On Thu, 2005-12-08 at 21:09 -0500, Leonard Isham wrote: > On 12/8/05, Danny Terweij - Net Tuning | Net <d.terweij@xxxxxxxxxxxxx> wrote: > > > > From: "Terry Polzin" <fox3ec208@xxxxxxxxxxxxxxxx> > > > > > > >I'd boot into rescue mode and vi the /etc/shadow file and remove the > > passwords > > >then reboot normal. The accounts will then have no password and then you > > >could generate your own passwords. > > > > > > Eeks!. I thought linux was better then windows with passwords security. > > > > So when your laptop/server/pc is stolen all they have to do is this and gets > > full access as root with no pass? > > > > Next question, how to prevent this ? > > > > Welcome. Now tou know why physical security is a must. Encryption > with a strong passphrase. There is support for encrytped loopbacks. > THe options and details are quite lengthy. Google and you will find > articles and how-to's onthe subject. Also google PGP and GPG > (http://www.gnupg.org/) for more information. ---- there is the ability to require a boot password for grub but generally, if you can boot from a cd, you can still access files. Then of course, you can boot into runlevel 1 instead of 'rescue mode' and change passwords Then of course, you probably shouldn't edit /etc/shadow directly but rather simply issue 'passwd USER_NAME' even in runlevel 1 mode to reset passwords. Craig
