Hey, just got my linux system up at school not too long ago and didn't secure it being as it took forever to install redhat on it (redhat 9 on a pentium 133 12x cdrom)

The question is: I setup a "guest" account for some people in class who want to do some programming stuff on it. it was just a normal user account that didn't belong to anything. The next day I find that some of the settings are changed. I fixed them, but when rebooting to apply the changes... It switches to INIT 6 and the bash prompt appears! I type whoami and it shows ROOT!! The system does not reboot! (It also appears that it switches to single user mode if I remember right0

How did this happen!? And how can I prevent from this happening again!!!
Any links to a HOWTO on how to do what they did (so I can learn from it >_<) would be appericated.

Thanks

Try looking at your /etc/inittab file. It's likely some wise-arse thought it would be funny to change your default runlevel to 6, thinking that it would be amusing to watch you struggle helplessly as your machine reboots over and over. Fortunately for you, that person also doesn't know how to read the man pages or they would realize that if init detects that it has rebooted 10 times in 2 minutes, then it will stop rebooting and give an error (man init if you want specifics).

So check /etc/inittab and look to see if the line:
id:3:initdefault:

has been editted to:
id:6:initdefault:

All those shenanigans aside, whoever changed that setting had to be root. So you need to be aware that more changes may have been made including new users with a UID of 0, rootkits installed, etc. There are plenty of threads, including the one at the top of the forum on doing forensic analysis of compromised machine.

As far as keeping it from happening again, tell the people in class to get their own machines from now on (see how funny they think that is). If that's not an option, you might want to look at chrooting users into their home directories.