This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision Next revision Both sides next revision | ||
other:win10wsl [2022/09/06 15:40] jypeter [Restoring or relocating a Linux installation] Improved |
other:win10wsl [2022/09/07 12:04] jypeter [Base installation] Link to the Security section |
||
---|---|---|---|
Line 206: | Line 206: | ||
* Reboot the computer and be patient | * Reboot the computer and be patient | ||
* This step will take some time (make sure you have 15-30 mn available). Windows will install and configure what it needs for running //WSL+Ubuntu//, reboot, and install some more //stuff// | * This step will take some time (make sure you have 15-30 mn available). Windows will install and configure what it needs for running //WSL+Ubuntu//, reboot, and install some more //stuff// | ||
- | * The final installation step will take place when you open your Windows session. A terminal opens, displaying the final installation of Ubuntu, and asking you for a username and password, and giving you access to a ''bash'' prompt\\ <wrap hi>Do not use an existing password!</wrap> The security of the Linux running in WSL is weak by design, and somebody could easily extract your password information from a backup of your distribution | + | * The final installation step will take place when you open your Windows session. A terminal opens, displaying the final installation of Ubuntu, and asking you for a username and password, and giving you access to a ''bash'' prompt\\ <wrap hi>[[other:win10wsl#wsl_security_warning|Do not use an existing password for the Linux installation]]</wrap> |
* <code>Installing, this may take a few minutes... | * <code>Installing, this may take a few minutes... | ||
Please create a default UNIX user account. The username does not need to match your Windows username. | Please create a default UNIX user account. The username does not need to match your Windows username. | ||
Line 988: | Line 988: | ||
===== Advanced usage ===== | ===== Advanced usage ===== | ||
+ | ==== WSL security WARNING! ==== | ||
+ | <WRAP center round important 60%> | ||
+ | A regular Linux installation (on a Linux-only computer) is fairly secure,\\ but a Linux installation on WSL is not secure at all, **by design** | ||
+ | </WRAP> | ||
+ | |||
+ | WSL+Linux is designed to allow you to easily use Linux on Windows, including **very easily using the Linux root account without knowing any password** of the Linux installation! | ||
+ | |||
+ | <code>PS C:\Users\your_login> wsl | ||
+ | wsl_default_user@your_machine:/mnt/c/Users/your_login$ whoami | ||
+ | wsl_default_user | ||
+ | |||
+ | PS C:\Users\your_login> wsl -u root | ||
+ | root@your_machine:/mnt/c/Users/your_login# whoami | ||
+ | root</code> | ||
+ | |||
+ | This is **a feature and not a security issue**, because your installation is protected by your Windows account security | ||
+ | |||
+ | You should be aware (and act accordingly) that: | ||
+ | * Somebody gaining access to your Windows account will also have full access to the Linux installation | ||
+ | * <wrap hi>Do not use an existing password for the WSL Linux account</wrap>\\ Somebody could easily extract your password information... | ||
+ | * Storing data in the Linux part of your computer does not add any extra security | ||
+ | * Always **make sure that only you can access your Windows account** | ||
+ | * Your LSCE Windows laptop (not your desktop) is encrypted with [[https://docs.microsoft.com/en-us/windows/security/information-protection/Bitlocker/bitlocker-overview|BitLocker]], which adds some extra security | ||
+ | |||
+ | * Somebody gaining access to a backup of your Linux installation will easily have access to the Linux installation itself | ||
+ | * You can store your Linux installation backup to [[https://docs.microsoft.com/en-us/windows/security/information-protection/bitlocker/bitlocker-to-go-faq|an external disk encrypted with BitLocker]] | ||
==== Creating a backup ==== | ==== Creating a backup ==== | ||