The Issue:
Sometimes you need to inspect the contents of USB devices from family or friends, but you don't know whether it is really a safe device, even though it most likely is safe.
You want to do that with minimal effort while protecting yourself from common attack vectors.
Method:
Have a safer guest user that its home directory returns to its original state per request.
Implementation:
Create a new user via GUI.
It is a standard (non-admin) user.
Let's call this user guest.
By default, disable the user with:
usermod --expiredate 1 guest
Copy the contents of ~/guest to a directory in a persistent storage.
Let's call this directory /path/to/perst/guesthome.
Empty all the contents of directory ~/guest.
Create a script file init_guest.sh which performs the following:
Empty all the contents of the directory ~/guest.
Mounts a tmpfs filesystem to ~/guest.
Copies (rsync, maintain permissions) the contents of directory:
/path/to/perst/guesthome
to directory:
~/guest
Enable the user only for today with:
usermod --expiredate $( date "+%Y-%m-%d" )
Advantages:
- Somewhat protection against popular attacks like badUSB (simulated keyboard) or risky executables.
(The guest environment is refreshed so no persistent changes to user's init files.)
So it is relatively safer for inspecting contents of foreign and untrusted USB devices.
- Personal users' files are protected due to basic linux permissions.
- Minimal impact on persistent storage (reduced wearout).
- Ability to easily change the initial environment for the guest.
Is it considered a relatively safe approach or did I overlook an issue?
