how can HDD be protected from installing new OS over it, i mean inserting install CD of new OS and overwriting previous??

Does your BIOS support turning off the ability to boot from anything except the hard disk (and password protecting the settings)? Also, hdparm supports a '-r' flag to make a drive read-only but I don't know if the setting is permanent and it's probably not the effect you want anyway.

hmm BIOs can boot only from HDD, i try to protect only the hard disk
if HDD is read only will it boot?

If your whole hard disk is read-only you will have trouble booting. Are you trying to keep a known configuration or stop users modifying files? There may be another way to do what you need to.

when i mess Linux to a state when it is unrecoverable i insert CD and install anew...
is it possible to set up password so that HD is protected from this??
i mean if somebody wants to erase Linux taht way... accidently or intently...
tnx

It depends on your computer's BIOS - it is possible to password protect your BIOS settings so that they can't be changed without a password, then you need to set up your BIOS so you can't boot with a CD without changing the BIOS and entering a password.

There's only so much you can do though - if someone with a screwdriver has access to your PC they can just walk away with your hard disk.

he will steal tux's linux...
what about MBR.. it is the first thing that is read on a HDD?
if it is read only??

That won't stop someone - if they can boot with a CDROM they can still install an operating system on the hard disk and overwrite the MBR.

so any1 can destroy carefully adjusted Linux with one move...
i want to protect myself from that

password-protecting your Bios from being changed (after you set it to boot _only_ from HDD and not offering any choices like a boot-menu which can be used to boot something other than what you installed and/or password-protecting the boot menu from being changed if you need to have one) is the only way to prevent anyone from just popping in a CD and do _whatever_ they want - locking away your PC when you are not there left aside - anyone who has physical access to your PC can still do pretty much everything...(by taking the harddisk out for example...)

hmmm, that's strange - only one level of security...
what exactly is MBR?? master boot record...
is it the first thing to be read when boot initiates??
if somehow i make it read-only??

you cannot write protect a harddisk and much less parts of it - well you can, but this is on the operating-system-level - when there is a system already running.
MBR is the first few (512 ?) bytes of a harddisk and is read by bios to find information on how to continue in bringing up the system.
To prevent anyone from just booting your machine in a different way than you wanted or by using another medium (CD...) you can only password protect the Bios against making changes to it.
There is a feature to password-protect harddisks (depends on the model used - this is on hardware-level) - but there is like no way in the world to get to or change the data on it if you loose that password - no recovery whatsoever - not even by taking the disk to another machine.
If you are concerned about someone reading your data - there is encryption of files and even the whole disk - so someone can take it away, but will not be able to read or use it - it is still lost to you though.

hmmm ... so if MBR is read only ... it can override BIOS and keep Linux safe...
what is that hardware level protection.. it sounds good to me...
i will lock the harddisk and throw the key in the river...
sounds prefect...

not quite...
1.) the Bios
2.) the MBR
Bios is _using_ (and needing) the MBR - but Bios comes as the very first thing - no way around that.
If you want to protect the disk (or MBR - which is on the disk) you need to do this through Bios.
Bios just knows how to interpret the MBR and executes whatever it finds there - usually a boot loader which in turn passes control on to the operating system.
I have no specific knowledge about hardware level protection aside from reading posts here from people trying (mostly in vain) to get to their data when the disk is somehow failing...

so i guess i have to edit MBR somehow...
where it is located? is it a regular file??
how to edit?