[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: LSB specification of runlevels



On Thu, Jul 05, 2001 at 02:50:43PM +0100, Stephen Stafford wrote:
> No, it wasn't.  By default single user (runlevel 1) requires the root 
> password before you are dropped to a shell.  It is a security 
> precaution which makes it harder for an attacker with physical access 
> to do bad things.

yes thats true, except broken pam does not break that passwd prompt.  

the prompt you see in single user mode is sulogin:

eb@socrates eb$ ldd /sbin/sulogin
        libcrypt.so.1 => /lib/libcrypt.so.1 (0x0ffb3000)
        libc.so.6 => /lib/libc.so.6 (0x0fe9d000)
        /lib/ld.so.1 => /lib/ld.so.1 (0x30000000)

look ma! no pam!

the only way sulogin fails if your shadow/passwd files are corrupted
in such a way that they look valid, but really are not.  sulogin will
skip passwd prompting if it looks like the passwd file has been
totally destroyed.  

-- 
Ethan Benson
http://www.alaska.net/~erbenson/

Attachment: pgp8LWcI5lYBn.pgp
Description: PGP signature


Reply to: