Fedora 14 - Passwordabfrage in Runlevel S

Dieses Thema im Forum "RedHat,Fedora & CentOS" wurde erstellt von Gast123, 15.01.2011.

  1. #1 Gast123, 15.01.2011
    Gast123

    Gast123 Guest

    Liebe Community,

    ich habe gerade mir Erschrecken festgestellt, dass (mein) Fedora 14 standardmäßig kein Passwort im Runlevel S abfragt.
    Wenn man mein Notebook mit
    Code:
    init S
    startet ist mannach dem Boot automatisch als root angemeldet.

    Wie kann ich das also einstellen, dass wie z.B. bei openSUSE ein Passwort abgefragt wird?

    Danke

    Schard
     
  2. Anzeige

    Schau dir mal diese Kategorie an. Dort findest du bestimmt etwas.
    Registrieren bzw. einloggen, um diese und auch andere Anzeigen zu deaktivieren
  3. #2 xbeduine, 15.01.2011
    xbeduine

    xbeduine ausgesperrt

    Dabei seit:
    09.09.2007
    Beiträge:
    142
    Zustimmungen:
    0
    Runlevel S ist dich RL 1?

    Würde grub ein Password verpassen - dann musst du zerst das eingeben bevor du die bootoptionen anpassen kannst.
     
  4. #3 Gast123, 04.02.2011
    Gast123

    Gast123 Guest

    Hallo,

    ja Runlevel S und 1 sind bei Fedora, wie bei den meisten Linux distris üblich, identisch.
    Ein Bootloader Passwort lößt aber nicht mein Problem.
    Ich verstehe nicht, wie ein Distributor das System so konfigurieren kann, dass man in einem bestimmten Runlevel (S) automatisch als Root angemeldet wird. Das entbehrt jeder Sicherheitspolitik.
    Also, es würde mich freuen, wenn jemand eine Idee hätte, wie man auch im Runlevel 1 bei Fedora eine obligatorische Passwortabfrage hinbekommt - so wie bei openSuSE z.B.

    Danke euch!
    Schard
     
  5. rikola

    rikola Foren Gott

    Dabei seit:
    23.08.2005
    Beiträge:
    2.133
    Zustimmungen:
    0
    Was steht denn in /etc/inittab bzgl. Runlevel S? Wird dort ein bestimmtes Programm gestartet ausser z.B.
    Code:
     1:2345:respawn:/sbin/getty 38400 tty1 
    Ein Rechner ist uebrigens erst dann sicher, wenn man den Zugang zur Hardware verhindert, von daher ist es nicht so ein enormes Risiko, bei 'init S' gleich eingeloggt zu werden. Den gleichen Zugriff haettest Du ja auch mit einer Knoppix-CD o.ae.
     
  6. #5 Gast123, 04.02.2011
    Gast123

    Gast123 Guest

    Hallo Rikola,

    du hast prinzipiell recht.
    Aber man kann es einem Störer auch zu einfach machen.
    Also meine /etc/inittab sieht so aus (Fedora-Standard):
    Code:
    # inittab is only used by upstart for the default runlevel.
    #
    # ADDING OTHER CONFIGURATION HERE WILL HAVE NO EFFECT ON YOUR SYSTEM.
    #
    # System initialization is started by /etc/init/rcS.conf
    #
    # Individual runlevels are started by /etc/init/rc.conf
    #
    # Ctrl-Alt-Delete is handled by /etc/init/control-alt-delete.conf
    #
    # Terminal gettys are handled by /etc/init/tty.conf and /etc/init/serial.conf,
    # with configuration in /etc/sysconfig/init.
    #
    # For information on how to write upstart event handlers, or how
    # upstart works, see init(5), init(8), and initctl(8).
    #
    # Default runlevel. The runlevels used are:
    #   0 - halt (Do NOT set initdefault to this)
    #   1 - Single user mode
    #   2 - Multiuser, without NFS (The same as 3, if you do not have networking)
    #   3 - Full multiuser mode
    #   4 - unused
    #   5 - X11
    #   6 - reboot (Do NOT set initdefault to this)
    # 
    id:5:initdefault:
    Ich habe des Weiteren schon dies hier versucht. Hatte aber keine Auswirkung.
    Dieses /sbin/sulogin aus diesem Forum ist hingegen aber genau das, was ich von openSuSE kenne und gerne hätte.

    LG

    Edit:

    Ein Standardbenutzer sollte an einer Workstation arbeiten können ohne durch eine Sicherheitslücke root werden zu können.
    Dabei spielt die Situation der Hardware außerdem erst ein Mal keine Rolle.
     
  7. rikola

    rikola Foren Gott

    Dabei seit:
    23.08.2005
    Beiträge:
    2.133
    Zustimmungen:
    0
    Sicher, dass das die gesamte inittab ist??? Steht ja mal nix drin. Wenn ja, musst Du Dir wohl /etc/init/rc.conf
    anschauen. Aber meinem Verstaendnis von init nach scheint fedora schon ziemlich damit und dem kernel rumgepfriemelt haben, damit diese inittab ueberhaupt etwas bewirkt...
     
