Once upon a time, Ben Cotton <bcotton(a)redhat.com> said:
Further, this change of defaults complements the default for root
account. The redesign of root setup screen in Fedora 35 makes it clear
that root should be left locked.
So, not directly related to the proposal, but jumping in here because it
goes with the above statement - the "root should be left locked" setup
is a problem that keeps single-user mode broken. I tried to follow the
Fedora (and other distros) default of root being a locked account, and
then found that it's a broken setup.
I was changing some disk config and made a typo in /etc/fstab, so
filesystems wouldn't mount on boot. The boot process stopped and
prompted for the (non-existant) root password. The only way to proceed
at that point is to bypass the normal init (remember to load SELinux
policy manually or face a full relabel, which is irritating) and set a
root password.
This IMHO should have been addressed before making "root account locked"
a default. At a minimum, you shouldn't be prompted for a password that
doesn't exist. It used to be possible to edit the sulogin options to
add --force (so that a locked root account bypassed the password
request), but then systemd removed that.
--
Chris Adams <linux(a)cmadams.net>