Author Topic: Define: 'single user mode', and why it may be a security risk, please. (Read 181 times)

Tony · « **on:** February 22, 2013, 06:37:45 AM »

I've read of people complaining that Single User Mode may leave them in a vulnerable position using Linux.

I have searched the Forum for info, but I just keep coming up with that statement, not an explanation. Maybe I'm not selecting the correct terms in my search ? I could Google 'Single user mode', and actually will now I think of it, but would be interested to hear what people here have to say, as this is my base.

Anyway, after about six years using PCLinuxOS, three as single boot Linux, I've felt a change of feeling from ,"Linux is absolutely safe online", to more recently, "The dangers of running in single User mode should be explained".

I understand to not login as root.
I am the user of my Computer, and I have one profile, therefore I suspect I'm using "Single User Mode ?"

Replies most welcome, thankyou.

agmg · « **Reply #1 on:** February 22, 2013, 06:47:59 AM »

I think that when going in "single user mode" you force the computer to boot to only one, superuser account.
It can be used to fix certain problems, for example, resetting your root password.
Members with more knowledge on this can explain it better than me...

You have a root account and a user account on your operating system.
It's a "multiuser" operating system.

Just17 · « **Reply #2 on:** February 22, 2013, 06:55:49 AM »

This might help

https://en.wikipedia.org/wiki/Single_user_mode

kjpetrie · « **Reply #3 on:** February 22, 2013, 12:32:09 PM »

Whatever OS you use, anyone with physical access to the machine with enough time to get to grips with it can gain whatever access they want. Single user mode is only available to someone who can boot the machine and access it directly. It is basically a recovery console. It boots you into a single limited shell with passwordless root authority. It is very awkward to use, but it does enable you to do some basic configuration, including changing passwords, in order to be able to boot into something more useful. The alternative would be to boot from a livecd or re-install the OS.

The only computer that lacked this vulnerability would be one which did not allow you in without validation and could not be reinstalled. That would be fine until something went wrong and it refused to accept your log-in. Then you'd have an inaccessible brick. Even password files can sometimes get corrupted.

Most of us consider single user access an acceptable compromise for getting in if we have become locked out without exposing our machines to outside intrusion.

It's considered good practice to change your password periodically. Suppose you choose something you know you'll remember and the next day... you can't remember what reasoning made you so sure and everything you try is wrong. It's happened to most of us at some time, so you need an emergency way in. That's what single-user mode provides.

To see it in action, add a 1 to the end of the grub boot line (not in menu.lst or you could find it hard to recover if you don't know how to use vi) or open a terminal and type "telinit 1". When finished exploring it type "reboot" to return to normal use.

Tony · « **Reply #4 on:** February 23, 2013, 12:14:03 PM »

Thanks for your feedback replies.

When 'lost password' was mentioned I remembered that I'd had to ask for help to get the root password of a machine I'd lent out which I didn't write down the password, probably as I was in a hurry. Looking through my notes I just found the incident written in a .odt document; "Lost root password"., which involved a bit of fuss and bother for you all.

Quote

[root@localhost mnt]# mount /dev/sda1 /mnt/system
[root@localhost mnt]# chroot /mnt/system
[root@localhost /]# passwd
Changing password for user root.
New password:
BAD PASSWORD: it is WAY too short
BAD PASSWORD: is too simple
Retype new password:
Sorry, passwords do not match.
New password:
BAD PASSWORD: it does not contain enough DIFFERENT characters
Retype new password:
passwd: all authentication tokens updated successfully.
[root@localhost /]#
Going now to it to see...

Thanks.
http://www.pclinuxos.com/forum/index.php/topic,109908.msg938597.html#msg938597
( Was a bit epic rereading that thread, oops.

)

Quote from: Just17 on February 22, 2013, 06:55:49 AM

This might help

https://en.wikipedia.org/wiki/Single_user_mode

Will check that thanks Just17.
Plus thanks for replies and advice agmg, and kjpetrie.

I can discern, Single User Mode is not the procedure I go through logging in to my normal User Account. That was the thing that was worrying me.

I'm making a Document and filing that advice kjpetrie, sounds a bit scary, but too interesting not to give it a go.

Thankyou all.

PCLinuxOS-Forums

News:

Author Topic: Define: 'single user mode', and why it may be a security risk, please. (Read 181 times)

Tony

Define: 'single user mode', and why it may be a security risk, please.

agmg

Re: Define: 'single user mode', and why it may be a security risk, please.

Just17

Re: Define: 'single user mode', and why it may be a security risk, please.

kjpetrie

Re: Define: 'single user mode', and why it may be a security risk, please.

Tony

Re: Define: 'single user mode', and why it may be a security risk, please.