Edit /etc/lilo.conf. For every boot option you want to protect, add the
line "restricted" followed by "password=somepassword" . If you have
Windows or something which isn't secure even if you don't give it a
special boot-time option, leave out the restricted. So if you have:
image=/boot/vmlinuz
root=/dev/hda5
label=linux
read-only
image=/boot/vmlinuz.bak
root=/dev/hda5
label=oldlinux
read-only
other=/dev/hda1
label=dos
table=/dev/hda
You would add change the two linux images two look like this:
root=/dev/hda5
label=linux (or oldlinux)
restricted
password=somepassword
read-only
And change the DOS image to look like this:
label=dos
password=somepassword
table=/dev/hda
**IMPORTANT!!** There are two more things you must do.
# chown root.root /etc/lilo.conf
# chmod 600 /etc/lilo.conf
# lilo
This prevents anyone except root from reading lilo.conf (and thus getting
your passwords) and then runs lilo to make your changes take effect.
Now you can boot Linux normally without a password, but if you want to
change the command-line options for Linux or boot to DOS, you need to type
in the password.
On Tue, 4 May 1999, Michael K. Magambo wrote:
> I have recently installed Redhat 5.2 which is working fine except for
> LILO. A friend of mine entered my system by simply typing linux single.
> He then got super user access. How can I disable this feature of LILO.
> I want a totally secure system.
>
--
Matthew Sachs
[EMAIL PROTECTED]
-- random fortune quote --
You can bring any calculator you like to the midterm, as long as it
doesn't dim the lights when you turn it on.
-- Hepler, Systems Design 182