Bug#806852: sulogin --force should be the default whether or not the root account is locked
Bjørn Mork
bjorn at mork.no
Fri Jan 8 11:35:09 GMT 2016
I believe adding '--force' is just as important when the root account
has a password, to allow system access in case /etc/password and/or
/etc/shadow are unreadable or otherwise damaged.
This is of course much less likely to happen than needing su access in
general. But there are no real reasons to avoid '--force' on systems
having a root password. '--force' will not make any difference unless
/etc/shadow is modified. And if you can modify /etc/shadow in any way,
then...
So the two important differences with unconditional '--force' are:
- enabling emergency rescue of systems with damaged /etc
- requiring one additional change to fully lock down the root account
for console users
These differences are exactly the same whether or not the root account
was locked down by the installer. If you find the last one acceptable
for an installer locked down root account, then it must be acceptable
for a manually locked down root as well.
Therefore: Please invoke sulogin with '--force' by default. There is
no need to do any installer-based magic.
Bjørn
More information about the Pkg-systemd-maintainers
mailing list