Re: Is there a kernel patch to stop single user mode?

[Matt Howard <mhoward () hattmoward org>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Friday 19 September 2003 11:13 am, John Hebert wrote:
> Is there a way to stop someone with physical access to the box from booting
> into single user mode and changing the root password? I'm not interested in
> solutions that require setting a boot or poweron password in the BIOS. I'd
> like something that could be done in the Linux kernel, so as to apply to
> multiple platforms.
>
> Thanks,
> John Hebert
That is all in the init scripts. single on the kernel command line translates 
to runlevel 1.

On a Slackware box, if you look in /etc/inittab at line 29:
# Script to run when going single user (runlevel 1).
su:1S:wait:/etc/rc.d/rc.K

That means that using 'single' runs rc.K, and rc.K runs 'su' instead of just 
dropping to a shell.  Most distros do this now...

Also, if you're running LILO, it is possible to lock down the choices from 
getting extra parameters; see man lilo.conf


- -- 
Matt Howard <mhoward () hattmoward org>
http://hattmoward.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)

iD8DBQE/a23NwQvshSm5ke4RArn8AJ0Z7mtsNL+pGHAmvadYPGPu8cG8NACePwVb
ExlmDnTtATEcq3aIRFesxng=
=i8lo
-----END PGP SIGNATURE-----

---------------------------------------------------------------------------
----------------------------------------------------------------------------