On Tue, 2021-11-30 at 08:49 -0600, Chris Adams wrote:
Once upon a time, Ben Cotton <bcotton(a)redhat.com> said:
> Further, this change of defaults complements the default for root
> account. The redesign of root setup screen in Fedora 35 makes it clear
> that root should be left locked.
So, not directly related to the proposal, but jumping in here because it
goes with the above statement - the "root should be left locked" setup
is a problem that keeps single-user mode broken. I tried to follow the
Fedora (and other distros) default of root being a locked account, and
then found that it's a broken setup.
I was changing some disk config and made a typo in /etc/fstab, so
filesystems wouldn't mount on boot. The boot process stopped and
prompted for the (non-existant) root password. The only way to proceed
at that point is to bypass the normal init (remember to load SELinux
policy manually or face a full relabel, which is irritating) and set a
root password.
This IMHO should have been addressed before making "root account locked"
a default. At a minimum, you shouldn't be prompted for a password that
doesn't exist. It used to be possible to edit the sulogin options to
add --force (so that a locked root account bypassed the password
request), but then systemd removed that.
Boot with `systemd.debug-shell=1` and there will be a root console
available on tty9 from very early in boot. Not sure if it's early
enough for this specific scenario, but it is for a lot.
You can also boot to the initramfs environment by booting with
`rd.break`, from where you can fix up most problems.
--
Adam Williamson
Fedora QA
IRC: adamw | Twitter: adamw_ha
https://www.happyassassin.net