25

A few days ago, a friend of mine, wanted to show me that he can use my linux even if I don't tell him my password.

He entered in GRUB, selected the recovery mode option. My first problem is that he already had access to my files (read only). He tried to do passwd but failed. Then he did some kind of remount (I guess that gave him write rights) and after that he was able to change my password.

Why is this possible? I personally see it a security issue. Where I work there are several people that use linux and neither of them have a BIOS password set or some other kind of security wall.

Ilea Cristian
  • 355
  • 3
  • 8

4 Answers4

44

The passwords are meant to prevent access from outside (network, internet), and they accomplish it. However, physical access is root access.

Unless you're encrypting your entire partition, it's always possible to boot from an optical disc or a flash drive and gain access to all your files. This way, you can also modify the files that store the users' passwords.

However, you can choose to disable the recovery mode of you want to. Steps:

  1. Open /etc/default/grub in a text editor (with root privileges)

  2. Uncomment/add the line following line:

    GRUB_DISABLE_RECOVERY="true"

  3. Save the changes and run the following command:

    sudo update-grub
Dennis
  • 50,701
6

If someone can physically touch your machine they can get in.

Easiest way, load linux on a usb drive and boot from the usb stick. Voila, you can view the native file system and make whatever changes you like.

choroba
  • 20,299
HayekSplosives
  • 613
3

It will always be possible to change the root password. It can always happen that someone forgot it. You need physical access to the server (or console access when virtualized) to enter the GRUB recovery mode, so when you are already there you can take the whole server/desktop as well to pull out the HDD and do some forensics on it. Safety-wise it does not matter a lot.

You can always encrypt your disc if you want additional security. That will make recovery a lot harder.

Scott - Слава Україні
  • 22,532
Jeroen
  • 186
  • 1
  • 4
2

For grub 1 do the following:

  1. Open a command line and enter as root grub-md5-crypt

  2. You are being asked for a password and after confirming your password you will see a hashvalue which you copy to the clipboard

  3. Open your editor of choice and edit /boot/grub/menu.lst and add to the first line:

    password --md5 "Hashvalue"

  4. Safe the file. The hashvalue is the one you get from the command grub-md5-sum

For grub2 there is a tool which lets you setup this more easy http://sourceforge.net/projects/grubpass/ After installing just type:

  1. grubpass into the shell as root user. The program is pretty much self explanatory.

However the best way to protect your data from this kind of access is to use full disk encryptpion.

Oliver Salzburg
  • 89,072
  • 65
  • 269
  • 311
l1zard
  • 1,084