From owner-freebsd-questions@freebsd.org Fri Oct 2 22:14:47 2015 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 2CBDDA0E680 for ; Fri, 2 Oct 2015 22:14:47 +0000 (UTC) (envelope-from freebsd@edvax.de) Received: from mx02.qsc.de (mx02.qsc.de [213.148.130.14]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id E54EA18FC for ; Fri, 2 Oct 2015 22:14:46 +0000 (UTC) (envelope-from freebsd@edvax.de) Received: from r56.edvax.de (port-92-195-125-111.dynamic.qsc.de [92.195.125.111]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mx02.qsc.de (Postfix) with ESMTPS id 03FEF2782C; Sat, 3 Oct 2015 00:14:44 +0200 (CEST) Received: from r56.edvax.de (localhost [127.0.0.1]) by r56.edvax.de (8.14.5/8.14.5) with SMTP id t92MEiut002221; Sat, 3 Oct 2015 00:14:44 +0200 (CEST) (envelope-from freebsd@edvax.de) Date: Sat, 3 Oct 2015 00:14:44 +0200 From: Polytropon To: "Moreno Carullo" Cc: "freebsd-questions@freebsd.org" Subject: Re: Console -- insecure settings Message-Id: <20151003001444.20266a03.freebsd@edvax.de> In-Reply-To: References: <20151002112101.GA95004@eris.bzerk.org> Reply-To: Polytropon Organization: EDVAX X-Mailer: Sylpheed 3.1.1 (GTK+ 2.24.5; i386-portbld-freebsd8.2) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 02 Oct 2015 22:14:47 -0000 On Fri, 02 Oct 2015 14:14:42 +0200, Michael Ross wrote: > Am .10.2015, 13:21 Uhr, schrieb Ruben de Groot : > > > On Fri, Oct 02, 2015 at 10:32:48AM +0000, Moreno Carullo typed: > >> Hi all, > >> > >> I would like to set the console as insecure as documented here: > >> https://www.freebsd.org/doc/handbook/boot-introduction.html > >> > >> the issue is that the system seems to ignore the setting, as the single > >> user mode does NOT prompt for password. > > > > I think the documentation is wrong, because /etc/ttys is read by init, > > and init doesn't run in single user mode. > > Single user mode means /bin/sh replaces init. > > I tried this here just now, and having set "console" to "insecure", > the system prompts for the root password as documented. > > 10.1-RELEASE-p10 In worst case, check out "man 5 loader.conf" on how to require an earlier-stage password (for the boot loader); see the "password" and "bootlock_password" options for /boot/loader.conf. -- Polytropon Magdeburg, Germany Happy FreeBSD user since 4.0 Andra moi ennepe, Mousa, ...