On 31 Jan 2012, at 16:59, Yasha Karant wrote:
> On 01/30/2012 11:28 PM, Sergio Ballestrero wrote:
>> For the next time (because there's always one ;-) ), you can use
>> init=/bin/bash
>> as a boot option, it will completely skip the standard init and therefore the root password request.
> I do not like the idea of having an automatic root backdoor for security reasons (a university, in a department of computer science and engineering, with some bright CS, CE, and Physics majors -- some of whom do not accept in practice the ethics we attempt to instill). I have used and will continue to use the toor kludge as an alternative to root for situations in which the root home directory, etc., is corrupt -- but toor also is defended, not open.
the init= "backdoor" is there in the kernel, whether you like having it or not (unless you patch it away) :
http://lxr.free-electrons.com/source/init/main.c#L757
so, as Niko was saying, you anyway must have a Grub password on any system that you care a bit about, it's the only defence.
And, I would add, BIOS settings password. And a big locked cage around it, etc etc ;-)
Cheers,
Sergio
--
Sergio Ballestrero - http://physics.uj.ac.za/psiwiki/Ballestrero
University of Johannesburg, Physics Department
ATLAS TDAQ sysadmin group
|