Hi all,
On Mon, Dec 06, 2021 at 12:33:21PM -0500, Ben Cotton wrote:
https://fedoraproject.org/wiki/Changes/FixRescueMode
== Summary ==
Fedora defaults to locking the root account, which is needed by
single-user mode. This Change uses `sulogin --force` so the password
request is bypassed under this circumstance.
Thanks for all the feedback. Going to do a reply here rather than in
individual subthreads since I'm responding to several suggestions.
For those who thinks this is a security concern (granted, not a new one,
but one that is more convenient), requiring some password seems to be
the way out
- do we want to allow any /local/ %wheel users to log in?
- or do we want to use a recovery passphrase of some sort?
- TPM dependencies might not be appropriate
I'm leaning towards not rushing this and delaying to F37; Chris Murphy
raised a good question on whether the current bypass is fine for CoreOS
or not.
For F36 - I agree that it's better to *not* have a rescue mode than a
broken one. How about this as an end state we can realistically achieve:
- if the root password is set, rescue mode should appear in the GRUB
menu
- if the root password is not set
- rescue mode should not be listed
- if someone tries to invoke it, it should display an error rather
than prompting for a non-existent password
If that seems reasonable, we can figure out where to put the hooks next.
Best regards,
--
Michel Alexandre Salim
profile:
https://keyoxide.org/michel@michel-slm.name