On 1/11/2021 11:37 AM, Valeri Galtsev wrote: > In old times I always was disabling CNTRL-ALT-DEL, and adding to level > "S" /usr/bin/login which effectively required password when one > reboots machine into single user mode. And boot from anything but > system drive was disabled in BIOS, and BIOS was password protected. > Not that I disagree with "nothing can stop a guy with the > screwdriver". But disabling easy way to tamper with the system adds to > one's ability to notice the system had been tampered with (and when). > Not doing it anymore... That makes perfect sense in a company data room. My situation is a roommate that wants to power if off to sleep and I've left for an emergency and didn't have time to power it down myself.