From owner-freebsd-questions@FreeBSD.ORG Thu Apr 17 11:45:44 2003 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7107937B405 for ; Thu, 17 Apr 2003 11:45:44 -0700 (PDT) Received: from dan.emsphone.com (dan.emsphone.com [199.67.51.101]) by mx1.FreeBSD.org (Postfix) with ESMTP id B15BF43FB1 for ; Thu, 17 Apr 2003 11:45:43 -0700 (PDT) (envelope-from dan@dan.emsphone.com) Received: (from dan@localhost) by dan.emsphone.com (8.12.9/8.12.9) id h3HIjhWi097677; Thu, 17 Apr 2003 13:45:43 -0500 (CDT) (envelope-from dan) Date: Thu, 17 Apr 2003 13:45:42 -0500 From: Dan Nelson To: dick hoogendijk Message-ID: <20030417184542.GA28037@dan.emsphone.com> References: <20030416225147.E13034-100000@floyd.gnulife.org> <200304170846.40690.taxman@acd.net> <20030417125717.GB50751@kurdistan.ath.cx> <20030417173629.GA14786@lothlorien.nagual.st> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20030417173629.GA14786@lothlorien.nagual.st> X-OS: FreeBSD 5.0-CURRENT X-message-flag: Outlook Error User-Agent: Mutt/1.5.4i cc: freebsd-questions Subject: Re: How to Reset a Forgotten Root Password X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 17 Apr 2003 18:45:44 -0000 In the last episode (Apr 17), dick hoogendijk said: > > then you should be able to boot up into single user mode > > with "boot -s" and change the password. > > > > You'll need to type "boot -s" at the secondary boot prompt > > (asks to press "any key" for another command ;) > > In linux lilo.conf you could prevent this by putting a password on this > bot option to "root" It sure is nice to have the option, but I feel a > little insecure letting this door wide opten for everyone w/ access to > the machine. Q: can this be protected? Depends on what you want protected. Edit /etc/ttys and set console to "insecure" to prompt for the root password after booting in single-user mode. (man ttys) Edit /boot/loader.conf and add password="mypassword" to have /boot/loader prompt for a password if someone hits space to abort autoboot. (man loader, man loader.conf) Edit /boot.config and add "-n" to ignore keypresses during the small pause in boot2 before it execs /boot/loader. (man boot) Also remember to remove the floppy and CD-ROM drives from the system (or remove them from the boot path in the BIOS and password-protect the BIOS if possible), and lock the case. -- Dan Nelson dnelson@allantgroup.com