Home » Categories » Multiple Categories

RHEL: Force system to prompt for password in Single User mode

Article Number: 138 | Rating: Unrated | Last Updated: Sat, Jun 2, 2018 9:06 AM

RHEL: Force system to prompt for password in Single User mode

# Tested on RHEL 5, 6 & 7

# Due to security reasons, one may want to force system to prompt for root password even
# in Single User mode

# By default, system doesn't ask for password and we are given root shell directly. Indeed,
# usually Single User mode is used to reset root password in case we forgot it.

# Note that after modifying configuration, in case of forgotten root password, you'll have
# to boot the system in rescue mode to revert configuration in order to be able to change
# root password in Single User mode.



# RHEL 5
# ------------------------------------------------------------------------------------------

# To force users to enter password in Single User mode, add following line to /etc/inittab:

~:S:respawn:/sbin/sulogin

# The changes to this file takes effect after a system reboot

# To make init re-read the /etc/inittab without rebooting the system, type the command

/sbin/init q



# RHEL 6
# ------------------------------------------------------------------------------------------

# Edit /etc/inittab and add "su:S:wait:/sbin/sulogin" before 'initdefault' line:

vi /etc/inittab
   [...]
   su:S:wait:/sbin/sulogin
   id:3:initdefault:

# Edit /etc/sysconfig/init and replace "SINGLE=/sbin/sushell"  with "SINGLE=/sbin/sulogin":

vi /etc/sysconfig/init
   [...]
   # Set to '/sbin/sulogin' to prompt for password on single-user mode
   # Set to '/sbin/sushell' otherwise
   SINGLE=/sbin/sulogin



# RHEL 7
# ------------------------------------------------------------------------------------------

# By default, Single User mode is password protected by the root password on RHEL 7:

cat /usr/lib/systemd/system/rescue.service
   [...]

   [Service]
   Environment=HOME=/root
   WorkingDirectory=/root
   ExecStartPre=-/bin/plymouth quit
   ExecStartPre=-/bin/echo -e 'Welcome to emergency mode! After logging in, type [...]
   ExecStart=-/bin/sh -c "/usr/sbin/sulogin; /usr/bin/systemctl --fail --no-block default" <---
   Type=idle
   StandardInput=tty-force
   StandardOutput=inherit
   StandardError=inherit
   KillMode=process
   IgnoreSIGPIPE=no
   SendSIGHUP=yes
Posted - Sat, Jun 2, 2018 9:06 AM. This article has been viewed 8353 times.
Filed Under: Linux, RHCSA
0 (0)
Article Rating (No Votes)
Rate this article
Attachments
There are no attachments for this article.
Comments
There are no comments for this article. Be the first to post a comment.
Full Name
Email Address
Security Code Security Code
Related Articles RSS Feed
RHEL: Checking HBAs
Viewed 15864 times since Sun, May 27, 2018
Tropienie pożeracza dysku
Viewed 2747 times since Thu, May 24, 2018
RHCS: Install a two-node basic cluster
Viewed 10648 times since Sun, Jun 3, 2018
Securing /tmp and shm partitions
Viewed 3865 times since Fri, May 15, 2020
How to encrypt a partition using LUKS?
Viewed 2403 times since Fri, Jul 13, 2018
How To Find Largest Top 10 Files and Directories On Linux / UNIX / BSD find
Viewed 4437 times since Mon, Oct 29, 2018
RHEL: Route network packets to go out via the same interface they came in
Viewed 3855 times since Sat, Jun 2, 2018
Get UUID of Hard Disks [Update]
Viewed 2710 times since Tue, Jul 17, 2018
Linux - How to unlock and reset user’s account
Viewed 5584 times since Fri, Jun 8, 2018
Open SSL Creating Certificate Signing Request — CSR Generation
Viewed 2401 times since Mon, Feb 18, 2019