SlackwareThis Forum is for the discussion of Slackware Linux.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I assume the box boots with Lilo? If the timeout is long enough that you can interrupt it. Just type the name of the boot entry you want probably 'Slackware' and you can pass the additional command argument
init=/bin/bash
That should drop you to a root prompt where you can use passwd to reset the root password. After that I would do
sync && sleep 1 && reboot
This might get a little more complex if the system uses an initrd, in which case willysr's method is probably your path of least resistance.
I assume the box boots with Lilo? If the timeout is long enough that you can interrupt it. Just type the name of the boot entry you want probably 'Slackware' and you can pass the additional command argument
init=/bin/bash
That should drop you to a root prompt where you can use passwd to reset the root password. After that I would do
sync && sleep 1 && reboot
This might get a little more complex if the system uses an initrd, in which case willysr's method is probably your path of least resistance.
I know if someone has physical access to a machine, the game is lost, but is there a way to prevent someone from using this specific method to reset the root password other than removing the prompt, making the time selection ridiculously small, or encrypting the drive?
I'd rather someone need to boot off something other than my harddrive to gain access to the system.
Set a BIOS password. The link below gives a basic explanation and googling it will give you a lot of hits. Might be able to find one for your specific hardware.
Set a BIOS password. The link below gives a basic explanation and googling it will give you a lot of hits. Might be able to find one for your specific hardware.
I'm not looking to prevent people from booting my machine (I want it to restart automatically after a power loss), but I would rather they not be able to run a bash prompt just by adding something to the init line. Just wondering if there's a way to prevent that.
A bios password in my opinion isn't much additional security on a typical desktop / laptop. Anyone can still pop the disk in another system and fixup the password. The only real way to protect the thing is will full disk encryption. There are plenty of Slackware HOWTO's on that so I won't get into it here. Naturally this will prevent someone who does not have the unlock code or hardware token (USB stick usually) from booting too. Personally I would not skip encryption on anything portable.
In the case where you can physically secure the hardware IE like a kiosk where the computer is in a locked case or a PC-over-ip type situation a bios password + a 0 lilo timeout will prevent someone from interrupting the boot process and passing parameters. I'd also use disk encryption there. I these case you are depending on the security of the lock box or the VM environment obviously.
I'm not looking to prevent people from booting my machine (I want it to restart automatically after a power loss), but I would rather they not be able to run a bash prompt just by adding something to the init line. Just wondering if there's a way to prevent that.
I have not tried this, but this link leads me to believe that lilo does support password locking of the prompt, individual operating systems, or both together.
A bios password in my opinion isn't much additional security on a typical desktop / laptop. Anyone can still pop the disk in another system and fixup the password. The only real way to protect the thing is will full disk encryption. There are plenty of Slackware HOWTO's on that so I won't get into it here. Naturally this will prevent someone who does not have the unlock code or hardware token (USB stick usually) from booting too. Personally I would not skip encryption on anything portable.
In the case where you can physically secure the hardware IE like a kiosk where the computer is in a locked case or a PC-over-ip type situation a bios password + a 0 lilo timeout will prevent someone from interrupting the boot process and passing parameters. I'd also use disk encryption there. I these case you are depending on the security of the lock box or the VM environment obviously.
I totally agree that password protecting the bios is usually worthless. I was mainly looking to prevent someone from just sitting at my machine and modifying the boot parameters of lilo to get a root prompt (not that I would likely run into anyone attempting this). It looks like mralk3's link will do just that.
Quote:
Originally Posted by mralk3
I have not tried this, but this link leads me to believe that lilo does support password locking of the prompt, individual operating systems, or both together.
That is great! I never even thought to look for this, because I never realized you could so easily bypass the root password just by rebooting and changing the boot parameters (I always figured it required booting off installation/rescue media).
It looks like I can just specify a global password, and then add restricted under each boot entry, and then you will only be prompted for the password if you attempt to add anything to the boot parameters.
I've been using lilo for well over a decade, and people still help me find new stuff...
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.