F21 System Wide Change: The securetty file is empty by default
Andrew Lutomirski
luto at mit.edu
Mon Apr 14 14:21:41 UTC 2014
On Mon, Apr 14, 2014 at 6:50 AM, Michel Alexandre Salim
<salimma at fedoraproject.org> wrote:
> On 04/11/2014 11:18 PM, Jaroslav Reznik wrote:
>> ----- Original Message -----
>>> = Proposed System Wide Change: The securetty file is empty by default =
>>> https://fedoraproject.org/wiki/Changes/securetty_file_is_empty_by_default
>>>
>>> Change owner(s): quickbooks <quickbooks.office at gmail.com>
>>>
>>> The securetty file is empty by default
>>>
>>> There's on-going discussion for this Change on the devel list.
>>> https://lists.fedoraproject.org/pipermail/devel/2014-April/197344.html
>>
>> Fedora Base Working Group discussed this Change on today's meeting
>> (2014-04-11) and tends to support counter proposal to remove securetty
>> entirely from the default PAM configuration (not from distribution)
>> as discussed in the thread mentioned above. Base WG would like to ask
>> FESCo to weight it as part of decision making (once this change hits
>> FESCo meeting).
>>
> Apologies for being late to the discussion as well - just wanted to note
> that I've been running root-password-less configurations for some time
> (by using passwd -l to lock out the root account post-install), and
> later encountered this scenario whereby one of the disks failed fsck and
> I was dropped into a single-user mode login for maintenance, where I was
> prompted for... you get it, the root password.
>
> Resorted to rebooting and disabling fsck from grub, but how to handle
> fsck errors should probably be considered as part of this proposed change.
You're not the only one:
https://bugzilla.redhat.com/show_bug.cgi?id=1045574
https://bugzilla.redhat.com/show_bug.cgi?id=1087528
but I don't think that this is really related to securetty.
--Andy
More information about the devel
mailing list