DaemonForums  

Go Back   DaemonForums > NetBSD > NetBSD Security

NetBSD Security Securing NetBSD.

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 20th December 2017
nedry nedry is offline
Port Guard
 
Join Date: Nov 2017
Posts: 10
Default /etc/ttys problem

hi if i change:

console "/usr/libexec/getty Pc" vt100 on secure

to:

console "/usr/libexec/getty Pc" vt100 on insecure

to add root password in single user mode i get an error message:

init: _getttyent: /etc/ttys, 8: unknown option 'insecure'

and cant login on the console as root, if i dont add this then selecting single user mode on boot just gets you in to root without a password. not a good idea on a computer you want to secure.
Reply With Quote
  #2   (View Single Post)  
Old 20th December 2017
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 6,385
Default

It looks to me like you need to remove the secure option, there is no "insecure" nor is there an "unsecure" negative option in the ttys(5) man page for NetBSD.
Reply With Quote
  #3   (View Single Post)  
Old 21st December 2017
nedry nedry is offline
Port Guard
 
Join Date: Nov 2017
Posts: 10
Default

great will check that out, thanks
Reply With Quote
  #4   (View Single Post)  
Old 22nd December 2017
nedry nedry is offline
Port Guard
 
Join Date: Nov 2017
Posts: 10
Default

ok that presents me with a passwd when single user is chosen, however it now locks me out of having root signin on the console, a bit of a problem, i need a passwd for single user mode and access to login as root on the console.
Reply With Quote
  #5   (View Single Post)  
Old 22nd December 2017
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 6,385
Default

You cannot log into an insecure tty(4) as root.

This shouldn't matter, as the best practice on the BSDs is to sign-in as a normal user and use su(), sudo(), or doas() whenever superuser authority is needed.

If you need root access directly from an insecure console, then single-user will get you there.

The NetBSD ttys(5) man page says:
Code:
secure   If on is specified, allows users with a uid of 0 (e.g. "root")
         to login on this line.
OpenBSD's man page has a little more descriptive text, circa 2008, which your experience indicates is applicable to NetBSD:
Code:
secure   If on is also specified, allows users with a UID of 0 to log in
         on this line.  If set for the console entry, then init(8) will
         start a single-user shell without asking for the superuser
         password.

Last edited by jggimi; 22nd December 2017 at 06:53 PM. Reason: Clarity
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
turning on more ttys .. daemonfowl OpenBSD General 4 11th May 2012 02:49 PM
Apply TTYS changes with out reboot jjjustjjjay OpenBSD General 1 6th May 2010 09:24 PM
Boot problem. Geometry problem? gulanito FreeBSD Installation and Upgrading 0 3rd July 2009 03:03 AM


All times are GMT. The time now is 10:35 PM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2018, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick