Thank you Guy and curaga for your priceless contributions to this thread.
gerald_clark, you were right about the need to pass 'noautologin' as boot code. After adding those lines you suggested to /opt/.filetool.lst AND booting with code "noautologin" along with codes "user superuser secure protect laptop" (this also answers newbody's question), I was presented, right after bootup, with the options to enter a password for both root, user tc and encryption (which I did) and after that presented with a login prompt. Great!
HOWEVER, though both root and user tc can now login, I get the following screen errors.
For root:
login [4180]: root login on 'tty1'
-sh: syntax error: unexpected "fi"
root@box;~#
For user tc:
-sh: syntax error: unexpected end of file
tc@box:~$
So, if someone tells me where and how to correct these, I'll go ahead and do it myself. Also, if a developer reads this, he/she might want to make these corrections to the current TCL release, if applicable.
At that time I had 3 or more partitions, with Tiny Core installed on each, and an entry in Grub for each. When one would lock up, I would be able to boot with another and fix the problem.
Right now I have one hard drive partition fully dedicated to TCL. I am making changes to it from my main install of Slackware - much easier that way. If something goes wrong, I can always boot the original TCL iso in ram to compare things and restore the original settings if I need to.
Thank you, Guy, also for your firewall mini-howto....much appreciated.
User tc is a normal unprivileged user. I assume you are talking about the right to execute sudo without password.
Exactly.... The whole sudo thing makes me a bit uneasy. I wish sudoers could be done away with altogether on my system, but as you said:
This right is only for user tc, so if you create additional users, they will have no right to use sudo at all, not even with password.
The only way anyone could come in from the net is via access via the net. Thus you are free to run your browser and servers as another user, and so they only have access to that user's files. No sudo access like the tc user.
This is great. That was my initial concern, an intrusion via the net while operating as user tc on the net. However, the downloading of applications is still done via user tc, right? In which other ways does user tc, with its privileged status, expose the system to intrusion via the internet?
So the way to go to make TCL more secure is to create/use additional nonprivileged users to do whatever stuff one wishes to do on the internet.
Now a question from a purely educational standpoint.... I looked into /etc/init.d/tc-config more closely and a lot of stuff is mounted/made to be suid.... Why was this choice adopted, given its inherent potentiality for opening the system to intrusion? Was it for ease of use, for keeping it as small as possible, or what else? Is it conceivable to remove the suid/sudo capability from TCL and still have a working system after making a few adjustments? Many thanks.
If I was to set up an internet cafe, and I have no plans to, I would .....
Seems like a great idea for a kiosk utilization of TCL.