LinuxQuestions.org
Support LQ: Use code LQ3 and save $3 on Domain Registration
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices

Reply
 
Search this Thread
Old 08-06-2005, 09:11 PM   #1
coolblue
Member
 
Registered: Feb 2005
Posts: 126

Rep: Reputation: 15
anyone can change my root or user password?


From what I know, theres a way to change/reset root password & user passwords if u forget them.

Which means anyone having such knowhow & physical access to my PC can tamper with my linux system.

Is there ANY way to prevent all this?
 
Old 08-06-2005, 09:23 PM   #2
comprookie2000
Gentoo Developer
 
Registered: Feb 2004
Location: Fort Lauderdale FL.
Distribution: Gentoo
Posts: 3,291
Blog Entries: 5

Rep: Reputation: 54
You can password protect grub and lock the screen when your running.
If someone has physical access to your box and boots up a live cd I'm not sure how to protect that.
 
Old 08-06-2005, 09:40 PM   #3
andy753421
Member
 
Registered: Apr 2004
Distribution: Gentoo
Posts: 65

Rep: Reputation: 15
It's extremely hard to protect a computer from physical tampering. I would also suggest putting in a bios password. Also make sure you have it set to only boot from the hard drive, that will prevent people from using boot disks to gain access.

One of the best ways to prevent physical tampering is simply to keep the computer locked up. You can get cases that have locks on them (but their easily bipassed). Other than that just keep you're house/room locked when you're not there.

Locking it up will keep someone from resetting the bios and/or removing the hard drive.

If you're concerned with sensative data I would suggest useing some form of data encrypion and/or keeping that data on an external drive that you can take with you. If you're just conserned with someone messing up you're computer there's nothing you can really do about it. All the security in the world wont stop a large electo-magnet or power surge.

Last edited by andy753421; 08-06-2005 at 09:42 PM.
 
Old 08-07-2005, 02:08 AM   #4
harken
Member
 
Registered: Jan 2005
Location: Between the chair and the desk
Distribution: Debian Sarge, kernel 2.6.13
Posts: 666

Rep: Reputation: 30
Quote:
One of the best ways to prevent physical tampering is simply to keep the computer locked up. You can get cases that have locks on them (but their easily bipassed).
Just a thought, you can weld some bended and pierced iron plates (L-shaped) to the sides of the sliding panels of the case and on the case itself, then use a regular lock to prevent case opening. It's kinda ugly solution, but the one who'd like to open the case to erase the bios or something should take the time to cut the lock, making some noise too.
Other than that, remove the harddrive from the computer and hide it while you're away...just kidding.
 
Old 08-07-2005, 03:06 AM   #5
bp12345
Member
 
Registered: Jun 2005
Distribution: Debian testing, Kubuntu 5.04
Posts: 104

Rep: Reputation: 15
If it is a laptop, just take it with you or hide it.
 
Old 08-07-2005, 01:33 PM   #6
coolblue
Member
 
Registered: Feb 2005
Posts: 126

Original Poster
Rep: Reputation: 15
Well...hmm..thanx for ur solutions but I really can't afford to lock up my pc that way....my family uses it and I'm just a 21-yr kid using the same pc

So I know that NO ONE in my family would do any intentional damage to my pc......what I ONLY want is that no one should get access to my linux system by changing password etc.

Apart from encrypting personal files, isn't there ANY other way?

Thanks again
 
Old 08-07-2005, 01:53 PM   #7
trickykid
Guru
 
Registered: Jan 2001
Posts: 24,133

Rep: Reputation: 197Reputation: 197
Quote:
Originally posted by coolblue
Well...hmm..thanx for ur solutions but I really can't afford to lock up my pc that way....my family uses it and I'm just a 21-yr kid using the same pc

So I know that NO ONE in my family would do any intentional damage to my pc......what I ONLY want is that no one should get access to my linux system by changing password etc.

Apart from encrypting personal files, isn't there ANY other way?

Thanks again
Create a BIOS password, share that with your family. Then create a Grub/Lilo password, if trusted users also use the same Linux OS, share the password with them and only them. Get a padlock to lock your computer case so no one can pull the cmos battery to reset the BIOS password. Then always use strong passwords for all users, setup sudo for trusted users who might need sudo access but limit it so they can't change root's password, etc. Then change root's password to something random, forget it and get on with your life so you don't have to worry about someone tampering with your family's computer.

Cheers.
 
Old 08-07-2005, 10:01 PM   #8
shengchieh
Member
 
Registered: Jul 2004
Location: Palo Alto, CA
Distribution: #! Korora
Posts: 472

Rep: Reputation: 30
> Apart from encrypting personal files, isn't there ANY other way?

Use

chmod ug-rwx <files or directories>

and hide your files/directories from the rest of your family.

