I've just had to write instructions to someone to reset root's password
by adding "init=/bin/sh/" to the boot line. Everything worked OK, but
how to resume/reboot, since "shutdown" isn't available? I just switched
off; is there a more elegant exit? ("exit" itself doesn't work either)
--
Grimble
Machine 'Haydn' running Plasma 5.20.4 on 5.15.50-desktop-1.mga8 kernel.
Mageia release 8 (Official) for x86_64


--- MBSE BBS v1.0.8 (Linux-x86_64)
* Origin: A noiseless patient Spider (2:250/1@fidonet)

On Wed, 20 Jul 2022 15:50:10 +0100, Grimble wrote:

I've just had to write instructions to someone to reset root's password
by adding "init=/bin/sh/" to the boot line.

I thought just adding a space 1 to end of kernel line would boot system to run level 1

Everything worked OK, but
how to resume/reboot, since "shutdown" isn't available?

Probably would be available if you were to do a
export PATH=$PATH:/usr/sbin/

or did a /usr/sbin/shutdown

I just switched
off; is there a more elegant exit? ("exit" itself doesn't work either)

Use run level 1 next time with shutdown or poweroff.

--- MBSE BBS v1.0.8 (Linux-x86_64)
* Origin: A noiseless patient Spider (2:250/1@fidonet)

Doesn't runlevel 1 also ask for a root password when it comes up?

Otherwise any machine on its own would be completely open to someone
hacking in as root.


On 2022-07-20, Bit Twister <BitTwister@mouse-potato.com> wrote:

On Wed, 20 Jul 2022 15:50:10 +0100, Grimble wrote:

I've just had to write instructions to someone to reset root's password
by adding "init=/bin/sh/" to the boot line.

I thought just adding a space 1 to end of kernel line would boot system to run level 1

Everything worked OK, but
how to resume/reboot, since "shutdown" isn't available?

Probably would be available if you were to do a
export PATH=$PATH:/usr/sbin/

or did a /usr/sbin/shutdown

I just switched
off; is there a more elegant exit? ("exit" itself doesn't work either)

Use run level 1 next time with shutdown or poweroff.

--- MBSE BBS v1.0.8 (Linux-x86_64)
* Origin: A noiseless patient Spider (2:250/1@fidonet)

On Wed, 20 Jul 2022 13:55:29 -0400, William Unruh <unruh@invalid.ca> wrote:

Doesn't runlevel 1 also ask for a root password when it comes up?

Only if you've configured it to ask. The default standard security in msec doesn't
do that. At the secure level or by overriding the ENABLE_SULOGIN setting it does.

Regards, Dave Hodgins

--- MBSE BBS v1.0.8 (Linux-x86_64)
* Origin: A noiseless patient Spider (2:250/1@fidonet)

On Wed, 20 Jul 2022 13:26:40 -0400, Bit Twister <BitTwister@mouse-potato.com> wrote:

On Wed, 20 Jul 2022 15:50:10 +0100, Grimble wrote:

I've just had to write instructions to someone to reset root's password
by adding "init=/bin/sh/" to the boot line.

I thought just adding a space 1 to end of kernel line would boot system to run level 1

Run level 1 on my systems requires the root password.

mcc/Security settings/System security - Enable sulogin. It adds a line to /etc/inittab with "~~:S:wait:/sbin/sulogin" (Without the quotes). Note those are two tildes at the start, not hyphens.

The only ways on my system is using a live iso or removing the drive and connecting
it to another system to edit the /etc/shadow file.

Regards, Dave Hodgins

--- MBSE BBS v1.0.8 (Linux-x86_64)
* Origin: A noiseless patient Spider (2:250/1@fidonet)

On 2022-07-20, David W. Hodgins <dwhodgins@nomail.afraid.org> wrote:

On Wed, 20 Jul 2022 13:55:29 -0400, William Unruh <unruh@invalid.ca> wrote:

Doesn't runlevel 1 also ask for a root password when it comes up?

Only if you've configured it to ask. The default standard security in msec doesn't
do that. At the secure level or by overriding the ENABLE_SULOGIN setting it does.

Which means anyone who happens across the machine can change the root
password (including say the border officials who want to see what is on
your machine), and thus see, or change anything on the machine.

