Booting SunOS 4.0 single user
Jim Battan
battan at tc.fluke.COM
Fri Sep 9 07:19:02 AEST 1988
In article <3168 at emory.uucp> arnold at emory.UUCP (Arnold D. Robbins {EUCC}) writes:
>In article <14186 at comp.vuw.ac.nz> duncan at comp.vuw.ac.nz (Duncan McEwan) writes:
>>I think SunOS 4.0 can be configured to require the
>>superuser password before coming up in single user mode.
>
>[Yes it can.] This feature is straight-forward, and fairly elegant.
Straight-forward, yes. Elegant, no.
>The 'secure' on the line for the console has the usual meaning of "root
>can log in on this terminal", and is also overloaded to mean "OK, you can
>come up with a single user root shell".
The overloading of the "secure" keyword is not as flexible as I would
like. If you have a need for secure single-user boots (as we, and I
imagine most people, do), but you really don't care if people directly log
in as root (because people can just log in as themselves, and then su to
root, even though the tty isn't marked secure), you have no choice but to
make the console insecure and put up with the inconvenience. (Albeit I
realize having users su leaves a syslog trace.)
This would be unnecessary if another keyword was added to allow
single-user boots without the password, in addition to the keyword for allowing
root logins directly from the console/tty. Perhaps su(1) should also check
/etc/ttytab for the "secure" keyword, in addition to requiring wheel group
membership (or instead of: If workstation users are allowed to su on their
own machines, they must have a private wheel entry in /etc/group, separate
from the network administrative wheel group members in the YP).
--
Jim Battan
Voice: +1 206 356 6469
Email: battan at tc.fluke.COM || {uw-beaver,decvax!microsoft,sun}!fluke!battan
More information about the Comp.unix.wizards
mailing list