0

First of all let me apologize for the vague question title.

Here is a better explanation ...

I have an Ubuntu PC which I am using as a web server. It will normally run headless. When it is powered up it needs to boot automatically without any body entering a user name or password, so I guess we call this autologin.

If someone were to plug in a keyboard, mouse and monitor then they would have access to the system and the .php web files which I need to protect.

How can I stop someone simply plugging in a keyboard etc and having unrestricted access. I'm happy to only be able to access the system via ssh using myusername, mypassword.

Mike Young
  • 113
  • I still don't get what your need is. The OS should boot automatically if you power on the Hardware (if GRUB is setup correctly). If it is a headless Ubuntu there usually should be no autologin but you have to provide username and password on the TTY console. So I don't know what is different on your system or what you are trying to achieve – derHugo Nov 10 '17 at 09:15
  • 1
    IMHO, physical access == root access. You can deter this by restricting access to the server (locked room) and full system encryption (frustrates pulling the hard drive) and with the use of strong passwords. You should not be auto logged into your server. – Panther Nov 10 '17 at 16:28

1 Answers1

1

If I get your question right, you don't want autologin on your machine.

At startup it will run all the services it's supposed to run. No need for any specific user to be logged in (or auto-logged in) to achieve that.

If anyone connects a keyboard and monitor to the machine, he will get the welcome screen requesting login and password.

You may be concerned with what else a malicious invader can do if he gets a physical hold on your machine. But that's another story.

Mario F.
  • 36
  • The ubuntu preloaded box from the supplier currently boots up without requesting a username or password, and I, OR anyone in front of the computer has access to all the files. So am I correct in my understanding of your answer, that if i disable autologin, then the computer will prompt for a username and password at startup, but even if that is not provided the PC will still start and serve web pages as a web server ? – Mike Young Nov 10 '17 at 09:59
  • As I already commented to your question: Please explain your situation better! What do you mean by boots up without requesting a username? How does someone in front of the computer have directly access to all files if you are in headless mode? Do you mean you automatically are logged into the console? In this case have a look at this answer .. only that you would need to find such a file and remove the lines in order to not autologin. – derHugo Nov 10 '17 at 10:51
  • I have an Ubuntu PC that I bought preloaded with Ubuntu 14.04. It boots completely to the desktop not asking for a password. I have a root user name and password which i only use if i need to sudo some command. I have put a php web application on this PC and it all works fine. Now I have to loan this PC to another company to demo this web application. I dont want the other company to be able to look at the web application files or change anything. I just want a 'black box' web server that will boot and serve the web application. How can i stop the other company looking at the files ? – Mike Young Nov 10 '17 at 13:45
  • That's more or less the scenario I feared! It's a common rule that real data safety is impossible if you leave access to the hardware. You not only have to disable autologin, but also password protect your bios and setting it to boot from hard-disk only. If not, anyone could reboot with a live linux from CD or USB and access your hard disk. – Mario F. Nov 13 '17 at 15:14
  • Still one could remove the hard disk and access it on another computer. So I guess you should put some sort of lock or seal on the hardware and have the customer sign a non-tampering agreement. – Mario F. Nov 13 '17 at 15:38
  • Uhmm - OK I understand the auto-login bit now - and all the other issues!

    I'll have to re think this. Thanks everyone for your help.

     – Mike Young Nov 14 '17 at 03:54