  8. Anzeige

    Vielleicht findest du HIER Antworten.
    Registrieren bzw. einloggen, um diese und auch andere Anzeigen zu deaktivieren
  9. #7 Gast123, 04.02.2011
    Gast123

    Gast123 Guest

    Hi,

    also da gibts bei mir noch die /etc/rc.d/rc:
    Code:
    #! /bin/bash
    #
    # rc            This file is responsible for starting/stopping
    #               services when the runlevel changes.
    #
    # Original Author:       
    #               Miquel van Smoorenburg, <miquels@drinkel.nl.mugnet.org>
    #
    
    set -m
    
    # check a file to be a correct runlevel script
    check_runlevel ()
    {
    	# Check if the file exists at all.
    	[ -x "$1" ] || return 1
    	is_ignored_file "$1" && return 1
    	return 0
    }
    
    # Now find out what the current and what the previous runlevel are.
    argv1="$1"
    set $(/sbin/runlevel)
    runlevel=$2
    previous=$1
    export runlevel previous
    
    . /etc/init.d/functions
    
    export CONSOLETYPE
    do_confirm="no"
    if [ -f /var/run/confirm ]; then
    	do_confirm="yes"
    fi
    UPSTART=
    [ -x /sbin/initctl ] && UPSTART=yes
    # See if we want to be in user confirmation mode
    if [ "$previous" = "N" ]; then
    	if [ "$do_confirm" = "yes" ]; then
    		echo $"Entering interactive startup"
    	else
    		echo $"Entering non-interactive startup"
    	fi
    fi
    
    # Get first argument. Set new runlevel to this argument.
    [ -n "$argv1" ] && runlevel="$argv1"
    
    # Is there an rc directory for this new runlevel?
    [ -d /etc/rc$runlevel.d ] || exit 0
    
    # Set language, vc settings once to avoid doing it for every init script
    # through functions
    if [ -z "${NOLOCALE:-}" ] && [ -f /etc/sysconfig/i18n ] ; then
      . /etc/profile.d/lang.sh 2>/dev/null
      export LANGSH_SOURCED=1
    fi
    
    # First, run the KILL scripts.
    for i in /etc/rc$runlevel.d/K* ; do
    
    	# Check if the subsystem is already up.
    	subsys=${i#/etc/rc$runlevel.d/K??}
    	[ -f /var/lock/subsys/$subsys ] || [ -f /var/lock/subsys/$subsys.init ] || continue
    	check_runlevel "$i" || continue
    
    	# Bring the subsystem down.
    	[ -n "$UPSTART" ] && initctl emit --quiet stopping JOB=$subsys
    	$i stop
    	[ -n "$UPSTART" ] && initctl emit --quiet stopped JOB=$subsys
    done
    
    # Now run the START scripts.
    for i in /etc/rc$runlevel.d/S* ; do
    
    	# Check if the subsystem is already up.
    	subsys=${i#/etc/rc$runlevel.d/S??}
    	[ -f /var/lock/subsys/$subsys ] && continue
    	[ -f /var/lock/subsys/$subsys.init ] && continue
    	check_runlevel "$i" || continue
    		    
    	# If we're in confirmation mode, get user confirmation
    	if [ "$do_confirm" = "yes" ]; then
    		confirm $subsys
    		rc=$?
    		if [ "$rc" = "1" ]; then
    			continue
    		elif [ "$rc" = "2" ]; then
    			do_confirm="no"
    		fi
    	fi
    
    	update_boot_stage "$subsys"
    	# Bring the subsystem up.
    	[ -n "$UPSTART" ] && initctl emit --quiet starting JOB=$subsys
    	if [ "$subsys" = "halt" -o "$subsys" = "reboot" ]; then
    		export LC_ALL=C
    		exec $i start
    	fi
    	$i start
    	[ -n "$UPSTART" ] && initctl emit --quiet started JOB=$subsys
    done
    [ "$do_confirm" = "yes" ] && rm -f /var/run/confirm
    exit 0
    Sowie die /etc/rc.d/rc.local:
    Code:
    #!/bin/sh
    #
    # This script will be executed *after* all the other init scripts.
    # You can put your own initialization stuff in here if you don't
    # want to do the full Sys V style init stuff.
    
    touch /var/lock/subsys/local
    ... die /etc/rc.d/rc.sysinit:
    Code:
    #!/bin/bash
    #
    # /etc/rc.d/rc.sysinit - run once at boot time
    #
    # Taken in part from Miquel van Smoorenburg's bcheckrc.
    #
    
    HOSTNAME=$(/bin/hostname)
    
    set -m
    
    if [ -f /etc/sysconfig/network ]; then
        . /etc/sysconfig/network
    fi
    if [ -z "$HOSTNAME" -o "$HOSTNAME" = "(none)" ]; then
        HOSTNAME=localhost
    fi
    
    if [ ! -e /proc/mounts ]; then
    	mount -n -t proc /proc /proc
    	mount -n -t sysfs /sys /sys >/dev/null 2>&1
    fi
    if [ ! -d /proc/bus/usb ]; then
    	modprobe usbcore >/dev/null 2>&1 && mount -n -t usbfs /proc/bus/usb /proc/bus/usb
    else
    	mount -n -t usbfs /proc/bus/usb /proc/bus/usb
    fi
    
