home | O'Reilly's CD bookshelfs | FreeBSD | Linux | Cisco | Cisco Exam  


Practical UNIX & Internet Security

Practical UNIX & Internet SecuritySearch this book
Previous: C.4 The kill Command Appendix C
UNIX Processes
Next: D. Paper Sources
 

C.5 Starting Up UNIX and Logging In

Most modern computers are equipped with a certain amount of read-only memory ( ROM ) that contains the first program that a computer runs when it is turned on. Typically, this ROM will perform a small number of system diagnostic tests to ensure that the system is operating properly, after which it will load another program from a disk drive or from the network. This process is called bootstrapping .

Although every UNIX system bootstraps in a slightly different fashion, usually the ROM monitor loads a small program called boot that is kept at a known location on the hard disk (or on the network.) The boot program then loads the UNIX kernel into the computer and starts running it.

After the kernel initializes itself and determines the machine's configuration, it creates a process with a PID of 1 which runs the /etc/init program.

C.5.1 Process #1: /etc/init

The program /etc/init finishes the task of starting up the computer system and lets users log in.

Some UNIX systems can be booted in a single-user mode. If UNIX is booted in single-user mode, the init program forks and runs the standard UNIX shell, /bin/sh, on the system console. This shell, run as superuser, gives the person sitting at the console total access to the system. It also allows nobody else access to the system; no network daemons are started unless root chooses to start them.

Some systems can be set up to require a password to boot in single-user mode, while others cannot. Many workstations - including those made by Sun Microsystems - allow you to set a special user password using the boot monitor in ROM . Single-user mode is designed to allow the resurrection of a computer with a partially corrupted filesystem; if the /etc/passwd file is deleted, the only way to rebuild it would be to bring the computer up in single-user mode. Unfortunately, single-user mode is also a security hole, because it allows unprivileged people to execute privileged commands simply by typing them on the system console; computers that can be brought up in single-user mode should have their consoles in a place that is physically secure. On many Berkeley-derived systems, changing the line in the /etc/ttytab file for the console so that it is not marked as "secure" will force the user to provide a password when booting in single-user mode.

Some UNIX systems can also be booted in a maintenance mode . Maintenance mode is similar to single-user mode, except that the root password must first be typed on the system console.

NOTE: Do not depend on the maintenance mode to prevent people from booting your computers in single-user mode. Most computers can be booted from CDROMS or floppy disks, allowing anyone with even the most modest technical knowledge to gain superuser privileges if they have physical access to the system.

In normal operation, /etc/init then executes the shell script /etc/rc. Depending on which version of UNIX you are using, /etc/rc may execute a variety of other shell scripts whose names all begin with /etc/rc (common varieties include /etc/rc.network and /etc/rc.local ) or which are located in the directory /etc/init.d or /etc/rc?.d. System V systems additionally use the file /etc/inittab to control what is done at various run levels. The /etc/rc script(s) set up the UNIX as a multi-user system, performing a variety of features, including:

  • Removing temporary files from the /tmp and/or /usr/tmp directories

  • Removing any lock files

  • Checking filesystem consistency and mounting additional filesystems

  • Turning on accounting and quota checking

  • Setting up the network

When /etc/rc finishes executing, & sol;etc/init forks a new process for every enabled terminal on the system. On older systems, this program is called /etc/getty. On newer systems, including SVR4 , it is called /usr/lib/saf/ttymon.

C.5.2 Logging In

The getty or ttymon program is responsible for configuring the user terminal and displaying the initial prompt. A copy of the program is run for each port that is monitored. Whenever the process dies, init starts another one to take its place. If the init process dies, UNIX halts or reboots (depending on the version of UNIX installed).

The getty or ttymon program displays the word login : (or a similar prompt) on its assigned terminal and waits for a username to be typed. When it gets a username, getty/ttymon exec' s the program /bin/login , which asks for a password and validates it against the password stored in /etc/passwd. If the password does not match, the login program asks for a new username and password combination.

Some versions of UNIX can be set up to require an additional password if you're trying to log into the computer over a modem. See the reference page for your login program for details.

If you do not log in within a short period of time (usually 60 seconds), or if you make too many incorrect attempts, login exits and init starts up a new getty/ttymon program on the terminal. On some systems equipped with modems, this causes the telephone to hang up. Again, this strategy is designed to deter an unauthorized user from breaking into a UNIX computer by making the task more difficult: after trying a few passwords, a cracker attempting to break into a UNIX machine is forced to redial the telephone.

If the username and password match, the login program performs some accounting and initialization tasks, then changes its real and effective UIDS to be those of the username that has been supplied. login then exec's your shell program, usually /bin/csh or /bin/ksh. The process number of that shell is the same as the original getty. /etc/init receives a SIGCHLD signal when this process dies; /etc/init then starts a new getty or ttymon .

On Berkeley-derived systems, the file /etc/ttys or /etc/ttytab contains a line for each terminal that is to have a getty/ttymon process enabled. It also contains information on terminal type, if known, and an indication if the line is "secure." The root user cannot log into a terminal that is not secure; to become the superuser on one of these lines, you must first log in as yourself, then use the su command. Unless your terminal lines are all in protected areas, turning off "secure" on all lines is a good precaution.

C.5.3 Running the User's Shell

After you log in, UNIX will start up your shell. The shell will then read a series of start-up commands from a variety of different files, depending on which shell you are using and which flavor of UNIX you are running.

If your shell is /bin/sh (the Bourne shell) or /bin/ksh (the Korn shell), UNIX will execute all of the commands stored in a special file called .profile in your home directory. (On some systems, /bin/sh and /bin/ksh will also execute the commands stored in the /etc/profile or /usr/lib/profile file.)

If your shell is /bin/csh (the C shell), UNIX will execute all of the commands stored in the .cshrc file in your home directory. The C shell will then execute all of the commands stored in the .login file in your home directory. When you log out, the commands in the file .logout will be executed.

Because these files are automatically run for you when you log in, they can present a security problem: if an intruder were to modify the files, the end result would be the same as if the intruder were typing commands at your keyboard every time you logged in! Thus, these files should be protected so that an intruder cannot write to the files or replace them with other files. Chapter 5, The UNIX Filesystem , explains how to protect your files.