Lack of Security certainly sounds like a "user" experience to me.
booting single and changing passwords is a Feature not a "glaring security problem". You got boned once, you should be motivated to 'fix' your setup with renewed enthusiasm.
The First Security Rule is "There is NO Security without physical security".
If I can put my hands on it, there's a chance you haven't done due diligence and I could work with that. Anyone, at any age with desire can google how to do this.
Power-On passwords
Restricted BIOS and boot options.
Password the boot manager.
great, I have Tang in my kitchen, doesn't make me an astronaut.
The burden is yours.
Windows assumes the user is an idiot.
Linux demands proof.
The only thing you can do as are already mentioned.
If the person has physical access and is allowed to use the machine then BIOS passwords, Grub passwords, keys and locks wont do anything really if your child is likely to "ignore" you.
if they will listen to you then tell them not to use recovery console
You could look at sulogin if its a priority. (it will mean enabling root and giving it a password)
http://linux.about.com/library/cmd/blcmdl8_sulogin.htm
See here http://www.stuartellis.eu/articles/s...uring-recovery (things are slightly different for Ubuntu than most other distros in this respect)
Backtrack - Giving machine guns to monkeys since 2006
Kali-Linux - Adding a grenade launcher to the machine guns since 2013
I seriously doubt you have tang in your kitchen.
When did help fourms become so snipie? I guess its somehow cool now?
And if the burden is not shared, why respond at all? Why would we have a fourm? Heck lets shut down the internet... The purpose of a fourm is the exchange of shared burdens..
Thread moved to Recurring Discussions.
This comes up over and over again.
What about encrypted home folder? So if he changes the password from recovery mode the disk will still be encrypted since you need the original password for decryption.
The only way you can truly prevent this if your son has physical access is to encrypt your disk. That has the downside that you will have to boot your computer. Once booted, your son will be able to boot into his account.
As already stated, you can use LUKS. Another option is Truecrypt.
Always make regular backups of your data (and test them).
Visit Full Circle Magazine for beginners and seasoned Linux enthusiasts.
Any computer is hackable if you can access it physically. There's not much you can do, other than encrypt the HDD and hope he doesn't use Ophcrack.
Telling him not to touch it without your permission is the only real solution.
Also, please don't use the "I've been using Linux longer than you've been alive" argument. I know people in this thread who have used Gentoo and etc.
If you don't want us to be "snipie" then don't snap at us.
How do you stop him? Get him his own PC, of course! (Duh!)
BTW, I have a son who is probably old enough to have a son the age of yours!
“Nonsense is an assertion of man's spiritual freedom in spite of all the oppressions of circumstance” -- Aldous Huxley
The real power of Linux lies in the command line
Bookmarks