Asking for root passwd when booting single user
Peter Baer Galvin
galvin-peter at cs.yale.edu
Sun Dec 4 14:45:24 AEST 1988
It depends on the version of SunOS you are running. Under 4.0 official
support is provided: in the /etc/ttytab file of the client, make sure the
console is NOT set secure. touch the file /etc/securetty
A root password will then be needed before a single user boot is allowed.
Failure to give the root password will result in a multi-user boot.
On "lesser" versions, you can put the command
login root
as the first line of the file /.profile but only if root uses the csh
shell by default. Booting single user runs a bourne shell, in which case
the .profile file is read and a root login required. Note that this isn't
as secure as the 4.0 method. Also note that if the root password is not
provided, a multi-user boot is done WITHOUT an fsck being done on the
clients disks - which is somewhat undesirable.
As an aside, is should be noted that no matter what, a system isn't secure
if it's console isn't. Even under SunOS 4.0 it is possible to break into
a system (even with security options set) if a system breaker has access
to the workstation console. I know of one method in particular that a
coworker here discovered. I'll try to get him to post the method to the
newly restarted security mailing list, since there's a fix to at least
make the job harder.
--Peter
Peter Baer Galvin (203)432-1254
Senior Systems Programmer, Yale Univ. C.S. galvin-peter at cs.yale.edu
51 Prospect St, P.O.Box 2158, Yale Station ucbvax!decvax!yale!galvin-peter
New Haven, Ct 06457 galvin-peter at yalecs.bitnet
More information about the Comp.sys.sun
mailing list