Re: single login
From: David (thunderbolt01_at_netscape.net)
Date: 08/02/03
- Previous message: erik: "Re: ssh question"
- In reply to: wanna know: "Re: single login"
- Next in thread: Allen Kistler: "Re: single login"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 01 Aug 2003 23:50:34 GMT
wanna know wrote:
>
> Thanks for the suggestion Allen , but I want to block single login
> access from LILO prompt. I know that I need to edit my /etc/inittab,
> but I do not remember how to do this.
>
In order to password protect "lilo" so that only those with the
correct password are able to boot into "linux 1" or "linux
single" you would need to add or change the lines shown below
with "-->->" in your "/etc/lilo.conf" file.
The timeout line; is what creates the pause for the lilo prompt
to allow time (in seconds) to choose which OS or mode (ie.. linux
1, DOS, linux 3) you wish to boot into. If your system is Linux
only, you might change this line to "00" to eliminate the pause.
The restricted line; must only be used with the password line.
It is used so that the password is only required when trying to
boot into "linux 1" or "linux single".
The password line; is included in case a un-authorized user
tried to boot into "linux 1" or "linux single" they would be
asked for a password, which without the correct password it would
boot the default OS according to /etc/lilo.conf as if no choices
had been made.
You must remember that linux passwords are case sensitive.
An example /etc/lilo.conf with password protection on a dual
boot system is shown below. Though it has a 30 second pause in
this case to allow time to choose the OS the password protection
is included to protect linux from un-authorized access to "linux 1".
To make changes:
Edit "/etc/lilo.conf" and add or change lines show:
boot=/dev/hda
map=/boot/map
install=/boot/boot.b
prompt
-->-> timeout=30 # could be changed to 00 if linux only system.
default=linux
-->-> restricted # add line only if using password.
-->-> password=<password> # add this line, include password.
image=/boot/vmlinuz-2.2.14
label=linux
initrd=/boot/initrd-2.2.14.img
read-only
root=/dev/hda5
other=/dev/hda1
label=dos
After including password protection in your /etc/lilo you need to
make it un-readable by users due to the password NOT being
encrypted.
To do this you would: "chmod 600 /etc/lilo.conf"
Then to protect your /etc/lilo.conf from having any changes made
to it.
You would: "chattr +i /etc/lilo.conf"
Now you need to update lilo by using: /sbin/lilo -v
Now the next time you reboot you can test your new setup.
Best of luck.
Hope this helps.
-- Confucius: He who play in root, eventually kill tree. Registered with The Linux Counter. http://counter.li.org/ Slackware 9.0 Kernel 2.4.21 i686 (GCC) 3.3 Uptime: 15 days, 19:02, 1 user, load average: 1.31, 1.21, 1.26
- Previous message: erik: "Re: ssh question"
- In reply to: wanna know: "Re: single login"
- Next in thread: Allen Kistler: "Re: single login"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
