On 8/27/05, JSD <[EMAIL PROTECTED]> wrote: > I have a big root access problem. If someone has physical > access to my OpenBSD box, than he/she can swith into single > user mode (-s) and can change the password of root.
This is hardly unique to OpenBSD. How about placing your devices in a securely locked place where you can adequately determine who gets access? Once people have physical access to your devices, a password to enter single user mode will not do you much good. Unless you bolt down the machine and its access panels, an attacker will just plug the hard drive into a system under his control. > [...] I would like to password protect this single user mode or to totally > disable this function You might even argue that placing a password such as you suggest slows you down when trying to get repairs done. You wouldn't be the first to lose such a password. That said, disabling single user mode seems rather nasty: you'd lose one of the best places to work on a troublesome system. Keep your maintenance access panels accessible. It's what they're there for. Cheers, Rogier -- If you don't know where you're going, any road will get you there.
