Use sudo. (But power off should not be prevented or people will pull the plug instead.)
Some config files can be tightendtightened to the point where they cannot be viewed; however others (critically DNS configuration) do not work if not world readable-readable. For each file you have to read the manual to find out.
If full disk encryption + TPS providedTPM-provided boot password doesn't cut it, you need custom hardware which by virtue of being custom stops most attempts.
Use sudo. (But power off should not be prevented or people will pull the plug instead.)
Some config files can be tightend to the point where they cannot be viewed; however others (critically DNS configuration) do not work if not world readable. For each file you have to read the manual to find out.
If full disk encryption + TPS provided boot password doesn't cut it you need custom hardware which by virtue of being custom stops most attempts.
Use sudo. (But power off should not be prevented or people will pull the plug instead.)
Some config files can be tightened to the point where they cannot be viewed; however others (critically DNS configuration) do not work if not world-readable. For each file you have to read the manual to find out.
If full disk encryption + TPM-provided boot password doesn't cut it, you need custom hardware which by virtue of being custom stops most attempts.
Use sudo. (But power off should not be prevented or people will pull the plug instead.)
Some config files can be tightend to the point where they cannot be viewed; however others (critically DNS configuration) do not work if not world readable. For each file you have to read the manual to find out.
If full disk encryption + TPS provided boot password doesn't cut it you need custom hardware which by virtue of being custom stops most attempts.