Once upon a time, Bill Nottingham <notting@xxxxxxxxxx> said: > However, this changes behavior that has existed since the dawn > of time in Red Hat/Fedora systems; with this change, single-user > mode would now require the root password. This is both when > booting with 'linux single/linux S', or going to runlevel 1 > with 'telinit 1'. Well, that would make changing an unknown root password more annoying. At a minimum, you should add the -e option (so if the files are corrupted you can still get in). How about moving /usr/bin/runcon to /bin and using that to call bash instead? In any case, the same method should be used for fsck failures, which right now is sulogin, without the -e (but SELinux is disabled for that shell, which doesn't seem like a good idea to me). I have some old (ancient?) Cobalt RaQs that use sulogin instead of just calling bash, and it is just an annoyance; it doesn't really secure anything (physical access trumps all). If you are trying to secure a system, you need to password-protect the boot loader anyway. -- Chris Adams <cmadams@xxxxxxxxxx> Systems and Network Administrator - HiWAAY Internet Services I don't speak for anybody but myself - that's enough trouble. -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel
