Fedora 14 - Passwordabfrage in Runlevel S

G

Gast123

Liebe Community,

ich habe gerade mir Erschrecken festgestellt, dass (mein) Fedora 14 standardmäßig kein Passwort im Runlevel S abfragt.
Wenn man mein Notebook mit
Code: 
init S
startet ist mannach dem Boot automatisch als root angemeldet.

Wie kann ich das also einstellen, dass wie z.B. bei openSUSE ein Passwort abgefragt wird?

Danke

Schard
 
Runlevel S ist dich RL 1?

Würde grub ein Password verpassen - dann musst du zerst das eingeben bevor du die bootoptionen anpassen kannst.
 
Hallo,

ja Runlevel S und 1 sind bei Fedora, wie bei den meisten Linux distris üblich, identisch.
Ein Bootloader Passwort lößt aber nicht mein Problem.
Ich verstehe nicht, wie ein Distributor das System so konfigurieren kann, dass man in einem bestimmten Runlevel (S) automatisch als Root angemeldet wird. Das entbehrt jeder Sicherheitspolitik.
Also, es würde mich freuen, wenn jemand eine Idee hätte, wie man auch im Runlevel 1 bei Fedora eine obligatorische Passwortabfrage hinbekommt - so wie bei openSuSE z.B.

Danke euch!
Schard
 
Was steht denn in /etc/inittab bzgl. Runlevel S? Wird dort ein bestimmtes Programm gestartet ausser z.B.
Code: 
 1:2345:respawn:/sbin/getty 38400 tty1

Ein Rechner ist uebrigens erst dann sicher, wenn man den Zugang zur Hardware verhindert, von daher ist es nicht so ein enormes Risiko, bei 'init S' gleich eingeloggt zu werden. Den gleichen Zugriff haettest Du ja auch mit einer Knoppix-CD o.ae.
 
Hallo Rikola,

du hast prinzipiell recht.
Aber man kann es einem Störer auch zu einfach machen.
Also meine /etc/inittab sieht so aus (Fedora-Standard):
Code: 
# inittab is only used by upstart for the default runlevel.
#
# ADDING OTHER CONFIGURATION HERE WILL HAVE NO EFFECT ON YOUR SYSTEM.
#
# System initialization is started by /etc/init/rcS.conf
#
# Individual runlevels are started by /etc/init/rc.conf
#
# Ctrl-Alt-Delete is handled by /etc/init/control-alt-delete.conf
#
# Terminal gettys are handled by /etc/init/tty.conf and /etc/init/serial.conf,
# with configuration in /etc/sysconfig/init.
#
# For information on how to write upstart event handlers, or how
# upstart works, see init(5), init(8), and initctl(8).
#
# Default runlevel. The runlevels used are:
#   0 - halt (Do NOT set initdefault to this)
#   1 - Single user mode
#   2 - Multiuser, without NFS (The same as 3, if you do not have networking)
#   3 - Full multiuser mode
#   4 - unused
#   5 - X11
#   6 - reboot (Do NOT set initdefault to this)
# 
id:5:initdefault:
Ich habe des Weiteren schon dies hier versucht. Hatte aber keine Auswirkung.
Dieses /sbin/sulogin aus diesem Forum ist hingegen aber genau das, was ich von openSuSE kenne und gerne hätte.

LG

Edit:

Ein Standardbenutzer sollte an einer Workstation arbeiten können ohne durch eine Sicherheitslücke root werden zu können.
Dabei spielt die Situation der Hardware außerdem erst ein Mal keine Rolle.
 
Sicher, dass das die gesamte inittab ist??? Steht ja mal nix drin. Wenn ja, musst Du Dir wohl /etc/init/rc.conf
# Individual runlevels are started by /etc/init/rc.conf
Zum Vergrößern anklicken....
anschauen. Aber meinem Verstaendnis von init nach scheint fedora schon ziemlich damit und dem kernel rumgepfriemelt haben, damit diese inittab ueberhaupt etwas bewirkt...
 
Hi,

also da gibts bei mir noch die /etc/rc.d/rc:
Code: 
#! /bin/bash
#
# rc            This file is responsible for starting/stopping
#               services when the runlevel changes.
#
# Original Author:       
#               Miquel van Smoorenburg, <miquels@drinkel.nl.mugnet.org>
#

set -m

# check a file to be a correct runlevel script
check_runlevel ()
{
	# Check if the file exists at all.
	[ -x "$1" ] || return 1
	is_ignored_file "$1" && return 1
	return 0
}

# Now find out what the current and what the previous runlevel are.
argv1="$1"
set $(/sbin/runlevel)
runlevel=$2
previous=$1
export runlevel previous

