Hello,
The system multi user boot sequence involves the /etc/inittab file.
The single user boot will logon root on /dev/console and start the
shell "sh" which executes the /.profile.
Write a "chkpass.c" program to validate the password.
Modify the /.profile to:
1. "trap" all the interrupts; this IS VERY IMPORTANT
2. run the chkpas command
3. if password OK for root, then just "exit" to leave root on console
4. if password wrong, then "init 3" will enter the multi user mode
What you MUST do next is to protect against "multi user boot
failures" problems which bring you back in single user mode. You will
have to find and modify ALL the commands referend to in /etc/inittab
that do "kill -TERM 1" by running the "chkpass" to protect the
console mode. In case of wrong password, the best thing there is to
"reboot. One of those commands that need to be modified is "bcheckrc"
but there may be more (e.g. if you run "lsm"). Also, remember to use
the shell "trap" in those procedures as well.
You shall also consider defining a password for the "hardware console
mode" to prevent anybody from typing a boot command for another drive
(e.g. the CDROM) and thus go around your protection.
Good luck
Lucien Hercaud
----------------------chkpass.c----------------------
#include <pwd.h>
#include <strings.h>
#include <stdio.h>
main(argc,argv)
int argc;
char *argv[];
{
static char prompt[80];
static char pwkey[3];
static char *user = "root";
char *pp, *getpass(), *crypt();
struct passwd *getpwnam(), *pw;
if (argc>1) user = argv[1];
sprintf(prompt,"Enter %s password to continue : ",user);
if ((pp=getpass(prompt)) == NULL) exit(1);
if ((pw=getpwnam(user)) == NULL) exit(1);
strncpy(pwkey,pw->pw_passwd,2);
pwkey[2]=0;
if (!strcmp(crypt(pp,pwkey),pw->pw_passwd)) exit(0);
exit(1);
}
----------------------END----------------------------------
---------------------/.profile-----------------------------
#
RunLevel()
{
set `/sbin/who -r`
echo "$3"
}
#
# Main
#
trap "/sbin/kill -9 $$" 1 2 3 15
if test "`RunLevel`" = "S"
then
trap "
echo 'Interrupted; Entering Multi User Mode'
/sbin/init 3
/sbin/kill -9 $$ # NOT REACHED
" 1 2 3 15
/chkpass || {
/chkpass operator || {
echo 'No way hacker!; Entering Multi User Mode'
/sbin/init 3
/sbin/kill -9 $$ # NOT REACHED
}
echo 'No way hacker!; Entering Multi User Mode'
/sbin/init 3
/sbin/kill -9 $$ # NOT REACHED
}
fi
# fall thru code
# whatever originally was in your .profile goes here
stty dec crt new
PATH=/sbin:/usr/sbin:/usr/bin:/usr/ccs/bin:/usr/bin/X11:/usr/local
export PATH
exit 0
-------------------END--------------------------------
Received on Tue Nov 14 1995 - 13:47:11 NZDT