Re: require root passwd for single user mode login?

Subject: Re: require root passwd for single user mode login?
From: Richard West (Richard.West@divatv.com)
Date: Tue Aug 29 2000 - 11:55:43 MDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
• Next message: Martin Costabel: "Re: require root passwd for single user mode login?"
• Previous message: Kyle Wheeler: "Re: require root passwd for single user mode login?"
• In reply to: Kyle Wheeler: "Re: require root passwd for single user mode login?"
• Next in thread: Martin Costabel: "Re: require root passwd for single user mode login?"
• Reply: Richard West: "Re: require root passwd for single user mode login?"

> I suppose - but that's only if it's a standard computer in someone's
> office. What if it's a computer that's part of a kiosk (or something
> similar) where physically disconnecting power is much more difficult?
> Root password should still be required. (once they have it rebooting,
> they can use interactive startup to disable whatever goes on).
> Perhaps there should be different policies for reboot and for halt?
> Root for reboot, user for halt, root for shutdown?

At that point, it really should be an end-user customizable option rather than
a default of the OS, no? Especially since every need is unique, and, in only a
few (aka <10%) of the situations do you have setups where physical access to
the machine is _not_ all empowering..

> >I'm sure you know it's a commonly accepted tenet of security that if you
> >have physical access to the machine you can do whatever you want...
> >there's no reason to make everything really restrictive if all you have
> >to do is boot from a CD to circumvent it.
>
> Heh - if you left a CD in there.
> Yes, it is a commonly accepted tenet of security that physical is
> everything. HOWEVER, sometimes you need to secure a machine that has
> public physical access (read: kiosk, point-of-sale-system, etc.).
> Now, you can remove the CD-ROM, floppy, zip, whatever - and magically
> it can't boot from removeable media. You can secure the power-supply
> so that nothing short of a blowtorch or a power-outage (by cutting or
> shutting down the main line) for more than an hour (or longer -
> battery backups) could bring it down. We really ought to - in that
> case - be at least capable of making "shutdown", "halt", and "reboot"
> a little more secure, without needing to hack too much sourcecode.

sudo is a good application to look into, then.

> >Incidentally, I also discovered why Red Hat creates a group for every user.
> >There really is a reason...
>
> Ooh, now I'm curious. What is it?

In truth, it is a security reason specifically for sharing files between
users. I can give you the exact reason, word-for-word, that I was given by
RedHat once I get home and pull it out of the book.. I can't remember it now.
:)

-Rich

• Next message: Martin Costabel: "Re: require root passwd for single user mode login?"
• Previous message: Kyle Wheeler: "Re: require root passwd for single user mode login?"
• In reply to: Kyle Wheeler: "Re: require root passwd for single user mode login?"
• Next in thread: Martin Costabel: "Re: require root passwd for single user mode login?"
• Reply: Richard West: "Re: require root passwd for single user mode login?"

This archive was generated by hypermail 2a24 : Tue Aug 29 2000 - 12:01:57 MDT