epilogue at allstream.net
Thu Feb 3 10:50:23 PST 2005
On Thu, 3 Feb 2005 14:43:39 +0100
Gert Cuykens <gert.cuykens at gmail.com> wrote:
> On Thu, 3 Feb 2005 00:32:23 -0800, Ted Mittelstaedt
> <tedm at toybox.placo.com> wrote:
> > While all of this is very interesting academic, if user Gert is dumb
> > enough to leave the console of his UNIX system accessible then user
> > Ted can come along and power cycle it into single user mode and wipe
> > his disks whether he has the root password or not.
While i quite agree with Ted's encouraging Gert to run X as joe user,
rather than root (for a variety of security related reasons) it is a
trivial matter implement a password requirement for boot -s. This way,
even if a user can boot -s, they *must* have the root passwd.
This implementation does mean, however, that you should not forget the
root passwd, for if you do forget, you will not be able to reset it
via boot -s and passwd.
# If console is marked "insecure", then init will ask for the root
# password when going to single-user mode.
console none unknown off insecure
my 2 cents CAD for the day.
More information about the freebsd-questions