On Thu, 3 Feb 2005 14:43:39 +0100 Gert Cuykens <[EMAIL PROTECTED]> wrote:
On Thu, 3 Feb 2005 00:32:23 -0800, Ted Mittelstaedt <[EMAIL PROTECTED]> wrote:
While all of this is very interesting academic, if user Gert is dumb enough to leave the console of his UNIX system accessible then user Ted can come along and power cycle it into single user mode and wipe his disks whether he has the root password or not.
While i quite agree with Ted's encouraging Gert to run X as joe user, rather than root (for a variety of security related reasons) it is a trivial matter implement a password requirement for boot -s. This way, even if a user can boot -s, they *must* have the root passwd.
This implementation does mean, however, that you should not forget the root passwd, for if you do forget, you will not be able to reset it via boot -s and passwd.
/etc/ttys
# If console is marked "insecure", then init will ask for the root # password when going to single-user mode.
console none unknown off insecure
my 2 cents CAD for the day.
cheers, epi _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
If you have local access to a machine, you can easily get access...password or not.
Chris _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
