I have some questions about the the 'password' and 'restricted' keywords in yaboot.
Essentially, I want to have a normal unattended boot, but also want to prompt for a password if someone enters "linux single" on the yaboot prompt.
This is possible using 'password' and 'restricted'. The 'restricted' keyword causes it to only prompt if a boot parameter is set. Unfortunately, nowadays, lots of things are added by default to the 'append' line on both SLES and RHEL.
A SLES11 Example
# header section
partition = 3
timeout = 80
default = SLES11_SP1
# image section
image = /boot/vmlinux-184.108.40.206-0.7-ppc64
label = SLES11_SP1
root = /dev/disk/by-id/scsi-SAIX_VDASD_00c0002900004c0000000137756a5e7b.4-part3
append = "quiet sysrq=1 insmod=sym53c8xx insmod=ipr crashkernel=512M-:256M"
initrd = /boot/initrd-220.127.116.11-0.7-ppc64
So the above default config for SLES always prompts.
So the question is, is there a way to configure this so it works as desired?
Are those boot parameters that SLES appends on there critical?
I know 'crashkernel' and 'sysrq' are needed for KDUMP, which can be turned off.
'quiet' certainly isn't critical.
The 2 drivers, though, ipr and sym53c8xx: Are those really necessary to be added on the boot line like that? Those are SCSI controller drivers, I believe, so either they're really important, or not really.
My test machine still boots if I remove the append line (and works as desired with respect to the password behavior), but I'm using vSCSI drives via VIOS on this machine. My production machine isn't using a VIOS and the OS owns the HW, so it might be a different story there. I want to do the correct thing.
Can I lose the 'append' line and still boot ok? Or, if those drivers are needed, is it possible to bake them into the initrd instead?
This topic has been locked.
5 replies Latest Post - 2012-07-31T01:05:36Z by t_breeds
Pinned topic yaboot, passwords, bootline questions
Answered question This question has been answered.
Unanswered question This question has not been answered yet.
Updated on 2012-07-31T01:05:36Z at 2012-07-31T01:05:36Z by t_breeds
ThinkOpenly 1000000S0Q27 PostsACCEPTED ANSWER
Re: yaboot, passwords, bootline questions2012-07-27T16:31:31Z in response to JayFurmanekIs GRUB2 an option, instead of yaboot?GRUB2 allows one to define a set of users, including "superusers", each with their own password. In addition, certain boot menu entries can be restricted to superusers only. The example on that page, (section 22, "Authentication and authorisation") shows a grub.cfg file with several stanzas for menu entries, including one for a normal boot and one for a superusers-only "linux single" boot.Updated on 2012-07-27T16:31:31Z at 2012-07-27T16:31:31Z by ThinkOpenly
JayFurmanek 060001WJQ259 Posts
ThinkOpenly 1000000S0Q27 PostsACCEPTED ANSWER
Re: yaboot, passwords, bootline questions2012-07-27T17:02:01Z in response to JayFurmanekThe bootloader should be independent of the OS, so it should work. Supported? Doubtful. (However, I doubt that building a new initrd is supported, either.)It's also possible that future updates to the system could attempt to overwrite the bootloader, so "independent" should be considered a relative term here. The existing bootloader should be disabled if going this route. (SLES still uses those "lilo" scripts, I think. I don't know how sensitive SLES would be to the removal of "lilo".)
Brian_King 120000K4SY14 PostsACCEPTED ANSWER
Re: yaboot, passwords, bootline questions2012-07-27T21:50:22Z in response to JayFurmanekI don't think those insmod lines are necessary. The sym53c8xx driver is certainly not needed, since its not used on any currently shipping Power system. The ipr driver is most likely being used as the boot device if you are booting from internal SAS storage, but I'm pretty sure the mkinitrd script should do the right thing and load the driver without needing this.
t_breeds 0600016Y6W1 PostACCEPTED ANSWER
Re: yaboot, passwords, bootline questions2012-07-31T01:05:36Z in response to JayFurmanek
I have some questions about the the 'password' and 'restricted' keywords in yaboot. Essentially, I want to have a normal unattended boot, but also want to prompt for a password if someone enters "linux single" on the yaboot prompt. This is possible using 'password' and 'restricted'. The 'restricted' keyword causes it to only prompt if a boot parameter is set. Unfortunately, nowadays, lots of things are added by default to the 'append' line on both SLES and RHEL.Currently with yaboot there is no way to get the desired behaviour. I'll correct that. so that restricted ignores append="", and only triggers if someone adds additional args to the kernel command line.That doesn't really help you right now.You /might/ be able to build a zImage which combines the kernel+initrd and has a built in command line. I think the is a mkvmlinuz script in SLES somewhere.