Como fazer para impedir que um usuário acesse um servidor em single user e
altere a senha de root???
Uma referência sobre o assunto:
 3.2.5 Single User Mode Console
A detailed description of what “single user mode” is can be found in
Section 12.6.2. It is worth noting that there is only one console when
you are running FreeBSD in single user mode. There are no virtual
consoles available. The settings of the single user mode console can
also be found in the /etc/ttys file. Look for the line that starts with
# name getty type status comments
# If console is marked "insecure", then init will ask for the root password
# when going to single-user mode.
console none unknown off secure
Note: As the comments above the console line indicate, you can edit this
line and change secure to insecure. If you do that, when FreeBSD boots
into single user mode, it will still ask for the root password.
Be careful when changing this to insecure. If you ever forget the root
password, booting into single user mode is a bit involved. It is still
possible, but it might be a bit hard for someone who is not very
comfortable with the FreeBSD booting process and the programs involved.
Freebsd mailing list