On 19 December 2014 at 20:49, Chris Murphy <lists@xxxxxxxxxxxxxxxxx> wrote: > On Fri, Dec 19, 2014 at 2:17 AM, Ahmad Samir <ahmadsamir3891@xxxxxxxxx> wrote: > >> You'd have to use: >> /sbin/reboot -f > > Right, thanks. > >> Have a look at https://fedoraproject.org/wiki/How_to_reset_a_root_password >> (FWIW that bit, among others, was added by the systemd maintainer in Fedora). > > I referred to that same wiki earlier in this thread. It seemed dated > because it starts out saying that setting a root password is > mandatory, which isn't correct. And a big part of the problem is this > incongruence between systemd requiring a root password but the > installer not requiring a root password. So in the however likely > event the user needs emergency target, or is inadvertently dropped > there, some percent of users are stuck because they don't have a root > password and they're not really informed of this in advance. So it's a > catch-22. > I've tested the F20 desktop live CD, the installer doesn't let me continue unless I set a root password. So the problem here is a corner case where you want to boot the live CD to the emergency/rescue target where the live system doesn't have a root password set. > Either systemd needs to back off on the root password requirement, > which seems unlikely, I agree with what you said in a previous email; the emergency/rescue target requiring the root password doesn't make much sense to me. Having physical access to the machine means that the only practical security against tampering is having your filesystems encrypted. (It's cheaper to encrypt one's filesystems than buying a titanium vault to store the box....). So what's the point of using sulogin if that can be worked around using 'init=/bin/bash'? (and I don't think a grub password is much help against someone having physical access to the machine). Previously the rescue/emergency target used sushell. > or the installer needs to insist the user set a > root password, which is sorta icky because two passwords to do an > installation? And then the most likely user who will fall into this > trap is the Fedora Workstation user, who also has media that can't > boot in rescue mode (i.e. anaconda rescue mode). > > Still, short term I think it's better if the user is required to set a > root password. I think we have more users who end up getting dropped > to emergency shell with a reference to rdsosreport than users exposing > themselves to vulnerability by having a root password set (vs not > set). > > [...] -- Ahmad Samir -- test mailing list test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe: https://admin.fedoraproject.org/mailman/listinfo/test