1

So I recently found out, that anyone can easily change root password if they have access to grub. I prevented that by adding extra password to it. Why is it made this way? It seems to be absolutely stupid - anyone can easily change your password, which makes it almost useless - maybe just to protect computer from kids. But if I have multiple OS'es, shouldn't locking grub prevent others users from loading that other OS? For example - I use Ubuntu (and I want to prevent others from logging in), but another user uses Win, which he should access through grub. But since it is locked, he cannot do that, unless he know grub's password. But then he can easily change my root password for Ubuntu.

In other words - is there a proper way to secure Ubuntu, so nobody could easily change root password?

Ri Di
  • 121
  • 1
  • 5
    Does this answer your question? How can I prevent someone from resetting my password with a Live CD? . Full. Disk. Encryption. – muru Aug 22 '21 at 07:30
  • 1
    If someone has physical access to your computer; it's not seen as a major concern, as any security can generally be worked around. Flaws were discovered in windows 7 in the first few months of it's release that allowed anyone with access to the power cord/power-switch to bypass all windows security; the fix for that would have made all windows media invalid; so microsoft said they'd fix the issue on the next version (win 8) as they needed physical access to the machine (ie. power cord) to disable all windows 7 security. Don't allow untrustworthy people access to your box – guiverc Aug 22 '21 at 07:35
  • Why are you letting attackers have physical access to your hardware? That seems like a rather easy fix. – user535733 Aug 22 '21 at 14:14
  • 1
    well not attackers - just other users. As I understand I just have to encypt my ubuntu partition – Ri Di Aug 22 '21 at 15:00

1 Answers1

3

Full disk encryption is the only way to protect your system in the event that someone gains physical access to your device. This is true with any device, including your phone and your Windows installation.

If your root file system is not encrypted, not only can your root password be changed, but an attacker could get all of your data and make changes to anything on your system.

You can set up full disk encryption during system install and you will be required to enter a password each time you boot your device. Your device will only be as secure as the password you choose, so pick a password or passphrase that is unlikely to be guessed or brute-forced and do not share it with anyone else. If you lose your password, you will be unable to decrypt your system.

Nmath
  • 12,333
  • so if I encrypt partition with Ubuntu, then I'll be safe from other users changing my password? – Ri Di Aug 22 '21 at 10:31
  • 1
    That is what the answer says. The password can only be changed provided the partition is decrypted - and nobody not knowing the encryption password can do that. – vanadium Aug 22 '21 at 10:47
  • so I could even not use root/user password, because there is encryption password already? – Ri Di Aug 22 '21 at 13:08
  • That wouldn't be wise. There are other reasons to have a user password beyond someone else gaining access to your computer. – Nmath Aug 22 '21 at 19:47