RHEL: Force system to prompt for password in Single User mode

RHEL: Force system to prompt for password in Single User mode

# Tested on RHEL 5, 6 & 7

# Due to security reasons, one may want to force system to prompt for root password even
# in Single User mode

# By default, system doesn't ask for password and we are given root shell directly. Indeed,
# usually Single User mode is used to reset root password in case we forgot it.

# Note that after modifying configuration, in case of forgotten root password, you'll have
# to boot the system in rescue mode to revert configuration in order to be able to change
# root password in Single User mode.



# RHEL 5
# ------------------------------------------------------------------------------------------

# To force users to enter password in Single User mode, add following line to /etc/inittab:

~:S:respawn:/sbin/sulogin

# The changes to this file takes effect after a system reboot

# To make init re-read the /etc/inittab without rebooting the system, type the command

/sbin/init q



# RHEL 6
# ------------------------------------------------------------------------------------------

# Edit /etc/inittab and add "su:S:wait:/sbin/sulogin" before 'initdefault' line:

vi /etc/inittab
   [...]
   su:S:wait:/sbin/sulogin
   id:3:initdefault:

# Edit /etc/sysconfig/init and replace "SINGLE=/sbin/sushell"  with "SINGLE=/sbin/sulogin":

vi /etc/sysconfig/init
   [...]
   # Set to '/sbin/sulogin' to prompt for password on single-user mode
   # Set to '/sbin/sushell' otherwise
   SINGLE=/sbin/sulogin



# RHEL 7
# ------------------------------------------------------------------------------------------

# By default, Single User mode is password protected by the root password on RHEL 7:

cat /usr/lib/systemd/system/rescue.service
   [...]

   [Service]
   Environment=HOME=/root
   WorkingDirectory=/root
   ExecStartPre=-/bin/plymouth quit
   ExecStartPre=-/bin/echo -e 'Welcome to emergency mode! After logging in, type [...]
   ExecStart=-/bin/sh -c "/usr/sbin/sulogin; /usr/bin/systemctl --fail --no-block default" <---
   Type=idle
   StandardInput=tty-force
   StandardOutput=inherit
   StandardError=inherit
   KillMode=process
   IgnoreSIGPIPE=no
   SendSIGHUP=yes
0 (0)
Article Rating (No Votes)
Rate this article
Attachments
There are no attachments for this article.
Comments
There are no comments for this article. Be the first to post a comment.
Full Name
Email Address
Security Code Security Code
Related Articles RSS Feed
RHEL: Allowing users to ’su’ to "root" / Allowing ’root’ to login directly to the system using ’ssh’
Viewed 1390 times since Sat, Jun 2, 2018
RHEL: Reserved space on a ext2/ext3/ext4 filesystem
Viewed 2955 times since Sun, May 27, 2018
RHEL: How to change a USER/GROUP UID/GID and all owned files
Viewed 12529 times since Sat, Jun 2, 2018
Fałszujemy rozpoznania skanerów #1
Viewed 1759 times since Mon, May 21, 2018
Linux LVM recovery
Viewed 15018 times since Wed, Jan 23, 2019
Linux 16 Useful Bandwidth Monitoring Tools to Analyze Network Usage in Linux
Viewed 7614 times since Mon, Sep 21, 2020
How to Synchronize Directories Using Lsyncd in Linux
Viewed 9941 times since Wed, Oct 31, 2018
watchdog How to restart a process out of crontab on a Linux/Unix
Viewed 3763 times since Tue, Jul 31, 2018
How to create stunnel with systemd? stunnel
Viewed 2865 times since Thu, Jan 16, 2020
Tip: SSD and Linux. Enable TRIM and check if it works
Viewed 1685 times since Fri, May 15, 2020