Path: utzoo!attcan!uunet!lll-winken!lll-lcc!ames!mailrus!cornell!uw-beaver!rice!sun-spots-request
From: aco@TAURUS.BITNET
Newsgroups: comp.sys.sun
Subject: Re: Asking for root passwd when booting single user
Message-ID: <8812152136.AA00989@gemini.Tau.Ac.IL>
Date: 22 Dec 88 09:35:03 GMT
Sender: usenet@rice.edu
Organization: Sun-Spots
Lines: 54
Approved: Sun-Spots@rice.edu
Original-Date: Thu, 15 Dec 88 23:36:13 +0200
X-Sun-Spots-Digest: Volume 7, Issue 72, message 2 of 9

Here is another solution to the singleuser problem. It assumes root has
/bin/csh as its shell in /etc/passwd. Instead of using 'login root' a
small program, 'secure', (described below) is used.  Secure doesn't time
out as login does, thus no single user boot is possible unless you know
root's password (or somebody discovers another hole...)

Note that as a 'side effect', root's password will be asked for on the
console before going into singleuser mode (when performing shutdown, for
instance).

The following should be inserted to /.profile
____________________ cut here
stty intr u susp u dsusp u quit u
echo ""
if /etc/secure
then
        stty intr \^c susp \^z dsusp \^y quit \^\\
        echo single user mode
else
        echo bad password
        /etc/halt
fi
____________________ cut here

The following is the source of /etc/secure. The compiled program must be
placed somewhere in the root file system (I used /etc).  (Don't forget to
change its name in /.profile if you place it in a different location).

The program asks for the root password and compares it to the root
password in /etc/passwd (YP is not used in this case).

____________________ cut here
#include <pwd.h>
#include <string.h>
#include <stdio.h>
char *p, *n;
char *crypt(), *getpass();
struct passwd *pwd, *getpwnam();

main() {

        if ((pwd = getpwnam("root")) == NULL) exit(1);
        p = getpass("Password:");
        n = crypt(p, pwd->pw_passwd);
        if (strcmp(n, pwd->pw_passwd)) exit(1);
        exit(0);
}
____________________ cut here

Beware: if /etc/secure is not present - you cannot perform singleuser
boot. Multiuser boot should work fine.

Ariel Cohen
Tel-Aviv university
Math school, CS-LAB