Is it possible to deny changing a file's contents even when booting from a LiveCD?
 

Hi,

I am using /etc/security/time.conf to deny a certain user access based on the time of day. This user, however, has knowledge enough to boot the system using a LiveCD, mounting the partition where time.conf resides, and changing it to allow him to login. I a8.m aware that this is a strange circumstance, but it's actually for real. Is there any way to deny changing a file even if the partition is mounted from another distribution (e.g. a LiveCD).

Thanks.

I am using Ubuntu 8.04.

Hi, if the person isn't enough computer savvy to modify file permissions, you might try to remove the "write" permission from the file alltogether. Another option would be filesystem encryption, but I have no experience with it. From what I understand, you can encrypt just one file,one directory, or the whole partition.

serafean

Disable booting from CD in the BIOS, and password-protect the BIOS?

No, there isn't. Once you've got to that point, the game is over.

I'm going to suggest the BIOS password as well for this one.

Remove the cdrom and usb from the boot order, as well as network...leaving only the hard drive as a boot point.

Then password protect the BIOS and they should not be able to boot outside the loaded operating system.

You can change the file attributes so that no one can write data on the file time.conf. Hope this may help.

Huh? That doesn't make any sense.

File attributes mean nothing to someone using a live CD to access a drive.