From owner-freebsd-questions Wed Jul 15 12:38:05 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id MAA07490 for freebsd-questions-outgoing; Wed, 15 Jul 1998 12:38:05 -0700 (PDT) (envelope-from owner-freebsd-questions@FreeBSD.ORG) Received: from horton.iaces.com (horton.iaces.com [204.147.87.98]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id MAA07482 for ; Wed, 15 Jul 1998 12:38:02 -0700 (PDT) (envelope-from proot@horton.iaces.com) Received: (from proot@localhost) by horton.iaces.com (8.8.8/8.8.7) id OAA08541; Wed, 15 Jul 1998 14:36:17 -0500 (CDT) From: "Paul T. Root" Message-Id: <199807151936.OAA08541@horton.iaces.com> Subject: Re: boot -s In-Reply-To: <35ACF326.29AC4C89@graphnet.com> from Roman Katsnelson at "Jul 15, 98 02:21:26 pm" To: romank@graphnet.com (Roman Katsnelson) Date: Wed, 15 Jul 1998 14:36:15 -0500 (CDT) Cc: jonathan.ruxton@satin.net, freebsd-questions@FreeBSD.ORG X-Organization: USWEST !nterprise Networking - ACES X-Phone: (612) 664-3385 X-Fax: (612) 664-4779 X-Page: (800) SKY-PAGE PIN: 537-7270 X-Address: 600 Stinson Blvd, Fl 1S X-Address: Minneapolis, MN 55413 X-Mailer: ELM [version 2.4ME+ PL38 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG In a previous message, Roman Katsnelson said: > Jonathan Ruxton wrote: > > > > Hello - I was wondering if there is an easy way to disable the -s > > (single user mode) option at boot time for security reasons, to prevent > > someone from changing the root password as specified in section 8.20 ( > > Eek! I forgot the root password) of the FAQ? > > Hi. > > I asked that question once (not too long ago) -- it didn't make sense to > me that it should be that easy to change the root passwd. However, you > don't want to disable that option. You probably (hopefully) will never > forget the root password, but (and this is what happenned to me) it _is_ > possible that the machine will give you 'login incorrect' even if you're > a 100% positive it's not. And it makes a lot more sense to be able to > just change the password than to be forced to reinstall. > > As far as security -- single mode can only be done from the machine > itself, so if it's an issue just keep it in a secure place, don't let > people have physical access. Physical security is the way to go here. An intermediate FreeBSD user could easily make a boot floppy with a minimal kernel and a couple of utilities, and break into your machine. > HTH, > Roman > -- > _________________________________________ > | The box said: | > | | > _ | Requirement: Win95, NT 4.0 or better. | _ > / )| |( \ > / / | So I installed FreeBSD. | \ \ > _( (_ | | _) )_ > (((\ \>|_/-) (-\_| (\\\\ \_/ /___________________________________\ \_/ ////) > \ / Email: romank@graphnet.com \ / > \ _/ \_ / > ////// ==================================== \\\\\\ > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message > -- The dumber people think you are, the more surprised they're going to be when you kill them. -- William Clayton To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message