On Thu, Aug 26, 2004 at 08:49:06AM +0930, Tim Aslat wrote: > In the immortal words of Charles Swiger <[EMAIL PROTECTED]>... > > Whether this gains you much security is another question entirely, and > > you risk breaking single-user mode and various low-level pieces of > > software which expect root to exist, but it can be done. > > I know it can be done, a couple of typos in vipw and I lost the root > account, very disconcerting, but single use mode still seemed to work, > probably because the toor account was still intact even though it has a > password of *.
Actually, single user mode doesn't consult the password file at all --
or anything much in /etc except for /etc/fstab, and even that you can
avoid. It gives you a superuser login session simply by setting the
UID to 0, which is all that really counts to the lower leves of the
system.
If you think about it, that's a really useful design feature. It
means you can recover the system even if your /etc directory gets
completely scrambled. A good measure of the strength of your unix-fu
is how badly trashed a system you can recover without having to
re-install. You'ld be amazed at what some people have managed to
resurrect.
Cheers,
Matthew
--
Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks
Savill Way
PGP: http://www.infracaninophile.co.uk/pgpkey Marlow
Tel: +44 1628 476614 Bucks., SL7 1TH UK
pgpyM98O1icdI.pgp
Description: PGP signature
