X-Git-Url: http://git.grml.org/?a=blobdiff_plain;f=templates%2FGRML%2FREADME.txt;fp=templates%2FGRML%2FREADME.txt;h=075b83f4a45b98100b56ad01f93a656eaa5abd65;hb=4f8937bce96f552121e525eb927a2daea4dfae88;hp=0000000000000000000000000000000000000000;hpb=7874a87c8f7f847e3096f7044f48c70649c1963f;p=grml-live.git

diff --git a/templates/GRML/README.txt b/templates/GRML/README.txt
new file mode 100644
index 0000000..075b83f
--- /dev/null
+++ b/templates/GRML/README.txt
@@ -0,0 +1,27 @@
+Security considerations for grml
+================================
+
+1.) There is no automatic start of external accessible services in Live-CD
+    mode. (sshd is started by default on harddisk installations though.)
+
+2.) There are no default passwords. All accounts are locked by default.
+    Even local logins are not possible (unless you set a password or create
+    new user accounts as root).
+
+3.) Therefore, all local interactive processes are started by init without
+    authorization.
+    Programs that only work for root are usually started using sudo without
+    password. This has the advantage of making faults caused by defective
+    software very unlikely, but does not enhance local security, since it
+    is fairly easy to switch between the "grml" and "root" account. The
+    grml user should never be allowed for external logins (in the case
+    that sshd or similar servers are being launched).
+
+4.) You can create valid passwords using "sudo passwd [username]" from the
+    shell, individually.
+
+GRML squashfs file
+==================
+
+The GRML squashfs file has been moved from /GRML/GRML to
+/live/grml.squashfs due to the use of live-initramfs.