From owner-freebsd-security@FreeBSD.ORG Sun May 13 14:36:14 2012 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id E633F106566C for ; Sun, 13 May 2012 14:36:14 +0000 (UTC) (envelope-from vahid@vahid-shokouhi.net) Received: from cp12-112.cp.c4d.privatedns.biz (cp12-110.cp.c4d.privatedns.biz [209.236.116.110]) by mx1.freebsd.org (Postfix) with ESMTP id B997D8FC14 for ; Sun, 13 May 2012 14:36:14 +0000 (UTC) Received: from localhost ([127.0.0.1]:52618 helo=vahid-shokouhi.net) by cp12-112.cp.c4d.privatedns.biz with esmtpa (Exim 4.77) (envelope-from ) id 1STYvd-0007HN-HC; Sun, 13 May 2012 17:33:41 +0400 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit Date: Sun, 13 May 2012 17:33:40 +0400 From: Vahid Shokouhi To: mahdieh salamat In-Reply-To: References: Message-ID: <7439f3d4019914591b036aa45cfd75e7@vahid-shokouhi.net> X-Sender: vahid@vahid-shokouhi.net User-Agent: Roundcube Webmail/0.7.1 X-AntiAbuse: This header was added to track abuse, please include it with any abuse report X-AntiAbuse: Primary Hostname - cp12-112.cp.c4d.privatedns.biz X-AntiAbuse: Original Domain - freebsd.org X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12] X-AntiAbuse: Sender Address Domain - vahid-shokouhi.net Cc: freebsd-security@freebsd.org Subject: Re: Single user mode X-BeenThere: freebsd-security@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Security issues \[members-only posting\]" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 13 May 2012 14:36:15 -0000 Hi Yes, it is possible to gain access via single-user, but single-user mode is for root user to configure something as he likes; but if the machine is accessible for others, you need to edit "/etc/tty" to prompt for a password in single user mode, although keep in mind anyone with physical access to the machine can still retrieve your data through various methods. in /etc/tty note "secure" term which actually has different meaning. It means that you consider, for example "console" as a secure mode; so you have to change it to "insecure". After rebooting and entering single user mode, you will be prompted for a password to get to the shell prompt. On 2012-05-13 17:04, mahdieh salamat wrote: > Hi everybody. I have a question about single user mode in FreeBSD. > Security > is so important for me. I want to know that if someone don't know my > root's > password can access to it? In other words in our FreeBSD we don't > have > FreeBSD boot loader menu, we delete it for our users becouse of > security. I > want to know is there any other way except boot loader menu for our > user to > access to our root's password? > Thanks > _______________________________________________ > freebsd-security@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to > "freebsd-security-unsubscribe@freebsd.org"