HD Install :: Security question

I've installed 4.1 (traditional HD) with multi-user support and created accounts for several users.

Normal bootup is fine, after GRUB runs the default DSL entry, I'm asked for my credentials and I boot in as a user.

I've seen an issue when booting up after I've had to force the machine off. If I power down the machine without exiting from Xwindows or DSL, the next time I boot up, the system performs an fsck, fixes or deletes some inodes and then logs in automatically as the 'dsl' user - su(pam_unix)[56]:... From that login, I can navigate to any place on the file system.

My question is: Is this what I should expect from all Linux distributions or is it something that needs attention because of the addition of multi-user support recently in DSL?

No, that's not something expected or wanted. Multi-user support has been in a long time though, but I guess no-one has thought of that..

A question: Is the prompt "Repair> "?

Multi-user has been in place for a very long time, and it is driven by /etc/inittab.

Booting liveCD or frugal with different (multi-users) specified by the user=name option is something new.

If yours is the second newer method then edit default grub menu to eliminate any non user= options.

If yours in first, then it seems odds that somehow iniitab would "corrupt" back to the original no login.

fsck'ing would be running as root and control given to user dsl would be via iniitab.

However, any machine that can boot from cdrom, usb, floppy, etc, and someone has physical access can always choose to boot many OS, not just Linux, and gain full control of your machine.

Quote (curaga @ Dec. 15 2007,13:47)

A question: Is the prompt "Repair> "?

No, the prompt is "dsl@console[dsl]$"

[quote=roberts,Dec. 15 2007,14:03][/quote]
Thanks Robert,

Quote

If yours is the second newer method then edit default grub menu to eliminate any non user= options.

I am using a traditional HD install.

The GRUB entry that I'm using reads: kernel /boot/linux24 root=/dev/hda2 quiet vga=normal acpi=off apm nodma noscsi frugal

It's the default entry that was given when I installed GRUB, except that I modified the acpi and apm options.

Is there another way that I can turn off acpi and turn on apm so that I can remove all the options?

Quote

However, any machine that can boot from cdrom, usb, floppy, etc, and someone has physical access can always choose to boot many OS, not just Linux, and gain full control of your machine.

Okay, I understand that. I'm not trying to bullet-proof the machine, but I would like to control the installed OS so that it doesn't open any doors like this.

Quote

Multi-user has been in place for a very long time, and it is driven by /etc/inittab.

If anyone can help me understand what changes I need to make, I'd be grateful.

Next Page...
original here.