Hello, This is a question for those familiar with the way the Librem 5 implements the Linux operating system (thanks in advance). My understanding of Linux is that multiple accounts can be established on the same hardware that can essentially mask and isolate one user’s configuration and data from another’s. Is it a reasonable expectation that the same could be done on the Librem 5 phone? This came up yesterday as I was forced to carry my wife’s Android-based Galaxy cell phone “for emergencies” in order to safely take my kids to the park. It’s a wonder I survived my free-range childhood. When I got back, she claims I changed something in her screen apps display despite only once looking at the time.
I think this is an interesting question. At least the password to unlock seems to use the linux user password also used in the terminal. From the current design of the unlock screen we unfortunately don’t have a user selection like you would know it from a linux desktop. We’ll see if this comes in the future. I hope that the most possible existing functions from GNU/Linux will be used in the phone not like android where everything was implemented again as e.g. the user management.
I don’t see a reason why this should be so hard to implement. The real support of “multi-user” is in the kernel (which has UIDs and GIDs as credentials of objects like processes, files, etc. and allows privileged processes to change these credentials) and in the PAM library (which implements various methods of authentication in the userspace).
Both of these things do not care about the user interface, so they probably do not require any adaptation, and the login screen (which is a pretty simple thing as long as you already have PAM and UI libraries) is the only thing which should be phone-specific.
Although I shall be getting a second L5 when the initial one arrives and I have time to train myself.
I’ve done this with my Android mobile devices. Their were quirks though. Like the other profiles (not the first set-up one) couldn’t text SMS ot MMS out with the Hangouts system, or make calls. They could do all WiFi and mobile data things though. At one time my daughter programmed in her finger to unlock the device to her account.
On any Linux system where you have physical access, the separation is an illusion unless appropriate encryption is done.
If you are only worried about someone making random changes to the settings then Linux is a good basis for implementing that - but whether it is available at Day 1 remains to be seen.
PAM does more than that, at least on a modern system. It also managed sessions, and seats.
I have a set of scripts that ask PAM to spawn off a second login for a second user, with all the various session-bits set properly, no login-screen modification required. Once I get my hands on the phone I’ll see if they can work.
This reminds me of http://dontevenreply.com/view.php?post=62 .Maybe you should hire Mike Partlow next time that you want to safely take your kids to the park.
Or install something like SOS-EU-Alp App (or any other that matches) on Librem 5:
App Store iOS: apple.co/2klqArO
Play Store Android: https://play.google.com/store/apps/details?id=at.tirol_notfall&hl=en