. /etc/init.d/functions

export CONSOLETYPE
do_confirm="no"
if [ -f /var/run/confirm ]; then
	do_confirm="yes"
fi
UPSTART=
[ -x /sbin/initctl ] && UPSTART=yes
# See if we want to be in user confirmation mode
if [ "$previous" = "N" ]; then
	if [ "$do_confirm" = "yes" ]; then
		echo $"Entering interactive startup"
	else
		echo $"Entering non-interactive startup"
	fi
fi

# Get first argument. Set new runlevel to this argument.
[ -n "$argv1" ] && runlevel="$argv1"

# Is there an rc directory for this new runlevel?
[ -d /etc/rc$runlevel.d ] || exit 0

# Set language, vc settings once to avoid doing it for every init script
# through functions
if [ -z "${NOLOCALE:-}" ] && [ -f /etc/sysconfig/i18n ] ; then
  . /etc/profile.d/lang.sh 2>/dev/null
  export LANGSH_SOURCED=1
fi

# First, run the KILL scripts.
for i in /etc/rc$runlevel.d/K* ; do

	# Check if the subsystem is already up.
	subsys=${i#/etc/rc$runlevel.d/K??}
	[ -f /var/lock/subsys/$subsys ] || [ -f /var/lock/subsys/$subsys.init ] || continue
	check_runlevel "$i" || continue

	# Bring the subsystem down.
	[ -n "$UPSTART" ] && initctl emit --quiet stopping JOB=$subsys
	$i stop
	[ -n "$UPSTART" ] && initctl emit --quiet stopped JOB=$subsys
done

# Now run the START scripts.
for i in /etc/rc$runlevel.d/S* ; do

	# Check if the subsystem is already up.
	subsys=${i#/etc/rc$runlevel.d/S??}
	[ -f /var/lock/subsys/$subsys ] && continue
	[ -f /var/lock/subsys/$subsys.init ] && continue
	check_runlevel "$i" || continue
		    
	# If we're in confirmation mode, get user confirmation
	if [ "$do_confirm" = "yes" ]; then
		confirm $subsys
		rc=$?
		if [ "$rc" = "1" ]; then
			continue
		elif [ "$rc" = "2" ]; then
			do_confirm="no"
		fi
	fi

	update_boot_stage "$subsys"
	# Bring the subsystem up.
	[ -n "$UPSTART" ] && initctl emit --quiet starting JOB=$subsys
	if [ "$subsys" = "halt" -o "$subsys" = "reboot" ]; then
		export LC_ALL=C
		exec $i start
	fi
	$i start
	[ -n "$UPSTART" ] && initctl emit --quiet started JOB=$subsys
done
[ "$do_confirm" = "yes" ] && rm -f /var/run/confirm
exit 0
Sowie die /etc/rc.d/rc.local:
Code: 
#!/bin/sh
#
# This script will be executed *after* all the other init scripts.
# You can put your own initialization stuff in here if you don't
# want to do the full Sys V style init stuff.

touch /var/lock/subsys/local
... die /etc/rc.d/rc.sysinit:
Code: 
#!/bin/bash
#
# /etc/rc.d/rc.sysinit - run once at boot time
#
# Taken in part from Miquel van Smoorenburg's bcheckrc.
#

HOSTNAME=$(/bin/hostname)

set -m

if [ -f /etc/sysconfig/network ]; then
    . /etc/sysconfig/network
fi
if [ -z "$HOSTNAME" -o "$HOSTNAME" = "(none)" ]; then
    HOSTNAME=localhost
fi

if [ ! -e /proc/mounts ]; then
	mount -n -t proc /proc /proc
	mount -n -t sysfs /sys /sys >/dev/null 2>&1
fi
if [ ! -d /proc/bus/usb ]; then
	modprobe usbcore >/dev/null 2>&1 && mount -n -t usbfs /proc/bus/usb /proc/bus/usb
else
	mount -n -t usbfs /proc/bus/usb /proc/bus/usb
fi

. /etc/init.d/functions

PLYMOUTH=
[ -x /usr/bin/plymouth ] && PLYMOUTH=yes

# Check SELinux status
SELINUX_STATE=
if [ -e "/selinux/enforce" ] && [ "$(cat /proc/self/attr/current)" != "kernel" ]; then
	if [ -r "/selinux/enforce" ] ; then
		SELINUX_STATE=$(cat "/selinux/enforce")
	else
		# assume enforcing if you can't read it
		SELINUX_STATE=1
	fi
fi

if [ -n "$SELINUX_STATE" ] && [ -x /sbin/restorecon ] && __fgrep " /dev " /proc/mounts >/dev/null 2>&1 ; then
	/sbin/restorecon  -R /dev 2>/dev/null
fi

