Recipe 12.21. Password-Protecting LILO

12.21.1 Problem

You don't want your users messing around with your carefully crafted bootloader configuration. You also want to prevent them from exploiting LILO's ability to allow root access without a password, which can easily be done by entering:

linux single

or:

linux init=/bin/sh

at the LILO prompt.

12.21.2 Solution

First, restrict lilo.conf to root only:

# chmod 600 lilo.conf

Then password-protect LILO. In the global section of lilo.conf, make these entries:

password=""

restricted

Re-run LILO to write the changes:

# /sbin/lilo

It will ask you to enter a password. Give it your root password. It will then create a /etc/lilo.conf.shs file, containing a password hash accessible only to root.

Now when the system reboots, anyone trying to enter linux single or linux init=/bin/sh at the LILO prompt will be asked for the password.

12.21.3 Discussion

For additional boot-time security, disable all external boot devices in the system BIOS, and use a BIOS password. This is not perfect—after all, as we showed in Recipe 12.14 and Section 12.15, "Anyone with physical access to a box owns it." But it's good enough to keep ordinary users from mucking up the works.

12.21.4 See Also

• lilo(8), lilo.conf(5)

• /usr/doc/lilo, or /usr/share/doc/lilo