Re: password protecting lilo

To: debian-user list <debian-user@lists.debian.org>
Subject: Re: password protecting lilo
From: "Illo de' Illis" <illo@mclink.it>
Date: Sat, 3 Jul 1999 08:45:10 +0200
Message-id: <[🔎] 19990703084510.A16447@zodiac>
Mail-followup-to: debian-user list <debian-user@lists.debian.org>
In-reply-to: <[🔎] XFMail.990703025150.pollywog@shadypond.com>; from Pollywog on Sat, Jul 03, 1999 at 02:51:50AM -0000
References: <[🔎] XFMail.990703025150.pollywog@shadypond.com>

On Sat, Jul 03, 1999 at 02:51:50AM -0000, Pollywog wrote:
> How does one actually password protect lilo?
> In the man page, this is mentioned but no examples are given, so all I know is
> that the word "restricted" goes someplace in lilo.conf and then
> password=<password> but .... should I then chmod 600 lilo.conf?  If not, the
> password will just be there for all to see.

Since the password must be written in plain ASCII you _must_ set the lilo.conf
permissions to 0600. You can protect with <password=....> all the images (by
putting it before the image sections) or protect every single image by
inserting it in each image section. The <restricted> flag means that LILO will
ask the user for a password only if the user has added some kernel options
along with the image label. Here are some examples:

1. Protect every image with a password:
boot=/dev/hda
root=/dev/hda1
install=/boot/boot.b
map=/boot/map
vga=normal
delay=0
password=foobar
image=/boot/bzImage-2.3.9
	label=dev
	append="video=pm2fb:mode:1024x768-illo,font:SUN12x22,ypan"
	read-only
image=/boot/bzImage-2.2.10
	label=stable
	append="video=pm2fb:mode:1024x768-illo,font:SUN12x22,ypan"
	read-only

2. Protect two single images with different passwords:
boot=/dev/hda
root=/dev/hda1
install=/boot/boot.b
map=/boot/map
vga=normal
delay=0
image=/boot/bzImage-2.3.9
	label=dev
	password=foo
	append="video=pm2fb:mode:1024x768-illo,font:SUN12x22,ypan"
	read-only
image=/boot/bzImage-2.2.10
	label=stable
	password=bar
	append="video=pm2fb:mode:1024x768-illo,font:SUN12x22,ypan"
	read-only

3. Protect the images with a password, but the unstable kernel can be loaded
   without specifying the password iff there's no request for kernel
   options (i.e. 's', boot in single user mode).
boot=/dev/hda
root=/dev/hda1
install=/boot/boot.b
map=/boot/map
vga=normal
delay=0
password=foobar
image=/boot/bzImage-2.3.9
	label=dev
	restricted
	append="video=pm2fb:mode:1024x768-illo,font:SUN12x22,ypan"
	read-only
image=/boot/bzImage-2.2.10
	label=stable
	append="video=pm2fb:mode:1024x768-illo,font:SUN12x22,ypan"
	read-only

Ciao,
Illo.
 

-- 
----------------------------------------------------------------------------
Ilario Nardinocchi, illo@CS.UniBO.IT - Computer Science Adept since 1982
                    illo@mclink.it 
                    
Know-nothing-bozo rule:
The views expressed above are entirely mine and do not represent the views,
policy or understanding of any other person or official body.
----------------------------------------------------------------------------

Reply to:

References:
- password protecting lilo
  - From: Pollywog <pollywog@shadypond.com>

Prev by Date: Re: Palm Pilots
Next by Date: Re: Email Config Questions
Previous by thread: Re: password protecting lilo
Next by thread: Re: password protecting lilo
Index(es):
- Date
- Thread