Date: Thu, 17 Apr 2003 13:45:42 -0500 From: Dan Nelson <dnelson@allantgroup.com> To: dick hoogendijk <dick@nagual.st> Cc: freebsd-questions <freebsd-questions@freebsd.org> Subject: Re: How to Reset a Forgotten Root Password Message-ID: <20030417184542.GA28037@dan.emsphone.com> In-Reply-To: <20030417173629.GA14786@lothlorien.nagual.st> References: <20030416225147.E13034-100000@floyd.gnulife.org> <200304170846.40690.taxman@acd.net> <20030417125717.GB50751@kurdistan.ath.cx> <20030417173629.GA14786@lothlorien.nagual.st>
next in thread | previous in thread | raw e-mail | index | archive | help
In the last episode (Apr 17), dick hoogendijk said: > > then you should be able to boot up into single user mode > > with "boot -s" and change the password. > > > > You'll need to type "boot -s" at the secondary boot prompt > > (asks to press "any key" for another command ;) > > In linux lilo.conf you could prevent this by putting a password on this > bot option to "root" It sure is nice to have the option, but I feel a > little insecure letting this door wide opten for everyone w/ access to > the machine. Q: can this be protected? Depends on what you want protected. Edit /etc/ttys and set console to "insecure" to prompt for the root password after booting in single-user mode. (man ttys) Edit /boot/loader.conf and add password="mypassword" to have /boot/loader prompt for a password if someone hits space to abort autoboot. (man loader, man loader.conf) Edit /boot.config and add "-n" to ignore keypresses during the small pause in boot2 before it execs /boot/loader. (man boot) Also remember to remove the floppy and CD-ROM drives from the system (or remove them from the boot path in the BIOS and password-protect the BIOS if possible), and lock the case. -- Dan Nelson dnelson@allantgroup.com
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030417184542.GA28037>