On Mon, 05 Jul 1999, you wrote:
> It is secure, If you keep it that way and do not mess with things you do not
> know about. Don't change things if you do not know what it can do to your
> system..
That's not really an answer to the question, nor is it accurate.
The question was - why can someone boot a system without the
password?
Security is relative. If someone has physical access to your computer,
and there is a floppy drive, anyone with a couple of linux boot/root disks can
start the system without knowing any passwords. Similarly, you can lock your
cars and take the keys, but I can come along with a tow truck and steal the car
anyway. Given that, why use passwords?
The password system serves to prevent accidental changes that would
mess up the software, and to discourage users from looking at other users'
data. It's just a good balance between a system that's totally open (like DOS)
and a system so secure it's unusable. You can change the balance in either
direction, but you can't eliminate the possibility someone will gain access.
Should you change it in the direction of "more secure"? Probably not.
Anyone who knows the "linux single" trick almost certainly knows the
"bring your own floppy" trick also.
If your need for privacy justifies, you could remove the floppy
drive (probably kinda inconvenient) and/or run an encrypted file system that
makes data almost impossible to retrieve, (and slows down operations
considerably.) It might be easier to just lock the disk drive in the safe
when you're not using it.
Anyone who has physical access to your computer must be assumed to
be "authorized" to be there, and therefore trustworthy. If that is not the case,
then posting armed guards and vicious dogs would be appropriate..
Regards,
Irv
> ----- Original Message -----
> From: Jo <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Sent: Monday, July 05, 1999 07:15 James
> Subject: [newbie] Lack of security when booting in Linux single
>
>
> > Hi,
> >
> > Recently my system failed to boot (I had added something to rc.local, that
> didn't belong there). On irc I was told that I could still boot if I gave
> linux single at the LILO boot. This worked, but to my surprise I never had
> to enter a login or a password. Even then, I was allowed to change rc.local
> back to what it was.
> >
> > Is this normal? I thought Linux was supposed to be so secure.
> >
> > Jo
> >
