Bug#802211: RFC: wip patch to force sulogin on locked root accounts
Stijn van Drongelen
rhymoid at gmail.com
Tue Oct 17 21:36:45 BST 2017
Hi Felipe,
On 15 October 2017 at 14:30, Felipe Sateler <fsateler at debian.org> wrote:
>
> Excellent. I would suggest though to fix this first for 235, and
> upstream. That way whatever solution is implemented for stretch[1] can
> be designed with compatibility with buster in mind.
>
>
> [1] If the release team ACKs the change, too.
Yes, that makes sense as a first step. I have submitted a pull request
for upstream [1] and attached a patch against 235-2 (I hope I formatted
it properly...). As mentioned in the comments of the PR, I've tested it
a bit in VirtualBox, but corrupting /etc/fstab stopped triggering
emergency mode at some point. I'm not sure if I tested it well.
As far as I can see, systemd moved on to use the meson build system
after stretch's version was released, so I'm not sure if sulogin-shell.c
can be backported easily. However, the patch itself is very simple,
so porting the patch shouldn't be much of an obstacle.
> It is my understanding that sulogin --force will still ask for
> password if getpwnam works.
You're right! I should've read the manpage for sulogin.
>> 3) [...]
>
> This has the drawback of requiring to modify ExecStart, and thus risk
> becoming incompatible if the sulogin wrapper changes interface.
>
>> 4) [...]
>
> I don't have an opinion here.
I've left the sulogin-shell interface as it was.
Regards,
Stijn van Drongelen
[1] https://github.com/systemd/systemd/pull/7116
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Use-sulogin-force-for-rescue-and-emergency-mode.patch
Type: text/x-patch
Size: 1816 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-systemd-maintainers/attachments/20171017/83c73e32/attachment-0002.bin>
More information about the Pkg-systemd-maintainers
mailing list