At 20:10 2000-06-04 -0400, Miroslav Skoric wrote:
>It looks to me that an access to a linux box is not protected at all if
>one follows what you all say. I mean, for example, if system
>administrator (root) is not present, anybody else could perform that you
>suggested and 'become' a new root.
If a user has physical access to a Linux PC, then can generally get in with
a boot disk or by taking advantage of an unprotected LILO.
>Now I wonder if there is a way to
>protect both root's and users' accounts from the unauthorized access?
The simple fact is that if they have enough time, they can reset the BIOS
to get around a BIOS password, install a floppy drive if there isn't one,
or just move the HD to another machine and copy the entire contents.
Physical security is not often talked about, but it is an important part of
securing the machine. If you don't control physical access to your machine,
then it's not secure.
>Btw, how the linux box can be sure that you are the 'right' root that
>forgot the password and not the one who pretends to be root?
It can't.
Tony
--
Anthony E. Greene <[EMAIL PROTECTED]>
PGP Key: 0x6C94239D/7B3D BD7D 7D91 1B44 BA26 C484 A42A 60DD 6C94 239D
Linux: The choice of a GNU Generation.
--
To unsubscribe: mail [EMAIL PROTECTED] with "unsubscribe"
as the Subject.
