"Panic Password" on Linux

I run Linux on my netbook with an encrypted home directory (decrypted when I log in). One idea I had (partly from Cory Doctorow's Little Brother) was to have a password that I could enter which would login to a fake user account while performing a command (e.g trashing the contents of the disk drive or changing the encryption passwords to something random and very long).

Any ideas how to do this? (Answers involving obscure kernel modules etc are welcomed, though as always a nice command line utility might be a bit nicer! I especially like to have the same username but not the same password: user bob signs in with password ABC and gets logged in, but user bob signs in with password 123 and gets his stuff deleted.)

Elliot Hughes

Posted 2009-11-18T15:11:21.697

Reputation: 360

I've got Little Brother at home... I'll read it after I'm done Mostly Harmless. :) – Mateen Ulhaq – 2011-04-21T18:21:45.243

Maybe others understand it, but just in case I'm not the only one oblivious about that book: any details about what that book says about panic accounts? (I might read it myself as apparently the Dutch version is officially also available as a DRM-free, free-as-in-beer download at http://craphound.com/littlebrother/)

– Arjan – 2009-11-18T15:54:28.287

1It doesn't talk in detal - the narrator briefly describes wishing he had created a panic password on his mobile phone before giving away his password to DHS. – Elliot Hughes – 2009-11-18T15:56:27.377

Aha, eleven81's answer and your comment make clear I was missing the point. :-) (Added it to your question just in case there's more people like me.) – Arjan – 2009-11-18T16:44:48.137

Answers

There is now a GPLv2-licensed PAM-module, that does exactly, what you wish. It allows the same account to login to the same Unix box with different passwords depending on what the user wishes done upon login. Interestingly enough, the author mentions the same book in his description of the module.

You write your own scripts, which will be associated with the different passwords -- from automatically attaching an encrypted filesystem upon entering a "safe" one to automatically wiping the same upon entering the "panic" one. And anything in between.

I wish, something similar were available from e-mail providers and various social media services -- to hide certain mailboxes, images, etc. when the user logs in with a special password. Maybe, we'll come to that too some day...

Mikhail T.

Posted 2009-11-18T15:11:21.697

Reputation: 419

Because your post was very general and lacking in detail, my answer has to be very general and lacking in detail. Many of these steps are going to be distribution-specific.

In your situation, this is what I would do:

Write a script that will perform the desired destruction.
Create a panic user account and provide the user with a password.
Make this user a member of the wheel group so his actions run like root's.
Set the owner of the script to be the panic user.
Set the permissions of the script so that it may be executed.
Set this user's login sequence to include running the script created in step 1.
Hope that you never have to log in as the panic user!

Good luck!

eleven81

Posted 2009-11-18T15:11:21.697

Reputation: 12 423

Good answer - however what I had hoped for in my original post was to have the same username but not the same password (ie user bob signs in with password ABC and gets logged in, but user bob signs in with password 123 and gets his stuff deleted).

As to being specific about distribution - I wanted to avoid this as I would want to do this on the various distributions I have installed at different times. – Elliot Hughes – 2009-11-18T15:58:28.823

(though if it interests you my netbook is at present running Ubuntu 9.10) – Elliot Hughes – 2009-11-18T16:06:53.847

In that case, I think you would have to do something crazy with the login application. You'd just need to edit it to run a certain script when a certain password is used. This I don't know how to do and you may even have to write your own login manager. – Jonno_FTW – 2009-11-18T16:09:42.997