Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
sulogin-shell: Use force if SYSTEMD_SULOGIN_FORCE set
When the root account is locked sulogin will either inform you of this and not allow you in or if --force is used it will hand you passwordless root (if using a recent enough version of util-linux). Not being allowed a shell is ofcourse inconvenient, but at the same time handing out passwordless root unconditionally is probably not a good idea everywhere. This patch thus allows to control which behaviour you want by setting the SYSTEMD_SULOGIN_FORCE environment variable to true or false to control the behaviour, eg. via adding this to 'systemctl edit rescue.service' (or emergency.service): [Service] Environment=SYSTEMD_SULOGIN_FORCE=1 Distributions who used locked root accounts and want the passwordless behaviour could thus simply drop in the override file in /etc/systemd/system/rescue.service.d/override.conf Fixes: #7115 Addresses: https://bugs.debian.org/802211
- Loading branch information
33eb44f
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I realize this is a very old thread but, from what I can tell, its still the normal behavior with Debian and I had an idea.
As discussed the
--force
option is not very secure.Instead, why not change the
systemd
scripts to open a shell as a regular user who has login andsudo
asroot
privileges? Like a system admin maybe. That way they can login with their ID and then usesudo
to become root -- which would require their password again.This seems like a far better and more secure option then currently prescribed which is either to use
--force
or to not lock theroot
account.33eb44f
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I am not sure about this, but please file as an issue or submit a PR for that. Otherwise, almost no one can find your comment and this is easily forgotten.
33eb44f
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'll submit an issue. Thanks!
33eb44f
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@imthenachoman: which issue was it? Just wanted to track it.
33eb44f
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@shmerl I never opened one. There was an active discussion on #11596 and I concluded my idea was not a good one. :/
33eb44f
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think current alternative (complete root without any password prompt, when
SYSTEMD_SULOGIN_FORCE=1
was set) is even worse. Some kind of authentication at that step would be better than none at all. Looking at that discussion, I'm not sure what the conclusion is. That it's not necessary, or it's not clear how to do it?Can auth be performed against a particular user, to simply run something like
sudo su
, without dealing with $HOME for that user at all?33eb44f
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think anything is possible but it would require a lot of pre-requisites/pre-work and it isn't worth the effort for the developers. I assume...