[RFC PATCH] use sulogin in single-user mode
Chris Adams
cmadams at hiwaay.net
Fri Jan 22 17:40:44 UTC 2010
Once upon a time, Bill Nottingham <notting at redhat.com> said:
> Jon Ciesla (limb at jcomserv.net) said:
> > My thoughts exactly. What are the less simple fixes that don't change
> > this behaviour?
>
> Essentially, introducing new scripts solely for this purpose that can
> be given a special label and some policy. It's a hack.
It seems that some prefer bash (dash would probably be better as a
lighter-weight and less-dependencies shell) and some prefer sulogin
(which I think should be "sulogin -e", but that may just be me), and
that this should be called from multiple places (single-user mode, fsck
failures).
It may seem like a hack, but it would seem to me that an external script
or program would be the right way to go, to allow people to change it
according to local policy. On a desktop system (where it seems the goal
is to eliminate the all-powerful "root"), the password may be unknown or
not even set, so requiring the root password would be a bad idea. Some
server setups may require a password in every case (including failure
modes).
If it is done with an external script/program, rc.sysinit should be
changed as well (and since this should handle SELinux correctly, the
disabling/enabling of SELinux could be removed).
--
Chris Adams <cmadams at hiwaay.net>
Systems and Network Administrator - HiWAAY Internet Services
I don't speak for anybody but myself - that's enough trouble.
More information about the devel
mailing list