Subject: Re: require root passwd for single user mode login?
From: Michael A. Peters (Moonglue@141.com )
Date: Tue Aug 29 2000 - 13:18:11 MDT
>On Mon, 28 Aug 2000, Michael A. Peters wrote:
> >
> > Also, the user being able to shutddown or reboot from console is also
> > a Red Hat thing. They do it with pam to verify that the user is at
> > the console, but that's stupid!
>
>I actually found out the reason for this. The idea is that if they're at
>console, they can shut it down anyways. And 'halt' is clearly a better
>solution than pulling the plug.
Not true. We keep our important servers in a rack. We have a monitor
and keyboard on top, but the rack stays locked. There is a switch to
switch between the various servers in the rack.
These machines could be rooted except lilo and the bios are password
protected, but in the case of Macs- that's not an option (to my
knowledge). Requiring a password for single would prevent a three
finger salute from allowing root access to the machine (since they
are locked in the rack, you can't boot off of cd or floppy w/o the
rack key).
I'd rather the plug be pulled than sensitive data sold. And so would
my boss. We can recover from a corrupt or crashed drive. We can't
recover as well from espionage.
>
> > Just because Macs don't have a good way to prevent booting off
> > alternate media (such as CDROM) does not mean its local security
> > should be shitty in other areas. Besides, I suspect RS/6000 and other
> > platforms linuxppc runs on has better physical security.
>
>I'm sure you know it's a commonly accepted tenet of security that if you
>have physical access to the machine you can do whatever you want...
>there's no reason to make everything really restrictive if all you have
>to do is boot from a CD to circumvent it.
But it IS possible (with a rack) to prevent booting from CD, and
don't be too surprised if Apple doesn't come out with a way to
password protect the boot device on future models (and I wouldn't be
surprised if RS/6000 already had this)
>
> > The user should NOT be able to log in w/o password when booting
> > single. Only root has any business being single, therefore the person
> > booting single should have the root password.
>
>If you can type "single" at a boot prompt you can just as easily type
>"init=/bin/bash". The only way to prevent that is to do some kernel hacking,
>cutting off a very useful tool in the process. You can of course do this
>locally if it upsets you...
Does that work on all distros? Interesting...
>
> > I highly advise both LinuxPPC and Yellow Dog Linux to stray from Red
> > Hat's way when it comes to booting single or allowing users to reboot
> > a machine.
>
>I hope you understand the situation better now.
I do. I don't believe sloppy security is ever excusable. Its not like
other distros went out of their way to make local security more
secure, its that Red Hat went out of their way to make it LESS secure.
Pam is for NIS. It has no business being used to insecure a box...
>
>Incidentally, I also discovered why Red Hat creates a group for every user.
>There really is a reason...
I have the Red Hat Certified Engineer book. Has to do with the
default file permissions (umask)- at least according to the book. I
don't really care about that- that's easy enough to change.
>
>-Hollis
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Michael A. Peters-- http://24.5.29.77/Linux_Pages/
http://www.omnilinux.com/
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
This archive was generated by hypermail 2a24 : Tue Aug 29 2000 - 22:29:16 MDT