when computer boots, you can go to commandline to load an image.
When entering mandrake_2.6 (or the name of the image) you can add the option -s, single user mode.

when booting this image, you enter a bash where you can enter passwd, now you can change the unix password, ofcourse without entering old password...

I want to know how I can disable this function, cause anyone with a bit knowledge of linux could become root with his newly created password, this seems very unsafe to me for an open internet pc..

different solutions are very welcome!

I'm running Mandrake 10.0 kernel 2.6

thanks to the linux guru's

This link is a little old, but google for password protect bootloader and you'll find stuff.

You can get into any machine if you have physical access and time. The machine being online will not allow someone to boot into rescue mode. They have to have PHYSICAL access. But if you're worried about people having physical access, set a bios password and a bootloader password.

That really isn't going to protect your machine. Anyone who has physical contact with the machine can get into it. Even if you 'disable run level 1' anybody could boot the installation disk or a boot disk and gain access to the files on disk or can change the root passwd. If you are really concerned about people accessing a machine then you have to lock it up. Physical security is the only security.

Depending on who you are trying to protect against and what they are willing to do to gain access there are some things in addition to securing run level 1 to enhance the security of a computer that is not in a locked closet. These things are most likely to prevent access by people whom you know and who are not willing to destroy the computer case to gain access.

1. As you have already asked, secure run level 1. This should only require that you modify your /etc/inittab file to respawn sulogin at run level 1.

2. Use the CMOS BIOS setup utility for your motherboard to disable the computer's ability to boot from DVD or CDROM. This will prevent them from booting a live CD or an installation disk to gain access to the computer's files.

3. Put a CMOS BIOS access password to prevent other people from modifying the CMOS BIOS.

4. Lock the case. This will prevent people from using the motherboard jumper to clear the CMOS BIOS settings, including the access password. It will also prevent people from taking a disk out of the case and putting it into a computer where they have administrator privileges.

As I said, this will only secure the machine from people who are not willing to destroy the computer case to gain access to the disks. Hopefully that would include members of your family and maybe even people in a small work environment. Otherwise you have to lock the computer in a closet.

There is one more thing that you can do to protect the data on the disks, including the system disk and password files. You can encrypt the file systems. That way even if someone takes the disks out of the machine and puts them into another machine they will not be easily able to obtain the data on the disks. At a minimum you would want to encrypt the /etc directory tree and any other directories that have confidential data. You can do this by encrypting entire partitions or by using an encrypted container file or a combination of these.

I allready had bios password, just hd as boot device, now with the link from pljvaldez I was able to password my bootloader as well.. thanks!

And for important information like stressjunkie said, I can encrypt the data...
The computer where I put this thread on for, Is just a minimal internet-pc, office and a couple more programs are installed, but no really important data..

thanks for help, I feel much safer now.. lol, won't panic!

thanks for such a quick reply!!!