LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices


Reply
  Search this Thread
Old 04-09-2007, 10:28 AM   #1
Darvocet
Member
 
Registered: Feb 2003
Location: United States
Distribution: RHEL, Slackware, Gentoo, Fedora, CentOS, Ubuntu, Debian
Posts: 66

Rep: Reputation: 15
HOWTO: Disable Single User Mode...


I have a box at work that for various reasons people have rebooted and tried to single user. I was curious if there is a 'good' way to disable single user completely. Should I really need to do something I could always chroot into the system.

Its Redhat Enterprise 4.. I have set the timeout in grub to 1 second, but someone who knows what they are doing can still get in.

The next thing I thought about is setting a runlevel 1 script /etc/rc.d/rc1.d/S02reboot or something that would reboot the server early in the startup process.

I was just curious if there is a better way than this.

Thanks
 
Old 04-09-2007, 10:48 AM   #2
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,417

Rep: Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985
never disable it, just use a password under grub.
 
Old 04-09-2007, 10:51 AM   #3
Darvocet
Member
 
Registered: Feb 2003
Location: United States
Distribution: RHEL, Slackware, Gentoo, Fedora, CentOS, Ubuntu, Debian
Posts: 66

Original Poster
Rep: Reputation: 15
Quote:
Originally Posted by acid_kewpie
never disable it, just use a password under grub.
hehe well i do kinda agree with you but there shouldnt be any reason why i need it. My root password is set to a random string and can only be gained by logging in with specific users and su'ing.

Problem is that the other people at work who would be trying to login aren't stupid and can do most of the same things I can do.. They wouldn't goto the trouble to chroot into it.

I'll check out the pw option and see what it looks like.

Darvocet
----------------
RHCE #804007070224289

Last edited by Darvocet; 04-09-2007 at 10:53 AM.
 
Old 04-09-2007, 11:29 AM   #4
Darvocet
Member
 
Registered: Feb 2003
Location: United States
Distribution: RHEL, Slackware, Gentoo, Fedora, CentOS, Ubuntu, Debian
Posts: 66

Original Poster
Rep: Reputation: 15
I am however still interested in a good way to disable single user mode all together. I have added the grub password but wont be able to test it until tomorrow. Next steps are changing the boot order in bios to disable cd booting and setting a bios password.

Are there any additional thoughts on this?
 
Old 04-09-2007, 11:33 AM   #5
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,417

Rep: Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985
how do you suppose to drop to a recovery shell if your filesystems became corrupted? really... don't. there is no good way, as it's not a good thign to want to do.
 
Old 04-09-2007, 11:47 AM   #6
Darvocet
Member
 
Registered: Feb 2003
Location: United States
Distribution: RHEL, Slackware, Gentoo, Fedora, CentOS, Ubuntu, Debian
Posts: 66

Original Poster
Rep: Reputation: 15
Quote:
Originally Posted by acid_kewpie
how do you suppose to drop to a recovery shell if your filesystems became corrupted? really... don't. there is no good way, as it's not a good thign to want to do.
Well for like maintenance mode that will automatically work if the filesystem is corrupted. That will happen in runlevel 3 on the normal boot. I dont have the root password anyways so that is not helpful.

I would have to use a rescue cd, and then chroot into the system, or fsck it from the rescue disk.
 
Old 04-09-2007, 11:53 AM   #7
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,417

Rep: Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985
maintenance mode is runlevel 1.
 
Old 04-09-2007, 11:58 AM   #8
Darvocet
Member
 
Registered: Feb 2003
Location: United States
Distribution: RHEL, Slackware, Gentoo, Fedora, CentOS, Ubuntu, Debian
Posts: 66

Original Poster
Rep: Reputation: 15
Quote:
Originally Posted by acid_kewpie
maintenance mode is runlevel 1.
right right. But doesn't really matter if maintenance mode is disabled since the password is just a random 64 character string. Regardless if there is serious corruption then I would need to use a rescue image.