Regards, Dave Hodgins

--- MBSE BBS v1.0.8 (Linux-x86_64)
* Origin: A noiseless patient Spider (2:250/1@fidonet)

On Wed, 20 Jul 2022 19:22:26 -0400, William Unruh <unruh@invalid.ca> wrote:

On 2022-07-20, David W. Hodgins <dwhodgins@nomail.afraid.org> wrote:

On Wed, 20 Jul 2022 13:55:29 -0400, William Unruh <unruh@invalid.ca> wrote: >>> Doesn't runlevel 1 also ask for a root password when it comes up?

Only if you've configured it to ask. The default standard security in msec doesn't
do that. At the secure level or by overriding the ENABLE_SULOGIN setting it does.

Which means anyone who happens across the machine can change the root password (including say the border officials who want to see what is on
your machine), and thus see, or change anything on the machine.

Correct. Anyone with physical control over the hard drive has access unless it's encrypted. Requiring the root password for single user mode just slows down
the people who don't know how to get around that. It doesn't stop access or changing the password.

If you're going to be crossing borders, expect to be required to provide access,
including providing decryption pass phrase, and passwords to your social media accounts.

Even encryption doesn't help with when a rubber hose is involved. :-)

Regards, Dave Hodgins

--- MBSE BBS v1.0.8 (Linux-x86_64)
* Origin: A noiseless patient Spider (2:250/1@fidonet)

On 20/07/2022 15:50, Grimble wrote:

I've just had to write instructions to someone to reset root's password
by adding "init=/bin/sh/" to the boot line. Everything worked OK, but
how to resume/reboot, since "shutdown" isn't available? I just switched
off; is there a more elegant exit? ("exit" itself doesn't work either)

Well, that seems to have surprised a few people.
Thanks,
G
--
Grimble
Machine 'Haydn' running Plasma 5.20.4 on 5.15.50-desktop-1.mga8 kernel.
Mageia release 8 (Official) for x86_64



--- MBSE BBS v1.0.8 (Linux-x86_64)
* Origin: A noiseless patient Spider (2:250/1@fidonet)

On 2022-07-20, David W. Hodgins <dwhodgins@nomail.afraid.org> wrote:

On Wed, 20 Jul 2022 19:22:26 -0400, William Unruh <unruh@invalid.ca> wrote:

On 2022-07-20, David W. Hodgins <dwhodgins@nomail.afraid.org> wrote:

On Wed, 20 Jul 2022 13:55:29 -0400, William Unruh <unruh@invalid.ca> wrote: >>>> Doesn't runlevel 1 also ask for a root password when it comes up?

Only if you've configured it to ask. The default standard security in msec doesn't
do that. At the secure level or by overriding the ENABLE_SULOGIN setting it does.

Which means anyone who happens across the machine can change the root
password (including say the border officials who want to see what is on
your machine), and thus see, or change anything on the machine.

Correct. Anyone with physical control over the hard drive has access unless it's encrypted. Requiring the root password for single user mode just slows down
the people who don't know how to get around that. It doesn't stop access or changing the password.

Slowing down may be worthwhile.

If you're going to be crossing borders, expect to be required to provide access,
including providing decryption pass phrase, and passwords to your social media
accounts.

Even encryption doesn't help with when a rubber hose is involved. :-)

Regards, Dave Hodgins

--- MBSE BBS v1.0.8 (Linux-x86_64)
* Origin: A noiseless patient Spider (2:250/1@fidonet)

On Thu, 21 Jul 2022 15:52:52 -0400, William Unruh <unruh@invalid.ca> wrote:

On 2022-07-20, David W. Hodgins <dwhodgins@nomail.afraid.org> wrote:

Correct. Anyone with physical control over the hard drive has access unless >> it's encrypted. Requiring the root password for single user mode just slows down
the people who don't know how to get around that. It doesn't stop access or >> changing the password.

Slowing down may be worthwhile.

If untrusted users have physical access, either use "secure" for the base security
level in mcc, or use the ENABLE_SULOGIN option.

Encryption, at least for any sensitive data, should be used too.

Regards, Dave Hodgins

--- MBSE BBS v1.0.8 (Linux-x86_64)
* Origin: A noiseless patient Spider (2:250/1@fidonet)