Neighbor created unauthorized user on my laptop

Hi everyone,

I have a very bad neighbor who likes to sneak into my room (I’m in a group home; NO LOCKS ON DOORS) when I’m asleep and create a new account no matter what the operating system. I’ve reinstalled Ubuntu, Linux Mint, and now Zorin, and it doesn’t matter, he always seems to manage to create a user account on it.

How do I know? When I am at the login screen, there is a little ‘settings’ icon in the lower right hand corner of the screen. When I click on it it reads ‘Zorin on ,’ bleep being the name of the guy doing it. I’ve tried doing different commands to see if he has an account on my laptop and I get nothing. I’ve also tried to use his first name for different terminal commands and also get nothing.

How do I block him from having access to my OS, and/or how do I wipe out his user account? I suppose I could just put it into my foot locker but I am aware that there are ppl who know how to pick locks, so that seems like a wasted option there.

I’m using an HP Stream, 64 bit, Zorin OS 16 Education version.

If y’all need any further information, please let me know. Thank you in advance for reading this complaint and for your assistance.

Hello @rudani1971

First off, sorry to hear about your situation. Unauthorized access to personal devices is a violation of privacy. Let’s break down the solution into a few steps:

1. Physical Security:

Before diving into the software solution, it’s paramount to understand that physical access to a computer can almost always bypass most software security measures. In addition to storing the laptop in a footlocker, consider these methods:

  • Cable Lock: Attach your laptop to a fixed or heavy object in your room. It won’t stop someone determined with the right tools, but it’s a deterrent.

  • Surveillance: If your group home allows, consider setting up a small camera. This way, if someone enters your room, you’ll have evidence.

2. Strengthen User Authentication:

You’ll want to make it hard for anyone other than you to get past the login screen:

  • Password: Ensure you have a strong password for your main account. A mix of uppercase, lowercase, numbers, and symbols is recommended. Also, ensure your password is not easily guessable or related to personal information.

  • Automatic Lock: Make sure your OS is set to automatically lock after a certain period of inactivity. This way, even if you leave it unattended, it’ll require a password to access again.

3. Restrict Guest and New User Creation:

  • Disable the guest session:

    sudo sh -c 'printf "[Seat:*]\nallow-guest=false\n" >/etc/lightdm/lightdm.conf.d/50-no-guest.conf'
    
  • Ensure that only the root user (or users with sudo privileges) can add new users. This is the default setting for most distributions, including Zorin OS.

4. Audit Existing Users:

Make sure that no unauthorized accounts exist on your system:

  1. Open a terminal.
  2. Run cat /etc/passwd to see a list of users. This will give you a list of all user accounts on the system. Check if there are any unfamiliar ones.
  3. If you find any unwanted account, you can delete it with sudo userdel -r username. Replace “username” with the actual user’s name.

5. Filesystem Encryption:

Consider encrypting your file system. This will ensure that even if someone tries to boot using a different OS or mount your disk, they won’t be able to read your data. Remember, however, encryption is only as strong as the passphrase you set up. If you choose this route, Ubuntu (and by extension, Zorin OS, since it’s based on Ubuntu) supports full disk encryption during installation.

6. Monitor System:

Install an auditing system like auditd that logs system access. This way, if someone does gain access, you’ll have logs showing what they did.

7. BIOS/UEFI Password:

You can set a BIOS/UEFI password to restrict changes to the boot sequence or to prevent the system from booting without the password. Be careful with this; if you forget the password, it can be challenging to reset.

Lastly, always maintain open communication with the group home management. They should be informed about these privacy violations, and they may offer solutions or assistance.

Remember, no security measure is 100% foolproof, especially when someone has physical access to the machine. The goal is to layer your security so that you have multiple defenses in place.