disable_selinux() {
	echo $"*** Warning -- SELinux is active"
	echo $"*** Disabling security enforcement for system recovery."
	echo $"*** Run 'setenforce 1' to reenable."
	echo "0" > "/selinux/enforce"
}

relabel_selinux() {
    # if /sbin/init is not labeled correctly this process is running in the
    # wrong context, so a reboot will be required after relabel
    AUTORELABEL=
    . /etc/selinux/config
    echo "0" > /selinux/enforce
    [ -n "$PLYMOUTH" ] && plymouth --hide-splash

    if [ "$AUTORELABEL" = "0" ]; then
	echo
	echo $"*** Warning -- SELinux ${SELINUXTYPE} policy relabel is required. "
	echo $"*** /etc/selinux/config indicates you want to manually fix labeling"
	echo $"*** problems. Dropping you to a shell; the system will reboot"
	echo $"*** when you leave the shell."
	sulogin

    else
	echo
	echo $"*** Warning -- SELinux ${SELINUXTYPE} policy relabel is required."
	echo $"*** Relabeling could take a very long time, depending on file"
	echo $"*** system size and speed of hard drives."

	/sbin/fixfiles -F restore > /dev/null 2>&1
    fi
    rm -f  /.autorelabel
    echo $"Unmounting file systems"
    umount -a
    mount -n -o remount,ro /
    echo $"Automatic reboot in progress."
    reboot -f
}

# Print a text banner.
echo -en $"\t\tWelcome to "
read -r system_release < /etc/system-release
if [[ "$system_release" == *"Red Hat"* ]]; then
 [ "$BOOTUP" = "color" ] && echo -en "\\033[0;31m"
 echo -en "Red Hat"
 [ "$BOOTUP" = "color" ] && echo -en "\\033[0;39m"
 PRODUCT=$(sed "s/Red Hat \(.*\) release.*/\1/" /etc/system-release)
 echo " $PRODUCT"
elif [[ "$system_release" == *Fedora* ]]; then
 [ "$BOOTUP" = "color" ] && echo -en "\\033[0;34m"
 echo -en "Fedora"
 [ "$BOOTUP" = "color" ] && echo -en "\\033[0;39m"
 PRODUCT=$(sed "s/Fedora \(.*\) \?release.*/\1/" /etc/system-release)
 echo " $PRODUCT"
else
 PRODUCT=$(sed "s/ release.*//g" /etc/system-release)
 echo "$PRODUCT"
fi

# Only read this once.
cmdline=$(cat /proc/cmdline)

# Initialize hardware
if [ -f /proc/sys/kernel/modprobe ]; then
   if ! strstr "$cmdline" nomodules && [ -f /proc/modules ] ; then
       sysctl -w kernel.modprobe="/sbin/modprobe" >/dev/null 2>&1
   else
       # We used to set this to NULL, but that causes 'failed to exec' messages"
       sysctl -w kernel.modprobe="/bin/true" >/dev/null 2>&1
   fi
fi

touch /dev/.in_sysinit >/dev/null 2>&1

# Set default affinity
if [ -x /bin/taskset ]; then
   if strstr "$cmdline" default_affinity= ; then
     for arg in $cmdline ; do
         if [ "${arg##default_affinity=}" != "${arg}" ]; then
             /bin/taskset -p ${arg##default_affinity=} 1
         fi
     done
   fi
fi

nashpid=$(pidof nash 2>/dev/null)
[ -n "$nashpid" ] && kill $nashpid >/dev/null 2>&1
unset nashpid
/sbin/start_udev

# Load other user-defined modules
for file in /etc/sysconfig/modules/*.modules ; do
  [ -x $file ] && $file
done

# Load modules (for backward compatibility with VARs)
if [ -f /etc/rc.modules ]; then
	/etc/rc.modules
fi

mount -n /dev/pts >/dev/null 2>&1
[ -n "$SELINUX_STATE" ] && restorecon /dev/pts >/dev/null 2>&1

# Configure kernel parameters
update_boot_stage RCkernelparam
sysctl -e -p /etc/sysctl.conf >/dev/null 2>&1

# Set the hostname.
update_boot_stage RChostname
action $"Setting hostname ${HOSTNAME}: " hostname ${HOSTNAME}

# Sync waiting for storage.
{ rmmod scsi_wait_scan ; modprobe scsi_wait_scan ; rmmod scsi_wait_scan ; } >/dev/null 2>&1

# Device mapper & related initialization
if ! __fgrep "device-mapper" /proc/devices >/dev/null 2>&1 ; then
       modprobe dm-mod >/dev/null 2>&1
fi

