HPE Community
Operating System - HP-UX
1753519 Members
5221 Online
108795 Solutions
New Discussion юеВ

hpux -is

 
SOLVED
Go to solution
john guardian
Super Advisor

тАО04-19-2011 07:53 AM

тАО04-19-2011 07:53 AM

hpux -is

Using the command from the subject line will boot into single user mode.

A question that mgmt wants answered is whether or not the boot request to single user requires a pwd? I've never seen one nor have I bothered to look into configuring one.

Anyone?

Thx.
0 Kudos
Reply
16 REPLIES 16
Mel Burslan
Honored Contributor

тАО04-19-2011 08:10 AM

тАО04-19-2011 08:10 AM

Solution

Re: hpux -is

At the hpux OS installation time, you will be asked if you want this *feature*. I STRONGLY suggest you NOT TO DO THIS. If you require a root password at the single user login and you forgot the root password. The only way back into the machine is to re-install the OS.

My word of caution to you and your management.
________________________________
UNIX because I majored in cryptology...
Reply
Michael Steele_2
Honored Contributor

тАО04-19-2011 08:30 AM

тАО04-19-2011 08:30 AM

Re: hpux -is

I agree 100% with the above comment.

DO NOT LET MGMT START SETTING ADMINISTRATION STANDARDS LIKE SETTING PASSWORDS TO BOOT INTO SINGLE USER MODE!!!!

This is becoming very common as more and more traditional duties of the UNIX admin are being replace by point and click (* shoot *) software and and non UNIX admins who think it might be great to do what you just suggested but have no idea of the consequences.
Support Fatherhood - Stop Family Law
Reply
Pete Randall
Outstanding Contributor

тАО04-19-2011 08:34 AM

тАО04-19-2011 08:34 AM

Re: hpux -is

This is one of those questions that require great communications skills to answer. You have to explain that no, there is no password required but that is a feature, then go on to explain how you've limited console access through physical security, etc., etc.

In other words, you've got to sell management on the necessity of keeping it just this way.


Pete

Pete
Reply
Pete Randall
Outstanding Contributor

тАО04-19-2011 08:35 AM

тАО04-19-2011 08:35 AM

Re: hpux -is

Oh . . . . .

and you can't use the word "stupid" in the same sentence as "management".


Pete

Pete
Reply
Michael Steele_2
Honored Contributor

тАО04-19-2011 08:41 AM

тАО04-19-2011 08:41 AM

Re: hpux -is

LOL
Support Fatherhood - Stop Family Law
Reply
Mel Burslan
Honored Contributor

тАО04-19-2011 08:48 AM

тАО04-19-2011 08:48 AM

Re: hpux -is

>> and you can't use the word "stupid" in the same sentence as "management".

If you are tired of your job and you have a wish to commit career suicide, you can use them in the same sentence. Unless you are few days from retirement, I'd strongly suggest you line up another job before doing this though :)

Joking to the side, you need to have a iron-clad physical security to your data center and very well documented and controlled remote console access method (if you have one, and mind you, you should have one).
________________________________
UNIX because I majored in cryptology...
Reply
Bill Hassell
Honored Contributor

тАО04-19-2011 12:46 PM

тАО04-19-2011 12:46 PM

Re: hpux -is

This is an example of trying to 'protect' a system from one specific problem but not addressing the real issue. The real issue is gaining access to the system console. If management wants security for the systems, then 100% of all devices with a console port must have these ports isolated from all routed networks. One way is to disconnect all the console LAN cables (firewalls, routers, SAN switches, computers, UPS's, etc) and buy a roll-around table with a real terminal, cables and adapters. Of course, physical access to the data center is must also be restricted.

A better solution is to create a high security diagnostic network with no routers. Connectivity to this network is then limited
to an operations center with appropriate access controls, or for remote data centers, a high security box that can bridge over to the diag network.


Bill Hassell, sysadmin
Reply
Steven Schweda
Honored Contributor

тАО04-19-2011 01:09 PM

тАО04-19-2011 01:09 PM

Re: hpux -is

> [...] The only way back into the machine is
> to re-install the OS.

Really? There's no way to boot from, say, an
OS installation disc and make the repair?

Hasn't Solaris been requiring a password to
boot into single-user mode since SunOS 5.0?
(I seem to recall being amazed at the change
back when 4.1.4 was still the norm.)

I do it so seldom that I've forgotten most of
what I ever knew about it, but I seem to
recall being annoyed, but not seriously
inconvenienced, by having to supply a "root"
password always.

> [...] and you forgot the root password. [...]

3M sells an inexpensive and readily available
solution to this problem.

http://www.post-it.com

I don't think that they make a product
specifically designed for application to the
bottom of a console keyboard, but I believe
that several existing variations can be used
this way. (Most file cabinets also offer
many obscure internal surfaces which can be
employed to evade unwise management
decisions.) In some cases, explaining the
likely results of a particular policy
decision can stimulate reconsideration of
that decision. When that fails, other (more
creative) schemes are usually available.
Reply
Duncan Edmonstone
HPE Pro

тАО04-19-2011 10:48 PM

тАО04-19-2011 10:48 PM

Re: hpux -is

>> The only way back into the machine is to re-install the OS.

hmmm it's a long time since I had to do this, but I'm pretty sure in this situation in the past I've been able to boot off a DVD or Ignite server then mount up the root partition and remove/replace root's password hash in /etc/passwd or /etc/shadow ??

HTH

Duncan

I am an HPE Employee
Accept or Kudo
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.