So, I have a customers computer who is a older gentlemen that forgot or never knew his password on his Xubuntu system. As a mildly experienced Linux user I quickly pulled up a very quick step by step guide of how to change the root password (with no root or user password known), which then allowed me to change his user password as well. So the immediate question that came to my mind was. Wow, this isn't very secure at all.
Granted, I do the same thing with windows password pretty easily but that's only due to third party tools. This was quick with no third party intervention. How does one protect from this, I guess, is my main question? How do we make these passwords actually matter in Ubuntu?
Little more info:
How I did it was going to the boot window, press E, editing there to re-write as root, changed password, and logged in then used that root to change his user account.
Is this something that can be done by someone remotely or is this purely a physical security issue? Even so, how do you protect against it?
I realize this is nice for my situation with customers who forget, and other legitimate uses, but if someone is nefarious they seem to already have the keys to the gates.