Is there a way to get Fedora to boot into a root shell, without requiring a password?
NOTE: I'm not interested in "emergency" shells and this is not for recovering a system.
I want the (specialized, non-networked) system to boot as normal, all the way to multi-user.target, and then drop me to a root shell.
Rich.
Hi Rich what you require comes close to going into (former) runlevel 3: Select your boot instance in grub2, type e (for edit) and add "3" at the end of the line. Then continue booting.
suomi
On 10/06/2016 11:55 PM, Richard W.M. Jones wrote:
Is there a way to get Fedora to boot into a root shell, without requiring a password?
NOTE: I'm not interested in "emergency" shells and this is not for recovering a system.
I want the (specialized, non-networked) system to boot as normal, all the way to multi-user.target, and then drop me to a root shell.
Rich.
On 10/07/16 07:03, fedora wrote:
Hi Rich what you require comes close to going into (former) runlevel 3: Select your boot instance in grub2, type e (for edit) and add "3" at the end of the line. Then continue booting.
I don't believe that this will run: runlevel 3 is still a standard way to login withous graphical environment, and in runlevel 3 a password is required (similar to a graphical environment).
But you could try "init=/bin/bash" in the grub boot line.
Kind regards
Joachim Backes
suomi
On 10/06/2016 11:55 PM, Richard W.M. Jones wrote:
Is there a way to get Fedora to boot into a root shell, without requiring a password?
NOTE: I'm not interested in "emergency" shells and this is not for recovering a system.
I want the (specialized, non-networked) system to boot as normal, all the way to multi-user.target, and then drop me to a root shell.
Rich.
users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-leave@lists.fedoraproject.org
I would say to copy /usr/lib/systemd/system/getty@.service to /etc/systemd/system, except that doesn't seem to work as an override for some reason. So edit /usr/lib/systemd/system/getty@.service and change the ExecStart= line to "/usr/sbin/sulogin -e -p /dev/%I". Then lock the root password (passwd -l root) and reboot. Every console should say "Press enter for maintenance". Press enter and you have a root shell. Just be aware that updates could replace that file and then you're in trouble if you don't have another account to fix it from. If you can figure out how to make the service file override to work then that would be much better.
On 6 October 2016 at 23:55, Richard W.M. Jones rjones@redhat.com wrote:
Is there a way to get Fedora to boot into a root shell, without requiring a password?
NOTE: I'm not interested in "emergency" shells and this is not for recovering a system.
I want the (specialized, non-networked) system to boot as normal, all the way to multi-user.target, and then drop me to a root shell.
Rich.
This seems to work with multi-user.target set as the default target: # cd /etc/systemd/system/ # cp /usr/lib/systemd/system/getty@.service getty@tty1.service # sed -i -e 's!ExecStart=-/sbin/agetty!ExecStart=-/sbin/agetty --autologin root!' getty@tty1.service # systemctl enable --force getty@tty1.service
On Fri, Oct 07, 2016 at 09:19:55AM +0200, Ahmad Samir wrote:
On 6 October 2016 at 23:55, Richard W.M. Jones rjones@redhat.com wrote:
Is there a way to get Fedora to boot into a root shell, without requiring a password?
NOTE: I'm not interested in "emergency" shells and this is not for recovering a system.
I want the (specialized, non-networked) system to boot as normal, all the way to multi-user.target, and then drop me to a root shell.
Rich.
This seems to work with multi-user.target set as the default target: # cd /etc/systemd/system/ # cp /usr/lib/systemd/system/getty@.service getty@tty1.service # sed -i -e 's!ExecStart=-/sbin/agetty!ExecStart=-/sbin/agetty --autologin root!' getty@tty1.service # systemctl enable --force getty@tty1.service
Thanks.
I came up with a slightly different answer, which also works. I'm just documenting it here for reference.
I copied debug-shell.service from systemd to /etc/systemd/system/root-shell.service. I modified the file as below because I wanted to start a root shell on /dev/console, and I also wanted the target to be multi-user.target.
I then enabled the service as usual:
# systemctl enable root-shell
On boot, it starts a root shell with no login required.
Rich.
---------------------------------------------------------------------- # This file is part of systemd. # # systemd is free software; you can redistribute it and/or modify it # under the terms of the GNU Lesser General Public License as published by # the Free Software Foundation; either version 2.1 of the License, or # (at your option) any later version.
