Enable Authentication for Single-User Mode

# RHEL 5
# ------------------------------------------------------------------------------------------

# To force users to enter password in Single User mode, add following line to /etc/inittab:

~:S:respawn:/sbin/sulogin

# The changes to this file takes effect after a system reboot

# To make init re-read the /etc/inittab without rebooting the system, type the command

/sbin/init q



# RHEL 6
# ------------------------------------------------------------------------------------------

# Edit /etc/inittab and add "su:S:wait:/sbin/sulogin" before 'initdefault' line:

vi /etc/inittab
   [...]
   su:S:wait:/sbin/sulogin
   id:3:initdefault:

# Edit /etc/sysconfig/init and replace "SINGLE=/sbin/sushell"  with "SINGLE=/sbin/sulogin":

vi /etc/sysconfig/init
   [...]
   # Set to '/sbin/sulogin' to prompt for password on single-user mode
   # Set to '/sbin/sushell' otherwise
   SINGLE=/sbin/sulogin



# RHEL 7
# ------------------------------------------------------------------------------------------

# By default, Single User mode is password protected by the root password on RHEL 7:

cat /usr/lib/systemd/system/rescue.service
   [...]

   [Service]
   Environment=HOME=/root
   WorkingDirectory=/root
   ExecStartPre=-/bin/plymouth quit
   ExecStartPre=-/bin/echo -e 'Welcome to emergency mode! After logging in, type [...]
   ExecStart=-/bin/sh -c "/usr/sbin/sulogin; /usr/bin/systemctl --fail --no-block default" <---
   Type=idle
   StandardInput=tty-force
   StandardOutput=inherit
   StandardError=inherit
   KillMode=process
   IgnoreSIGPIPE=no
   SendSIGHUP=yes