Once upon a time, Bill Nottingham <notting@xxxxxxxxxx> said: > Jon Ciesla (limb@xxxxxxxxxxxx) said: > > My thoughts exactly. What are the less simple fixes that don't change > > this behaviour? > > Essentially, introducing new scripts solely for this purpose that can > be given a special label and some policy. It's a hack. It seems that some prefer bash (dash would probably be better as a lighter-weight and less-dependencies shell) and some prefer sulogin (which I think should be "sulogin -e", but that may just be me), and that this should be called from multiple places (single-user mode, fsck failures). It may seem like a hack, but it would seem to me that an external script or program would be the right way to go, to allow people to change it according to local policy. On a desktop system (where it seems the goal is to eliminate the all-powerful "root"), the password may be unknown or not even set, so requiring the root password would be a bad idea. Some server setups may require a password in every case (including failure modes). If it is done with an external script/program, rc.sysinit should be changed as well (and since this should handle SELinux correctly, the disabling/enabling of SELinux could be removed). -- Chris Adams <cmadams@xxxxxxxxxx> Systems and Network Administrator - HiWAAY Internet Services I don't speak for anybody but myself - that's enough trouble. -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel