How to force login password prompt in single user mode

Last updated on August 11, 2020 by Dan Nanni

Linux provides so-called "single user mode" or "rescue mode" in which a multi-user Linux system boots into a single user environment with superuser privilege. The single user mode is useful when you need exclusive access to shared system resources, e.g., when conducting maintenance or security audit of root file system, and updating critical system settings such as resetting root passwords.

If you are using GRUB bootloader, you can boot into single user mode by interrupting the bootloader and dropping in additional special parameter (e.g., single). The single user mode will be booting Linux under runlevel 1, in which you will directly get a bash command prompt without entering root password.

If you would like to force a login password prompt even in single user mode, you can add the following to /etc/inittab.

~~:S:wait:/sbin/sulogin

In this setup, you will be prompted to enter root password when entering single user mode. Without entering a correct root password, you will not get a bash command prompt.

Note that the above setup is still not a proper protection mechanism against unauthorized users gaining access to the root file system of your Linux system. Unauthorized user could still boot into a live CD, mount the root file system from the live CD, and then modify /etc/inittab. To prevent this kind of attack, you may want to consider full disk encryption.

Support Xmodulo

This website is made possible by minimal ads and your gracious donation via PayPal or credit card

Please note that this article is published by Xmodulo.com under a Creative Commons Attribution-ShareAlike 3.0 Unported License. If you would like to use the whole or any part of this article, you need to cite this web page at Xmodulo.com as the original source.