Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP Posting-Version: version B 2.10.1 6/24/83; site ncrcae.UUCP Path: utzoo!watmath!clyde!burl!mgnetp!ihnp4!houxm!houxz!vax135!cornell!uw-beaver!tektronix!hplabs!hao!seismo!harpo!decvax!mcnc!ncsu!ncrcae!wescott From: wescott@ncrcae.UUCP (Mike Wescott) Newsgroups: net.bugs.usg Subject: Re: RE: Why does the S5 init run "/bin/su" in single-user mode Message-ID: <2040@ncrcae.UUCP> Date: Sat, 23-Jun-84 12:23:24 EDT Article-I.D.: ncrcae.2040 Posted: Sat Jun 23 12:23:24 1984 Date-Received: Thu, 28-Jun-84 01:16:47 EDT References: <264@rna.UUCP> Organization: NCR, Columbia, SC Lines: 30 > From: dan@rna.UUCP (Dan Ts'o) > Newsgroups: net.bugs.usg > Subject: RE: Why does the S5 init run "/bin/su" in single-user mode > > Hi, > One reason I might do such a thing is to prevent passers-by from > booting the system and getting a root shell. On my system, I replaced > init's call to /bin/sh to /bin/login to achieve the same thing. I felt that > the rare chance that /bin/login, /etc/passwd were corrupted but NOT /bin/sh > was small compared to the value of not being able to get an easy root shell. Actually using login prevents this, but not /bin/su. Having been kicked off by a root uid proc /bin/su doesn't ask for a password. To make it difficult to reboot a Sys5 machine and get a root permission shell we change the default initial run level to kick off a single getty - login - shell sequence. And this does permit the creation of non-root operators for booting, fsck, et. al. BTW, we DID have a lightning storm that fouled up our disk; login, getty, /etc/passwd were all ok, but su, rm and a few others were corrupted. The machine didn't go down but you couldn't repair it except from the console. (We disable root logins except from the console.) Unfortunately, we tried rebooting first and went from a system that was crippled to one that looped endlessly trying to exec a froogged up /bin/su. As for the original question of why init kicks off /bin/su in the single user state...the question is still open. Mike Wescott NCR Corp mcnc!ncsu!ncrcae!wescott