Re: Passwordless root shell is offered when boot problem occurs.
Thank You for Your time and answer, Arno:
>From here it's all guesswork. You'd need to provide a full bootlog up
>to the point where the shell is started to get any meaningful answers.
Hmm. I thought everybody has the same OS behavior in such condition...
And the problem here is only improper/default configuration.
I have grepped through my logs on HDD partition that caused the boot
stop (because one partition was not mounted that set to be auto
mounted) - yet I did not find any statements on the mounting problems
and therefore I could not find the place in log files to see the
messages around the moment the stop or root password-less shell occurs.
What should I look for (the event recorded in the logs)?
>> >the like. But if you find yourself needing to secure against that,
>> >then you must also set a bootloader password, lock out alternative
>> >boot methods, set a BIOS password and put your machine behind lock
>> >and key. Do you really need that?
>>
>> At least I want that. Do You know how to do that?
>>
>
>I know the theory, that is all I know. The Debian initramfs is
>generated from scripts in /usr/share/initramfs-tools. To add files to
>it, you need to create a file in /etc/initramfs-tools/hooks that
>copies the required files (/sbin/sulogin, /etc/passwd and /etc/shadow)
>into the initramfs, and then you need to edit the panic() function
>scipts/functions to spawn sulogin instead of a shell.
In general, am I correct in understanding the situation, that what I
gonna do is abnormal behavior in Debian distro., and to have the root
password-less shell in "emergency" cases is OK for some (to
developers / security team) reasons - and in case I want to commit what
I have targeted, I have to develop the solution myself (that is there
is no a config. file that I might simply turn on the password prompt
for root shell in such cases)?
Reply to: