anyone can change my root or user password?
 

From what I know, theres a way to change/reset root password & user passwords if u forget them.

Which means anyone having such knowhow & physical access to my PC can tamper with my linux system.

Is there ANY way to prevent all this?

You can password protect grub and lock the screen when your running.
If someone has physical access to your box and boots up a live cd I'm not sure how to protect that.

It's extremely hard to protect a computer from physical tampering. I would also suggest putting in a bios password. Also make sure you have it set to only boot from the hard drive, that will prevent people from using boot disks to gain access.

One of the best ways to prevent physical tampering is simply to keep the computer locked up. You can get cases that have locks on them (but their easily bipassed). Other than that just keep you're house/room locked when you're not there.

Locking it up will keep someone from resetting the bios and/or removing the hard drive.

If you're concerned with sensative data I would suggest useing some form of data encrypion and/or keeping that data on an external drive that you can take with you. If you're just conserned with someone messing up you're computer there's nothing you can really do about it. All the security in the world wont stop a large electo-magnet or power surge.

Just a thought, you can weld some bended and pierced iron plates (L-shaped) to the sides of the sliding panels of the case and on the case itself, then use a regular lock to prevent case opening. It's kinda ugly solution, but the one who'd like to open the case to erase the bios or something should take the time to cut the lock, making some noise too.
Other than that, remove the harddrive from the computer and hide it while you're away...just kidding.

If it is a laptop, just take it with you or hide it.

Well...hmm..thanx for ur solutions but I really can't afford to lock up my pc that way:)....my family uses it and I'm just a 21-yr kid using the same pc:)

So I know that NO ONE in my family would do any intentional damage to my pc......what I ONLY want is that no one should get access to my linux system by changing password etc.

Apart from encrypting personal files, isn't there ANY other way?

Thanks again:)

Create a BIOS password, share that with your family. Then create a Grub/Lilo password, if trusted users also use the same Linux OS, share the password with them and only them. Get a padlock to lock your computer case so no one can pull the cmos battery to reset the BIOS password. Then always use strong passwords for all users, setup sudo for trusted users who might need sudo access but limit it so they can't change root's password, etc. Then change root's password to something random, forget it and get on with your life so you don't have to worry about someone tampering with your family's computer.

Cheers.

> Apart from encrypting personal files, isn't there ANY other way?

Use

chmod ug-rwx <files or directories>

and hide your files/directories from the rest of your family.

Sheng-Chieh

Wow! A 21 year old kid who actually admits that he is still a kid. Amazing. :)

Ultimately, it is next to impossible to prevent a savy attacker, whom has physical access to the PC, from accessing anything on that PC. This is true regardless of what operating system the PC is running (Windows, Linux, or whatever). They are only a CMOS reset and bootdisk away from anything on the PC. Your efforts would be better served encrypting the actual files you wish nobody else to see, than trying to protect passwords from local users. Beyond that, you can take some steps outlined in the other posts to prevent "most" non-savy folks from accessing your PC.

Well..hehe..I'd ALWAYS like to think of myself as a kid...who wants to grow old? maybe thinking of oneself as a kid retards the ageing process and keeps u youthful for a longer time:) just my own silly thoughts...

Thanks for all ur solutions..I'll hide the files & encrypt them..that I think is the most I can do:(

An external hdd for your personal files might be an idea.

Computer cases aren't particularly strong so it seems a bit of a daft idea putting a padlock on it, it may be a good idea to put a lock on the door to the computer room and give everyone who needs access a key.

I know it's a bit of an old topic - but here is an idea:
Use an encrypted root partition that requires the key upon boot - most likely not too hard to set up (never had to do it myself, but might soon).
If you want something more extreme: put an encrypted partition table inside another partition table - then have a custom boot loader that knows exactly where that partition table starts and asks you for the key to decrypt the initial table that contains partitions that are encrypted (in case the table itself is decrypted). Also store that boot loader on a usb stick and boot from that (if your motherboard supports usb boot).

Those ideas are only theoretical and your criticism is welcome.

Best Regards,
mpetrov

Use loop AES to protect your PC : )

Security begins with physical access.

If you want total security to your system, you could have a USB hard drive that is your system. That way you can take your drive with you and boot off many different machines.

Maybe not, but a surge protector will.

Sorry, I know this is mostly irrelevant, but I just wanted to mention how curious I find it that so few people in North America (by which I mean Halifax, Nova Scotia, Canada) use these. Maybe it is a degree of paranoia that comes from having lived nine years in a South American country with unstable power, but I have one of the little boxes hooked between every computer in the house and the power outlets. Yep, even the old laptop from '95 with a smashed screen. Well why not? They're cheap and could save your system from pretty bad stuff. Just wanted to get that idea out there, you know, spread surge protector awareness. Always use protection kind of thing.

-Felix