    . /etc/init.d/functions
    
    PLYMOUTH=
    [ -x /usr/bin/plymouth ] && PLYMOUTH=yes
    
    # Check SELinux status
    SELINUX_STATE=
    if [ -e "/selinux/enforce" ] && [ "$(cat /proc/self/attr/current)" != "kernel" ]; then
    	if [ -r "/selinux/enforce" ] ; then
    		SELINUX_STATE=$(cat "/selinux/enforce")
    	else
    		# assume enforcing if you can't read it
    		SELINUX_STATE=1
    	fi
    fi
    
    if [ -n "$SELINUX_STATE" ] && [ -x /sbin/restorecon ] && __fgrep " /dev " /proc/mounts >/dev/null 2>&1 ; then
    	/sbin/restorecon  -R /dev 2>/dev/null
    fi
    
    disable_selinux() {
    	echo $"*** Warning -- SELinux is active"
    	echo $"*** Disabling security enforcement for system recovery."
    	echo $"*** Run 'setenforce 1' to reenable."
    	echo "0" > "/selinux/enforce"
    }
    
    relabel_selinux() {
        # if /sbin/init is not labeled correctly this process is running in the
        # wrong context, so a reboot will be required after relabel
        AUTORELABEL=
        . /etc/selinux/config
        echo "0" > /selinux/enforce
        [ -n "$PLYMOUTH" ] && plymouth --hide-splash
    
        if [ "$AUTORELABEL" = "0" ]; then
    	echo
    	echo $"*** Warning -- SELinux ${SELINUXTYPE} policy relabel is required. "
    	echo $"*** /etc/selinux/config indicates you want to manually fix labeling"
    	echo $"*** problems. Dropping you to a shell; the system will reboot"
    	echo $"*** when you leave the shell."
    	sulogin
    
        else
    	echo
    	echo $"*** Warning -- SELinux ${SELINUXTYPE} policy relabel is required."
    	echo $"*** Relabeling could take a very long time, depending on file"
    	echo $"*** system size and speed of hard drives."
    
    	/sbin/fixfiles -F restore > /dev/null 2>&1
        fi
        rm -f  /.autorelabel
        echo $"Unmounting file systems"
        umount -a
        mount -n -o remount,ro /
        echo $"Automatic reboot in progress."
        reboot -f
    }
    
    # Print a text banner.
    echo -en $"\t\tWelcome to "
    read -r system_release < /etc/system-release
    if [[ "$system_release" == *"Red Hat"* ]]; then
     [ "$BOOTUP" = "color" ] && echo -en "\\033[0;31m"
     echo -en "Red Hat"
     [ "$BOOTUP" = "color" ] && echo -en "\\033[0;39m"
     PRODUCT=$(sed "s/Red Hat \(.*\) release.*/\1/" /etc/system-release)
     echo " $PRODUCT"
    elif [[ "$system_release" == *Fedora* ]]; then
     [ "$BOOTUP" = "color" ] && echo -en "\\033[0;34m"
     echo -en "Fedora"
     [ "$BOOTUP" = "color" ] && echo -en "\\033[0;39m"
     PRODUCT=$(sed "s/Fedora \(.*\) \?release.*/\1/" /etc/system-release)
     echo " $PRODUCT"
    else
     PRODUCT=$(sed "s/ release.*//g" /etc/system-release)
     echo "$PRODUCT"
    fi
    
    # Only read this once.
    cmdline=$(cat /proc/cmdline)
    
    # Initialize hardware
    if [ -f /proc/sys/kernel/modprobe ]; then
       if ! strstr "$cmdline" nomodules && [ -f /proc/modules ] ; then
           sysctl -w kernel.modprobe="/sbin/modprobe" >/dev/null 2>&1
       else
           # We used to set this to NULL, but that causes 'failed to exec' messages"
           sysctl -w kernel.modprobe="/bin/true" >/dev/null 2>&1
       fi
    fi
    
    touch /dev/.in_sysinit >/dev/null 2>&1
    
    # Set default affinity
    if [ -x /bin/taskset ]; then
       if strstr "$cmdline" default_affinity= ; then
         for arg in $cmdline ; do
             if [ "${arg##default_affinity=}" != "${arg}" ]; then
                 /bin/taskset -p ${arg##default_affinity=} 1
             fi
         done
       fi
    fi
    
    nashpid=$(pidof nash 2>/dev/null)
    [ -n "$nashpid" ] && kill $nashpid >/dev/null 2>&1
    unset nashpid
    /sbin/start_udev
    
    # Load other user-defined modules
    for file in /etc/sysconfig/modules/*.modules ; do
      [ -x $file ] && $file
    done
    
    # Load modules (for backward compatibility with VARs)
    if [ -f /etc/rc.modules ]; then
    	/etc/rc.modules
    fi
    
    mount -n /dev/pts >/dev/null 2>&1
    [ -n "$SELINUX_STATE" ] && restorecon /dev/pts >/dev/null 2>&1
    
    # Configure kernel parameters
    update_boot_stage RCkernelparam
    sysctl -e -p /etc/sysctl.conf >/dev/null 2>&1
    
    # Set the hostname.
    update_boot_stage RChostname
    action $"Setting hostname ${HOSTNAME}: " hostname ${HOSTNAME}
    
    # Sync waiting for storage.
    { rmmod scsi_wait_scan ; modprobe scsi_wait_scan ; rmmod scsi_wait_scan ; } >/dev/null 2>&1
    
