On Monday, 22.01.2007 at 10:39 -0800, Tyler MacDonald wrote: > Dave Ewart <[EMAIL PROTECTED]> wrote: > > This is actually what is done, yes. > > > > And, in addition, the safe is only accessible to restricted > > individuals. Having said that, none of the restricted individuals > > (apart from me) would know what to do with the root password anyway > > ... > > > > All a matter of risk assessment, really. > > I'm coming into this conversation late, so this may have already been > covered... > > Have you put a password on your bootloader (GRUB, etc) to restrict > changing the boot parameters? > > Otherwise, you can simply edit the boot parameters, and add something > like "S init=/bin/bash" to the end to drop yourself right into a root > shell on boot.
Password-protecting the bootloader is sensible if the system in question is in a public area, or likely to be accessible to many people. However, the servers are in locked rooms with very limited access. It only introduces a hassle to password-protect the bootloader unnecessarily. Dave. -- Please don't CC me on list messages! ... Dave Ewart - [EMAIL PROTECTED] - jabber: [EMAIL PROTECTED] All email from me is now digitally signed, key from http://www.sungate.co.uk/ Fingerprint: AEC5 9360 0A35 7F66 66E9 82E4 9E10 6769 CD28 DA92
signature.asc
Description: Digital signature
