Re: Rescue mode when root account locked
- Date: Wed, 20 Sep 2017 13:11:58 +0000 (UTC)
- From: Curt <curty@xxxxxxx>
- Subject: Re: Rescue mode when root account locked
On 2017-09-20, solitone <solitone@xxxxxxxx> wrote:
> When I boot in rescue mode, I get this message:
> Cannot open access to console, the root account is locked. See
> sulogin(8) man page for more details
> When I press Enter to continue, it continues bootup in normal graphical
> Would it be wiser to unlock the root account, so that I can go into
> single user mode? Or is there something I can do, without unlocking the
> root account?
It seems this a "bug."
Michael Biebl says (to explain why careful deliberation is called for before it's
Consider this: You have a laptop with a locked root account. By default
the grub boot loader generates a boot entry for rescue mode.
So, even if you lock down the bios to not allow booting from CD-Rom or
USB, and you password protect grub, someone could easily get root access
if you leave the laptop unattended for a moment.
Marga Manterola created a "drop-in" fix:
ExecStart=-/bin/sh -c "/sbin/sulogin --force; /bin/systemctl
--job-mode=fail --no-block default"
the security implications of which ("/sbin/sulogin --force") are beyond my meager
abilities to comment upon.
"Time flies like an arrow. Fruit flies like a banana." Groucho