Re: [OT] sudo: restrict to physical console only?

[Marco Möller <talby@debianlists.mobilxpress.net>]

On 04.08.20 13:39, Greg Wooledge wrote:
> On Tue, Aug 04, 2020 at 11:44:04AM +0200, Marco Möller wrote:
> > As my root account is disabled, I do all administration as the "normal" user
> > with the help of sudo for running administrative commands. The user "root"
> > shall not login nowhere, not at the physical console and not by ssh, never.
>
> Remember that this also means you can never boot in single-user ("rescue")
> mode.  If you ever need to boot in quasi-rescue mode, you'll have to
> go down even lower and override the init= kernel parameter.
>
> If you don't know what that means, you should NOT be doing this.

Thanks for this warning, especially as this is a public mailing list and 
others might find this thread.
Fortunately I know already how to help me with the proper init=... boot 
parameter, which reminds me that I should check if this important detail 
is also mentioned in the Debian installation documentation or could be 
added there. I am afraid I have had to look it up elsewhere in the 
internet, when I needed it in the past, but am not sure about this 
detail anymore.