Symbolic links. Or cd to a particular location. Whatever.
Windows uses the same concept of home directories, for what it's worth. That's where your user profile lives -- all your user's customizations, configurations, bookmarks files, whatever. Windows puts it in C:\Documents and Settings\%username%, Linux puts it in /home/$username, OSX uses (what? /Users/$username? I'm not sure).
But the home directory really doesn't need to be for a user's data. It's for per-user configuration files. Your data can be anywhere. If you're a sole user, you could even have your external drives mounted directly under your $HOME directory in whatever fashion you like.
Personally, I use symbolic links, and mount all data-oriented partitions under /media. I have a /personal folder that organizes symlinks directly into the /media tree for most-used data, and duplicate those symlinks (or shortened versions of them) under my $HOME directory.
As a Superuser, you can use whatever form you like.
There's no such thing as perfect security. Every security option is a trade-off. Personally, I recommend:
- Use DenyHosts to prevent brute forcing, but set a sensible timeout value so you don't lock yourself out for the entire time you're on the road. That can definitely happen if you aren't careful.
- Set the AllowUsers option in
/etc/ssh/sshd_config
to allow only specific users to connect.
- Disable root logins via SSH.
- Use public key authentication from your laptop.
- Use one-time passwords such as OPIE or OTPW from any public terminal.
- Don't ever use your root password from a public terminal, even in conjunction with sudo or su.
Alternatively, I think highly of portable encrypted drives with a PIN-pad, such as the Apricorn Aegis Padlock drives. They're very portable, reasonably secure against most threat models, and the biggest risks are forgetting your PIN or losing the drives while traveling--but in both cases, you still have the original files safely at home.
If you prefer a free alternative, you could use encfs, ecryptfs, or similar to create encrypted mounts to hold your sensitive data. You could lose the data along with the laptop, or someone could tamper with your kernel, bootloader, or hardware to install a keylogger while it's out of your sight, but that doesn't sound like your current threat model, and encrypted mounts should serve your purposes just fine. I don't consider this option quite as secure as the PIN-pad, but it is still a pretty solid choice.
Basically, unless you really feel like you need the services provided by a remote system, I'd recommend just bringing your files in as secure a container as you feel you require. You can then use rsync, conduit, or unison when you get home to synchronize your files, or just copy your updated files back over to your main system.
There really isn't a "one size fits all" answer to your question. Hope this helps.
Best Answer
Who says that they have?
If you take a look at
/etc/passwd
, you'll see that there are quite a few more users on your system than you think. For instance, mine looks like this:Most of these are used by various daemons (programs that run without user interaction); they tend to have very limited permissions, because they don't need to do much. If they try to do something bad, either accidentally due to a software bug or intentionally because of a security exploit, they won't get far.
The bigger point is that users should only have access to what they need.
Now, if your question is, "Why do I need to type
sudo
when I've already been added tosudoers
?", the answer is thatsudo
runs things asroot
, rather than as you. If we made all files accessible to your user directly, or you just ran as root on a normal basis, it's much easier to accidentally do Bad Things (rm -rf /*
comes to mind). Plus, it's really bad security practice to allow any application you run to do whatever it wants to your system - that's how a lot of spyware got installed on Windows machines before UAC.gksu
,gksudo
,kdesu
,kdesudo
. It is a very good idea to get in the practice of using these for graphical applications, since they do some special finagling to prevent problems like this.Don't. If you need a root shell, you can use
sudo -s
,sudo -i
, orsudo su
.Ubuntu ships with the root account locked, so you'll have to change the password for it to login (
sudo passwd root
). After you've done that, you can lock (sudo passwd -l root
) and unlock (sudo passwd -u root
) the root account as you will. But really, keep it locked; you'll prevent a whole series of attacks that way.But there's really no need.