What is going on with the lslogins instruction
lslogins instructions lists down the user info of all users however isnt this unsafe?
For example suppose a hacker pretends to like you and ends up spending the night with you just to access your computer physically , she could have written a
.sh file before which uses the data given out by the
lslogins instruction and logs in your computer and injects ‘sleeper agent’ files which would transfer your data(credit card number and pwd) to her if some condition is met.
So what is the catch here?
The lslogins instructions lists down the user info of all users however isnt this unsafe?
No,it is not.
As with all things related to operating systems: physical access means that person owns the machine. That user could reboot the system, and use an USB live session to mount the disks and be "root". Not even a boot password will stop someone. Formatting a disk is pretty easy to do too.
There is nothing to ‘secure’ here. Any security measure is also going the hinder the actual owner of the machine if that person forgets a needed password.
and logs in your computer
Without knowing the password to enter the desktop or command line? How do you see that happening?
If a ‘hacker’ has physical access to your login-account (that is she by "social engineering" has got your password, or you have left the account logged in) those information, and many others, is available anyway by other commands.
cat /etc/passwd gives the same and more.