guy@rlgvax.UUCP (Guy Harris) (06/22/84)
Somebody asked me why the System V "init" runs "/bin/su" instead of "/bin/sh"
as the single-user shell, pointing out that running "/bin/su" requires a
valid entry for "root" in "/etc/passwd" while running "/bin/sh" doesn't.
The idea of single-user mode was that providing a usable shell in that mode
should require as few parts of UNIX to be working as possible; obviously,
the root file system must be somewhat usable, and "/etc/init", "/dev/console",
and "/bin/sh" must be usable (and possibly some of the funny links the S5
"init" uses to refer to "/dev/console"), and "/.profile" mustn't have a
problem, but it shouldn't require anything else other than, of course, the
commands you wish to run.
The only reasons I can think of are:
1) They want "su" to log the super-user shell in "/usr/adm/sulog".
2) They want "su", which is run as "su -", to do all the things
that an "su -" does, like a "chdir" to "root"'s home directory
(which is useless unless it isn't "/"), setting the environment
including PATH (which "/etc/init" could do itself), etc..
As far as I'm concerned, none of those reasons override the desire to have
a single-user shell assume that as little of the system works as possible,
so that you can fix it without having to restore the root file system.
You aren't supposed to do much in single-user mode, anyway. A good system
won't even linger in single-user mode when booted; it'll check the file
systems and go right to multi-user mode (or whatever you call "fully up"
mode on a single-user workstation).
Anybody got a good reason which overrides even that desire?
Guy Harris
{seismo,ihnp4,allegra}!rlgvax!guyron@BRL-TGR.ARPA (06/27/84)
From: Ron Natalie <ron@BRL-TGR.ARPA> If someone can get into your computer room, I really don't think you can do anything to keep them from becoming superuser if they try hard enough. -Ron
jack@vu44.UUCP (Jack Jansen) (07/02/84)
I guess that they did it for security reasons. If you run "su"
in stead of "sh", you don't have to lock your machine room if
you want to make sure that no-one can log in as superuser.
I did something like this, with one exception : If "su"
cannot find the password file it returns a funny exit status, and
if "init" gets this funny return, it will still start "sh". This
way, you get your security, but you can still boot if the passwordfile
is corrupted.
Jack Jansen, {philabs|decvax}!mcvax!vu44!jackmike@sdcrdcf.UUCP (07/06/84)
If you're really concerned with keyswitch level security, then don't allow auto-reboots and haque a password into boot. Mike