LinuxQuestions.org
Did you know LQ has a Linux Hardware Compatibility List?
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 01-30-2004, 02:13 PM   #1
robhargreaves
Member
 
Registered: Dec 2003
Location: UK
Distribution: Slackware
Posts: 87

Rep: Reputation: 15
how do i stop root password reset?


Hi

The other day I was following some instructions I found and thought I would have a go at creating a new user in slack from the command line rather than kde's kuser. All goes well until I try to log in as root and the password wont accept!

When I looked at what I had been doing I realised I was following the instructions for adding a user using CLI, (whatever that is), maybe someone else can shed some light on why it did it!

I looked on the internet and found that if I boot with my slackware cd then press enter to get it to mount all the hdisks i am at a login prompt.

Instead of logging in I wrote linux init=/sbin/sh

instead of asking for my password it just gave me root permissions so I mounted my drive in /mnt/ and changed the /etc/shadow/ file to remove the encrypted password bit.

I was thinking maybe its possible to change the name of the shadow file so the intruder wouldnt know where to look and would have to look for the path to the new file name which would make it much harder. They would have access to the drive through the command line but would have to install another hd to copy all the stuff accross.

Now I know this is standard practice for lost root passwords but I dont really like it. How can I stop access to the pc like this - and still maybe have a disk or something should the worst happen?

Thanks Rob
 
Old 01-30-2004, 02:58 PM   #2
david_ross
Moderator
 
Registered: Mar 2003
Location: Scotland
Distribution: Slackware, RedHat, Debian
Posts: 12,047

Rep: Reputation: 64
There is one key step "Do not give people you don't trust physical access to your computer".

Other precausions:
1) Add a bios setup password
2) Make sure that the bios is only set to boot from your HDD
3) Create a bootloader password
4) Lock the computer case with a padlock if possible.
 
Old 01-30-2004, 04:21 PM   #3
robhargreaves
Member
 
Registered: Dec 2003
Location: UK
Distribution: Slackware
Posts: 87

Original Poster
Rep: Reputation: 15
Thanks David it came as a bit of a suprise how easy it was. I have only been using linux for a few months and i found it easier than installing lmsensors. I presume a slack cd allows root access to most distros in this way?
 
Old 01-31-2004, 09:16 AM   #4
david_ross
Moderator
 
Registered: Mar 2003
Location: Scotland
Distribution: Slackware, RedHat, Debian
Posts: 12,047

Rep: Reputation: 64
Without the filesystem being loaded with the password files there are no security restrictions at all. Any OS that can read your filesystem can read the data.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Reset Root password hbenway AIX 9 08-19-2008 04:13 PM
reset root password kapslock Debian 14 07-27-2006 07:08 AM
How to protect Root password so it cannot be reset PAB Linux - Security 14 04-05-2005 07:05 AM
How to reset forgotten root password comprookie2000 Linux - Newbie 4 10-28-2004 12:33 PM
Reset Root password sdsouza Linux - Software 5 11-12-2003 04:50 PM


All times are GMT -5. The time now is 05:38 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration