protecting loader

Rob listone at deathbeforedecaf.net
Fri Dec 5 17:40:32 PST 2003


I habitually put

    autoboot_delay="0"

in /boot/loader.conf because I'm impatient. It doesn't stop me from booting
into single-user mode - you just have to hit a key while loader(8) is
spinning, before it starts the kernel.

As far as I can tell, the options in /boot.config apply to boot2, which has
its own command prompt. I occasionally interrupt that one by mistake, and
get confused because it's nothing like loader.

So if you want to tie down the boot process, you will probably need to use
both files.

----- Original Message -----
From: "Dru" <dlavigne6 at sympatico.ca>
Subject: Re: protecting loader


>
>
> On Thu, 4 Dec 2003, Nathan Kinkade wrote:
>
> > On Thu, Dec 04, 2003 at 02:20:07PM -0500, Dru wrote:
> > >
> > > Is there a way to prevent a user from bypassing loader and
> > > loading/unloading stuff at the OK prompt? (other than physical
security
> > > measures)
> > >
> > > I tried placing "/boot/loader -n" in "/boot.config", but it didn't
make a
> > > difference.
> > >
> > > Dru
> >
> > If I understand your question, you could put the following line in your
> > /boot/loader.conf file:
> >
> > autoboot_delay="0"
> >
> > I think this will effectively prevent users from interrupting the loader
> > to make changes.  Just make sure that you have some other way to boot
> > the system, such as a floppy, in case you later run into problems.
> >
> > Nathan
> > --
> > gpg --keyserver pgp.mit.edu --recv-keys D8527E49
>
>
> Actually, I discovered that "password=somevalue" in /boot/loader.conf
> filled the bill quite nicely :-)
>
> Dru
> _______________________________________________
> freebsd-questions at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to
"freebsd-questions-unsubscribe at freebsd.org"
>



More information about the freebsd-questions mailing list