Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
Rescue mode when root account locked
3,148 views
Skip to first unread message
solitone
Sep 20, 2017, 7:50:04 AM9/20/17
to
When I boot in rescue mode, I get this message:
Cannot open access to console, the root account is locked. See
sulogin(8) man page for more details
When I press Enter to continue, it continues bootup in normal graphical
mode.
Would it be wiser to unlock the root account, so that I can go into
single user mode? Or is there something I can do, without unlocking the
root account?
Cannot open access to console, the root account is locked. See
sulogin(8) man page for more details
When I press Enter to continue, it continues bootup in normal graphical
mode.
Would it be wiser to unlock the root account, so that I can go into
single user mode? Or is there something I can do, without unlocking the
root account?
Dejan Jocic
Sep 20, 2017, 9:10:08 AM9/20/17
to
decided that you do not need it and that you will just use sudo instead.
That stuff is more for Ubuntu than for Debian, because ubuntu has
patched sulogin to allow single user mode when root account is locked.
You can easily unlock you root account with sudo passwd root. Enter
password and root account will be unlocked. Unless you've used some
other method for locking root, like putting /usr/sbin/nologin shell in
/etc/passwd for root instead of /bin/bash. In that case you will have to
undo your changes there.
Michael Biebl
Sep 20, 2017, 9:10:08 AM9/20/17
to
--
Why is it that all of the instruments seeking intelligent life in the
universe are pointed away from Earth?
Curt
Sep 20, 2017, 9:20:03 AM9/20/17
to
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=802211
Michael Biebl says (to explain why careful deliberation is called for before it's
"fixed"):
Consider this: You have a laptop with a locked root account. By default
the grub boot loader generates a boot entry for rescue mode.
So, even if you lock down the bios to not allow booting from CD-Rom or
USB, and you password protect grub, someone could easily get root access
if you leave the laptop unattended for a moment.
Marga Manterola created a "drop-in" fix:
cat /etc/systemd/system/rescue.service.d/sulogin.conf
[Service]
ExecStart=
ExecStart=-/bin/sh -c "/sbin/sulogin --force; /bin/systemctl
--job-mode=fail --no-block default"
the security implications of which ("/sbin/sulogin --force") are beyond my meager
abilities to comment upon.
--
"Time flies like an arrow. Fruit flies like a banana." Groucho
solitone
Sep 20, 2017, 10:00:05 AM9/20/17
to
I'll unlock the root account then.
0 new messages