Bug#802211: RFC: wip patch to force sulogin on locked root accounts

Stijn van Drongelen rhymoid at gmail.com
Tue Oct 17 21:36:45 BST 2017

Hi Felipe,

On 15 October 2017 at 14:30, Felipe Sateler <fsateler at debian.org> wrote:
> Excellent. I would suggest though to fix this first for 235, and
> upstream. That way whatever solution is implemented for stretch[1] can
> be designed with compatibility with buster in mind.
> [1] If the release team ACKs the change, too.

Yes, that makes sense as a first step. I have submitted a pull request
for upstream [1] and attached a patch against 235-2 (I hope I formatted
it properly...). As mentioned in the comments of the PR, I've tested it
a bit in VirtualBox, but corrupting /etc/fstab stopped triggering
emergency mode at some point. I'm not sure if I tested it well.

As far as I can see, systemd moved on to use the meson build system
after stretch's version was released, so I'm not sure if sulogin-shell.c
can be backported easily. However, the patch itself is very simple,
so porting the patch shouldn't be much of an obstacle.

> It is my understanding that sulogin --force will still ask for
> password if getpwnam works.

You're right! I should've read the manpage for sulogin.

>> 3) [...]
> This has the drawback of requiring to modify ExecStart, and thus risk
> becoming incompatible if the sulogin wrapper changes interface.
>> 4) [...]
> I don't have an opinion here.

I've left the sulogin-shell interface as it was.

Stijn van Drongelen

 [1] https://github.com/systemd/systemd/pull/7116
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Use-sulogin-force-for-rescue-and-emergency-mode.patch
Type: text/x-patch
Size: 1816 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-systemd-maintainers/attachments/20171017/83c73e32/attachment-0002.bin>

More information about the Pkg-systemd-maintainers mailing list