Re: password protecting lilo
On Sat, Jul 03, 1999 at 02:51:50AM -0000, Pollywog wrote:
> How does one actually password protect lilo?
> In the man page, this is mentioned but no examples are given, so all I know is
> that the word "restricted" goes someplace in lilo.conf and then
> password=<password> but .... should I then chmod 600 lilo.conf? If not, the
> password will just be there for all to see.
Since the password must be written in plain ASCII you _must_ set the lilo.conf
permissions to 0600. You can protect with <password=....> all the images (by
putting it before the image sections) or protect every single image by
inserting it in each image section. The <restricted> flag means that LILO will
ask the user for a password only if the user has added some kernel options
along with the image label. Here are some examples:
1. Protect every image with a password:
boot=/dev/hda
root=/dev/hda1
install=/boot/boot.b
map=/boot/map
vga=normal
delay=0
password=foobar
image=/boot/bzImage-2.3.9
label=dev
append="video=pm2fb:mode:1024x768-illo,font:SUN12x22,ypan"
read-only
image=/boot/bzImage-2.2.10
label=stable
append="video=pm2fb:mode:1024x768-illo,font:SUN12x22,ypan"
read-only
2. Protect two single images with different passwords:
boot=/dev/hda
root=/dev/hda1
install=/boot/boot.b
map=/boot/map
vga=normal
delay=0
image=/boot/bzImage-2.3.9
label=dev
password=foo
append="video=pm2fb:mode:1024x768-illo,font:SUN12x22,ypan"
read-only
image=/boot/bzImage-2.2.10
label=stable
password=bar
append="video=pm2fb:mode:1024x768-illo,font:SUN12x22,ypan"
read-only
3. Protect the images with a password, but the unstable kernel can be loaded
without specifying the password iff there's no request for kernel
options (i.e. 's', boot in single user mode).
boot=/dev/hda
root=/dev/hda1
install=/boot/boot.b
map=/boot/map
vga=normal
delay=0
password=foobar
image=/boot/bzImage-2.3.9
label=dev
restricted
append="video=pm2fb:mode:1024x768-illo,font:SUN12x22,ypan"
read-only
image=/boot/bzImage-2.2.10
label=stable
append="video=pm2fb:mode:1024x768-illo,font:SUN12x22,ypan"
read-only
Ciao,
Illo.
--
----------------------------------------------------------------------------
Ilario Nardinocchi, illo@CS.UniBO.IT - Computer Science Adept since 1982
illo@mclink.it
Know-nothing-bozo rule:
The views expressed above are entirely mine and do not represent the views,
policy or understanding of any other person or official body.
----------------------------------------------------------------------------
Reply to: