Linux provides so-called "single user mode" or "rescue mode" in which a multi-user Linux system boots into a single user environment with superuser privilege. The single user mode is useful when you need exclusive access to shared system resources, e.g., when conducting maintenance or security audit of root file system, and updating critical system settings such as resetting root passwords.
If you are using GRUB bootloader, you can boot into single user mode by interrupting the bootloader and dropping in additional special parameter (e.g., "single"). The single user mode will be booting Linux under runlevel 1, in which you will directly get a bash command prompt without entering root password.
If you would like to force a login password prompt even in single user mode, you can add the following to /etc/inittab.
In this setup, you will be prompted to enter root password when entering single user mode. Without entering a correct root password, you will not get a bash command prompt.
Note that the above setup is still not a proper protection mechanism against unauthorized users gaining access to the root file system of your Linux system. Unauthorized user could still boot into a live CD, mount the root file system from the live CD, and then modify /etc/inittab. To prevent this kind of attack, you may want to consider full disk encryption.
Subscribe to Xmodulo
Do you want to receive Linux FAQs, detailed tutorials and tips published at Xmodulo? Enter your email address below, and we will deliver our Linux posts straight to your email box, for free. Delivery powered by Google Feedburner.
Did you find this tutorial helpful? Then please be generous and support Xmodulo!