Comments 7
я не хотел бы single-user вообще убивать, он может понадобиться.
ну так можно не restart туда вписывать.
Там же в комментариях:
nix uses the /etc/ttys file to control which console and terminal lines will accept logins. See 'man ttys' (in the Terminal app) for details. At the top of the /etc/ttys file on my Panther machine it says:
[...]
# If the console is marked insecure, single-user requires
# the root password.
[...]
# Since DirectoryServices is not running by the time we enter
# single-user mode, init will ask for the non-shadow crypt
# password stored for root in /etc/master.passwd. If no such
# password exists, it will not be possible to enter single-user
# mode from a console marked insecure.
##
console "/System/Library/CoreServices/loginwindow.app/Contents/MacOS/loginwindow" vt100 on secure inoption="/usr/libexec/getty std.9600"
[...]
So, removing the word 'secure' on that line would cause the machine to ask for the root password just before entering single-user mode.
By default no password is set for root in /etc/master.passwd, disallowing login as root altogether. Using the Terminal, 'passwd' allows you to enter a root password:
passwd -i file root
then enter the new password twice.
I have tried this, and it works. The above is the normal way to secure a Unix workstation: protect the Bios/Firmware so that only booting from the internal hard disk is allowed, and require the root password before entering single user mode.
nix uses the /etc/ttys file to control which console and terminal lines will accept logins. See 'man ttys' (in the Terminal app) for details. At the top of the /etc/ttys file on my Panther machine it says:
[...]
# If the console is marked insecure, single-user requires
# the root password.
[...]
# Since DirectoryServices is not running by the time we enter
# single-user mode, init will ask for the non-shadow crypt
# password stored for root in /etc/master.passwd. If no such
# password exists, it will not be possible to enter single-user
# mode from a console marked insecure.
##
console "/System/Library/CoreServices/loginwindow.app/Contents/MacOS/loginwindow" vt100 on secure inoption="/usr/libexec/getty std.9600"
[...]
So, removing the word 'secure' on that line would cause the machine to ask for the root password just before entering single-user mode.
By default no password is set for root in /etc/master.passwd, disallowing login as root altogether. Using the Terminal, 'passwd' allows you to enter a root password:
passwd -i file root
then enter the new password twice.
I have tried this, and it works. The above is the normal way to secure a Unix workstation: protect the Bios/Firmware so that only booting from the internal hard disk is allowed, and require the root password before entering single user mode.
В шоке. Сколько раз заходил в single-mode что-то до меня не разу не допёрло, что ведь можно так и бзе проблем систему взломать. Пусть и говорят потом про сверх-безопасность MAC OS X.
Sign up to leave a comment.
Mac OS — смена пароля root