Ubuntu This forum is for the discussion of Ubuntu Linux. |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
 |
03-13-2007, 02:10 PM
|
#1
|
LQ Newbie
Registered: Feb 2007
Location: Switzerland
Posts: 21
Rep:
|
Security Question
After installing Ubuntu then leaving it for a few days I forgot my base user password. So, looking through the forums I came across a way to reser my password by booting in the "Recovery Mode" of GRUB then using the passwd command.
This worked fine but I then thought that if I install UBUNTU on workstations for non-priviledged users thew will also find it easy to change the base password and gain privileged access to the system.
Is there a recognised method of preventing this?
Thanks
|
|
|
03-13-2007, 09:37 PM
|
#2
|
Senior Member
Registered: Nov 2002
Location: British Columbia, Canada
Distribution: Gentoo x86_64; FreeBSD; OS X
Posts: 3,764
Rep:
|
Quote:
Is there a recognised method of preventing this?
|
You can also set a 'grub' password, to dissallow mucking about.
Also consider setting a CMOS (BIOS) password.
|
|
|
03-13-2007, 11:41 PM
|
#3
|
Senior Member
Registered: May 2005
Distribution: Ubuntu with IceWM
Posts: 1,775
Rep:
|
Quote:
Originally Posted by vasco-t
This worked fine but I then thought that if I install UBUNTU on workstations for non-priviledged users thew will also find it easy to change the base password and gain privileged access to the system.
Is there a recognised method of preventing this?
|
Yes, remove the Grub entry or establish a root password and prevent physical access to the workstation.
Read more here:
http://psychocats.net/ubuntu/security#recoveryrisk
|
|
|
03-14-2007, 06:46 AM
|
#4
|
LQ Newbie
Registered: Feb 2007
Location: Switzerland
Posts: 21
Original Poster
Rep:
|
Thanks for your replies/suggestions.
Putting a password on the CMOS/BIOS would, of course, limit workstation access but in this case the workstation will be used as a general Internet access station by many users so the BIOS password would be distributed.
I edited the /boot/grub/menu.lst file to include the command:
password topsecret
(as in the example) but I found that I could still select recovery mode from the grub menu. Maybe I have interpreted it wrong but I thought that this command limited access to the grub menu.
Any ideas?
Thanks
|
|
|
03-14-2007, 01:05 PM
|
#5
|
Senior Member
Registered: Nov 2002
Location: British Columbia, Canada
Distribution: Gentoo x86_64; FreeBSD; OS X
Posts: 3,764
Rep:
|
Quote:
Maybe I have interpreted it wrong but I thought that this command limited access to the grub menu.
|
Sorry Vasco, I thought it would too. Kind of pointless otherwise...
Wait, from "info grub":
Code:
password [`--md5'] passwd [new-config-file]
If used in the first section of a menu file, disable all
interactive editing control (menu entry editor and command-line)
and entries protected by the command `lock'.
So, you just have to 'lock' the entries.
HTH
|
|
|
03-15-2007, 05:06 AM
|
#6
|
LQ Newbie
Registered: Feb 2007
Location: Switzerland
Posts: 21
Original Poster
Rep:
|
Many thanks.
After a few tries I got it working.
It seems that I needed to insert the command lock after every line that started with title.
Although, reading the notes in menu.lst it seems that a Debian Update will overwrite my lock command.
Cheers
|
|
|
All times are GMT -5. The time now is 12:35 PM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|