Path: utzoo!attcan!uunet!steinmetz!vdsvax!barnett
From: barnett@vdsvax.steinmetz.ge.com (Bruce G. Barnett)
Newsgroups: comp.unix.wizards
Subject: Re: Booting SunOS 4.0 singlu user (was Re: NFS security)
Keywords: NFS, mknod
Message-ID: <5425@vdsvax.steinmetz.ge.com>
Date: 9 Sep 88 10:57:59 GMT
References: <126@leibniz.UUCP> <670028@hpclscu.HP.COM> <1394@basser.oz> <1202@luth.luth.se> <66897@sun.uucp> <14186@comp.vuw.ac.nz> <3168@emory.uucp> <12397@duke.cs.duke.edu>
Reply-To: barnett@steinmetz.ge.com (Bruce G. Barnett)
Organization: General Electric CRD, Schenectady, NY
Lines: 23

In article <12397@duke.cs.duke.edu> ndd@romeo.UUCP (Ned D. Danieley) writes:
|If I understand what you've described, the only way to protect a
|[SunOS 4.0] workstation from someone booting it single user is to deny root
|the ability to log in on that workstation. Doesn't sound very elegant
|to me.

The "secure" flag means the console is in a secure (i.e. private)
location.

When the flag is missing, (i.e. anyone has access to the console)
the password is needed to boot up single user mode.
Also, root cannot log in on that terminal.

Instead, you have to log in as a user and do a 'su'. You can restrict
the people allows to su to root by an entry in /etc/group.

You can still rlogin as root, if the /.rhosts lets you.

The solution seems "elegant" and consistant to me. I don't find it to
me a problem. I can quickly log in as root from MY workstation.
-- 
	Bruce G. Barnett 	<barnett@ge-crd.ARPA> <barnett@steinmetz.UUCP>
				uunet!steinmetz!barnett