Sheng-Chieh
 
Old 08-08-2005, 01:07 AM   #9
DaHammer
Member
 
Registered: Oct 2003
Location: Planet Earth
Distribution: Slackware, LFS
Posts: 561

Rep: Reputation: 30
Quote:
Originally posted by coolblue
I'm just a 21-yr kid
Wow! A 21 year old kid who actually admits that he is still a kid. Amazing.

Ultimately, it is next to impossible to prevent a savy attacker, whom has physical access to the PC, from accessing anything on that PC. This is true regardless of what operating system the PC is running (Windows, Linux, or whatever). They are only a CMOS reset and bootdisk away from anything on the PC. Your efforts would be better served encrypting the actual files you wish nobody else to see, than trying to protect passwords from local users. Beyond that, you can take some steps outlined in the other posts to prevent "most" non-savy folks from accessing your PC.
 
Old 08-08-2005, 03:37 AM   #10
coolblue
Member
 
Registered: Feb 2005
Posts: 126

Original Poster
Rep: Reputation: 15
Well..hehe..I'd ALWAYS like to think of myself as a kid...who wants to grow old? maybe thinking of oneself as a kid retards the ageing process and keeps u youthful for a longer time just my own silly thoughts...

Thanks for all ur solutions..I'll hide the files & encrypt them..that I think is the most I can do
 
Old 08-08-2005, 05:01 AM   #11
phil.d.g
Senior Member
 
Registered: Oct 2004
Posts: 1,192

Rep: Reputation: 101Reputation: 101
An external hdd for your personal files might be an idea.

Computer cases aren't particularly strong so it seems a bit of a daft idea putting a padlock on it, it may be a good idea to put a lock on the door to the computer room and give everyone who needs access a key.
 
Old 08-23-2005, 09:33 PM   #12
mpetrov
LQ Newbie
 
Registered: Aug 2004
Distribution: Gentoo
Posts: 18

Rep: Reputation: 0
I know it's a bit of an old topic - but here is an idea:
Use an encrypted root partition that requires the key upon boot - most likely not too hard to set up (never had to do it myself, but might soon).
If you want something more extreme: put an encrypted partition table inside another partition table - then have a custom boot loader that knows exactly where that partition table starts and asks you for the key to decrypt the initial table that contains partitions that are encrypted (in case the table itself is decrypted). Also store that boot loader on a usb stick and boot from that (if your motherboard supports usb boot).

Those ideas are only theoretical and your criticism is welcome.

Best Regards,
mpetrov
 
Old 10-08-2005, 11:44 AM   #13
martinj
LQ Newbie
 
Registered: Jun 2005
Distribution: Debian 3.1
Posts: 28

Rep: Reputation: 15
Use loop AES to protect your PC : )
 
Old 10-08-2005, 02:31 PM   #14
TexasDevilDog
Member
 
Registered: Nov 2003
Posts: 54

Rep: Reputation: 15
Quote:
Originally posted by coolblue
Well...hmm..thanx for ur solutions but I really can't afford to lock up my pc that way....my family uses it and I'm just a 21-yr kid using the same pc

So I know that NO ONE in my family would do any intentional damage to my pc......what I ONLY want is that no one should get access to my linux system by changing password etc.

Apart from encrypting personal files, isn't there ANY other way?

Thanks again
Security begins with physical access.

If you want total security to your system, you could have a USB hard drive that is your system. That way you can take your drive with you and boot off many different machines.
 
Old 10-08-2005, 04:21 PM   #15
felixc
Member
 
Registered: Jul 2005
Location: Canada
Distribution: Ubuntu, Debian
Posts: 94

Rep: Reputation: 15
Quote:
Originally posted by andy753421
All the security in the world wont stop a power surge. [/B]
Maybe not, but a surge protector will.

Sorry, I know this is mostly irrelevant, but I just wanted to mention how curious I find it that so few people in North America (by which I mean Halifax, Nova Scotia, Canada) use these. Maybe it is a degree of paranoia that comes from having lived nine years in a South American country with unstable power, but I have one of the little boxes hooked between every computer in the house and the power outlets. Yep, even the old laptop from '95 with a smashed screen. Well why not? They're cheap and could save your system from pretty bad stuff. Just wanted to get that idea out there, you know, spread surge protector awareness. Always use protection kind of thing.

-Felix
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
How could normal user obtain root password or change root password ckamheng Debian 18 02-18-2009 10:28 PM
change root password? ice99 Programming 1 08-10-2005 11:18 AM
Can unlock screen with root password in my user account - want to change this sm1 Linux - Newbie 2 07-24-2005 05:54 AM
Help! Cannot Add a User to User Manager or Change Root Password lennysokol Linux - General 2 06-25-2005 09:59 AM
what is the command to make a user change their password after creating a new user? naweenio Linux - Newbie 7 01-05-2005 07:07 AM


All times are GMT -5. The time now is 04:44 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration