ENHACING SINGLE USER MODE SECURITY

The ability to boot a UNIX system in single-user mode is a security concern, since single-user mode provides a root shell without requiring a password.  A solution is to force the user to supply a password before /bin/sh starts in single user mode.  You can accomplish this by running a password checking program in the shell's startup file for root, /.profile.  

----------
Disclaimer
----------
This system has been tested for security holes, and appears to resist concerted efforts to defeat it.  However, NeXT Computer Inc. disclaims any warranty of any kind, expressed or implied, as to its fitness for any particular use.

------------------
Directory Contents
------------------
This directory contains a sample password checking program called pw_check, and a sample /.profile that runs the pw_check program, to ask for a root password. The program allows three attempts, then halts the processor if the correct password isn't entered.

NOTE: NetInfo does not run in UNIX single user mode, so you must set the password in /etc/passwd.

This directory also contains a Makefile for the "make" utility, which will automatically install the pw_check program and /.profile, and will protect your /etc/rc.boot file so that the startup sequence cannot be interrupted from the keyboard.

----------------------
How to Use These Files
----------------------
To install the pw_check program and the /.profile file, update your rc.boot file, and place your local NetInfo domain's root password in the /etc/password file automatically, start a root UNIX shell, change to this directory, and type "make".  For example:

	cd <<this directory>>
	make

A backup copy of /etc/passwd is placed in /etc/passwd.orig, a backup copy of /etc/rc.boot is placed in /etc/rc.boot.orig, and a backup copy of /.profile is placed in /.profile.orig.

To install these changes manually instead, follow these steps:

1.  Compile the pw_check program with the command:

	cc -o pw_check pw_check.c

2.  Edit /.profile, and insert the following line as close as possible to the 
    beginning of the file:

	<<name of directory>>/pw_check root

    If you want correct tty setup, place this line just after 
    "stty erase "^?" intr "^C" kill "^U" -decctlq".
    
    You can use another user account instead of root.  root is assumed if no 
    user name is given on the command-line.

3.  Edit your /etc/rc.boot file, and add the following as the second line:

	trap "" 2 3

    This prevents the rc.boot file from being interrupted during startup, 
    which would circumvent the shell that runs /.profile.

4.  Finally, set the password for the user root (or whichever user account you 
    gave as an option to pw_check).  You can use nidump to generate a 
    /etc/password format file from NetInfo and replace the appropriate line in 
    your /etc/passwd file.

----------------------
Comments and Questions
----------------------
Send comments, questions, and problem reports to the author:
Marc Majka <Marc_Majka@next.com>
NeXT Computer Inc.
900 Chesapeake Drive
Redwood City, CA 94063