Path: utzoo!utgpu!watmath!clyde!att!pacbell!ames!mailrus!cornell!uw-beaver!rice!sun-spots-request From: galvin-peter@cs.yale.edu (Peter Baer Galvin) Newsgroups: comp.sys.sun Subject: Re: Asking for root passwd when booting single user Message-ID: <43947@yale-celray.yale.UUCP> Date: 4 Dec 88 04:45:24 GMT References: <2212@kalliope.rice.edu> Sender: usenet@rice.edu Organization: Rice University, Houston, Texas Lines: 32 Approved: Sun-Spots@rice.edu Original-Date: 23 Nov 88 18:23:06 GMT X-Sun-Spots-Digest: Volume 7, Issue 37, message 8 of 12 It depends on the version of SunOS you are running. Under 4.0 official support is provided: in the /etc/ttytab file of the client, make sure the console is NOT set secure. touch the file /etc/securetty A root password will then be needed before a single user boot is allowed. Failure to give the root password will result in a multi-user boot. On "lesser" versions, you can put the command login root as the first line of the file /.profile but only if root uses the csh shell by default. Booting single user runs a bourne shell, in which case the .profile file is read and a root login required. Note that this isn't as secure as the 4.0 method. Also note that if the root password is not provided, a multi-user boot is done WITHOUT an fsck being done on the clients disks - which is somewhat undesirable. As an aside, is should be noted that no matter what, a system isn't secure if it's console isn't. Even under SunOS 4.0 it is possible to break into a system (even with security options set) if a system breaker has access to the workstation console. I know of one method in particular that a coworker here discovered. I'll try to get him to post the method to the newly restarted security mailing list, since there's a fix to at least make the job harder. --Peter Peter Baer Galvin (203)432-1254 Senior Systems Programmer, Yale Univ. C.S. galvin-peter@cs.yale.edu 51 Prospect St, P.O.Box 2158, Yale Station ucbvax!decvax!yale!galvin-peter New Haven, Ct 06457 galvin-peter@yalecs.bitnet