I
thought someone else had mentioned about putting password protection on grub or
lilo so that the settings can not be changed.
This
would not allow them to boot up anyway other then what is setup unless they have
the password.
Then
you would want to password protect the bios settings and make it so it will ONLY
boot the HD...
Without accessing the interior of the computer then it would be next to
impossible to gain access into the machine while still allowing CD drives or
other removable media.
I
could be wrong but I believe I am on the right track here...
-----Original Message-----Here's the thing though. I am planning a HUGE migration from Microsoft to Linux in a K-12 school system. This includes servers AND workstations. Now, trust me, I'm not fan of Microsoft, I downright despise them. However, would any kid in the network get his hand on a workstation and be able to start changing the root password? What type of security other than with the bootloader is there? Is there a way to turn off Single User Mode? If so, what are the implications of doing this?
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Jon Gaudette
Sent: Thursday, 13 June 2002 7:21 p.m.
To: [EMAIL PROTECTED]
Subject: Re: Opps...
Thank you in advance.-- ************************************************************************ * Jon "GenKiller" Gaudette ultra übergeek * * Webmaster / Founder -|- DDN -|- http://www.digital-drip.com * * Co-Webmaster -|- CNCNZ -|- http://www.cncnz.com * * Co-Webmaster -|- APS -|- http://auburn.k12.ma.us * ************************************************************************
Anthony E. Greene wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 13-Jun-2002/17:50 -0400, Jon Gaudette <[EMAIL PROTECTED]> wrote:This is great and all for in this case, when you forget your password, but what about the security implications of this? Can't just "any ol' user" do this and gain root privledges?Yes, that's why you need to control physical access to the machine. LILO provides a way to password protect changes to the boot sequence. GRUB should have something similar. A person with physical access can do lots of things to the machine, including spilling a drink into it or opening it up and taking the hard disk. The possiblity that they might change the root password is just one of many possible risks. Tony - -- Anthony E. Greene <mailto:[EMAIL PROTECTED]> OpenPGP Key: 0x6C94239D/7B3D BD7D 7D91 1B44 BA26 C484 A42A 60DD 6C94 239D AOL/Yahoo Chat: TonyG05 HomePage: <http://www.pobox.com/~agreene/> Linux: the choice of a GNU Generation. <http://www.linux.org/> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: Anthony E. Greene 0x6C94239D <[EMAIL PROTECTED]> iD8DBQE9CRbEpCpg3WyUI50RAvdqAJ9OHgY04z453D/CiuQiIl2a7Qe/1QCfViJe OoK/vm92TyuMY11wLM6SU+M= =XaLb -----END PGP SIGNATURE----- _______________________________________________ Redhat-list mailing list [EMAIL PROTECTED] https://listman.redhat.com/mailman/listinfo/redhat-list
_______________________________________________ Redhat-list mailing list [EMAIL PROTECTED] https://listman.redhat.com/mailman/listinfo/redhat-list
