What's the point of password protection...

tedbell · 2012-07-23 20:20:42

...if I can just enter root through reovery mode? Is there a way to protect that with a password?

el_koraco · 2012-07-23 20:24:53

You need to give yourself a root password:

sudo passwd root

But even that's not bulletproof, anybody with physical access to the machine can boot into a root shell if they pass the init=/bin/bash kernel argument.

Awebb · 2012-07-23 20:40:20

Account passwords are not worth a dime in physical access situations. They are meant to protect servers from unpriviledged users. A "secure" desktop needs some more things done.

CBizgreat! · 2012-07-23 20:42:46

Edit /etc/default/grub , uncomment GRUB_DISABLE_RECOVERY="true" so recovery boot options don't show up in the grub menu anymore ? Then just rely on professor Xaos's chroot how to. smile Not that it's a security precaution so much. Though removes the opportunity for someone to boot into them I guess.

I tend to disable them cause I don't like a crowded grub menu. Then again ... also tend to just choose whichever kernel I want to boot into as default and set the grub_timeout to 0 anyway, so I don't see the grub2 menu. Am booting a couple installs with grub legacy here.

vll! smile

afterthought babble ...
Whenever you edit that file, you have to "sudo update-grub" in terminal in order for changes to take effect. That is if anyone wants to do this, shrugs.

Last edited by CBizgreat! (2012-07-23 21:02:26)

snowpine · 2012-07-23 22:03:00

The point of recovery mode is to allow you to recover your system in case of unforeseen circumstances, such as a forgotten password. Agree that you might want to lock this down if the computer is public such as a kiosk. If you are truly concerned that malicious people might have physical access to your computer, the best option is encryption. Not only will this prevent someone from booting your machine without the password, it will also prevent them from getting your data in 101 other ways as well. smile

VastOne · 2012-07-23 22:47:55

^ Well said and spoken truth snowpine. cool

tedbell · 2012-07-23 23:02:38

thanks all for the replies. I will remove grub from the menu for starters.

johnraff · 2012-07-24 03:09:09

As long as they have your box, anyone can boot a live CD and do whatever they want.

I have a BIOS password set on my laptop (+autologin) - even that can be bypassed but it takes more work so might deter the idle tinkerer for a while.

Encryption sounds like a good idea though.

Awebb · 2012-07-24 05:42:42

To turn off a certain stage, I have to put an option into the bootloader configuration, that reads like:

OFF=on

Debian... *facepalm*

sqlpython · 2012-07-24 16:03:20

We had an encryption key via a USB stick at one time for laptops. Basically w/o the USB to complete the boot encryption = No Boot.

@Awebb
Could/would you elaborate on the (OFF=on) bootloader configuration or point to on line examples of the same. Thank You.

ad3y · 2012-07-24 18:56:22

Encryption should keep your data safe from all but the most determined (NSA types?).
Keeping your PC in some form of security cage might mitigate the bootdisk/USB stick option for gaining access.
Just bear in mind that whatever you do to protect it from others may well prevent you from recovering your data should something happen to the computer!!!

Awebb · 2012-07-24 21:49:54

sqlpython wrote:

@Awebb
Could/would you elaborate on the (OFF=on) bootloader configuration or point to on line examples of the same. Thank You.

Of course. I was only twitching in pain a little because of the logic behind this:

CBizgreat! wrote:

Edit /etc/default/grub , uncomment GRUB_DISABLE_RECOVERY="true" so recovery boot options don't show up in the grub menu anymore

Awebb wrote:

To turn off a certain stage, I have to put an option into the bootloader configuration, that reads like:
OFF=on
Debian... *facepalm*

This reads like: "Turn on the turning-off to turn to turn on-off something that turns you off."

hochrappenkopf · 2012-09-17 13:15:50

tedbell wrote:

...if I can just enter root through reovery mode? Is there a way to protect that with a password?

I suggest Whole Disk Encryption - if the HDD is encrypted, you are sure.

Have a nice day!

Bye

xf · 2012-09-17 13:41:24

hochrappenkopf wrote:

I suggest Whole Disk Encryption - if the HDD is encrypted, you are sure.

I support this fully!

Only full disk encryption can protect your data physically. Look at LUKS - this is a good opportunity for Linux systems. If you have trouble, we will help you. But the Debian-Installer supports this type of crypto.

It is good that you are sensitive to the issue. Best regards!

Last edited by xf (2012-09-17 13:44:11)

CrunchBang Linux

SEARCH

#1 2012-07-23 20:20:42

What's the point of password protection...

#2 2012-07-23 20:24:53

Re: What's the point of password protection...

#3 2012-07-23 20:40:20

Re: What's the point of password protection...

#4 2012-07-23 20:42:46

Re: What's the point of password protection...

#5 2012-07-23 22:03:00

Re: What's the point of password protection...

#6 2012-07-23 22:47:55

Re: What's the point of password protection...

#7 2012-07-23 23:02:38

Re: What's the point of password protection...

#8 2012-07-24 03:09:09

Re: What's the point of password protection...

#9 2012-07-24 05:42:42

Re: What's the point of password protection...

#10 2012-07-24 16:03:20

Re: What's the point of password protection...

#11 2012-07-24 18:56:22

Re: What's the point of password protection...

#12 2012-07-24 21:49:54

Re: What's the point of password protection...

#13 2012-09-17 13:15:50

Re: What's the point of password protection...

#14 2012-09-17 13:41:24

Re: What's the point of password protection...

Board footer