RHEL: Force system to prompt for password in Single User mode

RHEL: Force system to prompt for password in Single User mode

# Tested on RHEL 5, 6 & 7

# Due to security reasons, one may want to force system to prompt for root password even
# in Single User mode

# By default, system doesn't ask for password and we are given root shell directly. Indeed,
# usually Single User mode is used to reset root password in case we forgot it.

# Note that after modifying configuration, in case of forgotten root password, you'll have
# to boot the system in rescue mode to revert configuration in order to be able to change
# root password in Single User mode.



# RHEL 5
# ------------------------------------------------------------------------------------------

# To force users to enter password in Single User mode, add following line to /etc/inittab:

~:S:respawn:/sbin/sulogin

# The changes to this file takes effect after a system reboot

# To make init re-read the /etc/inittab without rebooting the system, type the command

/sbin/init q



# RHEL 6
# ------------------------------------------------------------------------------------------

# Edit /etc/inittab and add "su:S:wait:/sbin/sulogin" before 'initdefault' line:

vi /etc/inittab
   [...]
   su:S:wait:/sbin/sulogin
   id:3:initdefault:

# Edit /etc/sysconfig/init and replace "SINGLE=/sbin/sushell"  with "SINGLE=/sbin/sulogin":

vi /etc/sysconfig/init
   [...]
   # Set to '/sbin/sulogin' to prompt for password on single-user mode
   # Set to '/sbin/sushell' otherwise
   SINGLE=/sbin/sulogin



# RHEL 7
# ------------------------------------------------------------------------------------------

# By default, Single User mode is password protected by the root password on RHEL 7:

cat /usr/lib/systemd/system/rescue.service
   [...]

   [Service]
   Environment=HOME=/root
   WorkingDirectory=/root
   ExecStartPre=-/bin/plymouth quit
   ExecStartPre=-/bin/echo -e 'Welcome to emergency mode! After logging in, type [...]
   ExecStart=-/bin/sh -c "/usr/sbin/sulogin; /usr/bin/systemctl --fail --no-block default" <---
   Type=idle
   StandardInput=tty-force
   StandardOutput=inherit
   StandardError=inherit
   KillMode=process
   IgnoreSIGPIPE=no
   SendSIGHUP=yes
0 (0)
Article Rating (No Votes)
Rate this article
Attachments
There are no attachments for this article.
Comments
There are no comments for this article. Be the first to post a comment.
Full Name
Email Address
Security Code Security Code
Related Articles RSS Feed
www.unixarena.com
Viewed 615 times since Fri, Jul 27, 2018
LVM: Extend an existing Logical Volume / Filesystem
Viewed 937 times since Sat, Jun 2, 2018
Top 20 OpenSSH Server Best Security Practices - good article
Viewed 701 times since Mon, Oct 1, 2018
RHEL : How to deal with “CLOSE_WAIT” and “TIME_WAIT” connection
Viewed 7114 times since Thu, Feb 14, 2019
Build a simple RPM that packages a single file
Viewed 1253 times since Sat, Jun 2, 2018
RHEL: udev rules basics
Viewed 1373 times since Sat, Jun 2, 2018
Linux - How to unlock and reset user’s account
Viewed 631 times since Fri, Jun 8, 2018
How to stop and disable auditd on RHEL 7
Viewed 7940 times since Tue, Aug 6, 2019
An easier way to manage disk decryption at boot with Red Hat Enterprise Linux 7.5 using NBDE
Viewed 2296 times since Mon, Aug 6, 2018
List of 10 Must Know Oracle Database Parameters for Database Administrator
Viewed 14212 times since Thu, Jun 21, 2018