[NTLUG:Discuss] ARGH! Root password lost
Gregory A. Edwards
greg at nas-inet.com
Tue Jan 18 23:54:22 CST 2000
Richard Cobbe wrote:
>
[snip]
>
> That's about it. I thought I'd contribute a little something to this,
> though.
>
> Those of you who've thought about this carefully will have realized that,
> yes, in fact, by default, this *does* allow anyone who has access to the
> console and knows what they're doing to get root access on the machine.
>
> (IIRC, Ms. Weaver, who posted the initial question, is the CS teacher at a
> high school. If this is a lab machine, this needs to get locked down.
> Yesterday.)
>
> To fix this:
>
> In /etc/lilo.conf (or wherever you keep yours), add the following lines
> outside of any of the image-specific stuff:
>
> restricted
> password=<whatever>
>
> and re-run lilo.
>
> This will ask for the supplied password whenever an argument is supplied to
> the image label at the LILO prompt. In other words, typing 'linux' won't
> require a password, but 'linux single' will. I usually make this the same
> as the root password, because they're basically equivalent -- once you have
> one, you can get/set the other with a minimum of difficulty.
>
[snip]
>
> Richard
>
You still end up with the same issue of remembering the password. If it
is a lab machine and if it's a server (which has only occasional
keyboard access) you can simply lock the keyboard. Some times PC
designs are actually useful:) As long as the keyboard is locked out
nobody can get access to single user. You won't be able to stop someone
that knows how to bypass the lock but that takes opening the box and
some real knowledge.
--
Greg Edwards
New Age Software, Inc.
http://www.nas-inet.com
More information about the Discuss
mailing list