Sthu Deus (sthu.d...@gmail.com on 2011-12-02 15:17 +0700): > > >From here it's all guesswork. You'd need to provide a full bootlog up > >to the point where the shell is started to get any meaningful > >answers. > > Hmm. I thought everybody has the same OS behavior in such condition... > And the problem here is only improper/default configuration.
That could very well be, but I haven't had a boot problem in years (well, except when trying out systemd). A standard Debian config should not offer a passwordless root shell unless you explicitly ask for it, but I can think of at least four ways to get such a root shell -- not including misconfiguration, bugs or alternative boot devices. > > I have grepped through my logs on HDD partition that caused the boot > stop (because one partition was not mounted that set to be auto > mounted) - I don't think you'll find anything in the system logs. From the little information you have given, it is clear that the system has not fully started, so there is no reason to assume that /var/log is accessible or that syslog is running. Early boot messages should be found in /var/log/boot, but bootlogd seems very hit&miss on my systems. Filesystem checks are logged in /var/log/fsck. > > In general, am I correct in understanding the situation, that what I > gonna do is abnormal behavior in Debian distro., and to have the root > password-less shell in "emergency" cases is OK for some (to > developers / security team) reasons It's not about emergency situations, although it certainly can be used as such. It's about accesss: if anyone has physical access to your machine, there are so many ways to access your system that it is silly to protect against one of them. So yes, protecting yourself from physical attacks by insisting on a root password is abnormal behaviour. How are you going to prevent an attacker from opening your PC and connecting the harddisk to his own machine? > - and in case I want to commit > what I have targeted, I have to develop the solution myself (that is > there is no a config. file that I might simply turn on the password > prompt for root shell in such cases)? In short, yes. If you really want to be that paranoid (and there are good reasons for it, especially on laptops), you should be looking at encryption as your solution (dm-crypt, truecrypt, bitlocker), not passwords. Regards, Arno -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20111203000543.44f5a...@neminis.intra.loos.site
