From owner-freebsd-questions  Wed Jul 15 12:11:14 1998
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id MAA03733
          for freebsd-questions-outgoing; Wed, 15 Jul 1998 12:11:14 -0700 (PDT)
          (envelope-from owner-freebsd-questions@FreeBSD.ORG)
Received: from alpo.whistle.com (alpo.whistle.com [207.76.204.38])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id MAA03719
          for <freebsd-questions@freebsd.org>; Wed, 15 Jul 1998 12:11:11 -0700 (PDT)
          (envelope-from julian@whistle.com)
Received: (from daemon@localhost)
	by alpo.whistle.com (8.8.5/8.8.5) id MAA17402;
	Wed, 15 Jul 1998 12:03:10 -0700 (PDT)
Received: from current1.whistle.com(207.76.205.22)
 via SMTP by alpo.whistle.com, id smtpd017397; Wed Jul 15 19:03:08 1998
Date: Wed, 15 Jul 1998 12:03:05 -0700 (PDT)
From: Julian Elischer <julian@whistle.com>
To: Roman Katsnelson <romank@graphnet.com>
cc: Jonathan Ruxton <jonathan.ruxton@satin.net>, freebsd-questions@FreeBSD.ORG
Subject: Re: boot -s
In-Reply-To: <35ACF326.29AC4C89@graphnet.com>
Message-ID: <Pine.BSF.3.95.980715120220.14750A-100000@current1.whistle.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

you can make it demand a password to enter single user mode
by marking console (in /etc/ttys) insecure.



On Wed, 15 Jul 1998, Roman Katsnelson wrote:

> Jonathan Ruxton wrote:
> > 
> > Hello - I was wondering if there is an easy way to disable the -s
> > (single user mode) option at boot time for security reasons, to prevent
> > someone from changing the root password as specified in section 8.20 (
> > Eek! I forgot the root password) of the FAQ?
> 
> Hi.
> 
> I asked that question once (not too long ago) -- it didn't make sense to
> me that it should be that easy to change the root passwd. However, you
> don't want to disable that option. You probably (hopefully) will never
> forget the root password, but (and this is what happenned to me) it _is_
> possible that the machine will give you 'login incorrect' even if you're
> a 100% positive it's not. And it makes a lot more sense to be able to
> just change the password than to be forced to reinstall. 
> 
> As far as security -- single mode can only be done from the machine
> itself, so if it's an issue just keep it in a secure place, don't let
> people have physical access. 
> 
> HTH,
> Roman
> -- 
>          _________________________________________
>         |     The box said:		          |
>         |     					  |
>       _ |   Requirement: Win95, NT 4.0 or better. | _
>      / )|                                         |( \
>     / / |   So I installed FreeBSD.               | \ \
>   _( (_ |                                         | _) )_
>  (((\ \>|_/-)                                 (-\_|</ /)))
>  (\\\\ \_/ /___________________________________\ \_/ ////)
>   \       /    Email: romank@graphnet.com       \       /
>    \    _/                                       \_    /
>    //////  ====================================   \\\\\\
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-questions" in the body of the message
> 


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message