No password when passing single as kernel option in grub

[infirit]

When adding "single" to the kernel options i'm getting a single user, i think root, sh shell? No root password was asked ? I could browse all my mount points in fstab that where aoutomounted.

Is this a bug? or am i missing something?

Thanks
Sander

[edit]I'm not having problems with grub but i get to the point where rc starts.[/edit]
_________________
EASY TO INSTALL = Difficult to install, but instruction manual has pictures.
Join the adopt an unanswered post initiative today

[moocha]

No, this is a feature, not a bug. Works as designed. As the grub documentation points out, you should use the password command in grub.conf (always use the MD5 hashes - password --md5). Grub will normally only ask for a password when you want to pass additional command line parameters to the kernel.
_________________
Military Commissions Act of 2006: http://tinyurl.com/jrcto

"Those who would give up essential liberty to purchase a little temporary safety deserve neither liberty nor safety."
-- attributed to Benjamin Franklin

[infirit]

Sorry i was not clear enough in my first post

Im not having problems with grub, i don not want a grub password. I give the following option to the kernel: kernel (hd1,0)/vmlinuz-2.6.5-spa1 root=/dev/hda5 gentoo=nodevfs vga=791 ide=reverse single

When the kernel part of the boot is finished i get an shell where i would first expect to give my root password and then giving me the shell.
_________________
EASY TO INSTALL = Difficult to install, but instruction manual has pictures.
Join the adopt an unanswered post initiative today

[moocha]

Yes, that's perfectly clear. And it's also perfectly reasonable that you wouldn't get prompted for the root password.
Some distributions use the sulogin command to prompt you for the root password in this case instead of just running the shell. But without a password protected bootloader that's not secure at all. All it does is annoy you with a password prompt. If someone is able to get physical access to the console (and they need it, otherwise they couldn't use single user mode) they can always use the init kernel parameter, which tells the kernel where to find the init program (put init=/bin/bash instead of single on the kernel command line to demonstrate that). So you'd get a root shell again (just that no init script is run, since "init" (the process with PID 1) is now /bin/bash instead of /sbin/init, and /bin/bash doesn't know anything about /etc/inittab, which is where the init scripts are launched). Only that you can't prevent anyone from getting this type of root shell (except by modifying the kernel source and recompiling the kernel). This is the way init works.
To summarize: Yes, single will get you a passwordless root shell on the local machine. No, there's absolutely no point in insisting on having a password-protected login in this scenario, because all it does is lull you into a false sense of security. Yes, you want a grub password. Again, you will almost never be prompted for the grub password. Grub only asks for it when you want to modify the kernel command line, or access the grub console. For normal boots you won't get prompted for it.
_________________
Military Commissions Act of 2006: http://tinyurl.com/jrcto

"Those who would give up essential liberty to purchase a little temporary safety deserve neither liberty nor safety."
-- attributed to Benjamin Franklin

[infirit]

Thanks for the explanation
_________________
EASY TO INSTALL = Difficult to install, but instruction manual has pictures.
Join the adopt an unanswered post initiative today

[moocha]

Most welcome
_________________
Military Commissions Act of 2006: http://tinyurl.com/jrcto

"Those who would give up essential liberty to purchase a little temporary safety deserve neither liberty nor safety."
-- attributed to Benjamin Franklin