FWIW it is true that init=/bin/bash will bypass requiring a password for single user mode. However, in our configuration standards, we still require a password for single user mode. 2011/7/29 Marek Andreánsky <[log in to unmask]> > Why is securing /etc/inittab helping? I've read that by > adding init=/bin/bash to grub you can get into the machine and change the > shadow file anyway, which gives you root. I'd say that Red Hat presumes that > the server is in a secure location and it is therefore highly improbable > that anyone could just simply sit down to it and reboot it without anyone > ever noticing. > > Does it actually bring any substantial benefit to add this security > feature, when an attacker can always gain root access if your physical > location is compromised ? > > Best regards, > Marek Andreansky > >> SL_password_for_singleuser >> >> Changes /etc/inittab to require the root password for single user mode. >> This package used to be called SL_inittab_change >> >> Who Needs This >> In my opinion everyone, and we're quite surprised that Enterprise Linux >> isn't this way. If you are concerned about someone getting root access to >> your computer by just sitting down to it, then this is something you will >> want to install. >> >