On Thu, Oct 24, 2024 at 11:32 AM Anon Loli <anonl...@autistici.org> wrote:
>
>
> OpenBSD does not do compartmentalization like many would love..
> OpenBSD is not QubesOS.
> The 1st time I heard of pledge/unveil, I thought the same thoughts,
<Snip>
> In my eyes, OpenBSD is not a secure OS, but that is only because I have needs
> that OpenBSD developers don't deem worthy to fuss over, such as:
> - anything sensitive or required to exist, on /home/*,
I solved this problem. I created a user account that cannot log into
root.(it's not in group wheel).
I changed the directory and file permissions on my regular user account:
find . -type d -exec chmod 750 {} \;
find . -type f -exec chmod 640 {} \;
Any that need execute bits I go back and chmod them.
Look, here are commands issued from the guest account, where the Go
modules are downloaded
(cleetus is my regular login):
$ ls /home/cleetus
ls: /home/cleetus/: Permission denied
$ cd /home/cleetus
ksh: cd: /home/cleetus - Permission denied
So that guest account is kind of like a sand box.
I can login to 2 accounts at the same time on my OpenBSD. I do
Fn+Alt+Ctl +F2 say and I get a
login at an xterm. I don't need an X window system to write and compile code.
EMACS or Vi will do just fine.
