LinuxQuestions.org
Did you know LQ has a Linux Hardware Compatibility List?
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Ubuntu
User Name
Password
Ubuntu This forum is for the discussion of Ubuntu Linux.

Notices

Reply
 
LinkBack Search this Thread
Old 03-13-2007, 02:10 PM   #1
vasco-t
LQ Newbie
 
Registered: Feb 2007
Location: Switzerland
Posts: 21

Rep: Reputation: 15
Security Question


After installing Ubuntu then leaving it for a few days I forgot my base user password. So, looking through the forums I came across a way to reser my password by booting in the "Recovery Mode" of GRUB then using the passwd command.

This worked fine but I then thought that if I install UBUNTU on workstations for non-priviledged users thew will also find it easy to change the base password and gain privileged access to the system.

Is there a recognised method of preventing this?

Thanks
 
Old 03-13-2007, 09:37 PM   #2
bulliver
Senior Member
 
Registered: Nov 2002
Location: Edmonton AB, Canada
Distribution: Gentoo x86; Gentoo PPC; Gentoo Sparc64; FreeBSD; OS X; Solaris
Posts: 3,731
Blog Entries: 4

Rep: Reputation: 63
Quote:
Is there a recognised method of preventing this?
You can also set a 'grub' password, to dissallow mucking about.
Also consider setting a CMOS (BIOS) password.
 
Old 03-13-2007, 11:41 PM   #3
aysiu
Senior Member
 
Registered: May 2005
Distribution: Ubuntu with IceWM
Posts: 1,776

Rep: Reputation: 57
Quote:
Originally Posted by vasco-t
This worked fine but I then thought that if I install UBUNTU on workstations for non-priviledged users thew will also find it easy to change the base password and gain privileged access to the system.

Is there a recognised method of preventing this?
Yes, remove the Grub entry or establish a root password and prevent physical access to the workstation.

Read more here:
http://psychocats.net/ubuntu/security#recoveryrisk
 
Old 03-14-2007, 06:46 AM   #4
vasco-t
LQ Newbie
 
Registered: Feb 2007
Location: Switzerland
Posts: 21

Original Poster
Rep: Reputation: 15
Thanks for your replies/suggestions.

Putting a password on the CMOS/BIOS would, of course, limit workstation access but in this case the workstation will be used as a general Internet access station by many users so the BIOS password would be distributed.

I edited the /boot/grub/menu.lst file to include the command:
password topsecret
(as in the example) but I found that I could still select recovery mode from the grub menu. Maybe I have interpreted it wrong but I thought that this command limited access to the grub menu.

Any ideas?
Thanks
 
Old 03-14-2007, 01:05 PM   #5
bulliver
Senior Member
 
Registered: Nov 2002
Location: Edmonton AB, Canada
Distribution: Gentoo x86; Gentoo PPC; Gentoo Sparc64; FreeBSD; OS X; Solaris
Posts: 3,731
Blog Entries: 4

Rep: Reputation: 63
Quote:
Maybe I have interpreted it wrong but I thought that this command limited access to the grub menu.
Sorry Vasco, I thought it would too. Kind of pointless otherwise...

Wait, from "info grub":
Code:
password [`--md5'] passwd [new-config-file]
      If used in the first section of a menu file, disable all
      interactive editing control (menu entry editor and command-line)
      and entries protected by the command `lock'.
So, you just have to 'lock' the entries.

HTH
 
Old 03-15-2007, 05:06 AM   #6
vasco-t
LQ Newbie
 
Registered: Feb 2007
Location: Switzerland
Posts: 21

Original Poster
Rep: Reputation: 15
Many thanks.
After a few tries I got it working.
It seems that I needed to insert the command lock after every line that started with title.

Although, reading the notes in menu.lst it seems that a Debian Update will overwrite my lock command.

Cheers
 
  


Reply

Tags
security


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are Off
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
security question computer Linux - Newbie 2 08-18-2006 02:53 PM
security question jonny bravo *BSD 1 07-07-2005 09:37 AM
Security Question brokenflea Slackware 1 02-16-2005 03:19 PM
Security question {newbie question} Radio Linux - Security 3 05-17-2002 06:32 PM


All times are GMT -5. The time now is 05:06 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration