Bug#952450: user-setup: set SYSTEMD_SULOGIN_FORCE=1 in env for rescue/emergency.service when root account is locked
Followup-For: Bug #952450
X-Debbugs-Cc: 1035543@bugs.debian.org, tytso@mit.edu
As an experiment, I recently updated a functional Debian bookworm system to
boot into the systemd 'rescue.target' by default, to test the single-user /
recovery experience as part of #1035543 bug assessment.
My understanding from the relevant manual[1] is that 'emergency.target' is a
similar, albeit even more basic systemd state that is automatically selected
if early boot preconditions fail and/or when serious errors occur.
The system used for testing has a locked root user account, but is essentially
a single-user environment, as I think is typical for many individually-operated
laptops, smartphones and other consumer computing devices.
There are various considerations to balance here, and because some of those
are context/usage-specific, I agree with Raphaël that a debconf question to
figure out the intended behaviour would make sense. My understanding of it is
something like: "when your system breaks for some reason, are you ok with the
next person who reboots it -- yourself or anyone else -- being able to access
the contents and potentially attempt recovery?"
Most of my experience with that scenario has been that either I or some other
process has broken my computer, and I'd generally much prefer to be able to get
to a recovery prompt without having to use other more time-consuming methods
like removing the disk or finding other ways to get back into the system; but I
can understand that those kind of choices vary person-to-person and over time.
[1] - https://manpages.debian.org/bullseye/systemd/systemd.special.7.en.html
Reply to: