System Administration
cancel
Showing results for 
Search instead for 
Did you mean: 

pros and cons of bootloader passsword

 
SOLVED
Go to solution
Ragni Singh
Super Advisor

pros and cons of bootloader passsword

What is the reason why there should be a bootloader password and do folks use that?

I prefer not to but I want to get other folks opinion.
5 REPLIES
Steven E. Protter
Exalted Contributor
Solution

Re: pros and cons of bootloader passsword

Shalom,

Like many things, the answer depends.

I never use it.

I build and work with systems that are in a secure data center, with physical security.

If I felt this security was not adequate, I'd consider bootloader as an extra option, but if I had a choice, I'd opt out on the project.

In an environment where physical access to the server is controlled, I find it not necessary. I don't even use it in my home based lab, where physical security is not key card based.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
Matti_Kurkela
Honored Contributor

Re: pros and cons of bootloader passsword

In my opinion, there are not many places where a bootloader password makes sense; but one of them would be a kiosk-style machine accessible by the general public.

Typically such machines won't have an UPS, so any power failure (both accidental and intentional) will cause a reboot. The bootloader password would not prevent the machine from booting to a standard state; instead, it would prevent the users from gaining root access by entering boot options.

The appropriate support personnel would have the bootloader password. It would be used to get the machine out of the restricted kiosk mode for maintenance/service operations.

Of course, some physical security would also be required to stop people from opening the case and tampering with the system's internal components, and/or from stealing the entire system. Sometimes this requires nothing more than a few self-adhesive labels as seals; in other locations, the chassis will have to be locked and chained to the nearest solid structure.

MK
MK
Ivan Ferreira
Honored Contributor

Re: pros and cons of bootloader passsword

We use it a lot on the University lab workstations.

You must prevent the ability to boot and get root access.

If the server is physically located on a branch office, and you cannot be 100% sure of security, you should use also.

The con is that if you really need to boot into single user or emergency mode, to repair something, you may get stuck if you don't know or remember the password. You will have to boot from a CD, connect one if don't have it, hope that the bios is not password protected, and so.
Por que hacerlo dificil si es posible hacerlo facil? - Why do it the hard way, when you can do it the easy way?
Fredrik.eriksson
Valued Contributor

Re: pros and cons of bootloader passsword

Pro's:
Security is always good :P As they've said above it hinders the wrong people to get the "right" access.

con's:
There's a couple of problems with this if you don't have physical access to the machine. A reboot takes atleast 2 people or a trip to your rent-a-rackspace datacenter :P
Ofcourse if you make sure it can boot into a default state and as explained above the right guys have the password to boot into rescue mode, this isn't a problem.

The main problem I see is that you can bypass this anyway.
If you have physical access and a USB stick/CD-ROM drive you can take any Linux install CD that gives you shell and some tools.
All you need to do is to set up a simple chroot environment and then rewrite grub/lilo to the MBR without any passwords.
So the kiosk-machine theory works since it probably won't have any functional USB ports or a CD-ROM drive... but for a server or a workstation I don't think it's fully possible to remove both.
You can ofcourse go to length and password protect the bios settings while turning of all legacy and USB-support and also set the boot-priority to boot on disk before CD.

And you all know how easy it is to remove a bios-password ;)

Well that's my rant for the day. Now to get some coffee and maybe get some work done :P

Best regards
Fredrik Eriksson
Steven E. Protter
Exalted Contributor

Re: pros and cons of bootloader passsword

Shalom,

I want to add that I agree with Ivan with regards to workstations.

Not being located in a data center, and exposed to many potential users, I would definitely protect grub with a password to avoid system compromise.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com