5

Hi I have 2 problems with my WSL2

first of all, it always runs as root

and the second problem that I have is that it runs without any password.

so here are my questions:

1- how to change my default User

2- how to make wsl2 ask for password on startup.

Pouya Samie
  • 153
  • 1
  • 1
  • 5
  • 1
    [Have you tried setting the default user for the distribution?](https://docs.microsoft.com/en-us/windows/wsl/wsl-config#change-the-default-user-for-a-distribution) – Ramhound May 10 '21 at 12:11
  • yes that was the first this i did. the problem is it's not a secure way. i want a way to no one can change it back too root and again run it without password – Pouya Samie May 10 '21 at 12:13
  • They would need to know your Windows username password to change it. You asked how to change the default user, and it seems based on your comment, you already know how to do that. – Ramhound May 10 '21 at 12:15
  • Opening a WSL terminal does not start a proper login. WSL is simply not designed to do what you want. Your Windows user has full access to the virtual disk that contains the entire WSL2 filesystem anyway, so a password would not really improve security. – Daniel B May 10 '21 at 12:18
  • When you first set up (installed) WSL (when I first set up (installed) WSL), it asked for my User Name, then it asked for the password, verify the password and now runs without a password. WSL is not a user Virtual Machine - what are you trying to do? – John May 10 '21 at 12:20
  • Base on comments it's not possible what I want to do. I wanted to make it more secure like a real Linux machine. I wanted to make sure domain admins can't access those files even if he resets my password – Pouya Samie May 10 '21 at 12:27
  • If you want a "real" machine with files and stuff you want secured, set up a machine in Hyper-V and use that. My WSL host machine also has Hyper-V running and a guest machine there. – John May 10 '21 at 13:03

2 Answers2

6

To change the default user, please see this answer. The recommended way has already been covered in the comments.

As for trying to get WSL to ask for a password, I think you are trying to solve a problem that doesn't exist. Because the WSL instance runs under your Windows credentials, there's nothing that a potential attacker can do in WSL that they wouldn't already be able to do if they had access to your logged in Windows session. Even the Linux/WSL root cannot elevated privileges beyond that of the logged in Windows user.

The password will be requested when accessed remotely, however. For instance, if you have an SSL server running in the WSL instance, and you attempted to connect to that instance through ssh, a valid username and password (or associated private key) would be validated before granting access.

You mentioned trying to secure files against a domain admin who might access your account. Again, a domain admin could access your files in Windows. Even if you were running a Linux virtual machine with a "real" user that required a password, if someone access your Windows account, they could access the virtual disk for that VM.

The way to secure files inside the WSL instance is mostly the same way that you would protect files in a VM (or in Windows itself). Secure the files themselves with some level of encryption. Options include:

  • GPG
  • Create an encrypted container for the files, using something like LUKS. Note that I haven't tried this myself, but it does look like there's some additional effort required to enable this under WSL2.
NotTheDr01ds
  • 17,574
  • 4
  • 44
  • 81
-2

Sorry for the necro, but for others wanting to do this -

I think you could set up a default user and in /etc/passwd set it's login shell to /usr/bin/login

I mean it still wouldn't be more secure than the windows box it sits on but if you really want to see the login prompt...

JBlouin
  • 1