Bug#977358: release-notes: document how to make the rescue mode usable if no root password is set (buster)
Hi Richard,
On Mon, 23 Dec 2024 at 16:03, Richard Lewis
<richard.lewis.debian@googlemail.com> wrote:
>
> On Sat, 03 Jun 2023 13:10:09 +0100
>
> > Although this was documented for bullseye, the underlying cause
> > remains, and I think that it could be valuable for users to continue
> > to have this documentation available.
>
> > I've tested that the previously-added guidance from the bullseye
> > release notes remains valid and works on a bookworm system, and have
> > pushed a branch[1] to Salsa to restore the documentation.
> >
> > Bugreport #952450 tracks a longer-term fix, and once that is resolved
> > I think it'd be fine to drop this note from the release-notes.
>
> The original bug referred to
> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=802211 - fixed in
> bookworm
Yep, as mentioned in Andrei's report, the SYSTEMD_SULOGIN_FORCE config
option, allowing successful emergency/rescue login when the root
account is locked, became available in systemd v240 and was included
in bookworm.
> The above refers to
> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=952450 is open as of
> 23 Dec 2024
Indeed - it is yet-to-be-decided whether SYSTEMD_SULOGIN_FORCE will be
automatically enabled by the Debian installer when a locked root
account is requested. Currently, the setting is not configured.
> I think this bug is about using system and rescue mode, which we
> currently have section 4.1.4.2
> trixie: https://www.debian.org/releases/trixie/release-notes/upgrading.en.html#debug-shell-during-boot-using-systemd
> source: https://salsa.debian.org/ddp-team/release-notes/-/blame/master/source/upgrading.rst#L161
>
> bookworm: https://www.debian.org/releases/bookworm/amd64/release-notes/ch-upgrading.en.html#recovery
> source: https://salsa.debian.org/ddp-team/release-notes/-/blame/bookworm/en/upgrading.dbk?ref_type=heads#L188
>
> Is there still something to document for a) bookworm and b) trixie,
> and if so, what should it say?
The intention of that documentation appears to be to explain how to
users/sysadmins how to reach a root shell in case of unexpected
boot-time system failures (I say that based on the sentence, "If the
boot fails under systemd, it is possible to obtain a debug root shell
by changing the kernel command line.").
In my experience, if the root password on a Debian installation is
locked, then rebooting into the systemd rescue.target and/or
emergency.target targets will _not_ provide a root shell (repeating
myself in an attempt to communicate my understanding: this is due to
the absence of the SYSTEMD_SULOGIN_FORCE setting).
As a result, I think there does indeed continue to be a gap in the
documentation, and that either Andrei's suggested issue-note[1] -
and/or mentioning the relevant systemd config setting may be required
to boot into rescue/emergency mode, would be worthwhile.
(I have confirmed locally that it is still necessary to add the config
option to get to a root shell when rebooting into those targets)
Regards,
James
[1] - https://salsa.debian.org/ddp-team/release-notes/-/commit/ad648eb9abc159d60319eccb81756e3825eae374
Reply to: