Alex Shnitman wrote: > Hi, єхєхс! > > On Tue, Sep 19, 2000 at 07:05:10PM +0200, you wrote the following: > > > Anyone knows how one can secure a Linux box localy against booting it in > > single mode by anwanted persons ? > > At least in my RH boxes everyone can type "linux single" in LILO prompt and > > then passwd to kick me off. > > Add the following lines to lilo.conf: > > password = m2D92n3zf > restricted > > Then adding parameters to the kernel will require entering this > password. (Booting without adding parameters won't.) > And make sure that /etc/lilo.conf is _not_ world readable!!!! > > You may also want to make sure that the BIOS is set up to not boot > from the floppy drive, and that there's a password on the BIOS. That's > about as secure as you can get with it. Be advized that generally, if > someone has physical access to the box he can own it in *some* way, so > it's OK for e.g. university computer rooms where there are people who > look from time to time that people aren't unscrewing boxes and taking > the hard drives out, but it's not 100% foolproof, and it can't be. there are more ways: 1) install package sulogin This will ask root password when booting single. Debian way (tm). 2) tweak /usr/src/linux/init/main.c Pay attention to lines 1080 - 1090, add call to getty at 1419 Thus, you can insist on authentication even if user tries to break in using boot lines such as boot: linux init=/bin/bash > > > -- > Alex Shnitman | http://www.debian.org > [EMAIL PROTECTED], [EMAIL PROTECTED] +----------------------- > http://alexsh.hectic.net UIN 188956 PGP key on web page > E1 F2 7B 6C A0 31 80 28 63 B8 02 BA 65 C7 8B BA > > For Sale: Parachute. Only used once, never opened, small stain. > > ================================================================= > To unsubscribe, send mail to [EMAIL PROTECTED] with > the word "unsubscribe" in the message body, e.g., run the command > echo unsubscribe | mail [EMAIL PROTECTED] ннннннннннннннннннннни unsubscribe, send mail to [EMAIL PROTECTED] with the word "unsubscribe" in the message body, e.g., run the command echo unsubscribe | mail [EMAIL PROTECTED]