some confidential data.

Now after removing the live system's normal user 'ubuntu', the persistent live system will boot to the login screen, and you can select which user ID to log in to, the standard user or the user with administration permissions. I like this behavior, and I think it is worth the extra effort (compared to a system with a standard user alongside the normal live system's user 'ubuntu').

Backup is important

Frequent backup is important, because it is a

  • persistent live system (makes it sensitive)

  • an encrypted system (makes it difficult to repair/recover).

See this link: Backup and restore of persistent overlay data

Security - turn off swapping

If this kind of system finds a swap partition in the internal drive, it will probably use it, and might leave traces that are not encrypted. So please turn off swapping if there is a linux swap partition in an internal drive in the computer, where you are running the system.

You must log in or 'su' into the user ID with administration permissions, 'guru', to turn off swapping

su - guru
/sbin/swapon -s  # check
sudo /sbin/swapoff -a
/sbin/swapon -s  # check
exit

Comparing this kind of persistent live system to an installed system (in a USB pendrive in both cases),

Advantage:

  • more portable (than an installed system).

Disadvantages:

  • less stable (than an installed system).

  • less secure (encrypted home is less secure than encrypted disk, which is possible with an installed system). But it might be secure enough.

sudodus
  • 46,324
  • 5
  • 88
  • 152