PDA

View Full Version : Disable root password in run level 1 mode



c0nsaw
07-Dec-2012, 15:20
Hi folks,

Id like to disable root password request when booting in single user mode. (like its done in fedora etc :) )

Ive tried to edit inittab in a vm to test, but I keep breaking it :-p

any advise on how to do it appreciated

Regards

SLES 11 SP1 btw

ab
07-Dec-2012, 15:29
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

> Id like to disable root password request when booting in single user
> mode. (like its done in fedora etc :) )

Interesting question.... why?

> SLES 11 SP1 btw

This is the forum for SLED... Desktop version of SLE vs. the Server
version of SLE.

Anyway, have you tried putting the following in grub as an alternative:

init=/bin/bash

That should drop you directly to a basic shell from which you can access
the system.

The purpose, in my mind, of runlevel 1 is to (as we all know) have a
single user, but since there is a "user" and not just a shell that user
should still need to authenticate since, by definition, that user is
'root'. Anybody walking past the terminal, otherwise, who can reboot
the machine, can do anything. With a password there at least somebody
needs to be able to tweak grub or the bios or something outside the OS
which usually means they not only can access the terminal but also the
internals.

Good luck.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.19 (GNU/Linux)
Comment: Using GnuPG with undefined - http://www.enigmail.net/

iQIcBAEBAgAGBQJQwf1PAAoJEF+XTK08PnB5XcEQAJ8SHhGfMH c2BhxgEyv+GqV+
C81LHrMEngOxelbVQsgOAtEVabafpLoH+0GRRqV5xjRGG3l9En 2y+Z88jO4ntOC+
36hTHkg9S/fgw9c3oiuRDCO8YfU3YhSwt3qkV26lUjrjQsn+62BkQ9tp/4QsGsER
2eCxQdkya6VNm38h6BdaG+7IC+CmBLZPe3KZo7Ogu8k4+0HSf5 BLWbxRdA6aNF0R
c0wLozbyfbw7HiwEGDeVmRH9exMW3pitqAXnbMw3iS5qYPnfXs 4NB1E2kqAH5w53
wm3HiMrP7/OYp7Vwqfb1H1i5SL92kiqYYpfwoCCrjwwa9scbWWmOQG4LEA8E YYEP
mxsUVITZC+wxapk10tppji591FMUMOBtdGKF7m4vQXkx0TumqF lnwUbumPL5zAV3
3PCLVheN+KiAeAJugKssuovbdztV+xtUhv7SegAF3+fiNVnxNa EvmX3QwghXZu2M
msvGa1ME5sdFDiO+TXXYVC8xJLe6AvpzfKGXvN3zBe2uoPPpgb Er7uS/hr7RGOTR
C/wtc46V7cARt6VxAHOYbb55gLrsW1Q3T8yuUF0u8xjYWuPM/FsJCC2B6nhq0LIY
BCareofTlcE06BtIEnTkPYDYSz6zFA5j8MvgiRYv23MRr8afAU DKbUdj7yKF3HHi
O+TPJe26s0xxrCRwPIRY
=J4bo
-----END PGP SIGNATURE-----

c0nsaw
07-Dec-2012, 16:13
Apologies for the wrong forum :-)

I'm a student intern, and at my company in my role I provide a lot of vm's for customers etc, usually this is a manual process and I manage all parts of the OS deployments.
We are currently moving to in house made vm deployment tool that our customers can use a webpage and select and deploy their own vm's with a couple of clicks of the mouse.

So currently I'm preparing a SLES 11 vm template, and first thing I need it to be able do after install is for run level 1 be passwordless so i can run a post install config script we have that sets up our nis logins autofs etc....quite easy in fedora as I said, as run level 1 is passwordless.

Im fairly new to linux, so this is good learning, I do understand the implications of a more insecure run level 1, but in this instance its controlled :)

Thanks for getting back to me so fast

mikewillis
07-Dec-2012, 21:13
...so i can run a post install config script we have that sets up our nis logins autofs etc....
You may want to look at AutoYaST. You can configure stuff like NIS and Autofs in the AutoYaST profile. You can also have it run post install scripts.

You ought to be using with SP2, not SP1. According to SP2 release notes (https://www.suse.com/releasenotes/x86_64/SUSE-SLES/11-SP2/#rnotes-purpose):

At the end of the six-month parallel support period, on 2012-08-31, support for SUSE Linux Enterprise Server 11 Service Pack 1 will be discontinued.

c0nsaw
07-Dec-2012, 21:26
You may want to look at AutoYaST. You can configure stuff like NIS and Autofs in the AutoYaST profile. You can also have it run post install scripts.

