Home » Categories » Multiple Categories

RHEL: Force system to prompt for password in Single User mode

Article Number: 138 | Rating: Unrated | Last Updated: Sat, Jun 2, 2018 9:06 AM

RHEL: Force system to prompt for password in Single User mode

# Tested on RHEL 5, 6 & 7

# Due to security reasons, one may want to force system to prompt for root password even
# in Single User mode

# By default, system doesn't ask for password and we are given root shell directly. Indeed,
# usually Single User mode is used to reset root password in case we forgot it.

# Note that after modifying configuration, in case of forgotten root password, you'll have
# to boot the system in rescue mode to revert configuration in order to be able to change
# root password in Single User mode.



# RHEL 5
# ------------------------------------------------------------------------------------------

# To force users to enter password in Single User mode, add following line to /etc/inittab:

~:S:respawn:/sbin/sulogin

# The changes to this file takes effect after a system reboot

# To make init re-read the /etc/inittab without rebooting the system, type the command

/sbin/init q



# RHEL 6
# ------------------------------------------------------------------------------------------

# Edit /etc/inittab and add "su:S:wait:/sbin/sulogin" before 'initdefault' line:

vi /etc/inittab
   [...]
   su:S:wait:/sbin/sulogin
   id:3:initdefault:

# Edit /etc/sysconfig/init and replace "SINGLE=/sbin/sushell"  with "SINGLE=/sbin/sulogin":

vi /etc/sysconfig/init
   [...]
   # Set to '/sbin/sulogin' to prompt for password on single-user mode
   # Set to '/sbin/sushell' otherwise
   SINGLE=/sbin/sulogin



# RHEL 7
# ------------------------------------------------------------------------------------------

# By default, Single User mode is password protected by the root password on RHEL 7:

cat /usr/lib/systemd/system/rescue.service
   [...]

   [Service]
   Environment=HOME=/root
   WorkingDirectory=/root
   ExecStartPre=-/bin/plymouth quit
   ExecStartPre=-/bin/echo -e 'Welcome to emergency mode! After logging in, type [...]
   ExecStart=-/bin/sh -c "/usr/sbin/sulogin; /usr/bin/systemctl --fail --no-block default" <---
   Type=idle
   StandardInput=tty-force
   StandardOutput=inherit
   StandardError=inherit
   KillMode=process
   IgnoreSIGPIPE=no
   SendSIGHUP=yes
Posted - Sat, Jun 2, 2018 9:06 AM. This article has been viewed 7175 times.
Filed Under: Linux, RHCSA
0 (0)
Article Rating (No Votes)
Rate this article
Attachments
There are no attachments for this article.
Comments
There are no comments for this article. Be the first to post a comment.
Full Name
Email Address
Security Code Security Code
Related Articles RSS Feed
RHEL: Change system’s hostname
Viewed 3385 times since Sun, May 27, 2018
RHEL: ACLs basics
Viewed 6051 times since Sun, May 27, 2018
How to disable SSH cipher/ MAC algorithms for Linux and Unix
Viewed 45871 times since Fri, Aug 21, 2020
RHEL7: Configure automatic updates.
Viewed 1795 times since Wed, Oct 17, 2018
What is yum-cron ?
Viewed 2603 times since Fri, Oct 26, 2018
BIND for the Small LAN
Viewed 3310 times since Sun, May 20, 2018
Managing temporary files with systemd-tmpfiles on Red Hat Enterprise Linux 7
Viewed 9461 times since Sun, Nov 22, 2020
RHEL: Adding a boot entry to GRUB/GRUB2 configuration
Viewed 4509 times since Sun, May 27, 2018
A Simple Guide to Oracle Cluster File System (OCFS2) using iSCSI on Oracle Cloud Infrastructure
Viewed 8178 times since Sat, Jun 2, 2018
RHCS: Install a two-node basic cluster
Viewed 9892 times since Sun, Jun 3, 2018