No password in Single user mode?

C

CalBear96

Hi,
Forgive me for the newbie question, but as I was reading several FreeBSD guides (Absolute FreeBSD, The Complete FreeBSD, and handbook) I noticed that a user can change the root password if they enter into single user mode upon starting the computer, without ever needing to type in the old password. This seems like a large security gap if a random person happens upon my laptop and wants to snoop. Is there a way to prevent this, or am I misreading? I do not have FreeBSD installed yet, as my computer I will be installing it on has yet to be built (back ordered.) I am trying to learn as much as possible before getting it so that the installation and use go smoothly. Thanks for your help.

Dave
 
Yes, the general assumption being that if you have physical access you can pretty much always get in.

To make it prompt for a password in single user mode in the line from /etc/ttys
Code: 
console  none          unknown off secure
change the "secure" to "insecure".

Note that this doesn't stop someone booting your machine with a USB stick or CD (or just putting in another hard drive) and changing your root password externally. So it's still not really secure.

For the ultimate, fill the case with concrete and bury it with Jimmy Hoffa.
 
Thankfully, I know where Hoffa is buried, so I'll be good! Plus, I am not usually around people that would know how to either enter single user mode (or know that that is an option) or boot from a CD/USB. I have just recently started to teach myself about computers and *nix, so I really do appreciate the quick and patient answers of this forum. Hopefully that does not violate the thanking policy. :)

Cheers!
 
You must log in or register to reply here.
Back
Top