On 6/25/2015 11:59 AM, Andreas Henriksson wrote:
I'm currently undecided on how to best approach this. As discussed just now with upstream please consider the usecase of a kiosk setup. Root account is locked. (Physical access restricted.) Suddently the filesystem becomes bad and needs attention. Kiosk user is allowed to log in as root by just pressing enter!
Does rescue mode get started automatically when fsck-root fails? I thought you had to pass the parameter for it on the kernel command line, and if you can do that, then you can just as easily add init=/bin/sh and get a root shell.
If so, then I suppose the password bypass could be made to only kick in if the command line argument was given, and if not, then it shouldn't just sit there asking you for a root password that you can not give; it should say root is locked, and halt or shutdown.
I don't think it's too far fetched to think that a locked root account actually means locked. Not "we occationally let you in as root without even typing a password".
On Ubuntu, a locked root password is the default. We rely on being able to log in as root in rescue mode, and nowhere else.
-- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
