Linux - GeneralThis Linux forum is for general Linux questions and discussion.
If it is Linux Related and doesn't seem to fit in any other forum then this is the place.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Greetings, I just had a Red Hat machine brought to me and the root password had been changed, no one knew the password. well after some reading I found out that a certain time in the boot process I could type "linux single" and I got in and changed the root password and now all is well.
well....... is there any way to change that to where no one could do that? how can I disable that to prevent it from happening to my machine. this seems very insecure.
thanx
j0ck
yes it is. Really the only way to secure booting up Linux is to either put a password on Grub or if you use Lilo put a password on that. even if you disable single user mode, someone can still type in from the boot-loader prompt something like:
linux init=/bin/bash
and have at it with your system. so yah. Grub will allow for you to have a password for entering anything but the default selections, I don't use grub but I'm sure somebody here can give you a hand...
In grub to set a password you must edit the file /boot/grub/menu.lst and add the option "password = <your_password>", and then on to edit your line and add something to then like init=/bin/bash or linux single you will must type `p` and insert the right pass.
But your software security is direct related to your machine physical security, if you can mantain this last one anything you do will be just another dificulty in the way of the invader, but not total security. An example of how to break any resistance from boot loaders is to boot from a mini-distro in a floppy ....
the only true secure linux box is a machine not on a network surrounded by a brick wall. the reason single user mode exists is because if someone has local access, they have your machine anyways...all it takes is a bootdisk...unless you make it really secure, but then all that is needed is a screwdriver...monitor local access, that's all that really can be done.
Place this line into /etc/inittab after initdefault statement
~~:S:wait:/sbin/sulogin
It will make sure that single user mode still requires the root's password. Just train your memory to memorize the root password.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.