Join Log in
Score:1
Ri Di avatar Ubuntu

Any other way to protect root password from being changed?

in flag
Ri Di

So I recently found out, that anyone can easily change root password if they have access to grub. I prevented that by adding extra password to it. Why is it made this way? It seems to be absolutely stupid - anyone can easily change your password, which makes it almost useless - maybe just to protect computer from kids. But if I have multiple OS'es, shouldn't locking grub prevent others users from loading that other OS? For example - I use Ubuntu (and I want to prevent others from logging in), but another user uses Win, which he should access through grub. But since it is locked, he cannot do that, unless he know grub's password. But then he can easily change my root password for Ubuntu.

In other words - is there a proper way to secure Ubuntu, so nobody could easily change root password?

62
1 + 4
muru avatar
us flag
muru
Does this answer your question? [How can I prevent someone from resetting my password with a Live CD?](https://askubuntu.com/questions/76987/how-can-i-prevent-someone-from-resetting-my-password-with-a-live-cd) . Full. Disk. Encryption.
5
Reply
guiverc avatar
cn flag
guiverc
If someone has physical access to your computer; it's not seen as a major concern, as any security can generally be worked around. Flaws were discovered in windows 7 in the first few months of it's release that allowed anyone with access to the power cord/power-switch to bypass all windows security; the fix for that would have made all windows media invalid; so microsoft said they'd fix the issue on the next version (win 8) as they needed physical access to the machine (ie. power cord) to disable all windows 7 security. Don't allow untrustworthy people access to your box
1
Reply
user535733 avatar
cn flag
user535733
Why are you letting attackers have physical access to your hardware? That seems like a rather easy fix.
0
Reply
Ri Di avatar
in flag
Ri Di
well not attackers - just other users. As I understand I just have to encypt my ubuntu partition
1
Reply
Score:3
Nmath avatar Ubuntu
ng flag
Nmath

Full disk encryption is the only way to protect your system in the event that someone gains physical access to your device. This is true with any device, including your phone and your Windows installation.

If your root file system is not encrypted, not only can your root password be changed, but an attacker could get all of your data and make changes to anything on your system.

You can set up full disk encryption during system install and you will be required to enter a password each time you boot your device. Your device will only be as secure as the password you choose, so pick a password or passphrase that is unlikely to be guessed or brute-forced and do not share it with anyone else. If you lose your password, you will be unable to decrypt your system.

0 + 4
Ri Di avatar
in flag
Ri Di
so if I encrypt partition with Ubuntu, then I'll be safe from other users changing my password?
0
Reply
vanadium avatar
cn flag
vanadium
That is what the answer says. The password can only be changed provided the partition is decrypted - and nobody not knowing the encryption password can do that.
1
Reply
Ri Di avatar
in flag
Ri Di
so I could even not use root/user password, because there is encryption password already?
0
Reply
Nmath avatar
ng flag
Nmath
That wouldn't be wise. There are other reasons to have a user password beyond someone else gaining access to your computer.
0
Reply
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.