Why does the S5 init run "/bin/su" in single-user mode
Dan Ts'o
dan at rna.UUCP
Sat Jun 23 03:55:52 AEST 1984
Hi,
One reason I might do such a thing is to prevent passers-by from
booting the system and getting a root shell. On my system, I replaced
init's call to /bin/sh to /bin/login to achieve the same thing. I felt that
the rare chance that /bin/login, /etc/passwd were corrupted but NOT /bin/sh
was small compared to the value of not being able to get an easy root shell.
Of course, if you are convinced that your computer room is absolutely
safe from unauthorized access and that rebooting would be detected immediately,
then this feature is less useful. Such is not the case in our environment,
where persons knowledgible but NOT authorized to be root have access to the
machine room.
Making /bin/login the single-user command also aids in implementing
an "operator" class of uids - people authorized to use certain commands such
as fsck and dump but not become root.
Cheers,
Dan Ts'o
...cmcl2!rna!dan
More information about the Comp.unix.wizards
mailing list