<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
<TITLE> [Mageia-dev] bug, omission or feature
</TITLE>
<LINK REL="Index" HREF="index.html" >
<LINK REL="made" HREF="mailto:mageia-dev%40mageia.org?Subject=Re%3A%20%5BMageia-dev%5D%20bug%2C%20omission%20or%20feature&In-Reply-To=%3C4FCB884F.6090708%40colin.guthr.ie%3E">
<META NAME="robots" CONTENT="index,nofollow">
<META http-equiv="Content-Type" content="text/html; charset=us-ascii">
<LINK REL="Previous" HREF="016098.html">
<LINK REL="Next" HREF="016102.html">
</HEAD>
<BODY BGCOLOR="#ffffff">
<H1>[Mageia-dev] bug, omission or feature</H1>
<B>Colin Guthrie</B>
<A HREF="mailto:mageia-dev%40mageia.org?Subject=Re%3A%20%5BMageia-dev%5D%20bug%2C%20omission%20or%20feature&In-Reply-To=%3C4FCB884F.6090708%40colin.guthr.ie%3E"
TITLE="[Mageia-dev] bug, omission or feature">mageia at colin.guthr.ie
</A><BR>
<I>Sun Jun 3 17:52:47 CEST 2012</I>
<P><UL>
<LI>Previous message: <A HREF="016098.html">[Mageia-dev] bug, omission or feature
</A></li>
<LI>Next message: <A HREF="016102.html">[Mageia-dev] bug, omission or feature
</A></li>
<LI> <B>Messages sorted by:</B>
<a href="date.html#16099">[ date ]</a>
<a href="thread.html#16099">[ thread ]</a>
<a href="subject.html#16099">[ subject ]</a>
<a href="author.html#16099">[ author ]</a>
</LI>
</UL>
<HR>
<!--beginarticle-->
<PRE>'Twas brillig, and Richard Couture at 03/06/12 12:27 did gyre and gimble:
><i> I notice that when, at the end of the installation of MGA2, I select the
</I>><i> level of security as HIGH, that I am permitted entry into the system in
</I>><i> Linux Single mode without a challenge password, which is a new, and IMHO
</I>><i> undesirable, behavior from previous versions.
</I>><i>
</I>><i> Is this a new feature, or have I stumbled upon a bug?
</I>><i>
</I>><i> The /etc/inittab does have ~~:S:wait:/sbin/sulogin in it but I can get
</I>><i> in without a password... Must be something new in system D
</I>
/etc/inittab is no longer used or read.
For single user mode now-a-days we boot to rescue.target (this is done
automatically if you just put a 1 at the end of the kernel command line
to support "runlevel 1").
Ultimately this pulls in rescue.service
This file should source the contents of /etc/sysconfig/init and then
execute:
/bin/bash -c "exec ${SINGLE}"
So please check /etc/sysconfig/init and make sure SINGLE is set to
/sbin/sulogin rather than /sbin/sushell.
However you will see from previous threads that I'm not convinced
sulogin is actually working all that well just now and it some
pre-release testing it didn't run properly for me.
On the whole, this kind of "security" is basically bullshit anyway. It
might make things a tiny bit harder, but if you can get into the
bootloader to append a 1 on the command line, you can also append
init=/bin/bash too which totally bypasses everything too. So while it's
maybe a nice idea, for all practical purposes, it's not any kind of real
security anyway, so don't rely on it!
Col
--
Colin Guthrie
colin(at)mageia.org
<A HREF="http://colin.guthr.ie/">http://colin.guthr.ie/</A>
Day Job:
Tribalogic Limited <A HREF="http://www.tribalogic.net/">http://www.tribalogic.net/</A>
Open Source:
Mageia Contributor <A HREF="http://www.mageia.org/">http://www.mageia.org/</A>
PulseAudio Hacker <A HREF="http://www.pulseaudio.org/">http://www.pulseaudio.org/</A>
Trac Hacker <A HREF="http://trac.edgewall.org/">http://trac.edgewall.org/</A>
</PRE>
<!--endarticle-->
<HR>
<P><UL>
<!--threads-->
<LI>Previous message: <A HREF="016098.html">[Mageia-dev] bug, omission or feature
</A></li>
<LI>Next message: <A HREF="016102.html">[Mageia-dev] bug, omission or feature
</A></li>
<LI> <B>Messages sorted by:</B>
<a href="date.html#16099">[ date ]</a>
<a href="thread.html#16099">[ thread ]</a>
<a href="subject.html#16099">[ subject ]</a>
<a href="author.html#16099">[ author ]</a>
</LI>
</UL>
<hr>
<a href="https://www.mageia.org/mailman/listinfo/mageia-dev">More information about the Mageia-dev
mailing list</a><br>
</body></html>