On Fri, Feb 14, 2003 at 04:48:48PM -0500, [EMAIL PROTECTED] wrote: > On Fri, Feb 14, 2003 at 01:38:24PM -0800, Alan wrote: > > On Fri, Feb 14, 2003 at 04:36:55PM -0500, [EMAIL PROTECTED] wrote: > > > On Fri, Feb 14, 2003 at 01:09:22PM -0600, Henning, Brian wrote: > > > > i guess i am trying to set it up like i have my freebsd machine... > > > > the root password can only be accessed locally on the machine > > > > unless the user is in the wheel group then that user can 'su' as > > > > root. > > > > > > Change root's password in the /etc/shadow file to the single > > > character '*'. Do realize that the below point is correct, though: > > > > > > > Anyway, the only thing I can think of is that you would not be > > > > able to boot the system to single-user mode. But you can still > > > > boot with the "init=/bin/sh" kernel parameter, so that's not > > > > really a problem. > > > > Could this not be solved with a password on lilo/grub to prevent > > people being able to do anything but boot the box? > > Sure, but then you'd _never_ be able to boot single-user (unless you had > a CD to boot from).
Yup, but then again it could be argued (quite successfully) that if you have physical access to the machine to type init=/bin/sh on boot then your security is gone anyway, as the person could walk away with the hard drives, or machine, etc. Total security is a myth of course, we all know that, or at least, outside a block of concrete and a deep river :) alan -- Alan <[EMAIL PROTECTED]> - http://arcterex.net --------------------------------------------------------------------- "The only thing that experience teaches us is that experience teaches us nothing. -- Andre Maurois (Emile Herzog) -- [EMAIL PROTECTED] mailing list