[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: forgot my password



Shaul Karl wrote:

>>  
>> In case the computer will prompt you to issue root password or to hit 
>> ctl-D to continue, you will have to switch to
>> MaV's method. That behaviour, which is standard on Debian Linux and is 
>> not on RedHat and Mandrake, means
>> that you have sulogin program installed and set up. sulogin ensures that 
>> root account can not be used without
>> proper permission.
>> 
> 
> 
> 
> 1) I can not see how this sulogin achieves this goal. After all, can not 
> anyone issue
> 	init=/bin/sh
> at the boot prompt and do whatever he likes with the root account? so what 
> this sulogin is good for?

Well, a little expalantion.
Being able to to login in single mode as root and being able to tweak 
kernel state to run shell instead of init are completely
different things. While first is made to ensure security/compentce the 
second is made for debugging only.

In order to disable the latter, you can:
1. tweak lilo to ask for its own password, thus disallowing possible 
intruder/coolhacker to tell lilo that he knows better
2. edit appropriate sources, recompile, installboot.

That is for anyone who thinks that he can issue init=/bin/sh on 
_production_ machine.....


> 2) What good will it make to issue 
> 	passwd user_name
> when the user forgot his passwd? Does passwd have different behavior when run 
> in single mode? Or am I completely confusing things?

Oh, for sure... When run in single mode, passwd chages its behaviour to 
allmighty-password-changer-that-never-going-to-be-kicked-again....
Single mode daemon connects to single mode database and inssues single 
mode instructions to single mode the processor into single mode....
(seriously: single-mode == root privs)



=================================================================
To unsubscribe, send mail to linux-il-request@linux.org.il with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail linux-il-request@linux.org.il