lkw@csun.edu (Larry Wake) (12/20/88)
Putting "login root" in your /.profile file is definitely a Bad Thing. The problem: login will time out after 60 seconds, and your system will come up multiuser. Why is this bad? Scenario: two in the morning, a momentary power failure causes your system to crash hard. One of your filesystems goes sour enough that fsck gives up; system goes single user. Your /.profile runs login, but no one's around to log in. A minute later, your system comes up multiuser -- with a dirty filesystem, and no record anywhere that this is what happened, as the fsck error message will probably have scrolled off your console by the time you get there... After this happened to us, I cobbled together a program called 'lockpass' that just prompts for the root password forever, and execs a shell once it gets it. I believe someone posted a similar program to Sun-Spots a few months ago. Larry Wake CSU Northridge Computer Center lkw@csun.edu
roston@ames.arc.nasa.gov (Gerry Roston) (12/31/88)
I am surprised by the short term memory of all of the readers of this news group. Several years ago, some one provided the source code for a program called chkpass and a .profile file showing how to use it. At boot time, it prompts for a passwd, normally the root passwd is used. If it is not provided, you do not get access at single user level. gerry roston, robotic systems research group jet propulsion laboratory, 4800 oak grove drive, m/s 23 pasadena, california, 91109, (818) 354-9124 (818) 354-6508 roston@robotics.jpl.nasa.gov
folta@tove.umd.edu (Wayne Folta) (01/07/89)
I did not think that "login root" by itself is sufficient to stop an intruder. After 60 seconds, doesn't the login timeout, and you proceed on to single-user mode? I seem to remember this, as I then added "haltsys" in my .profile, to avoid this. Was I hallucinating? Wayne Folta (folta@tove.umd.edu 128.8.128.42) [[ If I recall correctly, sh will exec login rather than run it as a subprocess. If it times out, the process will disappear and init will proceed on to multi-user mode. However, if you're .profile said "/bin/login" instead of "login", sh will not recognize it as a command that needs special handling. --wnl ]]