When I was away on vacation, someone (thats still a mystery) fiddled with my desktop. That "someone" also changed the root password. This is easy to do if you have access to the machine. Just boot into single user mode and change the password. So much for the security.

Today I did the same thing to change the root password and found out the way to stop others from doing it. One way is to use sulogin. The other is to use grub password. I chose the later for no particular reason. It was very easy to do and it worked. I think I will stick to that.

The way to do it is :

• start grub shell
• type 'md5crypt'. This will ask you for the new password. Enter the password of your choice.
• This will give you md5encrypted password.
  
• Put "password --md5 " in /boot/grub/grub.conf.
  
• Reboot. (You dont have to.. but just to test) :)

Now noone can change the kernel command line until and unless he knows the grub password. Pretty Good Security now. Only way to change the root password is to boot up using a rescue CD.