From owner-freebsd-questions@FreeBSD.ORG Thu Nov 23 15:20:38 2006 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id BCEF816A417 for ; Thu, 23 Nov 2006 15:20:38 +0000 (UTC) (envelope-from mime@traveller.cz) Received: from nxm.secservers.com (nxm.secservers.com [193.85.228.22]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5F21943D7B for ; Thu, 23 Nov 2006 15:20:00 +0000 (GMT) (envelope-from mime@traveller.cz) Received: from [127.0.0.1] (nxm.secservers.com. [193.85.228.22]) by nxm.secservers.com (8.13.4/8.13.4) with ESMTP id kANFKBrs041250; Thu, 23 Nov 2006 16:20:11 +0100 (CET) (envelope-from mime@traveller.cz) From: Michal Mertl To: VeeJay In-Reply-To: <2cd0a0da0611230145j3b5f42cfg7b9025236a91e7a3@mail.gmail.com> References: <2cd0a0da0611211941iae07787q3f433fb2c8ab1f22@mail.gmail.com> <20061122163317.GC50939@gizmo.acns.msu.edu> <2cd0a0da0611230056l15bfccaamb3ed3d439e2786b8@mail.gmail.com> <200611230914.kAN9E2GW065034@banyan.cs.ait.ac.th> <2cd0a0da0611230145j3b5f42cfg7b9025236a91e7a3@mail.gmail.com> Content-Type: text/plain Date: Thu, 23 Nov 2006 16:20:04 +0100 Message-Id: <1164295204.1755.31.camel@genius.i.cz> Mime-Version: 1.0 X-Mailer: Evolution 2.8.1.1 FreeBSD GNOME Team Port Content-Transfer-Encoding: 7bit Cc: Olivier Nicole , jerrymc@msu.edu, freebsd-questions@freebsd.org Subject: Re: Password Security X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 23 Nov 2006 15:20:38 -0000 VeeJay wrote: > On 11/23/06, Olivier Nicole wrote: > > > > > And how can one into the System by booting from a CD if it still > > > requires the Password even in Single User mode? > > > > Booting from CD, floppy or hard disk is slected at BIOS level. > > > > Booting in single or multi user mode is at Operating system level. > > > > Booting is in the following order: > > > > 1) BIOS select what medium to boot from > > > > 2) the operating system boot from the selected medium > > > > So when it comes to the Single user password, itis already at stage 2) > > it has passed the stage 1 (booting from hard disk ofr CD) without > > password. > > > > Olivier > > > > So, it means, that I should take the following steps > > 1. Password on BIOS > 2. Change the order of booting i.e. When system is installed and working > once, then I just the change the Booting FIRST from HardDisk. > 3. Put the password on Single User mode. > > So, what more? Do you people think that I have got somehow security barrier > for unauthorized access? Not much. Default FreeBSD install has two more places where one can influence booting with console access - boot blocks and loader. To disable the access to OK prompt of boot blocks create file /boot.config with '-n'. To disable access to loader put autoboot_delay="-1" and beastie_disable=YES into /boot/loader.conf. You can also instead put password=... into it and the loader will then require password to allow access to it. Michal