Allowing access to single user mode in Linux is a major security risk. Setting it to require the root password before booting into single user mode is a good idea. Here we will explain two methods to password protect single user mode.
How to require password for single user mode in CentOS 5 / RedHat 5
Insert the following line to /etc/inittab file above the line containing initdefault.
su:S:wait:/sbin/sulogin
NOTE: it must be above the link with initdefault in order to work. Example:
# Password requires for single user mode.
su:S:wait:/sbin/sulogin
# Default runlevel. The runlevels used by RHS are:
# 0 - halt (Do NOT set initdefault to this)
# 1 - Single user mode
# 2 - Multiuser, without NFS (The same as 3, if you do not have networking)
# 3 - Full multiuser mode
# 4 - unused
# 5 - X11
# 6 - reboot (Do NOT set initdefault to this)
#
id:3:initdefault:
How to require password for single user mode in CentOS 6 / RedHat 6
Edit the file /etc/sysconfig/init and change the following line:
SINGLE=/sbin/sushell
to
SINGLE=/sbin/sulogin
You can also use sed to change the file like so:
sed -i ‘s/SINGLE=/sbin/sushell/SINGLE=/sbin/sulogin/’ /etc/sysconfig/init