Preventing users to boot VS2000 to single user
Marcus J. Ranum
mjr at vax2.nlm.nih.gov.nlm.nih.gov
Wed Nov 2 13:00:18 AEST 1988
In article <670030 at hpclscu.HP.COM> shankar at hpclscu.HP.COM (Shankar Unni) writes:
>> running Ultrix. The Stations have their own system disk. I want to
>> prevent the users of the stations to boot their system single user.
I kludge I used to do on Suns was to fix /etc/init so that is does not
fork off single user shells, but rather forks off a /bin/login. The shell name
to use is #defined at the top, and changing that breaks a lot of stuff, but
there is a function, singlesh() I think it is, that starts the singleuser
shell. Of course, after I did this on some of our systems I noticed some
undocumented stuff that led me to believe that there was a way to tell it
to boot a different init. Of course, a user could still boot off a kernel
they stashed in /tmp, or a standalone copy, or whatever. This was not a
fix, simply another level of difficulty to add for the potential cracker
to overcome.
I don't think there is really anything you can do if you haven't
got the hardware secure. At that level there are too many holes.
--mjr();
More information about the Comp.unix.wizards
mailing list