Bug#802211: systemd: rescue.service fails if root password is not set, needs sulogin --force

Nathan Dorfman ndorf at rtfm.net
Fri Mar 31 00:26:13 BST 2017

On Fri, Mar 31, 2017 at 12:51:08AM +0200, Michael Biebl wrote:
> Maybe I'm overly paranoid here, but maybe that helps to better
> understand my concerns.

No, your concerns sound reasonable to me, and I agree that demanding
a username from group sudo, along with its password sounds like it
could be even better.

However, I think it might not be necessary. Simply warn the user what
is going to happen if they don't set the root password at install
time: rescue boot will be left unprotected.

Some users might prefer that behavior anyway -- as someone pointed
out, the rescue shell would still work even if passwd/shadow are lost.
Users that are setting up BIOS and grub passwords can be expected to
set the root password as well, IMHO. Obviously, the installer should
make it unmistakably clear.

If that's not acceptable, I hope you'll agree that the installer
should just force you to set a root password. It's not reasonable for
it to quietly leave you with a rescue shell that won't work at all.

However, I honestly think the more lenient solution is better: an
empty root password usable only at rescue boot seems preferable to a
very weak password that could be allowed elsewhere. That said, I just
noticed that we seem to have PermitRootLogin prohibit-password in
sshd_config by default now, so this might be a minor or even moot


More information about the Pkg-systemd-maintainers mailing list