    # Device mapper & related initialization
    if ! __fgrep "device-mapper" /proc/devices >/dev/null 2>&1 ; then
           modprobe dm-mod >/dev/null 2>&1
    fi
    
    if [ -f /etc/crypttab ]; then
        init_crypto 0
    fi
    
    if ! strstr "$cmdline" nompath && [ -f /etc/multipath.conf ] && \
    		[ -x /sbin/multipath ]; then
    	modprobe dm-multipath > /dev/null 2>&1
    	/sbin/multipath -v 0
    	if [ -x /sbin/kpartx ]; then
    		/sbin/dmsetup ls --target multipath --exec "/sbin/kpartx -a -p p" >/dev/null
    	fi
    fi
    
    if ! strstr "$cmdline" nodmraid && [ -x /sbin/dmraid ]; then
    	modprobe dm-mirror >/dev/null 2>&1
    	dmraidsets=$(LC_ALL=C /sbin/dmraid -s -c -i)
    	if [ "$?" = "0" ]; then
    		for dmname in $dmraidsets; do
    			if [[ "$dmname" == isw_* ]] && \
    			   ! strstr "$cmdline" noiswmd; then
    				continue
    			fi
    			/sbin/dmraid -ay -i --rm_partitions -p "$dmname" >/dev/null 2>&1
    			/sbin/kpartx -a -p p "/dev/mapper/$dmname"
    		done
    	fi
    fi
    
    # Start any MD RAID arrays that haven't been started yet
    [ -r /proc/mdstat -a -r /dev/md/md-device-map ] && /sbin/mdadm -IRs
    
    if [ -x /sbin/lvm ]; then
    	action $"Setting up Logical Volume Management:" /sbin/lvm vgchange -a y --sysinit
    fi
    
    if [ -f /etc/crypttab ]; then
        init_crypto 0
    fi
    
    if [ -f /fastboot ] || strstr "$cmdline" fastboot ; then
    	fastboot=yes
    fi
    
    if [ -f /fsckoptions ]; then
    	fsckoptions=$(cat /fsckoptions)
    fi
    
    if [ -f /forcefsck ] || strstr "$cmdline" forcefsck ; then
    	fsckoptions="-f $fsckoptions"
    elif [ -f /.autofsck ]; then
    	[ -f /etc/sysconfig/autofsck ] && . /etc/sysconfig/autofsck
    	if [ "$AUTOFSCK_DEF_CHECK" = "yes" ]; then
    		AUTOFSCK_OPT="$AUTOFSCK_OPT -f"
    	fi
    	if [ -n "$AUTOFSCK_SINGLEUSER" ]; then
    		[ -n "$PLYMOUTH" ] && plymouth --hide-splash
    		echo
    		echo $"*** Warning -- the system did not shut down cleanly. "
    		echo $"*** Dropping you to a shell; the system will continue"
    		echo $"*** when you leave the shell."
    		[ -n "$SELINUX_STATE" ] && echo "0" > /selinux/enforce
    		sulogin
    		[ -n "$SELINUX_STATE" ] && echo "1" > /selinux/enforce
    		[ -n "$PLYMOUTH" ] && plymouth --show-splash
    	fi
    	fsckoptions="$AUTOFSCK_OPT $fsckoptions"
    fi
    
    if [ "$BOOTUP" = "color" ]; then
    	fsckoptions="-C $fsckoptions"
    else
    	fsckoptions="-V $fsckoptions"
    fi
    
    READONLY=
    if [ -f /etc/sysconfig/readonly-root ]; then
    	. /etc/sysconfig/readonly-root
    fi
    if strstr "$cmdline" readonlyroot ; then
    	READONLY=yes
    	[ -z "$RW_MOUNT" ] && RW_MOUNT=/var/lib/stateless/writable
    	[ -z "$STATE_MOUNT" ] && STATE_MOUNT=/var/lib/stateless/state
    fi
    if strstr "$cmdline" noreadonlyroot ; then
    	READONLY=no
    fi
    
    if [ "$READONLY" = "yes" -o "$TEMPORARY_STATE" = "yes" ]; then
    
    	mount_empty() {
    		if [ -e "$1" ]; then
    			echo "$1" | cpio -p -vd "$RW_MOUNT" &>/dev/null
    			mount -n --bind "$RW_MOUNT$1" "$1"
    		fi
    	}
    
    	mount_dirs() {
    		if [ -e "$1" ]; then
    			mkdir -p "$RW_MOUNT$1"
    			find "$1" -type d -print0 | cpio -p -0vd "$RW_MOUNT" &>/dev/null
    			mount -n --bind "$RW_MOUNT$1" "$1"
    		fi
    	}
    
    	mount_files() {
    		if [ -e "$1" ]; then
    			cp -a --parents "$1" "$RW_MOUNT"
    			mount -n --bind "$RW_MOUNT$1" "$1"
    		fi
    	}
    
