This article needs additional citations for verification .(November 2010) |
Single-user mode is a mode in which a multiuser computer operating system boots into a single superuser. It is mainly used for maintenance of multi-user environments such as network servers. Some tasks may require exclusive access to shared resources, for example running fsck
on a network share. This mode can also be used for security purposes – network services are not run, eliminating the possibility of outside interference. On some systems a lost superuser password can be changed by switching to single-user mode, but not asking for the password in such circumstances is viewed as a security vulnerability.
Unix-like operating systems provide single-user mode functionality either through the System V-style runlevels, BSD-style boot-loader options, or other boot-time options.
The run-level is usually changed using the init
command, runlevel 1 or S will boot into single-user mode.
Boot-loader options can be changed during startup before the execution of the kernel. In FreeBSD and DragonFly BSD it can be changed before rebooting the system with the command nextboot -o "-s" -k kernel
, and its bootloader offers the option on bootup to start in single-user mode. In Solaris the command reboot -- -s
will cause a reboot into single-user mode.
macOS users can accomplish this by holding down ⌘ S after powering the system. The user may be required to enter a password set in the firmware. In OS X El Capitan and later releases of macOS, the mode can be reversed to single-user mode with the command sudo launchctl reboot userspace -s
in Terminal, and the system can be fully rebooted in single-user mode with the command sudo launchctl reboot system -s
. Single-user mode is different from a safe mode boot in that the system goes directly to the console instead of starting up the core elements of macOS (items in /System/Library/
, ignoring /Library/
, ~/Library/
, et al.). From there users are encouraged by a prompt to run fsck or other command line utilities as needed (or installed).
Microsoft Windows provides Recovery Console, Last Known Good Configuration, Safe Mode and recently Windows Recovery Environment as standard recovery means. Also, bootable BartPE-based third-party recovery discs are available.
Recovery Console and recovery discs are different from single-user modes in other operating systems because they are independent of the maintained operating system. This works more like chrooting into other environment with other kernel in Linux.
The system utility fsck
is a tool for checking the consistency of a file system in Unix and Unix-like operating systems, such as Linux, macOS, and FreeBSD. A similar command, CHKDSK, exists in Microsoft Windows and its predecessor, MS-DOS.
A kernel panic is a safety measure taken by an operating system's kernel upon detecting an internal fatal error in which either it is unable to safely recover or continuing to run the system would have a higher risk of major data loss. The term is largely specific to Unix and Unix-like systems. The equivalent on Microsoft Windows operating systems is a stop error, often called a "blue screen of death".
Unix security refers to the means of securing a Unix or Unix-like operating system. A secure environment is achieved not only by the design concepts of these operating systems, but also through vigilant user and administrative practices.
In computing, the superuser is a special user account used for system administration. Depending on the operating system (OS), the actual name of this account might be root, administrator, admin or supervisor. In some cases, the actual name of the account is not the determining factor; on Unix-like systems, for example, the user with a user identifier (UID) of zero is the superuser, regardless of the name of that account; and in systems which implement a role based security model, any user with the role of superuser can carry out all actions of the superuser account. The principle of least privilege recommends that most users and applications run under an ordinary account to perform their work, as a superuser account is capable of making unrestricted, potentially adverse, system-wide changes.
A live CD is a complete bootable computer installation including operating system which runs directly from a CD-ROM or similar storage device into a computer's memory, rather than loading from a hard disk drive. A live CD allows users to run an operating system for any purpose without installing it or making any changes to the computer's configuration. Live CDs can run on a computer without secondary storage, such as a hard disk drive, or with a corrupted hard disk drive or file system, allowing data recovery.
In computing, a loadable kernel module (LKM) is an object file that contains code to extend the running kernel, or so-called base kernel, of an operating system. LKMs are typically used to add support for new hardware and/or filesystems, or for adding system calls. When the functionality provided by an LKM is no longer required, it can be unloaded in order to free memory and other resources.
The Unix command su, which stands for 'substitute user', is used by a computer user to execute commands with the privileges of another user account. When executed it invokes a shell without changing the current working directory or the user environment.
XNU is the computer operating system (OS) kernel developed at Apple Inc. since December 1996 for use in the Mac OS X operating system and released as free and open-source software as part of the Darwin OS, which in addition to macOS is also the basis for the Apple TV Software, iOS, iPadOS, watchOS, and tvOS OSes. XNU is an abbreviation of X is Not Unix.
sudo is a program for Unix-like computer operating systems that enables users to run programs with the security privileges of another user, by default the superuser. It originally stood for "superuser do", as that was all it did, and it is its most common usage; however, the official Sudo project page lists it as "su 'do' ". The current Linux manual pages for su define it as "substitute user", making the correct meaning of sudo "substitute user, do", because sudo can run a command as other users as well.
A runlevel is a mode of operation in the computer operating systems that implements Unix System V-style initialization. Conventionally, seven runlevels exist, numbered from zero to six. S is sometimes used as a synonym for one of the levels. Only one runlevel is executed on startup; run levels are not executed one after another.
rm
is a basic command on Unix and Unix-like operating systems used to remove objects such as computer files, directories and symbolic links from file systems and also special files such as device nodes, pipes and sockets, similar to the del
command in MS-DOS, OS/2, and Microsoft Windows. The command is also available in the EFI shell.
In Unix-based computer operating systems, init is the first process started during booting of the operating system. Init is a daemon process that continues running until the system is shut down. It is the direct or indirect ancestor of all other processes and automatically adopts all orphaned processes. Init is started by the kernel during the booting process; a kernel panic will occur if the kernel is unable to start it. Init is typically assigned process identifier 1.
In computing, privilege is defined as the delegation of authority to perform security-relevant functions on a computer system. A privilege allows a user to perform an action with security consequences. Examples of various privileges include the ability to create a new user, install software, or change kernel functions.
launchd is an init and operating system service management daemon created by Apple Inc. as part of macOS to replace its BSD-style init and SystemStarter. There have been efforts to port launchd to FreeBSD and derived systems.
Safe mode is a diagnostic mode of a computer operating system (OS). It can also refer to a mode of operation by application software. Safe mode is intended to help fix most, if not all, problems within an operating system. It is also widely used for removing rogue security software.
chsh is a command on Unix-like operating systems that is used to change a login shell. Users can either supply the pathname of the shell that they wish to change to on the command line, or supply no arguments, in which case chsh allows the user to change the shell interactively.
A number of computer operating systems employ security features to help prevent malicious software from gaining sufficient privileges to compromise the computer system. Operating systems lacking such features, such as DOS, Windows implementations prior to Windows NT, CP/M-80, and all Mac operating systems prior to Mac OS X, had only one category of user who was allowed to do anything. With separate execution contexts it is possible for multiple users to store private files, for multiple users to use a computer at the same time, to protect the system against malicious users, and to protect the system against malicious programs. The first multi-user secure system was Multics, which began development in the 1960s; it wasn't until UNIX, BSD, Linux, and NT in the late 80s and early 90s that multi-tasking security contexts were brought to x86 consumer machines.
chattr is the command in Linux that allows a user to set certain attributes of a file. lsattr is the command that displays the attributes of a file.
To shut down or power off a computer is to remove power from a computer's main components in a controlled way. After a computer is shut down, main components such as CPUs, RAM modules and hard disk drives are powered down, although some internal components, such as an internal clock, may retain power.
ptrace is a system call found in Unix and several Unix-like operating systems. By using ptrace one process can control another, enabling the controller to inspect and manipulate the internal state of its target. ptrace is used by debuggers and other code-analysis tools, mostly as aids to software development.