F21 emergency.target when root pw isn't set

Ahmad Samir ahmadsamir3891 at gmail.com
Sat Dec 20 05:47:00 UTC 2014 

On 19 December 2014 at 20:49, Chris Murphy <lists at colorremedies.com> wrote:
> On Fri, Dec 19, 2014 at 2:17 AM, Ahmad Samir <ahmadsamir3891 at gmail.com> wrote:
>
>> You'd have to use:
>> /sbin/reboot -f
>
> Right, thanks.
>
>> Have a look at https://fedoraproject.org/wiki/How_to_reset_a_root_password
>> (FWIW that bit, among others, was added by the systemd maintainer in Fedora).
>
> I referred to that same wiki earlier in this thread. It seemed dated
> because it starts out saying that setting a root password is
> mandatory, which isn't correct. And a big part of the problem is this
> incongruence between systemd requiring a root password but the
> installer not requiring a root password. So in the however likely
> event the user needs emergency target, or is inadvertently dropped
> there, some percent of users are stuck because they don't have a root
> password and they're not really informed of this in advance. So it's a
> catch-22.
>

I've tested the F20 desktop live CD, the installer doesn't let me
continue unless I set a root password.

So the problem here is a corner case where you want to boot the live
CD to the emergency/rescue target where the live system doesn't have a
root password set.

> Either systemd needs to back off on the root password requirement,
> which seems unlikely,

I agree with what you said in a previous email; the emergency/rescue
target requiring the root password doesn't make much sense to me.

Having physical access to the machine means that the only practical
security against tampering is having your filesystems encrypted. (It's
cheaper to encrypt one's filesystems than buying a titanium vault to
store the box....).

So what's the point of using sulogin if that can be worked around
using 'init=/bin/bash'? (and I don't think a grub password is much
help against someone having physical access to the machine).
Previously the rescue/emergency target used sushell.

> or the installer needs to insist the user set a
> root password, which is sorta icky because two passwords to do an
> installation? And then the most likely user who will fall into this
> trap is the Fedora Workstation user, who also has media that can't
> boot in rescue mode (i.e. anaconda rescue mode).
>
> Still, short term I think it's better if the user is required to set a
> root password. I think we have more users who end up getting dropped
> to emergency shell with a reference to rdsosreport than users exposing
> themselves to vulnerability by having a root password set (vs not
> set).
>
>

[...]

-- 
Ahmad Samir

More information about the test mailing list