On Jan 2, 2014 11:12 AM, "Chris Murphy" <lists@colorremedies.com> wrote:
>
>
> On Jan 2, 2014, at 9:32 AM, Steve Searle <steve@stevesearle.com> wrote:
>
> > Around 12:43am on Tuesday, December 31, 2013 (UK time), Patrick O'Callaghan wrote:
> >
> >> Conclusion: better look for some other way to cover your tracks, and note
> >> that a forensic investigation can be carried out without having you log in
> >> at all.
> >
> > Just to emphasise what Patrick says, if you boot Linux into singe user
> > mode, you can get root access without needing a password, which would
> > bypass any setup you had done this way.
>
> Not on Fedora 20 at least, and I think since even Fedora 19, if you use "single" boot param you startup to rescue.target. It asks for a root password or to press Control-D to continue. If I control-D to continue, startup proceeds to default.target. That's typically multi-user.target (runlevel 3), or graphical.target (runlevel 5).
>
> I could boot from alternate media, and presumably mount and chroot this installation, and compel a change to the root password. But apparently not from the installation itself.
>
> Chris Murphy
> --
>

The kernel still accepts "init=/bin/sh" .  An encrypted volume definitely slows things down, but physical access gives a lot of freedom.

--Pete