From owner-freebsd-hackers Fri Dec 27 11:43:29 2002 Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id ED7D237B401 for ; Fri, 27 Dec 2002 11:43:27 -0800 (PST) Received: from mail.isg.siue.edu (mail.isg.siue.edu [146.163.5.4]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1832543ED1 for ; Fri, 27 Dec 2002 11:43:27 -0800 (PST) (envelope-from wgrim@cougar.isg.siue.edu) Received: from WEBSHIELD2.isg.siue.edu (webshield2.isg.siue.edu [146.163.5.150]) by mail.isg.siue.edu (8.9.3/8.9.3) with SMTP id NAA23447 for ; Fri, 27 Dec 2002 13:43:17 -0600 (CST) Received: FROM mail.isg.siue.edu BY WEBSHIELD2.isg.siue.edu ; Fri Dec 27 13:43:16 2002 -0600 Received: from cougar (cougar [146.163.5.29]) by mail.isg.siue.edu (8.9.3/8.9.3) with ESMTP id NAA23408; Fri, 27 Dec 2002 13:43:11 -0600 (CST) Date: Fri, 27 Dec 2002 13:43:11 -0600 (CST) From: William Michael Grim To: Pawel Jakub Dawidek Cc: freebsd-hackers@FreeBSD.ORG Subject: Re: Login directly as root. In-Reply-To: <20021227190224.GA29966@prioris.mini.pw.edu.pl> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG If I had to take a guess, the reason normal user logins are disabled during "insecure" on single mode is because of the way authentication may be getting handled, among other things. First off, it's single-user mode, meant for only the root user; no one else has a need for the system at that point. Second, what if you're reading your usernames off of NIS and don't have anyone but root on your system? Then you'd get kind of screwed in single-user; your whole system would break. Well, I hope this helps you out. William Michael Grim Student, Southern Illinois University at Edwardsville Unix System Administrator, SIUE, Computer Science dept. Phone: (217) 341-6552 Email: wgrim@siue.edu On Fri, 27 Dec 2002, Pawel Jakub Dawidek wrote: > Hello hackers... > > I'm wondering why there is "insecure" options in /etc/ttys for virtual > consoles. > As we all know, "insecure" for ttyvX means that we can't directly log in > as root, but "insecure" for console field in /etc/ttys means only that > we will be asked for root's password in single mode. > Hmm, if I got psyhical access to machine and ttyvX are in "insecure" mode > and I know root's password I can just reboot machine and log in as root. > So if "insecure" mode is a security feature, shouldn't this be in that > way (in single mode): > > Login: > Password: > Root's password: > > ? > > -- > Pawel Jakub Dawidek > UNIX Systems Administrator > http://garage.freebsd.pl > Am I Evil? Yes, I Am. > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-hackers" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message