Hi Andreas Henriksson, On Wed, 2015-12-02 at 07:39 +0100, Andreas Henriksson wrote: > We originally discussed using force in the systemd rescue/emergency > system, but there where also further discussions about the problem > of a locked account not being really locked. Another idea was finally > concieved that it would be better if d-i shipped the override snippet > to enable sulogin with --force when it locks the root account via > /etc/systemd/system/foo.d/ "drop-in". > I think that might be the best idea. Then it's easily spottable that > the system isn't really locked down by using systemd-delta. > If someone manually locks the root account, then they get an actual > locked down system (as would be expected). > > I'm not sure anymore if/where we're tracking this. Please consider > opening a bug report against debian-installer if you can't already > find an open one (against it or systemd) and refer to this one.
Thank you for the background information and implementation thoughts, that makes a lot of sense. I didn't see any open issues against d-i or systemd, so I opened 806852.[1] > Bonus points if you also suggest a way to handle sysvinit as well > as finding someone interested in implementing it. My suggestion > would be just hacking the init script to add --force there as > that would restore the old status quo of system not (ever) being > properly locked down. That's a tall order. I detailed some thoughts about adding convention to the passwd/shadow file to distinguish always-inaccessible from emergency-accessible, which the init systems and init scripts (or sulogin itself) could use to choose appropriate behavior and allow configuration by users, but it's not ideal for a few reasons. Whether it's preferable to an override for systemd and unconditional "--force" elsewhere is an open question. Thanks again, Kevin 1. https://bugs.debian.org/806852
