On Tue, 15 Sep 2009, Chris G wrote:
Exactly what I was going to say. Apart from anything else they can walk away with the machine under their arm! :-)
Yes - although that would at least be readily detactable.
Even without taking the machine away it's pretty trivial to boot from a CD (or memory stick, or floppy even) that they've brought with them and get to single user/root.
Not entirely trivial - I have the boot order password-protected in the BIOS. The sunk cost I'd put into achieving that is partly why it came as such a shock to find grub behaving like this.
If the *data* is really confidential then lock the machine up and encrypt the filesystem.
One of the many things I have to be thankful for in my life is that I don't have to handle "really" confidential data.