Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Is there a kernel patch to stop single user mode?

From: Chris Ess <azarin () tokimi net>
Date: Fri, 19 Sep 2003 16:33:15 -0400 (EDT)
Is there a way to stop someone with physical access to the box from booting
into single user mode and changing the root password? I'm not interested in
solutions that require setting a boot or poweron password in the BIOS. I'd
like something that could be done in the Linux kernel, so as to apply to
multiple platforms.


Um.  I suppose you could write a patch to disable single user mode if you
really, really wanted to.  I don't suggest it.  Single user mode has saved
me or made my job easier many times in the past and it undoubtedly will in
the future.

Anyway, the solution I know of (and use) is to set a password in the
bootloader.

In LILO, you can set the 'password=' and 'restricted' options to require a
password only when additional options, such as 'single', are specified on
the kernel command line.

It looks as if GRUB offers similar functionality, although you may have to
read the info document to figure it out.

I hope this helps.

Sincerely,


Chris Ess
System Administrator / CDTT (Certified Duct Tape Technician)

---------------------------------------------------------------------------
----------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: