On 19 December 2014 at 20:49, Chris Murphy <lists(a)colorremedies.com> wrote:
On Fri, Dec 19, 2014 at 2:17 AM, Ahmad Samir
<ahmadsamir3891(a)gmail.com> wrote:
> You'd have to use:
> /sbin/reboot -f
Right, thanks.
> Have a look at
https://fedoraproject.org/wiki/How_to_reset_a_root_password
> (FWIW that bit, among others, was added by the systemd maintainer in Fedora).
I referred to that same wiki earlier in this thread. It seemed dated
because it starts out saying that setting a root password is
mandatory, which isn't correct. And a big part of the problem is this
incongruence between systemd requiring a root password but the
installer not requiring a root password. So in the however likely
event the user needs emergency target, or is inadvertently dropped
there, some percent of users are stuck because they don't have a root
password and they're not really informed of this in advance. So it's a
catch-22.
I've tested the F20 desktop live CD, the installer doesn't let me
continue unless I set a root password.
So the problem here is a corner case where you want to boot the live
CD to the emergency/rescue target where the live system doesn't have a
root password set.
Either systemd needs to back off on the root password requirement,
which seems unlikely,
I agree with what you said in a previous email; the emergency/rescue
target requiring the root password doesn't make much sense to me.
Having physical access to the machine means that the only practical
security against tampering is having your filesystems encrypted. (It's
cheaper to encrypt one's filesystems than buying a titanium vault to
store the box....).
So what's the point of using sulogin if that can be worked around
using 'init=/bin/bash'? (and I don't think a grub password is much
help against someone having physical access to the machine).
Previously the rescue/emergency target used sushell.
or the installer needs to insist the user set a
root password, which is sorta icky because two passwords to do an
installation? And then the most likely user who will fall into this
trap is the Fedora Workstation user, who also has media that can't
boot in rescue mode (i.e. anaconda rescue mode).
Still, short term I think it's better if the user is required to set a
root password. I think we have more users who end up getting dropped
to emergency shell with a reference to rdsosreport than users exposing
themselves to vulnerability by having a root password set (vs not
set).
[...]
--
Ahmad Samir