Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Removing LINUX SINGLE

0 views
Skip to first unread message

Steve .

unread,
Nov 28, 1999, 3:00:00 AM11/28/99
to
I have a machine running Redhat, and have an issue with people being
able to use LINUX SINGLE to get into the system and change the root
password. I'm aware this machine should be in a more secure place.
That is not an option. Is there a way to eliminate the LINUX SINGLE
access to the box, and floppy access if that is also possible to side
track the login screen? Thanks.

Steve

Newsgroup replies preferred. Remove nospam when replying thru email.

wu...@bubba.ack.ping.telnet.kufgkjgfkgf.bom

unread,
Nov 28, 1999, 3:00:00 AM11/28/99
to
On Sun, 28 Nov 1999 03:33:08 GMT, syar...@nospam.enteract.com (Steve
.) wrote:

>I have a machine running Redhat, and have an issue with people being
>able to use LINUX SINGLE to get into the system and change the root
>password. I'm aware this machine should be in a more secure place.
>That is not an option. Is there a way to eliminate the LINUX SINGLE
>access to the box, and floppy access if that is also possible to side
>track the login screen? Thanks.

Checkout the password and restricted options for lilo (man lilo.conf).
Also bios passwords, if supported, would help. Everone needs more
passwords to remember, right.

garthurp at thisisnonsense sodeleteit ispchannel dot com


John Thompson

unread,
Nov 28, 1999, 3:00:00 AM11/28/99
to Steve .
"Steve ." wrote:
>
> I have a machine running Redhat, and have an issue with people being
> able to use LINUX SINGLE to get into the system and change the root
> password. I'm aware this machine should be in a more secure place.
> That is not an option. Is there a way to eliminate the LINUX SINGLE
> access to the box, and floppy access if that is also possible to side
> track the login screen? Thanks.

Check out the "restricted" option for lilo.conf

Eg, from "man lilo.conf:"

restricted
A password is only required to boot the
image if
parameters are specified on the command line
(e.g.
single).

--

-John (John.T...@attglobal.net)

Rob Lahaye

unread,
Nov 28, 1999, 3:00:00 AM11/28/99
to wu...@bubba.ack.ping.telnet.bom

Don't forget the possibility of booting the system from floppy.
That bypasses the lilo.conf settings on your harddisk.

I've solved this problem as follows:

1) Give a password to the BIOS setup (same as root password for ease)
and boot by default from harddisk only (C only).
2) In lilo.conf, make timeout=0 so there's no time for anybody to
choose how to boot.

As a result, you only can boot with options (such as single) with
a floppy. But to boot from floppy, you'll need to edit the BIOS setup,
which requires the BIOS password.

-R-

wu...@bubba.ack.ping.telnet.kufgkjgfkgf.bom wrote:
>
> On Sun, 28 Nov 1999 03:33:08 GMT, syar...@nospam.enteract.com (Steve

> .) wrote:
>
> >I have a machine running Redhat, and have an issue with people being
> >able to use LINUX SINGLE to get into the system and change the root
> >password. I'm aware this machine should be in a more secure place.
> >That is not an option. Is there a way to eliminate the LINUX SINGLE
> >access to the box, and floppy access if that is also possible to side
> >track the login screen? Thanks.
>

> Checkout the password and restricted options for lilo (man lilo.conf).
> Also bios passwords, if supported, would help. Everone needs more
> passwords to remember, right.
>
> garthurp at thisisnonsense sodeleteit ispchannel dot com

--
For reply: please remove UNSPAM from reply address

John McKown

unread,
Nov 28, 1999, 3:00:00 AM11/28/99
to

On Sun, 28 Nov 1999 03:33:08 GMT, Steve . <syar...@nospam.enteract.com> wrote:
>I have a machine running Redhat, and have an issue with people being
>able to use LINUX SINGLE to get into the system and change the root
>password. I'm aware this machine should be in a more secure place.
>That is not an option. Is there a way to eliminate the LINUX SINGLE
>access to the box, and floppy access if that is also possible to side
>track the login screen? Thanks.
>
>Steve
>
>Newsgroup replies preferred. Remove nospam when replying thru email.

Well, the very first thing that comes to mind is to modify the Linux kernel
to ignore the "single" option, or replace it with another word. However, have
you looked at using the lilo.conf with the "password=<whatever>" and
"restricted" entries in it? I haven't done this, but from reading the info page
on lilo.conf, it says that in this case the password is only needed if
parameters are specified on the command line. Of course, this means that
you'd better make sure the /etc/lilo.conf has mode 600 so that nobody but
root can read it.

Hope this helps,
John

Jukka-Pekka Suominen

unread,
Nov 30, 1999, 3:00:00 AM11/30/99
to
On Sun, 28 Nov 1999, Steve . wrote:

> I have a machine running Redhat, and have an issue with people being
> able to use LINUX SINGLE to get into the system and change the root
> password. I'm aware this machine should be in a more secure place.
> That is not an option. Is there a way to eliminate the LINUX SINGLE
> access to the box, and floppy access if that is also possible to side
> track the login screen? Thanks.

Check the documentations for lilo. There's an option that asks for a
password during bootup. There's one flaw with it, though... the password
is stored in plain text in /etc/lilo.conf, so you'll have to disable the
read rights from other users...

****************************************************
* *
* JP Suominen jusu...@abo.fi listen.to/pyuria *
* *
****************************************************

Steve .

unread,
Dec 4, 1999, 3:00:00 AM12/4/99
to
I tried adding restricted before in the middle and end of the
lilo.conf file. Didn't do anything. Also added the password=blabla
and that didn't work either. Am I supposed to do this in a particular
place, or in a particular format? Thanks.

Steve

On Sun, 28 Nov 1999 13:36:32 GMT,
wu...@bubba.ack.ping.telnet.kufgkjgfkgf.bom wrote:

>On Sun, 28 Nov 1999 03:33:08 GMT, syar...@nospam.enteract.com (Steve
>.) wrote:
>
>>I have a machine running Redhat, and have an issue with people being
>>able to use LINUX SINGLE to get into the system and change the root
>>password. I'm aware this machine should be in a more secure place.
>>That is not an option. Is there a way to eliminate the LINUX SINGLE
>>access to the box, and floppy access if that is also possible to side
>>track the login screen? Thanks.
>

fr...@lance.com

unread,
Dec 4, 1999, 3:00:00 AM12/4/99
to
You should try using a power-on password in your bios instead.
Disabling single user mode and floppy boot would severly hurt your
chances to fix problems in case of big trouble.


Hope this helps,

BEH


On Sat, 04 Dec 1999 01:50:05 GMT, syar...@nospam.enteract.com (Steve

wu...@bubba.ack.ping.telnet.kufgkjgfkgf.bom

unread,
Dec 4, 1999, 3:00:00 AM12/4/99
to
On Sat, 04 Dec 1999 01:50:05 GMT, syar...@nospam.enteract.com (Steve
.) wrote:

>I tried adding restricted before in the middle and end of the
>lilo.conf file. Didn't do anything. Also added the password=blabla
>and that didn't work either. Am I supposed to do this in a particular
>place, or in a particular format? Thanks.

They should go in the global section. If you ever change your
lilo.conf, you also must rerun lilo, before the changes take effect.

Also, even though it goes w/o saying, I'll say it. Make rael sure you
have a floppy that will boot your system before you play with lilo.

Steve .

unread,
Dec 4, 1999, 3:00:00 AM12/4/99
to
Doh. I forgot to recompile lilo after adding the changes. Guess it's
been a while since I needed to edit it. I'll have to do that next
time I'm at the machine and see if it works.

Steve

0 new messages