From owner-freebsd-questions@FreeBSD.ORG  Thu Apr 17 12:24:20 2003
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 8F7AC37B401
	for <freebsd-questions@freebsd.org>;
	Thu, 17 Apr 2003 12:24:20 -0700 (PDT)
Received: from smtp.acd.net (smtp.acd.net [207.179.102.146])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 4306243F75
	for <freebsd-questions@freebsd.org>;
	Thu, 17 Apr 2003 12:24:19 -0700 (PDT)	(envelope-from taxman@ACD.NET)
Received: from 207.179.99.90 ([207.179.99.90]) by smtp.acd.net with Microsoft
	SMTPSVC(5.0.2195.5329);	 Thu, 17 Apr 2003 15:25:03 -0400
From: taxman <taxman@acd.net>
To: dick hoogendijk <dick@nagual.st>,
	freebsd-questions <freebsd-questions@freebsd.org>
Date: Thu, 17 Apr 2003 15:23:25 -0400
User-Agent: KMail/1.5
References: <20030416225147.E13034-100000@floyd.gnulife.org>
	<20030417125717.GB50751@kurdistan.ath.cx>
	<20030417173629.GA14786@lothlorien.nagual.st>
In-Reply-To: <20030417173629.GA14786@lothlorien.nagual.st>
MIME-Version: 1.0
Content-Type: text/plain;
  charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Message-Id: <200304171523.25990.taxman@acd.net>
X-OriginalArrivalTime: 17 Apr 2003 19:25:06.0878 (UTC)
	FILETIME=[0DB3CDE0:01C30517]
Subject: Re: How to Reset a Forgotten Root Password
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 17 Apr 2003 19:24:20 -0000

On Thursday 17 April 2003 01:36 pm, dick hoogendijk wrote:
> >   then you should be able to boot up into single user mode
> >   with "boot -s" and change the password.
> >
> >   You'll need to type "boot -s" at the secondary boot prompt
> >   (asks to press "any key" for another command ;)
>
> In linux lilo.conf you could prevent this by putting a password on this
> bot option to "root" It sure is nice to have the option, but I feel a
> little insecure letting this door wide opten for everyone w/ access to
> the machine. Q: can this be protected?

well you can make it harder by marking console insecure in /etc/ttys, but if 
someone has physical access they can change the root password with a boot 
floppy etc.  You could remove your floppy/cdrom, but someone can reinstall 
them, you can password protect your bios, but someone can remove the battery 
and reset it, you could get more severe, but assume that if someone can get 
physical access they can get root.

Of course, make sure to align the effort with the importance of what you're 
protecting.

Tim