[Unit] Description=Root shell Documentation=man:sushell(8) DefaultDependencies=no IgnoreOnIsolate=yes
[Service] Environment=TERM=linux ExecStart=/sbin/sushell Restart=always RestartSec=0 StandardInput=tty TTYPath=/dev/console TTYReset=yes TTYVHangup=yes KillMode=process IgnoreSIGPIPE=no # bash ignores SIGTERM KillSignal=SIGHUP
# Unset locale for the console getty since the console has problems # displaying some internationalized messages. Environment=LANG= LANGUAGE= LC_CTYPE= LC_NUMERIC= LC_TIME= LC_COLLATE= LC_MONETARY= LC_MESSAGES= LC_PAPER= LC_NAME= LC_ADDRESS= LC_TELEPHONE= LC_MEASUREMENT= LC_IDENTIFICATION=
[Install] WantedBy=multi-user.target
On Fri, 2016-10-07 at 07:03 +0200, fedora wrote:
what you require comes close to going into (former) runlevel 3: Select your boot instance in grub2, type e (for edit) and add "3" at the end of the line. Then continue booting.
I'd say what he asked for would have been achieved with run level one (otherwise known as single), not three. Run level three requires a password, run level one does not.
If you can still boot into run level one, then typing a numeral one, instead of 3, as you've suggested, ought to work.
The old run level one (whatever they call it, these days), was a basic, isolated from the network, text-only, login. But I haven't tried that on a modern system, to see whether it boots up similarly, or into a newer special login.
On Sat, Oct 8, 2016 at 1:25 AM, Tim ignored_mailbox@yahoo.com.au wrote:
The old run level one (whatever they call it, these days), was a basic, isolated from the network, text-only, login.
It still is, except that it requires "Give root password" before you can get a shell, at least in a vanilla system.
--Greg
On 10/08/16 17:35, Greg Woods wrote:
On Sat, Oct 8, 2016 at 1:25 AM, Tim <ignored_mailbox@yahoo.com.au mailto:ignored_mailbox@yahoo.com.au> wrote:
The old run level one (whatever they call it, these days), was a basic, isolated from the network, text-only, login.It still is, except that it requires "Give root password" before you can get a shell, at least in a vanilla system.
Greg,
if you add "init=/bin/bash" to the grub line, there is simply a root shell started (with id=0), so no password is required, but you have root rights.
Kind regards
Joachim Backes
--Greg
users mailing list -- users@lists.fedoraproject.org To unsubscribe send an email to users-leave@lists.fedoraproject.org
On Sat, Oct 8, 2016 at 9:42 AM, Joachim Backes < joachim.backes@rhrk.uni-kl.de> wrote:
If you add "init=/bin/bash" to the grub line, there is simply a root shell started (with id=0), so no password is required
This doesn't change what I said about "vanilla system"; it requires the installed system be explicitly modified.
I may try that though. I don't think prompting for the root password at this stage really helps the security much. Anyone who has physical access to the console and who can modify the grub config to boot single user, can also most likely boot from a rescue CD and get full access anyway. Even locked-down BIOS configurations can be bypassed by replacing the BIOS chip or just making off with the hard drive (of course those require a much more determined attacker and the latter is difficult to do undetected).
--Greg
On 10/08/16 19:02, Greg Woods wrote:
On Sat, Oct 8, 2016 at 9:42 AM, Joachim Backes <joachim.backes@rhrk.uni-kl.de mailto:joachim.backes@rhrk.uni-kl.de> wrote:
If you add "init=/bin/bash" to the grub line, there is simply a root shell started (with id=0), so no password is requiredThis doesn't change what I said about "vanilla system"; it requires the installed system be explicitly modified.
Hi Greg,
I'm running a F24 system with the kernel 4.7.7-200.fc24.x86_64 (no vanilla!), and adding "init=/bin/bash" to the grub line really boots into a root shell!
Kind regards
Joachim Backes
On Sun, 2016-10-09 at 08:06 +0200, Joachim Backes wrote:
On 10/08/16 19:02, Greg Woods wrote:
On Sat, Oct 8, 2016 at 9:42 AM, Joachim Backes <joachim.backes@rhrk.uni-kl.de mailto:joachim.backes@rhrk.uni-kl.de> wrote:
If you add "init=/bin/bash" to the grub line, there is simply a root shell started (with id=0), so no password is requiredThis doesn't change what I said about "vanilla system"; it requires the installed system be explicitly modified.
Hi Greg,
I'm running a F24 system with the kernel 4.7.7-200.fc24.x86_64 (no vanilla!), and adding "init=/bin/bash" to the grub line really boots into a root shell!
Of course, but note that Bash is now process 1 and will not do many of the things process 1 normally does, such as running all the init scripts in /etc/init.d. Expect your system not to work normally.
poc
-
Ahmad Samir -
fedora -
Greg Woods -
Joachim Backes -
Patrick O'Callaghan -
Richard W.M. Jones -
Samuel Sieb -
Tim