Prevent users entering single usermode


To prevent unauthorized access or prevent users entering single usermode or be able to change settings at boottime you could change some BIOS settings and use a password for the GRUB bootloader. First disable your system by changing some BIOS settings (depends on your hardware/BIOS version) to be able to boot from usb-, and other external devices, floppy drives, CD/DVD drives and set a BIOS password. Second, set a GRUB bootloader password. Generate a password hash using the command /sbin/grub-md5-crypt. Add the hash to the first line of /etc/grub.conf as follows:

password --md5 passwordhash
Don't forget to verify the permissions on /boot/grup/grub.conf. Owner and group should be root, root should have read-write access:
ls -al /boot/grub/grub.conf
-rw------- 1 root root 960 Jan 01 00:00 /boot/grub/grub.conf
If the permissions are not ok, change them:
chown root:root /boot/grub/grub.conf
chmod 600 /boot/grub/grub.conf
You even might set authentication for single usermode. By default, no authentication is performed if single-usermode is selected at boottime. To require the root password to be entered before the system can start into single usermode, add the following line to the file /etc/inittab:

Please login first before adding a comment.


You are here: Home Howtos and FAQs Security Prevent users entering single usermode