if [ -f /etc/crypttab ]; then
    init_crypto 0
fi

if ! strstr "$cmdline" nompath && [ -f /etc/multipath.conf ] && \
		[ -x /sbin/multipath ]; then
	modprobe dm-multipath > /dev/null 2>&1
	/sbin/multipath -v 0
	if [ -x /sbin/kpartx ]; then
		/sbin/dmsetup ls --target multipath --exec "/sbin/kpartx -a -p p" >/dev/null
	fi
fi

if ! strstr "$cmdline" nodmraid && [ -x /sbin/dmraid ]; then
	modprobe dm-mirror >/dev/null 2>&1
	dmraidsets=$(LC_ALL=C /sbin/dmraid -s -c -i)
	if [ "$?" = "0" ]; then
		for dmname in $dmraidsets; do
			if [[ "$dmname" == isw_* ]] && \
			   ! strstr "$cmdline" noiswmd; then
				continue
			fi
			/sbin/dmraid -ay -i --rm_partitions -p "$dmname" >/dev/null 2>&1
			/sbin/kpartx -a -p p "/dev/mapper/$dmname"
		done
	fi
fi

# Start any MD RAID arrays that haven't been started yet
[ -r /proc/mdstat -a -r /dev/md/md-device-map ] && /sbin/mdadm -IRs

if [ -x /sbin/lvm ]; then
	action $"Setting up Logical Volume Management:" /sbin/lvm vgchange -a y --sysinit
fi

if [ -f /etc/crypttab ]; then
    init_crypto 0
fi

if [ -f /fastboot ] || strstr "$cmdline" fastboot ; then
	fastboot=yes
fi

if [ -f /fsckoptions ]; then
	fsckoptions=$(cat /fsckoptions)
fi

if [ -f /forcefsck ] || strstr "$cmdline" forcefsck ; then
	fsckoptions="-f $fsckoptions"
elif [ -f /.autofsck ]; then
	[ -f /etc/sysconfig/autofsck ] && . /etc/sysconfig/autofsck
	if [ "$AUTOFSCK_DEF_CHECK" = "yes" ]; then
		AUTOFSCK_OPT="$AUTOFSCK_OPT -f"
	fi
	if [ -n "$AUTOFSCK_SINGLEUSER" ]; then
		[ -n "$PLYMOUTH" ] && plymouth --hide-splash
		echo
		echo $"*** Warning -- the system did not shut down cleanly. "
		echo $"*** Dropping you to a shell; the system will continue"
		echo $"*** when you leave the shell."
		[ -n "$SELINUX_STATE" ] && echo "0" > /selinux/enforce
		sulogin
		[ -n "$SELINUX_STATE" ] && echo "1" > /selinux/enforce
		[ -n "$PLYMOUTH" ] && plymouth --show-splash
	fi
	fsckoptions="$AUTOFSCK_OPT $fsckoptions"
fi

if [ "$BOOTUP" = "color" ]; then
	fsckoptions="-C $fsckoptions"
else
	fsckoptions="-V $fsckoptions"
fi

READONLY=
if [ -f /etc/sysconfig/readonly-root ]; then
	. /etc/sysconfig/readonly-root
fi
if strstr "$cmdline" readonlyroot ; then
	READONLY=yes
	[ -z "$RW_MOUNT" ] && RW_MOUNT=/var/lib/stateless/writable
	[ -z "$STATE_MOUNT" ] && STATE_MOUNT=/var/lib/stateless/state
fi
if strstr "$cmdline" noreadonlyroot ; then
	READONLY=no
fi

if [ "$READONLY" = "yes" -o "$TEMPORARY_STATE" = "yes" ]; then

	mount_empty() {
		if [ -e "$1" ]; then
			echo "$1" | cpio -p -vd "$RW_MOUNT" &>/dev/null
			mount -n --bind "$RW_MOUNT$1" "$1"
		fi
	}

	mount_dirs() {
		if [ -e "$1" ]; then
			mkdir -p "$RW_MOUNT$1"
			find "$1" -type d -print0 | cpio -p -0vd "$RW_MOUNT" &>/dev/null
			mount -n --bind "$RW_MOUNT$1" "$1"
		fi
	}

	mount_files() {
		if [ -e "$1" ]; then
			cp -a --parents "$1" "$RW_MOUNT"
			mount -n --bind "$RW_MOUNT$1" "$1"
		fi
	}

