# No password in Single user mode?



## CalBear96 (Oct 21, 2010)

Hi,
Forgive me for the newbie question, but as I was reading several FreeBSD guides (Absolute FreeBSD, The Complete FreeBSD, and handbook) I noticed that a user can change the root password if they enter into single user mode upon starting the computer, without ever needing to type in the old password.  This seems like a large security gap if a random person happens upon my laptop and wants to snoop.  Is there a way to prevent this, or am I misreading?  I do not have FreeBSD installed yet, as my computer I will be installing it on has yet to be built (back ordered.) I am trying to learn as much as possible before getting it so that the installation and use go smoothly.  Thanks for your help.

Dave


----------



## UNIXgod (Oct 21, 2010)

Hi Dave

You are correct. If someone is in possession of the machine they would be able to get root. This works for all unixes not just bsd.


----------



## fronclynne (Oct 21, 2010)

Yes, the general assumption being that if you have physical access you can pretty much always get in.

To make it prompt for a password in single user mode in the line from /etc/ttys

```
console  none          unknown off secure
```
change the "secure" to "insecure".

Note that this doesn't stop someone booting your machine with a USB stick or CD (or just putting in another hard drive) and changing your root password externally.  So it's still not really secure.

For the ultimate, fill the case with concrete and bury it with Jimmy Hoffa.


----------



## CalBear96 (Oct 22, 2010)

Thankfully, I know where Hoffa is buried, so I'll be good!  Plus, I am not usually around people that would know how to either enter single user mode (or know that that is an option) or boot from a CD/USB.  I have just recently started to teach myself about computers and *nix, so I really do appreciate the quick and patient answers of this forum.  Hopefully that does not violate the thanking policy.  

Cheers!


----------



## bes (Oct 22, 2010)

> For the ultimate, fill the case with concrete and bury it with Jimmy Hoffa.


Yet there are alternative technologies. Full Disk Encryption prevents unauthorized access, and geli cryptographic subsystems in FreeBSD are able to protect the data.


----------

