Home » Categories » Multiple Categories

RHEL: Force system to prompt for password in Single User mode

Article Number: 138 | Rating: Unrated | Last Updated: Sat, Jun 2, 2018 9:06 AM

RHEL: Force system to prompt for password in Single User mode

# Tested on RHEL 5, 6 & 7

# Due to security reasons, one may want to force system to prompt for root password even
# in Single User mode

# By default, system doesn't ask for password and we are given root shell directly. Indeed,
# usually Single User mode is used to reset root password in case we forgot it.

# Note that after modifying configuration, in case of forgotten root password, you'll have
# to boot the system in rescue mode to revert configuration in order to be able to change
# root password in Single User mode.



# RHEL 5
# ------------------------------------------------------------------------------------------

# To force users to enter password in Single User mode, add following line to /etc/inittab:

~:S:respawn:/sbin/sulogin

# The changes to this file takes effect after a system reboot

# To make init re-read the /etc/inittab without rebooting the system, type the command

/sbin/init q



# RHEL 6
# ------------------------------------------------------------------------------------------

# Edit /etc/inittab and add "su:S:wait:/sbin/sulogin" before 'initdefault' line:

vi /etc/inittab
   [...]
   su:S:wait:/sbin/sulogin
   id:3:initdefault:

# Edit /etc/sysconfig/init and replace "SINGLE=/sbin/sushell"  with "SINGLE=/sbin/sulogin":

vi /etc/sysconfig/init
   [...]
   # Set to '/sbin/sulogin' to prompt for password on single-user mode
   # Set to '/sbin/sushell' otherwise
   SINGLE=/sbin/sulogin



# RHEL 7
# ------------------------------------------------------------------------------------------

# By default, Single User mode is password protected by the root password on RHEL 7:

cat /usr/lib/systemd/system/rescue.service
   [...]

   [Service]
   Environment=HOME=/root
   WorkingDirectory=/root
   ExecStartPre=-/bin/plymouth quit
   ExecStartPre=-/bin/echo -e 'Welcome to emergency mode! After logging in, type [...]
   ExecStart=-/bin/sh -c "/usr/sbin/sulogin; /usr/bin/systemctl --fail --no-block default" <---
   Type=idle
   StandardInput=tty-force
   StandardOutput=inherit
   StandardError=inherit
   KillMode=process
   IgnoreSIGPIPE=no
   SendSIGHUP=yes
Posted - Sat, Jun 2, 2018 9:06 AM. This article has been viewed 6766 times.
Filed Under: Linux, RHCSA
0 (0)
Article Rating (No Votes)
Rate this article
Attachments
There are no attachments for this article.
Comments
There are no comments for this article. Be the first to post a comment.
Full Name
Email Address
Security Code Security Code
Related Articles RSS Feed
Increase A VMware Disk Size (VMDK) Formatted As Linux LVM without rebooting
Viewed 15008 times since Wed, May 30, 2018
RHCS6: Show/Add GFS2/GFS journals
Viewed 12435 times since Sun, Jun 3, 2018
Learn Linux System Auditing with Auditd Tool on CentOS/RHEL
Viewed 3909 times since Fri, Apr 5, 2019
Super Grub2 Disk
Viewed 3157 times since Wed, May 22, 2019
What UUIDs can do for you
Viewed 1574 times since Tue, Jul 17, 2018
Find All Large Files On A Linux System
Viewed 1885 times since Mon, Oct 29, 2018
Securing /tmp and shm partitions
Viewed 2927 times since Fri, May 15, 2020
Linux Proxy Server Settings – Set Proxy For Command Line
Viewed 2798 times since Mon, Feb 18, 2019
How to recover error - Audit error: dispatch err (pipe full) event lost
Viewed 24482 times since Tue, Aug 6, 2019
stunnel basics and pki standards
Viewed 9229 times since Fri, Sep 28, 2018