Re: password set at installation of debian-10.10.0-amd64 not recognized
> You don't really get that far if your root FS is unmountable. Hmm... if it truly can't be mounted, then the system can't read `/etc/passwd` and then whether there is a root account or not makes no difference. In the "usual" case where the root FS is readable but fsck found errors, then indeed the normal boot steps will require a root password, but you can normally circumvent this with `init=/bin/sh`. If this fails because `/bin/sh` is affected by the filesystem's inconsistency, then you need to resort to the initrd's debug shell, e.g. with something `break=local` IIRC. Of course, the existence of a root password can occasionally be handy for things like `rsync` (strictly speaking, you can probably arrange for rsync to first log in as a normal user and then use `sudo`, but it requires a fair bit of fiddling, IIRC). Stefan
Re: password set at installation of debian-10.10.0-amd64 not recognized
On Sun, Aug 15, 2021 at 11:00:26AM -0400, Stefan Monnier wrote: > > You don't really get that far if your root FS is unmountable. > > Hmm... if it truly can't be mounted, then the system can't read > `/etc/passwd` and then whether there is a root account or not makes > no difference. That's right. [...] > Of course, the existence of a root password can occasionally be handy > for things like `rsync` (strictly speaking, you can probably arrange > for rsync to first log in as a normal user and then use `sudo`, but > it requires a fair bit of fiddling, IIRC). For that, there is `rsync ... --rsync-path="sudo rsync" ...'. I do use to back up my virtual server out there, which doesn't like (heh) to have an ssh root login. Cheers - t signature.asc Description: Digital signature
Re: password set at installation of debian-10.10.0-amd64 not recognized
On Sun, Aug 15, 2021 at 11:00:26AM -0400, Stefan Monnier wrote: > Of course, the existence of a root password can occasionally be handy > for things like `rsync` (strictly speaking, you can probably arrange > for rsync to first log in as a normal user and then use `sudo`, but > it requires a fair bit of fiddling, IIRC). You'll generally want to set things up so that direct root logins require key authentication, not password auth. (And *definitely* not some shell/Expect botch involving feeding a password to sudo after a non-root login. That's simply terrible.)
Re: password set at installation of debian-10.10.0-amd64 not recognized
On Sun, Aug 15, 2021 at 08:49:49AM +0200, to...@tuxteam.de wrote: > [trying to enter single user mode requires a root password] > > Of course, there are ways around that, but all of them involve having > access to another living instance of an operating system, Not all. You can supply kernel parameters from the GRUB menu to get around it. Historically, "init=/bin/bash" used to work, but that may not be enough these days. I haven't tried it in a while. > Does anyone know other cases where you'd wish you had a root password? If the sudo package happens to break. If you break your sudoers file by accident. ("But who could *possibly* screw that up? The format is so simple that you *barely* need a PhD in computer science to understand the documentation!")
Re: password set at installation of debian-10.10.0-amd64 not recognized
On Sun, Aug 15, 2021 at 12:15:07PM +0300, Reco wrote: > Hi. > > On Sun, Aug 15, 2021 at 08:49:49AM +0200, to...@tuxteam.de wrote: [...] > > Up to now, there is exactly one case I am aware of when you'd wish > > you had a root password: at boot, the root file system is deemed > > too broken to mount, and you are told to fix it manually. > > > > Of course, there are ways around that, but all of them involve having > > access to another living instance of an operating system, > > Booting an existing system with init=/bin/sh does not require one to > know a root password, and allows full access nevertheless. You don't really get that far if your root FS is unmountable. > Of course, a console access is required, but the same can be said about > any kind of a rescue media. definitely. > > Does anyone know other cases where you'd wish you had a root password? > > I can think of nothing, short of broken third-party software that > insists on executing "su -". Apart from, of course "I don't want sudo on my box", which, to me, looks like a perfectly valid reason (not that this is /my/ standpoint: I'm a happy sudo customer, but I know folks who do take this standpoint and have all my respect). Cheers - t signature.asc Description: Digital signature
Re: password set at installation of debian-10.10.0-amd64 not recognized
Hi. On Sun, Aug 15, 2021 at 08:49:49AM +0200, to...@tuxteam.de wrote: > On Sat, Aug 14, 2021 at 06:06:50PM -0400, Stefan Monnier wrote: > > > Nevertheless there are rare cases only root can make changes. > > > > You mean cases where `sudo zsh -l` is not an option? > > Up to now, there is exactly one case I am aware of when you'd wish > you had a root password: at boot, the root file system is deemed > too broken to mount, and you are told to fix it manually. > > Of course, there are ways around that, but all of them involve having > access to another living instance of an operating system, Booting an existing system with init=/bin/sh does not require one to know a root password, and allows full access nevertheless. Of course, a console access is required, but the same can be said about any kind of a rescue media. > Does anyone know other cases where you'd wish you had a root password? I can think of nothing, short of broken third-party software that insists on executing "su -". Reco
Re: password set at installation of debian-10.10.0-amd64 not recognized
On Sat, Aug 14, 2021 at 06:06:50PM -0400, Stefan Monnier wrote: > > Nevertheless there are rare cases only root can make changes. > > You mean cases where `sudo zsh -l` is not an option? Up to now, there is exactly one case I am aware of when you'd wish you had a root password: at boot, the root file system is deemed too broken to mount, and you are told to fix it manually. Of course, there are ways around that, but all of them involve having access to another living instance of an operating system, either a rescue system or a third system to poke around and try to get your half-dead root file system up to speed (or you know your way around the initramfs, which is "another living instance of an operating system", but not one with access to your brain extension, aka search engine). The most convenient step at that point still is "enter your root password and be dropped into a root shell". Does anyone know other cases where you'd wish you had a root password? Cheers - t signature.asc Description: Digital signature
Re: password set at installation of debian-10.10.0-amd64 not recognized
> Nevertheless there are rare cases only root can make changes. You mean cases where `sudo zsh -l` is not an option? Stefan
Re: password set at installation of debian-10.10.0-amd64 not recognized
On Sat, 14 Aug 2021 17:00:39 -0400 Thomas George wrote: > Nevertheless there are rare cases only root can make changes. > > What to do? Check out "sudo -i". -- Does anybody read signatures any more? https://charlescurley.com https://charlescurley.com/blog/
Re: password set at installation of debian-10.10.0-amd64 not recognized
Thomas George (12021-08-14): > The installation from a usb stick went smoothly. Everything works sudo > commands work so I will rarely need to log on as root. > > Nevertheless there are rare cases only root can make changes. > > What to do? sudo passwd Regards, -- Nicolas George signature.asc Description: PGP signature