On RHEL 6.2-based systems (like Scientific Linux 6.2): edit /etc/sysconfig/init
# Set to '/sbin/sulogin' to prompt for password on single-user mode # Set to '/sbin/sushell' otherwise
Then if you add an 's' to the grub entry when the server boots it will ask you for a password , or hit ctrl-d. Ctrl-d makes the server enter normal boot (telinit *).
Should all linux machines be installed this way? To me this sounds like a definite deal, especially if you have the console physically or remotely accessible.