    	# Common mount options for scratch space regardless of
    	# type of backing store
    	mountopts=
    
    	# Scan partitions for local scratch storage
    	rw_mount_dev=$(blkid -t LABEL="$RW_LABEL" -l -o device)
    
    	# First try to mount scratch storage from /etc/fstab, then any
    	# partition with the proper label.  If either succeeds, be sure
    	# to wipe the scratch storage clean.  If both fail, then mount
    	# scratch storage via tmpfs.
    	if mount $mountopts "$RW_MOUNT" > /dev/null 2>&1 ; then
    		rm -rf "$RW_MOUNT" > /dev/null 2>&1
    	elif [ x$rw_mount_dev != x ] && mount $rw_mount_dev $mountopts "$RW_MOUNT" > /dev/null 2>&1; then
    		rm -rf "$RW_MOUNT"  > /dev/null 2>&1
    	else
    		mount -n -t tmpfs $RW_OPTIONS $mountopts none "$RW_MOUNT"
    	fi
    
    	for file in /etc/rwtab /etc/rwtab.d/* /dev/.initramfs/rwtab ; do
    		is_ignored_file "$file" && continue
    	[ -f $file ] && cat $file | while read type path ; do
    			case "$type" in
    				empty)
    					mount_empty $path
    					;;
    				files)
    					mount_files $path
    					;;
    				dirs)
    					mount_dirs $path
    					;;
    				*)
    					;;
    			esac
    			[ -n "$SELINUX_STATE" ] && [ -e "$path" ] && restorecon -R "$path"
    		done
    	done
    
    	# Use any state passed by initramfs
    	[ -d /dev/.initramfs/state ] && cp -a /dev/.initramfs/state/* $RW_MOUNT
    
    	# In theory there should be no more than one network interface active
    	# this early in the boot process -- the one we're booting from.
    	# Use the network address to set the hostname of the client.  This
    	# must be done even if we have local storage.
    	ipaddr=
    	if [ "$HOSTNAME" = "localhost" -o "$HOSTNAME" = "localhost.localdomain" ]; then
    		ipaddr=$(ip addr show to 0.0.0.0/0 scope global | awk '/[[:space:]]inet / { print gensub("/.*","","g",$2) }')
    		for ip in $ipaddr ; do
    			HOSTNAME=
    			eval $(ipcalc -h $ipaddr 2>/dev/null)
    			[ -n "$HOSTNAME" ] && { hostname ${HOSTNAME} ; break; }
    		done
    	fi
    	
    	# Clients with read-only root filesystems may be provided with a
    	# place where they can place minimal amounts of persistent
    	# state.  SSH keys or puppet certificates for example.
    	#
    	# Ideally we'll use puppet to manage the state directory and to
    	# create the bind mounts.  However, until that's all ready this
    	# is sufficient to build a working system.
    
    	# First try to mount persistent data from /etc/fstab, then any
    	# partition with the proper label, then fallback to NFS
    	state_mount_dev=$(blkid -t LABEL="$STATE_LABEL" -l -o device)
    	if mount $mountopts $STATE_OPTIONS "$STATE_MOUNT" > /dev/null 2>&1 ; then
    		/bin/true
    	elif [ x$state_mount_dev != x ] && mount $state_mount_dev $mountopts "$STATE_MOUNT" > /dev/null 2>&1;  then
    		/bin/true
    	elif [ ! -z "$CLIENTSTATE" ]; then
    		# No local storage was found.  Make a final attempt to find
    		# state on an NFS server.
    
    		mount -t nfs $CLIENTSTATE/$HOSTNAME $STATE_MOUNT -o rw,nolock
    	fi
    
    	if [ -w "$STATE_MOUNT" ]; then
    
    		mount_state() {
    			if [ -e "$1" ]; then
    				[ ! -e "$STATE_MOUNT$1" ] && cp -a --parents "$1" "$STATE_MOUNT"
    				mount -n --bind "$STATE_MOUNT$1" "$1"
    			fi
    		}
    
    		for file in /etc/statetab /etc/statetab.d/* ; do
    			is_ignored_file "$file" && continue
    			[ ! -f "$file" ] && continue
    
    			if [ -f "$STATE_MOUNT/$file" ] ; then
    				mount -n --bind "$STATE_MOUNT/$file" "$file"
    			fi
    
    			for path in $(grep -v "^#" "$file" 2>/dev/null); do
    				mount_state "$path"
    				[ -n "$SELINUX_STATE" ] && [ -e "$path" ] && restorecon -R "$path"
    			done
    		done
    
    		if [ -f "$STATE_MOUNT/files" ] ; then
    			for path in $(grep -v "^#" "$STATE_MOUNT/files" 2>/dev/null); do
    				mount_state "$path"
    				[ -n "$SELINUX_STATE" ] && [ -e "$path" ] && restorecon -R "$path"
    			done
    		fi
    	fi
    fi
    
    if [[ " $fsckoptions" != *" -y"* ]]; then
    	fsckoptions="-a $fsckoptions"
    fi
    
    _RUN_QUOTACHECK=0
    if strstr "$cmdline" forcequotacheck || [ -f /forcequotacheck ] ; then
    	_RUN_QUOTACHECK=1
    fi
    if [ -z "$fastboot" -a "$READONLY" != "yes" ]; then
    
