[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]
Re: "linux single" security problem
- From: "Adam Alexander" <adam tjconline com>
- To: <redhat-list redhat com>
- Subject: Re: "linux single" security problem
- Date: Thu, 31 Dec 1998 10:13:56 -0500
Thanks Mark, that was the most intelligent answer I have received so far and
an angle that I hadn't thought of. This will be the solution that I use if
I end up finding no way to have it prompt for the root password. What I am
speaking of is that in other distributions (namely, some older versions of
Debian) that I have used, typing "linux single" would boot into single user
mode and then prompt for the root password on the machine before allowing
the user to continue. This is the behavior I want to imitate because I do
trust PAM and shadow passwords more than a password stored in a config file
or even hard-coded into the MBR of the machine. Thanks again and happy
holidays. =)
Adam Alexander
-----Original Message-----
From: M. Neidorff <neidorff cybernex net>
To: redhat-list redhat com <redhat-list redhat com>
Date: Thursday, December 31, 1998 8:49 AM
Subject: Re: "linux single" security problem
>Adam,
>
>How is this for an elegant/simple solution?
>
>lilo is a boot INSTALLER program. It works by reading lilo.conf and then
>writing a custom boot record. Once the boot record is written, lilo.conf
>is no longer needed for booting. So, to do what you want, I'd do the
>following as root:
>
>1. edit /etc/lilo.conf and add the
> password=whatever-you-want
> restricted
> lines to the image that you want to protect.
>2. save /etc/lilo.conf (duh)
>3. run /sbin/lilo (check for errors. If errors, fix /etc/lilo.conf)
>
>Now your new boot loader is installed.
>
>4. Shutdown and test the normal boot and the 'linux single' boot. If all is
>well, (which it should be)
>5. Edit /etc/lilo.conf and remove the
> password=
> restricted
> lines
>6. Save /etc/lilo.conf
>
>Now your linux single boot will still prompt for the password, but the
>password will not be on the system. OK?
>
>I had to take my linux system down and try this all out to be sure that it
>works as I said it would. (That may be why there are so few replies to
>your request. Most people don't want to take their system off-line.) It
does.
>
>Happy New Year,
>
>
>Mark
[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]