You ought to be using with SP2, not SP1. According to SP2 release notes (https://www.suse.com/releasenotes/x86_64/SUSE-SLES/11-SP2/#rnotes-purpose):

SP1 (Amongst many other distros and kernel vesrions ) is used for running nightly builds, its all lab environment not our production, so no problems there, I just want to be able run a bash script that bangs out our post install configs, so Im really only looking at getting single user mode, paswordless. :D

ab
07-Dec-2012, 22:02
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I wasted an hour this morning looking into this and so now I'm back for
more information.

How do you access this in an automated fashion (I assume it's automated,
anyway... it's a VM after all, and presumably the first boot)?

Any reason you want to do this from a shell and not without any kind of
login at all... for example using a one-time init script? SUSE Studio
does this kind of thing (which you can use for free to build your VM for
use wherever) but you can do it on your own by dropping your script in
something like /etc/init.d/boot.d/S99boot.firsttime so that it's
executed automatically without needing your login at all, and without
modifying SUSE to be less-secure like other distros, and stuff. Have
the last line in that script clean itself up (`rm
/etc/init.d/boot.d/S99boot.firsttime`).

Good luck.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.19 (GNU/Linux)
Comment: Using GnuPG with undefined - http://www.enigmail.net/

iQIcBAEBAgAGBQJQwlluAAoJEF+XTK08PnB5kMsP/3QEQoDYz7lJR3ZF69bQyOQO
iT2rDks6diah2Nfe6o9UkArox7yPoKocOyWM+Z8cRPykBdj2pm k2mTovQIMKLNbX
Ah6aNPsTXUtgg9u0IkB2ZVNRl0T1DxvmEoL+RIDHmpXvgKp21R/HPoAkinrqXgLu
u1hDlMMKGWJ8f9EYYgy+NHB+9OOtsSVdY6aED7hJNCMoAH5rSa s2z4KVhFhWig2n
NiVRZnvlompnkedJaoIwhGPHWfBKYmPrYur+s9lqJg5KlNpKki HI+1GctyTbdiWH
t4GVcU9Tm4hf7ZjeyARaw8WQOc1fdRLt20hPEaC3Ubf0HD4e1P g4HoxN8UPW1zst
v0E6EHdAPM8taBvTvFiuJ0e/st0nWN3ljuWeFphqfsx/HfIKDaVFSYW/XdlTkcjz
b0OYCQrk8zR4AHy+iaoUGZA4rjY083/3fqs6KVrtXtqM67S19zBqYSqk1/WjC+h6
OnqddsTvHvINVtKM508Nepwjw5flucE//Hj7dphl1TNP+q2M+fSpCT4vyiqkr3k0
zeTGpX43S2TV+0dE8V3EwSXGI4QufuMU0FdlDa3bJF1oUebR2+ BVjMwDtYOShdet
SLM4AxWt8lvkUP0f0eRp0swd8cExsNSJuZGTNWcPmxDhbKQVQu cBBNd35zggZFQr
gV4Y3BR3+Im3JJghZHMU
=86zI
-----END PGP SIGNATURE-----

c0nsaw
07-Dec-2012, 22:26
I wasted an hour this morning looking into this and so now I'm back for
more information. ha, dont waste your time, was hoping for a quick fix :)


How do you access this in an automated fashion (I assume it's automated,
anyway... it's a VM after all, and presumably the first boot)? Im sorry, could you be clearer, Im not sure what part you are referring to :)


Any reason you want to do this from a shell and not without any kind of
login at all... for example using a one-time init script? SUSE Studio
does this kind of thing (which you can use for free to build your VM for
use wherever) but you can do it on your own by dropping your script in
something like /etc/init.d/boot.d/S99boot.firsttime so that it's
executed automatically without needing your login at all, and without
modifying SUSE to be less-secure like other distros, and stuff. Have
the last line in that script clean itself up (`rm
/etc/init.d/boot.d/S99boot.firsttime`).I dont want to get into too much detail, lets just say I work for a company, the largest manufacturer of cpu's in the world, all our Lab OS distros are pre configured by IT Global specifically for lab environment, and we deliver them via PXE boot to the vm, so a custom build, with SUSE studio isnt an option, I need to boot the single user shell on first instance of the newly created vm, which runs the post config but also on first boot allows the customer to set their own hostname, vm will then reboot into normal run level 3

thanks for your time