LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 08-11-2018, 01:19 PM   #1
l0f4r0
Member
 
Registered: Jul 2018
Location: Paris
Distribution: MacOS, Slackware
Posts: 61

Rep: Reputation: 13
Easy root access with an install disk booting


On a security point of view, Linux is all about rights partitioning (users can have different home directories, files access rights are methodically set and so on...).
However, one only needs to insert a rescue/install disk to be root, mount everything (s)he needs, chroot instantly etcetera.
So may I ask why bothers with the rights then? Sorry, the question is surely simplistic but I think you get my point
Did I miss something? Do I need to understand that to have a secure system I must deactivate booting from an external drive/disk?
Thank you.
 
Old 08-11-2018, 01:25 PM   #2
jsbjsb001
Senior Member
 
Registered: Mar 2009
Location: Earth? I would say I hope so but I'm not so sure about that... I could just be a figment of your imagination too.
Distribution: CentOS at the time of this writing, but some others over the years too...
Posts: 1,699

Rep: Reputation: 816Reputation: 816Reputation: 816Reputation: 816Reputation: 816Reputation: 816Reputation: 816
Quote:
Originally Posted by l0f4r0 View Post
On a security point of view, Linux is all about rights partitioning (users can have different home directories, files access rights are methodically set and so on...).
However, one only needs to insert a rescue/install disk to be root, mount everything (s)he needs, chroot instantly etcetera.
So may I ask why bothers with the rights then? Sorry, the question is surely simplistic but I think you get my point
Did I miss something? Do I need to understand that to have a secure system I must deactivate booting from an external drive/disk?
Thank you.
That's why I encrypt my "home" partition, so even if you did try to mount it with a "live" system, you would still need the password for the encryption to decrypt it.

Otherwise yeah, it's pretty easy to mount the partitions and copy everything off of it. I don't bother encrypting the "root" partition, given that you could just download the system itself off of the Internet anyway.

If I understood your question/post correctly...
 
1 members found this post helpful.
Old 08-11-2018, 01:49 PM   #3
scasey
Senior Member
 
Registered: Feb 2013
Location: Tucson, AZ, USA
Distribution: CentOS 7.5
Posts: 1,432

Rep: Reputation: 490Reputation: 490Reputation: 490Reputation: 490Reputation: 490
Also, consider that "only...insert a rescue/install disk" requires physical access to the hardware. Restriction of physical access in a business environment is (should be) limited to those who already have root access.

Given that "normal" users won't have that access, the rights of which you speak are used to manage the (usually necessary) "separation of powers"
 
2 members found this post helpful.
Old 08-11-2018, 01:50 PM   #4
pan64
LQ Guru
 
Registered: Mar 2012
Location: Hungary
Distribution: debian/ubuntu/suse ...
Posts: 11,153

Rep: Reputation: 3334Reputation: 3334Reputation: 3334Reputation: 3334Reputation: 3334Reputation: 3334Reputation: 3334Reputation: 3334Reputation: 3334Reputation: 3334Reputation: 3334
actually I work on a lot of remote and virtual systems. There is no any way (to anyone) to insert a rescue/install disk....
 
2 members found this post helpful.
Old 08-11-2018, 04:26 PM   #5
l0f4r0
Member
 
Registered: Jul 2018
Location: Paris
Distribution: MacOS, Slackware
Posts: 61

Original Poster
Rep: Reputation: 13
That means that it's somewhat incorrect to think that data are securely partitioned (i.e. cannot be accessed by normal users) in a personal environment (for example if I create different /home directories for my parents, brother, sister etc on the shared home computer)?
 
Old 08-11-2018, 04:33 PM   #6
jsbjsb001
Senior Member
 
Registered: Mar 2009
Location: Earth? I would say I hope so but I'm not so sure about that... I could just be a figment of your imagination too.
Distribution: CentOS at the time of this writing, but some others over the years too...
Posts: 1,699

Rep: Reputation: 816Reputation: 816Reputation: 816Reputation: 816Reputation: 816Reputation: 816Reputation: 816
If they can start another system and mount the partitions on that computer with root permissions, and those partitions are not encrypted (or they know the encryption password for those partitions if they are encrypted), then yes, they could still access the data on said partitions.

You can also normally set a password on the BIOS/UEFI "boot menu" so they can't start another system unless they know that password.
 
1 members found this post helpful.
Old 08-11-2018, 04:33 PM   #7
scasey
Senior Member
 
Registered: Feb 2013
Location: Tucson, AZ, USA
Distribution: CentOS 7.5
Posts: 1,432

Rep: Reputation: 490Reputation: 490Reputation: 490Reputation: 490Reputation: 490
Quote:
Originally Posted by l0f4r0 View Post
That means that it's somewhat incorrect to think that data are securely partitioned (i.e. cannot be accessed by normal users) in a personal environment (for example if I create different /home directories for my parents, brother, sister etc on the shared home computer)?
If any of those family members are not root but knowledgeable enough to use a rescue disk then yes, somewhat incorrect...but that's pretty much the primary condition.

If none are such, and not allowed sudo, then the data are securely partitioned, AFAIK.
 
1 members found this post helpful.
Old 08-11-2018, 05:12 PM   #8
l0f4r0
Member
 
Registered: Jul 2018
Location: Paris
Distribution: MacOS, Slackware
Posts: 61

Original Poster
Rep: Reputation: 13
Quote:
Originally Posted by jsbjsb001 View Post
You can also normally set a password on the BIOS/UEFI "boot menu" so they can't start another system unless they know that password.
Ok, thanks for this countermeasure

Quote:
Originally Posted by scasey View Post
If any of those family members are not root but knowledgeable enough to use a rescue disk then yes, somewhat incorrect...but that's pretty much the primary condition.
If none are such, and not allowed sudo, then the data are securely partitioned, AFAIK.
Knowledge is power then
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Separate root directory = easy re-install? psuliin Linux - Newbie 6 01-20-2011 05:16 AM
access ubuntu root disk on xp install justwantin Ubuntu 8 02-28-2010 06:42 PM
I can't access to the root disk, help please markluocanada Slackware 14 09-29-2007 03:37 PM
here's to Linspire for allowing easy root access ashokanfarewell Linspire/Freespire 6 04-08-2006 04:26 PM
Easy access to root - vulnerability? Gay R0b0t Linux - Software 5 02-21-2005 08:19 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 11:52 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration