Linux - NewbieThis Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place!
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
On a security point of view, Linux is all about rights partitioning (users can have different home directories, files access rights are methodically set and so on...).
However, one only needs to insert a rescue/install disk to be root, mount everything (s)he needs, chroot instantly etcetera.
So may I ask why bothers with the rights then? Sorry, the question is surely simplistic but I think you get my point
Did I miss something? Do I need to understand that to have a secure system I must deactivate booting from an external drive/disk?
Thank you.
Distribution: Currently: OpenMandriva. Previously: openSUSE, PCLinuxOS, CentOS, among others over the years.
Posts: 3,881
Rep:
Quote:
Originally Posted by l0f4r0
On a security point of view, Linux is all about rights partitioning (users can have different home directories, files access rights are methodically set and so on...).
However, one only needs to insert a rescue/install disk to be root, mount everything (s)he needs, chroot instantly etcetera.
So may I ask why bothers with the rights then? Sorry, the question is surely simplistic but I think you get my point
Did I miss something? Do I need to understand that to have a secure system I must deactivate booting from an external drive/disk?
Thank you.
That's why I encrypt my "home" partition, so even if you did try to mount it with a "live" system, you would still need the password for the encryption to decrypt it.
Otherwise yeah, it's pretty easy to mount the partitions and copy everything off of it. I don't bother encrypting the "root" partition, given that you could just download the system itself off of the Internet anyway.
Also, consider that "only...insert a rescue/install disk" requires physical access to the hardware. Restriction of physical access in a business environment is (should be) limited to those who already have root access.
Given that "normal" users won't have that access, the rights of which you speak are used to manage the (usually necessary) "separation of powers"
That means that it's somewhat incorrect to think that data are securely partitioned (i.e. cannot be accessed by normal users) in a personal environment (for example if I create different /home directories for my parents, brother, sister etc on the shared home computer)?
Distribution: Currently: OpenMandriva. Previously: openSUSE, PCLinuxOS, CentOS, among others over the years.
Posts: 3,881
Rep:
If they can start another system and mount the partitions on that computer with root permissions, and those partitions are not encrypted (or they know the encryption password for those partitions if they are encrypted), then yes, they could still access the data on said partitions.
You can also normally set a password on the BIOS/UEFI "boot menu" so they can't start another system unless they know that password.
That means that it's somewhat incorrect to think that data are securely partitioned (i.e. cannot be accessed by normal users) in a personal environment (for example if I create different /home directories for my parents, brother, sister etc on the shared home computer)?
If any of those family members are not root but knowledgeable enough to use a rescue disk then yes, somewhat incorrect...but that's pretty much the primary condition.
If none are such, and not allowed sudo, then the data are securely partitioned, AFAIK.
You can also normally set a password on the BIOS/UEFI "boot menu" so they can't start another system unless they know that password.
Ok, thanks for this countermeasure
Quote:
Originally Posted by scasey
If any of those family members are not root but knowledgeable enough to use a rescue disk then yes, somewhat incorrect...but that's pretty much the primary condition.
If none are such, and not allowed sudo, then the data are securely partitioned, AFAIK.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.