Root boot/mount Password?
Roland Smith
rsmith at xs4all.nl
Sat Jul 26 20:25:37 UTC 2008
On Sat, Jul 26, 2008 at 09:58:53PM +0200, Polytropon wrote:
> > What I want is that if the system is rebooted or shutdown, somebody must
> > enter a password to boot and/or mounting "/"
>
> Next to the usual means of access control (no automated login, no
> users without password), there would be an option to boot the system
> in single user mode first. Your /etc/ttys would contain "insecure"
> in the 5th field so nobody would get into the shell without the
> root password. Then, fsck and mount -a, followed by "exit" or Ctrl-D
> would be neccessary to boot the system into multi user mode. To
> boot your system into SUM, I think /boot/loader.conf must contain
> the line ,,boot_single="YES"''.
Assuming physical access to the machine, this can be easily circumvented
by booting from a FreeBSD CD.
Of yourse you can disable booting from CD in the BIOS, and guard that
with a password. But that is usually easy to wipe by shorting a jumper
on the motherboard. It just depends on the amount of time and knowledge
that the attacker has.
Roland
--
R.F.Smith http://www.xs4all.nl/~rsmith/
[plain text _non-HTML_ PGP/GnuPG encrypted/signed email much appreciated]
pgp: 1A2B 477F 9970 BA3C 2914 B7CE 1277 EFB0 C321 A725 (KeyID: C321A725)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 195 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20080726/91c69698/attachment.pgp
More information about the freebsd-questions
mailing list