            STRING=$"Checking filesystems"
    	echo $STRING
    	fsck -T -t noopts=_netdev -A $fsckoptions
    	rc=$?
    	
    	if [ "$rc" -eq "0" ]; then
    		success "$STRING"
    		echo
    	elif [ "$rc" -eq "1" ]; then
    	        passed "$STRING"
    		echo
    	elif [ "$rc" -eq "2" -o "$rc" -eq "3" ]; then
    		echo $"Unmounting file systems"
    		umount -a
    		mount -n -o remount,ro /
    		echo $"Automatic reboot in progress."
    		reboot -f
            fi
    	
            # A return of 4 or higher means there were serious problems.
    	if [ $rc -gt 1 ]; then
    		[ -n "$PLYMOUTH" ] && plymouth --hide-splash
    
    		failure "$STRING"
    		echo
    		echo
    		echo $"*** An error occurred during the file system check."
    		echo $"*** Dropping you to a shell; the system will reboot"
    		echo $"*** when you leave the shell."
    
                    str=$"(Repair filesystem)"
    		PS1="$str \# # "; export PS1
    		[ "$SELINUX_STATE" = "1" ] && disable_selinux
    		sulogin
    
    		echo $"Unmounting file systems"
    		umount -a
    		mount -n -o remount,ro /
    		echo $"Automatic reboot in progress."
    		reboot -f
    	elif [ "$rc" -eq "1" ]; then
    		_RUN_QUOTACHECK=1
    	fi
    fi
    
    remount_needed() {
      local state oldifs
      [ "$READONLY" = "yes" ] && return 1
      state=$(LC_ALL=C awk '/ \/ / && ($3 !~ /rootfs/) { print $4 }' /proc/mounts)
      oldifs=$IFS
      IFS=","
      for opt in $state ; do
    	if [ "$opt" = "rw" ]; then
    		IFS=$oldifs
    		return 1
    	fi
      done
      IFS=$oldifs
      return 0
    }
    
    # Remount the root filesystem read-write.
    update_boot_stage RCmountfs
    if remount_needed ; then
      action $"Remounting root filesystem in read-write mode: " mount -n -o remount,rw /
    fi
    
    # Clean up SELinux labels
    if [ -n "$SELINUX_STATE" ]; then
       restorecon /etc/mtab /etc/ld.so.cache /etc/blkid/blkid.tab /etc/resolv.conf >/dev/null 2>&1
    fi
    
    # If relabeling, relabel mount points.
    if [ -n "$SELINUX_STATE" -a "$READONLY" != "yes" ]; then
        if strstr "$cmdline" autorelabel || [ -f /.autorelabel ] ; then
    	restorecon $(awk '!/^#/ && $4 !~ /noauto/ && $2 ~ /^\// { print $2 }' /etc/fstab) >/dev/null 2>&1
        fi
    fi
    
    if [ "$READONLY" != "yes" ] ; then
    	# Clear mtab
    	(> /etc/mtab) &> /dev/null
    
    	# Remove stale backups
    	rm -f /etc/mtab~ /etc/mtab~~
    
    	# Enter mounted filesystems into /etc/mtab
    	mount -f /
    	mount -f /proc >/dev/null 2>&1
    	mount -f /sys >/dev/null 2>&1
    	mount -f /dev/pts >/dev/null 2>&1
    	mount -f /dev/shm >/dev/null 2>&1
    	mount -f /proc/bus/usb >/dev/null 2>&1
    fi
    
    # Mount all other filesystems (except for NFS and /proc, which is already
    # mounted). Contrary to standard usage,
    # filesystems are NOT unmounted in single user mode.
    if [ "$READONLY" != "yes" ] ; then
    	action $"Mounting local filesystems: " mount -a -t nonfs,nfs4,smbfs,ncpfs,cifs,gfs,gfs2 -O no_netdev
    else
    	action $"Mounting local filesystems: " mount -a -n -t nonfs,nfs4,smbfs,ncpfs,cifs,gfs,gfs2 -O no_netdev
    fi
    
    # Update quotas if necessary
    if [ X"$_RUN_QUOTACHECK" = X1 ] && [ -x /sbin/quotacheck ]; then
    	action $"Checking local filesystem quotas: " /sbin/quotacheck -anug
    fi
    
    if [ -x /sbin/quotaon ]; then
        action $"Enabling local filesystem quotas: " /sbin/quotaon -aug
    fi
    
    # Check to see if a full relabel is needed
    if [ -n "$SELINUX_STATE" -a "$READONLY" != "yes" ]; then
        if strstr "$cmdline" autorelabel || [ -f /.autorelabel ] ; then
    	relabel_selinux
        fi
    else
        if [ "$READONLY" != "yes" ] && [ -d /etc/selinux ]; then
            [ -f /.autorelabel ] || touch /.autorelabel
        fi
    fi
    
    # Initialize pseudo-random number generator
    if [ -f "/var/lib/random-seed" ]; then
    	cat /var/lib/random-seed > /dev/urandom
    else
    	[ "$READONLY" != "yes" ] && touch /var/lib/random-seed
    fi
    if [ "$READONLY" != "yes" ]; then
    	chmod 600 /var/lib/random-seed
    	dd if=/dev/urandom of=/var/lib/random-seed count=1 bs=512 2>/dev/null
    fi
    
    if [ -f /etc/crypttab ]; then
        init_crypto 1
    fi
    
    # Configure machine if necessary.
    if [ -f /.unconfigured ]; then
        if [ -x /usr/bin/rhgb-client ] && /usr/bin/rhgb-client --ping ; then
    	/usr/bin/rhgb-client --quit
        fi
    
        if [ -x /usr/bin/system-config-keyboard ]; then
    	/usr/bin/system-config-keyboard
        fi
        if [ -x /usr/bin/passwd ]; then
            /usr/bin/passwd root
        fi
        if [ -x /usr/sbin/system-config-network-tui ]; then
    	/usr/sbin/system-config-network-tui
        fi
        if [ -x /usr/sbin/timeconfig ]; then
    	/usr/sbin/timeconfig
        fi
        if [ -x /usr/sbin/authconfig-tui ]; then
    	/usr/sbin/authconfig-tui --nostart
        fi
        if [ -x /usr/sbin/ntsysv ]; then
    	/usr/sbin/ntsysv --level 35
        fi
    
        # Reread in network configuration data.
        if [ -f /etc/sysconfig/network ]; then
    	. /etc/sysconfig/network
    
    	# Reset the hostname.
    	action $"Resetting hostname ${HOSTNAME}: " hostname ${HOSTNAME}
        fi
    
        rm -f /.unconfigured
    fi
    
    # Clean out /.
    rm -f /fastboot /fsckoptions /forcefsck /.autofsck /forcequotacheck /halt \
    	/poweroff /.suspended &> /dev/null
    
    # Do we need (w|u)tmpx files? We don't set them up, but the sysadmin might...
    _NEED_XFILES=
    [ -f /var/run/utmpx ] || [ -f /var/log/wtmpx ] && _NEED_XFILES=1
    
    # Clean up /var.
    rm -rf /var/lock/cvs/* /var/run/screen/*
    find /var/lock /var/run ! -type d -exec rm -f {} \;
    rm -f /var/lib/rpm/__db* &> /dev/null
    rm -f /var/gdm/.gdmfifo &> /dev/null
    
    # Clean up utmp/wtmp
    > /var/run/utmp
    touch /var/log/wtmp /var/log/btmp
    chgrp utmp /var/run/utmp /var/log/wtmp /var/log/btmp
    chmod 0664 /var/run/utmp /var/log/wtmp
    chmod 0600 /var/log/btmp
    if [ -n "$_NEED_XFILES" ]; then
      > /var/run/utmpx
      touch /var/log/wtmpx
      chgrp utmp /var/run/utmpx /var/log/wtmpx
      chmod 0664 /var/run/utmpx /var/log/wtmpx
    fi
    [ -n "$SELINUX_STATE" ] && restorecon /var/run/utmp* /var/log/wtmp* >/dev/null 2>&1
    
    # Clean up various /tmp bits
    [ -n "$SELINUX_STATE" ] && restorecon /tmp
    rm -f /tmp/.X*-lock /tmp/.lock.* /tmp/.gdm_socket /tmp/.s.PGSQL.*
    rm -rf /tmp/.X*-unix /tmp/.ICE-unix /tmp/.font-unix /tmp/hsperfdata_* \
           /tmp/kde-* /tmp/ksocket-* /tmp/mc-* /tmp/mcop-* /tmp/orbit-*  \
           /tmp/scrollkeeper-*  /tmp/ssh-* \
           /dev/.in_sysinit
    
    # Make ICE directory
    mkdir -m 1777 -p /tmp/.ICE-unix >/dev/null 2>&1
    chown root:root /tmp/.ICE-unix
    [ -n "$SELINUX_STATE" ] && restorecon /tmp/.ICE-unix >/dev/null 2>&1
    
    # Start up swapping.
    update_boot_stage RCswap
    action $"Enabling /etc/fstab swaps: " swapon -a -e
    if [ "$AUTOSWAP" = "yes" ]; then
    	curswap=$(awk '/^\/dev/ { print $1 }' /proc/swaps | while read x; do get_numeric_dev dec $x ; echo -n " "; done)
    	swappartitions=$(blkid -t TYPE=swap -o device)
    	if [ x"$swappartitions" != x ]; then
    		for partition in $swappartitions ; do
    			[ ! -e $partition ] && continue
    			majmin=$(get_numeric_dev dec $partition)
    			echo $curswap | grep -qw "$majmin" || action $"Enabling local swap partitions: " swapon $partition
    		done
    	fi
    fi
    
    # Set up binfmt_misc
    /bin/mount -t binfmt_misc none /proc/sys/fs/binfmt_misc > /dev/null 2>&1
    
    # Boot time profiles. Yes, this should be somewhere else.
    if [ -x /usr/sbin/system-config-network-cmd ]; then
      if strstr "$cmdline" netprofile= ; then
        for arg in $cmdline ; do
            if [ "${arg##netprofile=}" != "${arg}" ]; then
    	    /usr/sbin/system-config-network-cmd --profile ${arg##netprofile=}
            fi
        done
      fi
    fi
    
    # Now that we have all of our basic modules loaded and the kernel going,
    # let's dump the syslog ring somewhere so we can find it later
    [ -f /var/log/dmesg ] && mv -f /var/log/dmesg /var/log/dmesg.old
    dmesg -s 131072 > /var/log/dmesg
    
    # create the crash indicator flag to warn on crashes, offer fsck with timeout
    touch /.autofsck &> /dev/null
    
    if strstr "$cmdline" confirm ; then
    	touch /var/run/confirm
    fi
    
    # Let rhgb know that we're leaving rc.sysinit
    if [ -x /usr/bin/rhgb-client ] && /usr/bin/rhgb-client --ping ; then
        /usr/bin/rhgb-client --sysinit
    fi
    
    und die /etc/init/rc.conf
    Code:
    # rc - System V runlevel compatibility
    #
    # This task runs the old sysv-rc runlevel scripts.  It
    # is usually started by the telinit compatibility wrapper.
    
    start on runlevel [0123456]
    
    stop on runlevel [!$RUNLEVEL]
    
    task
    
    export RUNLEVEL
    console output
    exec /etc/rc.d/rc $RUNLEVEL
    sowie eine /etc/init/rcS.conf:
    Code:
    # rcS - runlevel compatibility
    #
    # This task runs the old sysv-rc startup scripts.
    
    start on startup
    
    stop on runlevel
    
    task
    
    # Note: there can be no previous runlevel here, if we have one it's bad
    # information (we enter rc1 not rcS for maintenance).  Run /etc/rc.d/rc
    # without information so that it defaults to previous=N runlevel=S.
    console output
    exec /etc/rc.d/rc.sysinit
    post-stop script
    	if [ "$UPSTART_EVENTS" = "startup" ]; then
    		[ -f /etc/inittab ] && runlevel=$(/bin/awk -F ':' '$3 == "initdefault" && $1 !~ "^#" { print $2 }' /etc/inittab)
    		[ -z "$runlevel" ] && runlevel="3"
    		for t in $(cat /proc/cmdline); do
    			case $t in
    				-s|single|S|s) runlevel="S" ;;
    				[1-9])       runlevel="$t" ;;
    			esac
    		done
    		exec telinit $runlevel
    	fi
    end script
    und eine /etc/rcS-sulogin.conf:
    Code:
    # rcS-sulogin - "single-user" runlevel compatibility
    #
    # This task runs /bin/bash during "single-user" mode,
    # then continues to the default runlevel.
    
    start on runlevel S
    
    stop on runlevel [!S]
    
    console owner
    script
    	. /etc/sysconfig/init
    	plymouth --hide-splash || true
    	[ -z "$SINGLE" ] && SINGLE=/sbin/sushell
    	exec $SINGLE
    end script
    post-stop script
    	if [ "$RUNLEVEL" = "S" ]; then
    		[ -f /etc/inittab ] && runlevel=$(/bin/awk -F ':' '$3 == "initdefault" && $1 !~ "^#" { print $2 }' /etc/inittab)
    		[ -z "$runlevel" ] && runlevel="3"
    		exec telinit $runlevel
    	fi
    end script
    Das sieht ja ganz interessant aus.
    Vielleicht reicht es in der letzten /sbin/sushell durch /sbin/sulogin zu ersetzten.
    Werde das mal testen.

    MfG
     
  10. #8 Gast123, 06.02.2011
    Gast123

    Gast123 Guest

    Update:
    Das Ändern der Shells hat keine Wirkung gezeigt.
    Ich bin momentan recht ratlos, in welcher Datei der Single-user Modus geregelt wird.

    MfG
     
Thema:

Fedora 14 - Passwordabfrage in Runlevel S

Die Seite wird geladen...

Fedora 14 - Passwordabfrage in Runlevel S - Ähnliche Themen

  1. Fedora 24 verspätet sich um weitere Woche

    Fedora 24 verspätet sich um weitere Woche: Die Freigabe der Version 24 der Linux-Distribution Fedora verzögert sich um mindestens eine weitere Woche. Damit wird die kommende Version...
  2. Phase 1 auf dem Weg zu Fedora Workstation abgeschlossen

    Phase 1 auf dem Weg zu Fedora Workstation abgeschlossen: Christian Schaller erläutert in seinem Blog die Ziele, die die Initiative Fedora-Next für die Workstation-Variante der Distribution gesetzt hatte...
  3. Fedora veröffentlicht eine Alpha-Version zu Fedora 24

    Fedora veröffentlicht eine Alpha-Version zu Fedora 24: Mit drei Wochen Verspätung zum ursprünglich geplanten Termin veröffentlicht das Team von Fedora eine Alpha-Version zu dem für Juni geplanten...
  4. Fedora möchte die Distribution weiter modularisieren

    Fedora möchte die Distribution weiter modularisieren: Die von Red Hat gesponsorte Distribution Fedora möchte ihre Infrastruktur modularer gestalten. Dazu hat sich eine Arbeitsgruppe gebildet....
  5. Fedora 24: Wayland nicht als Standard

    Fedora 24: Wayland nicht als Standard: Entgegen der ursprünglichen Planung wird Fedora 24 weiterhin auf X11 aufsetzen und nicht Wayland als Standard nutzen. Als Grund nennen die...