Bug 7840
Summary: | when swithing to init 1, system is not protected by root password | ||
---|---|---|---|
Product: | [Retired] Red Hat Linux | Reporter: | Q Enterix <enterix> |
Component: | initscripts | Assignee: | Bill Nottingham <notting> |
Status: | CLOSED WONTFIX | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | 6.1 | CC: | rhw, rvokal |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | i386 | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 1999-12-16 17:00:16 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Q Enterix
1999-12-16 12:53:50 UTC
So will, among other things, 'linux init=/bin/bash'. Without disabling command-line arguments completely in LILO, there's no point in making single user-mode ask for a password. There is actually a fairly simple fix for this problem, which I have put in every Linux installation I've done: 1. Run the following command: chmod 0600 /etc/lilo.conf 2. Put the following two lines at the top of /etc/lilo.conf (at least, in the global section thereof): password=PASSWORD restricted Replace PASSWORD with whatever password you require, in plaintext. Note that whitespace is NOT permitted in the password. 3. Make sure that the default runlevel in /etc/inittab is NOT level 1. 4. Run lilo to install those changes. Following the above, anybody wishing to add ANY parameters to the command line will need to type in the specified password before LILO will permit their use. The password has to be in plaintext here for some reason, hence the requirement to set mode 0600 on /etc/lilo.conf first. Personally, I'd like to see this as the default in RedHat. Any chance of that? |