On Thursday 16 February 2012 20:36:17 Reindl Harald wrote: > Am 16.02.2012 20:34, schrieb Gordon Messmer: > > On 02/16/2012 12:59 AM, Emilio Lopez wrote: > >> If I select recovery in grub menu, Fedora starts as root without > >> asking for password. Is this the expected behavior? > > > > Yes, the only way to secure your system against this is to encrypt your > > drives. If you don't encrypt your drives, > > there will always be a way to modify the system without a password > > not really > > if you have grub-password set and boot from external media like > USB/DVD disabled you have practically no way without move the > hard-disk to another computer or remove BIOS battery I believe that Gordon meant to say "even if they can steal your hard drive". If others have physical access to your machines (the stolen laptop scenario), the only and ultimate defense for your data is the encrypted hard disk. Namely, * root password can be circumvented if grub allows modifications of the kernel parameters; * grub password can be circumvented if bios allows booting from other devices (CD/USB/Network); * bios password can be circumvented if physical access to the machine is allowed (either by jumper-reseting the bios, or by hijacking the hard drive). But an encrypted hard disk cannot be decrypted in an easy way, even given the physical access to it. That's why it is the only way to secure your data, as Gordon put it. Best, :-) Marko -- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
