Re: [RFC PATCH] use sulogin in single-user mode

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Once upon a time, Bill Nottingham <notting@xxxxxxxxxx> said:
> Jon Ciesla (limb@xxxxxxxxxxxx) said: 
> > My thoughts exactly.  What are the less simple fixes that don't change 
> > this behaviour?
> 
> Essentially, introducing new scripts solely for this purpose that can
> be given a special label and some policy. It's a hack.

It seems that some prefer bash (dash would probably be better as a
lighter-weight and less-dependencies shell) and some prefer sulogin
(which I think should be "sulogin -e", but that may just be me), and
that this should be called from multiple places (single-user mode, fsck
failures).

It may seem like a hack, but it would seem to me that an external script
or program would be the right way to go, to allow people to change it
according to local policy.  On a desktop system (where it seems the goal
is to eliminate the all-powerful "root"), the password may be unknown or
not even set, so requiring the root password would be a bad idea.  Some
server setups may require a password in every case (including failure
modes).

If it is done with an external script/program, rc.sysinit should be
changed as well (and since this should handle SELinux correctly, the
disabling/enabling of SELinux could be removed).

-- 
Chris Adams <cmadams@xxxxxxxxxx>
Systems and Network Administrator - HiWAAY Internet Services
I don't speak for anybody but myself - that's enough trouble.
-- 
devel mailing list
devel@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]
  Powered by Linux