Once upon a time, Bill Nottingham <nott...@redhat.com> said: > However, this changes behavior that has existed since the dawn > of time in Red Hat/Fedora systems; with this change, single-user > mode would now require the root password. This is both when > booting with 'linux single/linux S', or going to runlevel 1 > with 'telinit 1'.
Well, that would make changing an unknown root password more annoying. At a minimum, you should add the -e option (so if the files are corrupted you can still get in). How about moving /usr/bin/runcon to /bin and using that to call bash instead? In any case, the same method should be used for fsck failures, which right now is sulogin, without the -e (but SELinux is disabled for that shell, which doesn't seem like a good idea to me). I have some old (ancient?) Cobalt RaQs that use sulogin instead of just calling bash, and it is just an annoyance; it doesn't really secure anything (physical access trumps all). If you are trying to secure a system, you need to password-protect the boot loader anyway. -- Chris Adams <cmad...@hiwaay.net> Systems and Network Administrator - HiWAAY Internet Services I don't speak for anybody but myself - that's enough trouble. -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel
