Summary: SUn L1-A and b -s

From: Sue Chichester (
Date: Mon Feb 04 1991 - 19:57:00 CST

First, I want to mention that this was the first time I had written to
sun-managers. I've only had my Suns for about a week. I want to thank all
the people who responded to my question. It was a real relief to get an
answer on a Friday afternoon within an hour of sending out my question. I'm
really appreciative.
To summarize:
My question:
> I just got a public lab full of SUNs. My paranoia is beginning. What's to
> stop the students from L1-Aing the suns and booting standalone and changing
> all the files? Isn't it true when you boot standalone you are root?
1) Most people told me to edit /etc/ttytab and take the word secure off the
line about the console. This is what I've done for now.
edit /etc/ttytab
console "/usr/etc/getty std.9600" sun on local secure
and remove the word "secure"
   It will 1) not allow root login, you have to su from your account.
            2) ask for root password when booted up single user.
2) Another suggestion I received that would probably work for me since my
Suns are new is the following:
If you have newer Suns, you can change the EEPROM security level
    ok setenv security-password your-password
    ok setenv security-mode {none | command | full}
           none: no security
           command: password is required if "b" command is followed
                    by any argument , such as "-s"
           full: password required for "b" command.
                    password required to get from ">" prompt to "ok"
    See "Open Boot PROM Toolkit User's Guide" pp 55-57 for more information
(caution: you better remember the password, you might have to replace
          your EEPROM if you forget)
Both of these were thanks to William Ang and many others.
3) Others mentioned to me Kerberos from MIT
4) Another idea was to put login root at the end of /.profile
Thanks again.
Sue Chichester

This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:06:10 CDT