I'm thinking that if the corruption were bad enough to cause the system to not boot it wouldn't matter anyways. I do have the drives set to fsck, and on occasion fsck them but the data isn't necessarily important but I do take offsite backups.

It just runs down to the fact that I work at a major dedicated hosting facility. There are some people not very high up on the chain that I let use this box for various things, and it is stored in the same datacenter. The reason that this even started is that today I noticed that my 120 day uptime is now 3 days. Someone rebooted this server... I can see who logged in after so I'm sure I know who it is, and this person is now banned.

This one person isnt a linux idiot, but not a genius either. He has wanted to install java crap and other programs which I dont want on my server. He also has a tendancy to create directories and things where they shouldnt be.

I think in order for him to install some of the things he needed he single user'ed the box and installed. He of course could do the cd boot also, but I think this starts to be annoying and he would most likely give up.

My next step is to get the box moved into one of the core-cages to keep random people away from it. But I was just looking for a quick fix. The server is pretty stable has been running for over 2 years with very minimal maintenance or modifications.

I use /etc/sudoers and my personal user to gain root access. I set the password to a random string because it's not needed and to keep people out. After the reboot I changed it but still don't keep what it is anywhere.

Last edited by Darvocet; 04-09-2007 at 12:06 PM.
 
Old 04-09-2007, 12:39 PM   #9
Wim Sturkenboom
Senior Member
 
Registered: Jan 2005
Location: Roodepoort, South Africa
Distribution: Ubuntu 12.04, Antix19.3
Posts: 3,797

Rep: Reputation: 282Reputation: 282Reputation: 282
You will never be able to prevent it as long as users have physical access. If they need access, they stick a Knoppix in, reboot and screw around in your system anyway.

If they need access, give them remote access.

[edit]oops, did nit read your last post[/edit]

Last edited by Wim Sturkenboom; 04-09-2007 at 12:41 PM.
 
Old 06-20-2007, 01:56 PM   #10
axial
LQ Newbie
 
Registered: Sep 2005
Location: Monroe, WI
Distribution: Slackware, Bluewhite64
Posts: 11

Rep: Reputation: 0
Quote:
Originally Posted by Darvocet
I have a box at work that for various reasons people have rebooted and tried to single user. I was curious if there is a 'good' way to disable single user completely. Should I really need to do something I could always chroot into the system.

Its Redhat Enterprise 4.. I have set the timeout in grub to 1 second, but someone who knows what they are doing can still get in.

The next thing I thought about is setting a runlevel 1 script /etc/rc.d/rc1.d/S02reboot or something that would reboot the server early in the startup process.

I was just curious if there is a better way than this.

Thanks
Well, you probably don't want to disable it *completely*
How about forcing it to a login prompt.
Just add the following to /etc/inittab --

~:S:wait:/sbin/sulogin

usually placed above the lines for each runlevel

cheers!

Matt
 
Old 07-19-2008, 11:06 AM   #11
Darvocet
Member
 
Registered: Feb 2003
Location: United States
Distribution: RHEL, Slackware, Gentoo, Fedora, CentOS, Ubuntu, Debian
Posts: 66

Original Poster
Rep: Reputation: 15
Quote:
Originally Posted by axial View Post
Well, you probably don't want to disable it *completely*
How about forcing it to a login prompt.
Just add the following to /etc/inittab --

~:S:wait:/sbin/sulogin

usually placed above the lines for each runlevel

cheers!

Matt
Awesome Matt thank you for that post. I've set the grub password and stuff so think it's pretty good but this was exactly what I was looking for.
 
  


Reply

Tags
disable, mode, user


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Single user or multi-user mode? hyphae Slackware 3 01-26-2007 11:52 AM
single user mode... navaladi Mandriva 2 12-26-2004 03:41 AM
single user mode ? wr3ck3d Slackware 5 03-29-2003 10:52 AM
Single User Mode From GRUB medamnit Linux - Newbie 3 05-20-2002 06:08 AM
What is single-user mode?? rbanonuevo Linux - Newbie 4 01-28-2002 01:17 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Software

All times are GMT -5. The time now is 08:39 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration