Re: F36 Change: Users are administrators by default in the installer GUI. (Self-Contained Change proposal)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tue, Nov 30, 2021 at 9:49 AM Chris Adams <linux@xxxxxxxxxxx> wrote:
> So, not directly related to the proposal, but jumping in here because it
> goes with the above statement - the "root should be left locked" setup
> is a problem that keeps single-user mode broken.  I tried to follow the
> Fedora (and other distros) default of root being a locked account, and
> then found that it's a broken setup.
>
> I was changing some disk config and made a typo in /etc/fstab, so
> filesystems wouldn't mount on boot.  The boot process stopped and
> prompted for the (non-existant) root password.  The only way to proceed
> at that point is to bypass the normal init (remember to load SELinux
> policy manually or face a full relabel, which is irritating) and set a
> root password.

It is possible to boot such a system with 'systemd.debug-shell=1' boot
parameter, and you'll get a root login on tty9, and from here you can
run 'passwd' and enable the root account. Like, the fact we can do
this so easily is something of a security risk, which is also ironic
that the #1 reason I'm aware of and use this work around is because
I'm locked out of maintenance mode boot due to the root user not
having a password which is ostensibly more secure. From one fire into
the next...

While I agree that the options are suboptimal, the whole fall over
behavior when something doesn't assemble correctly is more suboptimal.
There aren't that many folks who can troubleshoot such things in the
initramfs, it's such a severely limited environment, and requires
esoteric knowledge to even figure out why things don't assemble let
alone fix them. A few ideas have been floated to make it better:

* enabling read-only rootfs startup
   * possibly use overlayfs with a read/write layer on volatile /run,
and somehow indicating to the user things are running in a
degraded/safe/emergency read-only startup.
* a recovery partition to enable starting up a more complete and user
friendly environment
   * could be based on Live media used for doing installations


> This IMHO should have been addressed before making "root account locked"
> a default.  At a minimum, you shouldn't be prompted for a password that
> doesn't exist.  It used to be possible to edit the sulogin options to
> add --force (so that a locked root account bypassed the password
> request), but then systemd removed that.

There's a possibility that systemd-homed is available soon after a
read-only mount of rootfs, and could be used to authenticate a user in
the wheel group to login to the maintenance mode prompt. But right
now, none of the user authentication stuff is running by the time
early startup file system assembly tends to fail, and also needs rw
mount for whatever reason. So I guess it's not such a simple problem
to solve at the moment.

-- 
Chris Murphy
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure




[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Users]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]

  Powered by Linux