	# Common mount options for scratch space regardless of
	# type of backing store
	mountopts=

	# Scan partitions for local scratch storage
	rw_mount_dev=$(blkid -t LABEL="$RW_LABEL" -l -o device)

	# First try to mount scratch storage from /etc/fstab, then any
	# partition with the proper label.  If either succeeds, be sure
	# to wipe the scratch storage clean.  If both fail, then mount
	# scratch storage via tmpfs.
	if mount $mountopts "$RW_MOUNT" > /dev/null 2>&1 ; then
		rm -rf "$RW_MOUNT" > /dev/null 2>&1
	elif [ x$rw_mount_dev != x ] && mount $rw_mount_dev $mountopts "$RW_MOUNT" > /dev/null 2>&1; then
		rm -rf "$RW_MOUNT"  > /dev/null 2>&1
	else
		mount -n -t tmpfs $RW_OPTIONS $mountopts none "$RW_MOUNT"
	fi

	for file in /etc/rwtab /etc/rwtab.d/* /dev/.initramfs/rwtab ; do
		is_ignored_file "$file" && continue
	[ -f $file ] && cat $file | while read type path ; do
			case "$type" in
				empty)
					mount_empty $path
					;;
				files)
					mount_files $path
					;;
				dirs)
					mount_dirs $path
					;;
				*)
					;;
			esac
			[ -n "$SELINUX_STATE" ] && [ -e "$path" ] && restorecon -R "$path"
		done
	done

	# Use any state passed by initramfs
	[ -d /dev/.initramfs/state ] && cp -a /dev/.initramfs/state/* $RW_MOUNT

	# In theory there should be no more than one network interface active
	# this early in the boot process -- the one we're booting from.
	# Use the network address to set the hostname of the client.  This
	# must be done even if we have local storage.
	ipaddr=
	if [ "$HOSTNAME" = "localhost" -o "$HOSTNAME" = "localhost.localdomain" ]; then
		ipaddr=$(ip addr show to 0.0.0.0/0 scope global | awk '/[[:space:]]inet / { print gensub("/.*","","g",$2) }')
		for ip in $ipaddr ; do
			HOSTNAME=
			eval $(ipcalc -h $ipaddr 2>/dev/null)
			[ -n "$HOSTNAME" ] && { hostname ${HOSTNAME} ; break; }
		done
	fi
	
	# Clients with read-only root filesystems may be provided with a
	# place where they can place minimal amounts of persistent
	# state.  SSH keys or puppet certificates for example.
	#
	# Ideally we'll use puppet to manage the state directory and to
	# create the bind mounts.  However, until that's all ready this
	# is sufficient to build a working system.

	# First try to mount persistent data from /etc/fstab, then any
	# partition with the proper label, then fallback to NFS
	state_mount_dev=$(blkid -t LABEL="$STATE_LABEL" -l -o device)
	if mount $mountopts $STATE_OPTIONS "$STATE_MOUNT" > /dev/null 2>&1 ; then
		/bin/true
	elif [ x$state_mount_dev != x ] && mount $state_mount_dev $mountopts "$STATE_MOUNT" > /dev/null 2>&1;  then
		/bin/true
	elif [ ! -z "$CLIENTSTATE" ]; then
		# No local storage was found.  Make a final attempt to find
		# state on an NFS server.

		mount -t nfs $CLIENTSTATE/$HOSTNAME $STATE_MOUNT -o rw,nolock
	fi

	if [ -w "$STATE_MOUNT" ]; then

		mount_state() {
			if [ -e "$1" ]; then
				[ ! -e "$STATE_MOUNT$1" ] && cp -a --parents "$1" "$STATE_MOUNT"
				mount -n --bind "$STATE_MOUNT$1" "$1"
			fi
		}

		for file in /etc/statetab /etc/statetab.d/* ; do
			is_ignored_file "$file" && continue
			[ ! -f "$file" ] && continue

			if [ -f "$STATE_MOUNT/$file" ] ; then
				mount -n --bind "$STATE_MOUNT/$file" "$file"
			fi

			for path in $(grep -v "^#" "$file" 2>/dev/null); do
				mount_state "$path"
				[ -n "$SELINUX_STATE" ] && [ -e "$path" ] && restorecon -R "$path"
			done
		done

		if [ -f "$STATE_MOUNT/files" ] ; then
			for path in $(grep -v "^#" "$STATE_MOUNT/files" 2>/dev/null); do
				mount_state "$path"
				[ -n "$SELINUX_STATE" ] && [ -e "$path" ] && restorecon -R "$path"
			done
		fi
	fi
fi

if [[ " $fsckoptions" != *" -y"* ]]; then
	fsckoptions="-a $fsckoptions"
fi

_RUN_QUOTACHECK=0
if strstr "$cmdline" forcequotacheck || [ -f /forcequotacheck ] ; then
	_RUN_QUOTACHECK=1
fi
if [ -z "$fastboot" -a "$READONLY" != "yes" ]; then

        STRING=$"Checking filesystems"
	echo $STRING
	fsck -T -t noopts=_netdev -A $fsckoptions
	rc=$?
	
	if [ "$rc" -eq "0" ]; then
		success "$STRING"
		echo
	elif [ "$rc" -eq "1" ]; then
	        passed "$STRING"
		echo
	elif [ "$rc" -eq "2" -o "$rc" -eq "3" ]; then
		echo $"Unmounting file systems"
		umount -a
		mount -n -o remount,ro /
		echo $"Automatic reboot in progress."
		reboot -f
        fi
	
        # A return of 4 or higher means there were serious problems.
	if [ $rc -gt 1 ]; then
		[ -n "$PLYMOUTH" ] && plymouth --hide-splash

		failure "$STRING"
		echo
		echo
		echo $"*** An error occurred during the file system check."
		echo $"*** Dropping you to a shell; the system will reboot"
		echo $"*** when you leave the shell."

                str=$"(Repair filesystem)"
		PS1="$str \# # "; export PS1
		[ "$SELINUX_STATE" = "1" ] && disable_selinux
		sulogin

		echo $"Unmounting file systems"
		umount -a
		mount -n -o remount,ro /
		echo $"Automatic reboot in progress."
		reboot -f
	elif [ "$rc" -eq "1" ]; then
		_RUN_QUOTACHECK=1
	fi
fi

remount_needed() {
  local state oldifs
  [ "$READONLY" = "yes" ] && return 1
  state=$(LC_ALL=C awk '/ \/ / && ($3 !~ /rootfs/) { print $4 }' /proc/mounts)
  oldifs=$IFS
  IFS=","
  for opt in $state ; do
	if [ "$opt" = "rw" ]; then
		IFS=$oldifs
		return 1
	fi
  done
  IFS=$oldifs
  return 0
}

# Remount the root filesystem read-write.
update_boot_stage RCmountfs
if remount_needed ; then
  action $"Remounting root filesystem in read-write mode: " mount -n -o remount,rw /
fi

# Clean up SELinux labels
if [ -n "$SELINUX_STATE" ]; then
   restorecon /etc/mtab /etc/ld.so.cache /etc/blkid/blkid.tab /etc/resolv.conf >/dev/null 2>&1
fi

# If relabeling, relabel mount points.
if [ -n "$SELINUX_STATE" -a "$READONLY" != "yes" ]; then
    if strstr "$cmdline" autorelabel || [ -f /.autorelabel ] ; then
	restorecon $(awk '!/^#/ && $4 !~ /noauto/ && $2 ~ /^\// { print $2 }' /etc/fstab) >/dev/null 2>&1
    fi
fi

if [ "$READONLY" != "yes" ] ; then
	# Clear mtab
	(> /etc/mtab) &> /dev/null

	# Remove stale backups
	rm -f /etc/mtab~ /etc/mtab~~

	# Enter mounted filesystems into /etc/mtab
	mount -f /
	mount -f /proc >/dev/null 2>&1
	mount -f /sys >/dev/null 2>&1
	mount -f /dev/pts >/dev/null 2>&1
	mount -f /dev/shm >/dev/null 2>&1
	mount -f /proc/bus/usb >/dev/null 2>&1
fi

# Mount all other filesystems (except for NFS and /proc, which is already
# mounted). Contrary to standard usage,
# filesystems are NOT unmounted in single user mode.
if [ "$READONLY" != "yes" ] ; then
	action $"Mounting local filesystems: " mount -a -t nonfs,nfs4,smbfs,ncpfs,cifs,gfs,gfs2 -O no_netdev
else
	action $"Mounting local filesystems: " mount -a -n -t nonfs,nfs4,smbfs,ncpfs,cifs,gfs,gfs2 -O no_netdev
fi

# Update quotas if necessary
if [ X"$_RUN_QUOTACHECK" = X1 ] && [ -x /sbin/quotacheck ]; then
	action $"Checking local filesystem quotas: " /sbin/quotacheck -anug
fi

if [ -x /sbin/quotaon ]; then
    action $"Enabling local filesystem quotas: " /sbin/quotaon -aug
fi

# Check to see if a full relabel is needed
if [ -n "$SELINUX_STATE" -a "$READONLY" != "yes" ]; then
    if strstr "$cmdline" autorelabel || [ -f /.autorelabel ] ; then
	relabel_selinux
    fi
else
    if [ "$READONLY" != "yes" ] && [ -d /etc/selinux ]; then
        [ -f /.autorelabel ] || touch /.autorelabel
    fi
fi

# Initialize pseudo-random number generator
if [ -f "/var/lib/random-seed" ]; then
	cat /var/lib/random-seed > /dev/urandom
else
	[ "$READONLY" != "yes" ] && touch /var/lib/random-seed
fi
if [ "$READONLY" != "yes" ]; then
	chmod 600 /var/lib/random-seed
	dd if=/dev/urandom of=/var/lib/random-seed count=1 bs=512 2>/dev/null
fi

if [ -f /etc/crypttab ]; then
    init_crypto 1
fi

# Configure machine if necessary.
if [ -f /.unconfigured ]; then
    if [ -x /usr/bin/rhgb-client ] && /usr/bin/rhgb-client --ping ; then
	/usr/bin/rhgb-client --quit
    fi

    if [ -x /usr/bin/system-config-keyboard ]; then
	/usr/bin/system-config-keyboard
    fi
    if [ -x /usr/bin/passwd ]; then
        /usr/bin/passwd root
    fi
    if [ -x /usr/sbin/system-config-network-tui ]; then
	/usr/sbin/system-config-network-tui
    fi
    if [ -x /usr/sbin/timeconfig ]; then
	/usr/sbin/timeconfig
    fi
    if [ -x /usr/sbin/authconfig-tui ]; then
	/usr/sbin/authconfig-tui --nostart
    fi
    if [ -x /usr/sbin/ntsysv ]; then
	/usr/sbin/ntsysv --level 35
    fi

    # Reread in network configuration data.
    if [ -f /etc/sysconfig/network ]; then
	. /etc/sysconfig/network

	# Reset the hostname.
	action $"Resetting hostname ${HOSTNAME}: " hostname ${HOSTNAME}
    fi

    rm -f /.unconfigured
fi

# Clean out /.
rm -f /fastboot /fsckoptions /forcefsck /.autofsck /forcequotacheck /halt \
	/poweroff /.suspended &> /dev/null

# Do we need (w|u)tmpx files? We don't set them up, but the sysadmin might...
_NEED_XFILES=
[ -f /var/run/utmpx ] || [ -f /var/log/wtmpx ] && _NEED_XFILES=1

# Clean up /var.
rm -rf /var/lock/cvs/* /var/run/screen/*
find /var/lock /var/run ! -type d -exec rm -f {} \;
rm -f /var/lib/rpm/__db* &> /dev/null
rm -f /var/gdm/.gdmfifo &> /dev/null

# Clean up utmp/wtmp
> /var/run/utmp
touch /var/log/wtmp /var/log/btmp
chgrp utmp /var/run/utmp /var/log/wtmp /var/log/btmp
chmod 0664 /var/run/utmp /var/log/wtmp
chmod 0600 /var/log/btmp
if [ -n "$_NEED_XFILES" ]; then
  > /var/run/utmpx
  touch /var/log/wtmpx
  chgrp utmp /var/run/utmpx /var/log/wtmpx
  chmod 0664 /var/run/utmpx /var/log/wtmpx
fi
[ -n "$SELINUX_STATE" ] && restorecon /var/run/utmp* /var/log/wtmp* >/dev/null 2>&1

# Clean up various /tmp bits
[ -n "$SELINUX_STATE" ] && restorecon /tmp
rm -f /tmp/.X*-lock /tmp/.lock.* /tmp/.gdm_socket /tmp/.s.PGSQL.*
rm -rf /tmp/.X*-unix /tmp/.ICE-unix /tmp/.font-unix /tmp/hsperfdata_* \
       /tmp/kde-* /tmp/ksocket-* /tmp/mc-* /tmp/mcop-* /tmp/orbit-*  \
       /tmp/scrollkeeper-*  /tmp/ssh-* \
       /dev/.in_sysinit

# Make ICE directory
mkdir -m 1777 -p /tmp/.ICE-unix >/dev/null 2>&1
chown root:root /tmp/.ICE-unix
[ -n "$SELINUX_STATE" ] && restorecon /tmp/.ICE-unix >/dev/null 2>&1

# Start up swapping.
update_boot_stage RCswap
action $"Enabling /etc/fstab swaps: " swapon -a -e
if [ "$AUTOSWAP" = "yes" ]; then
	curswap=$(awk '/^\/dev/ { print $1 }' /proc/swaps | while read x; do get_numeric_dev dec $x ; echo -n " "; done)
	swappartitions=$(blkid -t TYPE=swap -o device)
	if [ x"$swappartitions" != x ]; then
		for partition in $swappartitions ; do
			[ ! -e $partition ] && continue
			majmin=$(get_numeric_dev dec $partition)
			echo $curswap | grep -qw "$majmin" || action $"Enabling local swap partitions: " swapon $partition
		done
	fi
fi

# Set up binfmt_misc
/bin/mount -t binfmt_misc none /proc/sys/fs/binfmt_misc > /dev/null 2>&1

# Boot time profiles. Yes, this should be somewhere else.
if [ -x /usr/sbin/system-config-network-cmd ]; then
  if strstr "$cmdline" netprofile= ; then
    for arg in $cmdline ; do
        if [ "${arg##netprofile=}" != "${arg}" ]; then
	    /usr/sbin/system-config-network-cmd --profile ${arg##netprofile=}
        fi
    done
  fi
fi

