Linux - NewbieThis Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place!
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
You can password protect grub and lock the screen when your running.
If someone has physical access to your box and boots up a live cd I'm not sure how to protect that.
It's extremely hard to protect a computer from physical tampering. I would also suggest putting in a bios password. Also make sure you have it set to only boot from the hard drive, that will prevent people from using boot disks to gain access.
One of the best ways to prevent physical tampering is simply to keep the computer locked up. You can get cases that have locks on them (but their easily bipassed). Other than that just keep you're house/room locked when you're not there.
Locking it up will keep someone from resetting the bios and/or removing the hard drive.
If you're concerned with sensative data I would suggest useing some form of data encrypion and/or keeping that data on an external drive that you can take with you. If you're just conserned with someone messing up you're computer there's nothing you can really do about it. All the security in the world wont stop a large electo-magnet or power surge.
Last edited by andy753421; 08-06-2005 at 09:42 PM.
One of the best ways to prevent physical tampering is simply to keep the computer locked up. You can get cases that have locks on them (but their easily bipassed).
Just a thought, you can weld some bended and pierced iron plates (L-shaped) to the sides of the sliding panels of the case and on the case itself, then use a regular lock to prevent case opening. It's kinda ugly solution, but the one who'd like to open the case to erase the bios or something should take the time to cut the lock, making some noise too.
Other than that, remove the harddrive from the computer and hide it while you're away...just kidding.
Well...hmm..thanx for ur solutions but I really can't afford to lock up my pc that way....my family uses it and I'm just a 21-yr kid using the same pc
So I know that NO ONE in my family would do any intentional damage to my pc......what I ONLY want is that no one should get access to my linux system by changing password etc.
Apart from encrypting personal files, isn't there ANY other way?
Originally posted by coolblue Well...hmm..thanx for ur solutions but I really can't afford to lock up my pc that way....my family uses it and I'm just a 21-yr kid using the same pc
So I know that NO ONE in my family would do any intentional damage to my pc......what I ONLY want is that no one should get access to my linux system by changing password etc.
Apart from encrypting personal files, isn't there ANY other way?
Thanks again
Create a BIOS password, share that with your family. Then create a Grub/Lilo password, if trusted users also use the same Linux OS, share the password with them and only them. Get a padlock to lock your computer case so no one can pull the cmos battery to reset the BIOS password. Then always use strong passwords for all users, setup sudo for trusted users who might need sudo access but limit it so they can't change root's password, etc. Then change root's password to something random, forget it and get on with your life so you don't have to worry about someone tampering with your family's computer.
Originally posted by coolblue I'm just a 21-yr kid
Wow! A 21 year old kid who actually admits that he is still a kid. Amazing.
Ultimately, it is next to impossible to prevent a savy attacker, whom has physical access to the PC, from accessing anything on that PC. This is true regardless of what operating system the PC is running (Windows, Linux, or whatever). They are only a CMOS reset and bootdisk away from anything on the PC. Your efforts would be better served encrypting the actual files you wish nobody else to see, than trying to protect passwords from local users. Beyond that, you can take some steps outlined in the other posts to prevent "most" non-savy folks from accessing your PC.
Well..hehe..I'd ALWAYS like to think of myself as a kid...who wants to grow old? maybe thinking of oneself as a kid retards the ageing process and keeps u youthful for a longer time just my own silly thoughts...
Thanks for all ur solutions..I'll hide the files & encrypt them..that I think is the most I can do
An external hdd for your personal files might be an idea.
Computer cases aren't particularly strong so it seems a bit of a daft idea putting a padlock on it, it may be a good idea to put a lock on the door to the computer room and give everyone who needs access a key.
I know it's a bit of an old topic - but here is an idea:
Use an encrypted root partition that requires the key upon boot - most likely not too hard to set up (never had to do it myself, but might soon).
If you want something more extreme: put an encrypted partition table inside another partition table - then have a custom boot loader that knows exactly where that partition table starts and asks you for the key to decrypt the initial table that contains partitions that are encrypted (in case the table itself is decrypted). Also store that boot loader on a usb stick and boot from that (if your motherboard supports usb boot).
Those ideas are only theoretical and your criticism is welcome.
Originally posted by coolblue Well...hmm..thanx for ur solutions but I really can't afford to lock up my pc that way....my family uses it and I'm just a 21-yr kid using the same pc
So I know that NO ONE in my family would do any intentional damage to my pc......what I ONLY want is that no one should get access to my linux system by changing password etc.
Apart from encrypting personal files, isn't there ANY other way?
Thanks again
Security begins with physical access.
If you want total security to your system, you could have a USB hard drive that is your system. That way you can take your drive with you and boot off many different machines.
Originally posted by andy753421
All the security in the world wont stop a power surge. [/B]
Maybe not, but a surge protector will.
Sorry, I know this is mostly irrelevant, but I just wanted to mention how curious I find it that so few people in North America (by which I mean Halifax, Nova Scotia, Canada) use these. Maybe it is a degree of paranoia that comes from having lived nine years in a South American country with unstable power, but I have one of the little boxes hooked between every computer in the house and the power outlets. Yep, even the old laptop from '95 with a smashed screen. Well why not? They're cheap and could save your system from pretty bad stuff. Just wanted to get that idea out there, you know, spread surge protector awareness. Always use protection kind of thing.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.