Ubuntu root access.
Comments(15) One of the greatest features that Linux has to offer, is the ability to customize your version so that it works the way you like it. Being a computer science student I have many friends that run linux, and many running windows (most dual boot).
With some of my windows friends there is a bit of an on going war about who’s computer is better, IBM vs Dell, Windows vs Linux vs Mac, Ubuntu vs Fedora Firefox vs IE, Vista vs XP. The things to debate are endless, its mostly all in good fun but it can sometimes get heated. The great thing is that usually when someone finds a “flaw” with ubuntu I can fix it on the spot if I so chose. Common arguments are that the brown is ugly (I love the brow), all I need do is fire up beryl or compiz (gl desktop). And the argument is shutdown.
The other day it was pointed out to me that a “flaw” was that if ubuntu was booted into recovery mode that the user was then given root access without the need of a password. I know that /boot/grub/menu.lst controls grub so I open it up “sudo gedit /boot/grub/menu.lst” and search for the word “password” at line 28 I find
## password ['--md5'] passwd
# If used in the first section of a menu file, disable all interactive editing
# control (menu entry editor and command-line) and entries protected by the
# command ‘lock’
# e.g. password topsecret
# password –md5 $1$gLhU0/$aW78kHK1QfV3P2b2znUoe/
# password topsecrete
I change it to
## password ['--md5'] passwd
# If used in the first section of a menu file, disable all interactive editing
# control (menu entry editor and command-line) and entries protected by the
# command ‘lock’
# e.g. password topsecret
# password –md5 $1$gLhU0/$aW78kHK1QfV3P2b2znUoe/
password topsecrete
Go down to the bottom of the file and change
## ## End Default Options ##
title Ubuntu, kernel 2.6.20-16-generic
root (hd0,0)
kernel /boot/vmlinuz-2.6.20-16-generic root=UUID=8fdab1e2-1453-4eb3-a8db-a14dbff447d0 ro quiet splash
initrd /boot/initrd.img-2.6.20-16-generic
quiet
savedefaulttitle Ubuntu, kernel 2.6.20-16-generic (recovery mode)
root (hd0,0)
kernel /boot/vmlinuz-2.6.20-16-generic root=UUID=8fdab1e2-1453-4eb3-a8db-a14dbff447d0 ro single
initrd /boot/initrd.img-2.6.20-16-generictitle Ubuntu, kernel 2.6.20-15-generic
root (hd0,0)
kernel /boot/vmlinuz-2.6.20-15-generic root=UUID=8fdab1e2-1453-4eb3-a8db-a14dbff447d0 ro quiet splash
initrd /boot/initrd.img-2.6.20-15-generic
quiet
savedefaulttitle Ubuntu, kernel 2.6.20-15-generic (recovery mode)
root (hd0,0)
kernel /boot/vmlinuz-2.6.20-15-generic root=UUID=8fdab1e2-1453-4eb3-a8db-a14dbff447d0 ro single
initrd /boot/initrd.img-2.6.20-15-generictitle Ubuntu, memtest86+
root (hd0,0)
kernel /boot/memtest86+.bin
quiet### END DEBIAN AUTOMAGIC KERNELS LIST
to
## ## End Default Options ##
title Ubuntu, kernel 2.6.20-16-generic
root (hd0,0)
kernel /boot/vmlinuz-2.6.20-16-generic root=UUID=8fdab1e2-1453-4eb3-a8db-a14dbff447d0 ro quiet splash
initrd /boot/initrd.img-2.6.20-16-generic
quiet
savedefaulttitle Ubuntu, kernel 2.6.20-16-generic (recovery mode)
lock
root (hd0,0)
kernel /boot/vmlinuz-2.6.20-16-generic root=UUID=8fdab1e2-1453-4eb3-a8db-a14dbff447d0 ro single
initrd /boot/initrd.img-2.6.20-16-generictitle Ubuntu, kernel 2.6.20-15-generic
lock
root (hd0,0)
kernel /boot/vmlinuz-2.6.20-15-generic root=UUID=8fdab1e2-1453-4eb3-a8db-a14dbff447d0 ro quiet splash
initrd /boot/initrd.img-2.6.20-15-generic
quiet
savedefaulttitle Ubuntu, kernel 2.6.20-15-generic (recovery mode)
lock
root (hd0,0)
kernel /boot/vmlinuz-2.6.20-15-generic root=UUID=8fdab1e2-1453-4eb3-a8db-a14dbff447d0 ro single
initrd /boot/initrd.img-2.6.20-15-generictitle Ubuntu, memtest86+
lock
root (hd0,0)
kernel /boot/memtest86+.bin
quiet### END DEBIAN AUTOMAGIC KERNELS LIST
Now not only can the user not access anything but my default boot option with using the very secure password, lol. While I don’t consider it a bug that the user could have gained access to the root before without a password I love how easy it is in Linux to prevent that kind of thing. Now all I need is to set my BIOS password so that the user cant boot of anything but the hard disk without a password.