On Fri, Mar 21, 2014 at 11:06:03AM +0000, Robin wrote: > I may have missed something. If someone has physical access to your > machine can't they just power off and go into single user mode and > change the root password? Maybe, maybe not. Console access doesn't have to mean complete access. The scenario I always have in my head for these sorts of things is a Computer Lab at a university/college. You can allow anyone to come up and use the machine via the keyboard/mouse/VDU attached to it, but to counter the attack vector you mention, you simply lock the computer itself away in a secure cage under the desk. That also stops the "security vector" of someone simply picking up the machine and walking off with it ;)
Attachment:
signature.asc
Description: Digital signature