I've picked up the habit of using sudo and disallowing root logins. In cases, sudo is integrated with GUI configuration tools that require it.
Are there any serious efforts to replace login and unlock screens like GDM, XDM, etc. with auto-login as a default/nobody user and using su or similar to access user documents, browsers with saved cookies, email clients, etc.?
I suppose Tails does approximately this as a by product of making all data persistence voluntary. I'm asking about more conventional security and persistence though.
Example :
I could imagine a single user system that launched X under an x user, and immediately launched a portions of a desktop like GNOME 3 Shell as a default user whose home directory is a read-only copy of specific safe files mirrored from the real user.
There would be applications like Tor browser and a forgetful Unsafe Browser that launch under custom users, but most applications like email clients, terminals, desktop config tools, system config tools, etc. launch through a su-like wrapper that requires the real user to authenticate. Authenticating the real user would mount their home directory, ideally encrypted through dm-crypt, and launch any desktop components that require write access.
If the screen saver was active for too long, the real user would be deauthenticated, any running real processes would be detached from the X server, maybe using xpra, or checkpointed into the encrypted home directory, or even killed, and the home directory would be unmounted and the encryption key purged. Any effort to interact with windows previously owned by a real process would prompt to authenticate and restore the application.
There are obviously massive issues with using tools like xpra or checkpointing this way, but I'm curious if how far such ideas have been pushed.
$DISPLAY(which runs under a different user) is possible but insecure. So anyway, there would have to be a HUGE upside in order for this to be worthwhile. – Celada May 26 '15 at 23:55