Multi user/password for Librem phones?

I don’t know if this function already exist in Liberm 5, if not, I would really recommend developers to implement that.
Currently no phone provide such founction, which is very common in the computer world: multi user.
The advantage is:
A. Prevent human error to accidently do something very wrong.
B. Prevent an attacker to gain high level access if they saw a low prevelege password(very useful on phones).
I can think several level like this, from low to high:

  1. A simple PIN to protect operations that don’t need auth on a normal phone, ex. answering phone calls(I really want this).
  2. Normal password, like most phones do.
  3. Admin/Root password, seperate from the normal one, this can also protect some high risk operations, such as full reset.
    Does anyone agree with me, or a better idea?

That would be reasonable. I’ve come up with (and went overboard?) with other authentication/password/unloc/login features in another thread (malform) and having pin & more secure level passwords would be useful. Even if PIN would be observed/recorded, using it would limit possible damages. However, it would not provide all safety benefits. L5 may be one of the first and few phones that this is feasible and reasonable, as Linux could support it and closed systems aren’t keen on giving privileges etc.

This feature would also be valuable for shared phones. So when you log in, it’s your phone with your desktop and settings. When your wife logs in, it’s her phone with her desktop and settings.


Wife, kids, random (semi)strangers who we all like to borrow phones in emergencies… Yes, several use cases and those may be two separate ones: A) one PIN and all can get to one desktop or B) several PIN, each with their own desktop. And above both the admin password. Both would be nice features (although I’d like to have the option of having the PIN be a full on password + other stuff).

I can’t remember anyone from Purism making clear what they plan on doing with this specifically, now and in the long run. L5 needs and makes it possible to have more elaborate, user need centric, futuristic and just full on tinfoilhatish security features.

1 Like

I think a similar request has been made before and even got a staff reply along the lines “nothing prevents this”. (Somebody feeling like digging it up? :grin:)
But as with many such things, it’s not a priority right right now. Patches world surely be accepted.

i remember the scene from Mr.Robot : "hey ! can i use your phone to call my mom ! mine’s dead … " and this talking to a stranger from the street … next an entire hacking sequence follows :wink:

one such need of a password would be clearing your out-going phone calls (no matter if they are actual conversations or blank dialed numbers … etc

I’m remembering that now, but that’s not anything close to a plan or roadmap or vision. It seem to me halfdone if it’s left like any other phone (and at the moment even less than the best - referring to limited PIN length). Certainly not what to expect from a security minded phone. It’s another thing if there will be community addtions on top of what’s to be the basic level.

I remember that there was the speculation how purism developed phosh and the lock screen.

In general you have users in linux as we all know from our bash. There are now two extremes to implement the gui.

  1. the android way: don’t use the users we have in the bash, actually start everything with some user, everything is exposed to the system below and users in the GUI are not the once which actually run processes / open files etc. The system has it’s user. I always disliked this way, as it is not re-using the powerful GNU / Linux system.
  2. the desktop linux way: you start to a lock screen where you have to select your user and password. Users are actually users of the linux system so all user processes when you click on program e.g. or open a file are started and checked against the user you logged in to. That’s for me the only logical way - as it re-uses the complete permission management etc from GNU / Linux.

Question would be, what has been done by Purism? We know that you have to unlock a screen (with 123456). This is afaik ussing the passwd password so it seems to me that it’s re-using the linux user system. We can also see that processes are started by the user purism I think he was called. So all this sound like 2, what you would need for multi-user would be to apart from enter a pin select also the user. Which would to me make perfect sense, as a selection (instead of entering a user name) would be OK for user experience even on a mobile screen. Swipe and select :wink: The ones who would not want to expose users from the system could also not use real names on those users or maybe if you only have one user deactivate this selection feature.

However there was once I don’t remember if a youtube video (@hackersgame?) or comment on the forum where someone asked himself if the password on the lockscreen really starts a session or if it does not, it only unlocks the screen of an already started sesssion - which would mean that you could not that easilly switch to a second user as it is more of the type 1 mentioned above. Reasons to do type 1 would be to have things which should be availible in the background before unlocking the screen like maybe receiving notifications.

The best solution which occurs to me right now would be to:

Phone is off -> start phone -> smart card decyphers disk -> system is ready on the lock screen but no session yet started (no notification possible, no calls can be received, no wlan) -> user selects user and enters pin -> session starts -> inactive or pressing the off button -> session is not ended but screen locked, disk still decyphered, no user switch possible only pin can be entered as the session is still running, calls can be received -> pin entered -> user presses off button for a while and selects to end the session or switch user -> user can be selected and pin entered again.

What do you think? Any insights on how it was done until now?

+1 from me too for such a functionality. I think that sharing the phone with multiple accounts is very useful.