# Now that we have all of our basic modules loaded and the kernel going,
# let's dump the syslog ring somewhere so we can find it later
[ -f /var/log/dmesg ] && mv -f /var/log/dmesg /var/log/dmesg.old
dmesg -s 131072 > /var/log/dmesg

# create the crash indicator flag to warn on crashes, offer fsck with timeout
touch /.autofsck &> /dev/null

if strstr "$cmdline" confirm ; then
	touch /var/run/confirm
fi

# Let rhgb know that we're leaving rc.sysinit
if [ -x /usr/bin/rhgb-client ] && /usr/bin/rhgb-client --ping ; then
    /usr/bin/rhgb-client --sysinit
fi
und die /etc/init/rc.conf
Code: 
# rc - System V runlevel compatibility
#
# This task runs the old sysv-rc runlevel scripts.  It
# is usually started by the telinit compatibility wrapper.

start on runlevel [0123456]

stop on runlevel [!$RUNLEVEL]

task

export RUNLEVEL
console output
exec /etc/rc.d/rc $RUNLEVEL
sowie eine /etc/init/rcS.conf:
Code: 
# rcS - runlevel compatibility
#
# This task runs the old sysv-rc startup scripts.

start on startup

stop on runlevel

task

# Note: there can be no previous runlevel here, if we have one it's bad
# information (we enter rc1 not rcS for maintenance).  Run /etc/rc.d/rc
# without information so that it defaults to previous=N runlevel=S.
console output
exec /etc/rc.d/rc.sysinit
post-stop script
	if [ "$UPSTART_EVENTS" = "startup" ]; then
		[ -f /etc/inittab ] && runlevel=$(/bin/awk -F ':' '$3 == "initdefault" && $1 !~ "^#" { print $2 }' /etc/inittab)
		[ -z "$runlevel" ] && runlevel="3"
		for t in $(cat /proc/cmdline); do
			case $t in
				-s|single|S|s) runlevel="S" ;;
				[1-9])       runlevel="$t" ;;
			esac
		done
		exec telinit $runlevel
	fi
end script
und eine /etc/rcS-sulogin.conf:
Code: 
# rcS-sulogin - "single-user" runlevel compatibility
#
# This task runs /bin/bash during "single-user" mode,
# then continues to the default runlevel.

start on runlevel S

stop on runlevel [!S]

console owner
script
	. /etc/sysconfig/init
	plymouth --hide-splash || true
	[ -z "$SINGLE" ] && SINGLE=/sbin/sushell
	exec $SINGLE
end script
post-stop script
	if [ "$RUNLEVEL" = "S" ]; then
		[ -f /etc/inittab ] && runlevel=$(/bin/awk -F ':' '$3 == "initdefault" && $1 !~ "^#" { print $2 }' /etc/inittab)
		[ -z "$runlevel" ] && runlevel="3"
		exec telinit $runlevel
	fi
end script

Das sieht ja ganz interessant aus.
Vielleicht reicht es in der letzten /sbin/sushell durch /sbin/sulogin zu ersetzten.
Werde das mal testen.

MfG
 
Update:
Das Ändern der Shells hat keine Wirkung gezeigt.
Ich bin momentan recht ratlos, in welcher Datei der Single-user Modus geregelt wird.

MfG
 
Anmelden, um zu antworten.

Ähnliche Themen

Fedora 14 Installation defekt?
Fedora 14 Installation defekt?: Liebe Community, seit gestern habe ich Probleme mit meiner Installation von Fedora 14 auf meinem Desktop PC, die sich wie folgt äußern: 1) Grub braucht...

Anmeldung über UMTS Verbindung nicht möglich
Anmeldung über UMTS Verbindung nicht möglich: Hallo Leute, ich habe das Problem, dass ich mich hier am Unixboard nicht anmelden kann, wenn ich meine Internetverbindung per UMTS herstelle. Das Problem...

Nach fstab-Änderung kein Login mehr möglich
Nach fstab-Änderung kein Login mehr möglich: Hallo Community Ich bin vorgestern auf Fedora 12 ungesattelt. Heute habe ich festgestellt, dass ich bei der Partitionierung einen Fehler gemacht habe...

NFS Multicast Probleme
NFS Multicast Probleme: NFS/NIS Probleme Liebe Community, das Problem scheint weitläufiger als bisher angenommen zu sein, daher eine neue, allgemeinere Beschreibung. ich...

[HowTo] NVidia und 3D unter SuSE/openSUSE
[HowTo] NVidia und 3D unter SuSE/openSUSE: NVidia und 3D unter SuSE/openSUSE Da dieses Thema immer wieder ein Problem zu sein scheint, hier mal ein kleines HowTo, das auch für Noobs verständlich...

Neueste Themen

Zurück
Oben