On 31 Jan 2012, at 16:59, Yasha Karant wrote: > On 01/30/2012 11:28 PM, Sergio Ballestrero wrote: >> For the next time (because there's always one ;-) ), you can use >> init=/bin/bash >> as a boot option, it will completely skip the standard init and therefore >> the root password request. > I do not like the idea of having an automatic root backdoor for security > reasons (a university, in a department of computer science and engineering, > with some bright CS, CE, and Physics majors -- some of whom do not accept in > practice the ethics we attempt to instill). I have used and will continue to > use the toor kludge as an alternative to root for situations in which the > root home directory, etc., is corrupt -- but toor also is defended, not open.
the init= "backdoor" is there in the kernel, whether you like having it or not (unless you patch it away) : http://lxr.free-electrons.com/source/init/main.c#L757 so, as Niko was saying, you anyway must have a Grub password on any system that you care a bit about, it's the only defence. And, I would add, BIOS settings password. And a big locked cage around it, etc etc ;-) Cheers, Sergio -- Sergio Ballestrero - http://physics.uj.ac.za/psiwiki/Ballestrero University of Johannesburg, Physics Department ATLAS TDAQ sysadmin group
