RHEL: Force system to prompt for password in Single User mode

RHEL: Force system to prompt for password in Single User mode

# Tested on RHEL 5, 6 & 7

# Due to security reasons, one may want to force system to prompt for root password even
# in Single User mode

# By default, system doesn't ask for password and we are given root shell directly. Indeed,
# usually Single User mode is used to reset root password in case we forgot it.

# Note that after modifying configuration, in case of forgotten root password, you'll have
# to boot the system in rescue mode to revert configuration in order to be able to change
# root password in Single User mode.



# RHEL 5
# ------------------------------------------------------------------------------------------

# To force users to enter password in Single User mode, add following line to /etc/inittab:

~:S:respawn:/sbin/sulogin

# The changes to this file takes effect after a system reboot

# To make init re-read the /etc/inittab without rebooting the system, type the command

/sbin/init q



# RHEL 6
# ------------------------------------------------------------------------------------------

# Edit /etc/inittab and add "su:S:wait:/sbin/sulogin" before 'initdefault' line:

vi /etc/inittab
   [...]
   su:S:wait:/sbin/sulogin
   id:3:initdefault:

# Edit /etc/sysconfig/init and replace "SINGLE=/sbin/sushell"  with "SINGLE=/sbin/sulogin":

vi /etc/sysconfig/init
   [...]
   # Set to '/sbin/sulogin' to prompt for password on single-user mode
   # Set to '/sbin/sushell' otherwise
   SINGLE=/sbin/sulogin



# RHEL 7
# ------------------------------------------------------------------------------------------

# By default, Single User mode is password protected by the root password on RHEL 7:

cat /usr/lib/systemd/system/rescue.service
   [...]

   [Service]
   Environment=HOME=/root
   WorkingDirectory=/root
   ExecStartPre=-/bin/plymouth quit
   ExecStartPre=-/bin/echo -e 'Welcome to emergency mode! After logging in, type [...]
   ExecStart=-/bin/sh -c "/usr/sbin/sulogin; /usr/bin/systemctl --fail --no-block default" <---
   Type=idle
   StandardInput=tty-force
   StandardOutput=inherit
   StandardError=inherit
   KillMode=process
   IgnoreSIGPIPE=no
   SendSIGHUP=yes
0 (0)
Article Rating (No Votes)
Rate this article
Attachments
There are no attachments for this article.
Comments
There are no comments for this article. Be the first to post a comment.
Full Name
Email Address
Security Code Security Code
Related Articles RSS Feed
OpenSSL: Check SSL Certificate Expiration Date and More
Viewed 2892 times since Mon, Feb 18, 2019
Top 4 Reasons for Node Reboot or Node Eviction in Real Application Cluster (RAC) Environment
Viewed 17104 times since Thu, Jun 21, 2018
Automatic YUM Updates with Yum-cron
Viewed 9522 times since Fri, Oct 26, 2018
SSH: Execute Remote Command or Script – Linux
Viewed 983 times since Mon, Feb 18, 2019
socat: Linux / UNIX TCP Port Forwarder
Viewed 2987 times since Tue, Aug 6, 2019
How to find the largest files and directories in Linux?
Viewed 1843 times since Sun, May 20, 2018
How to retrieve and change partition’s UUID Universally Unique Identifier on linux
Viewed 1059 times since Tue, Jul 17, 2018
Secure NTP with NTS
Viewed 6822 times since Sun, Dec 6, 2020
Creating SWAP partition using FDISK & FALLOCATE commands
Viewed 945 times since Thu, Jan 16, 2020
How to accurately determine when the system was booted
Viewed 1096 times since Wed, Oct 3, 2018