Home » Categories » Multiple Categories

RHEL: Force system to prompt for password in Single User mode

Article Number: 138 | Rating: Unrated | Last Updated: Sat, Jun 2, 2018 9:06 AM

RHEL: Force system to prompt for password in Single User mode

# Tested on RHEL 5, 6 & 7

# Due to security reasons, one may want to force system to prompt for root password even
# in Single User mode

# By default, system doesn't ask for password and we are given root shell directly. Indeed,
# usually Single User mode is used to reset root password in case we forgot it.

# Note that after modifying configuration, in case of forgotten root password, you'll have
# to boot the system in rescue mode to revert configuration in order to be able to change
# root password in Single User mode.



# RHEL 5
# ------------------------------------------------------------------------------------------

# To force users to enter password in Single User mode, add following line to /etc/inittab:

~:S:respawn:/sbin/sulogin

# The changes to this file takes effect after a system reboot

# To make init re-read the /etc/inittab without rebooting the system, type the command

/sbin/init q



# RHEL 6
# ------------------------------------------------------------------------------------------

# Edit /etc/inittab and add "su:S:wait:/sbin/sulogin" before 'initdefault' line:

vi /etc/inittab
   [...]
   su:S:wait:/sbin/sulogin
   id:3:initdefault:

# Edit /etc/sysconfig/init and replace "SINGLE=/sbin/sushell"  with "SINGLE=/sbin/sulogin":

vi /etc/sysconfig/init
   [...]
   # Set to '/sbin/sulogin' to prompt for password on single-user mode
   # Set to '/sbin/sushell' otherwise
   SINGLE=/sbin/sulogin



# RHEL 7
# ------------------------------------------------------------------------------------------

# By default, Single User mode is password protected by the root password on RHEL 7:

cat /usr/lib/systemd/system/rescue.service
   [...]

   [Service]
   Environment=HOME=/root
   WorkingDirectory=/root
   ExecStartPre=-/bin/plymouth quit
   ExecStartPre=-/bin/echo -e 'Welcome to emergency mode! After logging in, type [...]
   ExecStart=-/bin/sh -c "/usr/sbin/sulogin; /usr/bin/systemctl --fail --no-block default" <---
   Type=idle
   StandardInput=tty-force
   StandardOutput=inherit
   StandardError=inherit
   KillMode=process
   IgnoreSIGPIPE=no
   SendSIGHUP=yes
Posted - Sat, Jun 2, 2018 9:06 AM. This article has been viewed 7769 times.
Filed Under: Linux, RHCSA
0 (0)
Article Rating (No Votes)
Rate this article
Attachments
There are no attachments for this article.
Comments
There are no comments for this article. Be the first to post a comment.
Full Name
Email Address
Security Code Security Code
Related Articles RSS Feed
Yum Update: DB_RUNRECOVERY Fatal error, run database recovery
Viewed 4323 times since Fri, Jan 17, 2020
Linux get the list of FC HBA’s and WWPN
Viewed 3720 times since Tue, May 22, 2018
stunnel How To Encrypt Traffic to Redis with Stunnel on Ubuntu 16.04
Viewed 2347 times since Sun, Dec 6, 2020
bash mistakes This page is a compilation of common mistakes made by bash users. Each example is flawed in some way.
Viewed 9299 times since Sun, Dec 6, 2020
How do I add ethtool settings to a network device permanently?
Viewed 6933 times since Mon, May 21, 2018
12 Tcpdump Commands – A Network Sniffer Tool
Viewed 8946 times since Fri, Jul 27, 2018
YUM CRON RHEL7: Configure automatic updates.
Viewed 2157 times since Fri, Oct 26, 2018
Linux Proxy Server Settings – Set Proxy For Command Line
Viewed 3939 times since Mon, Feb 18, 2019
LVM: Extend SWAP size by growing existing Logical Volume
Viewed 2683 times since Sat, Jun 2, 2018
LVM: Reduce root PV/VG
Viewed 5418 times since Sat, Jun 2, 2018