On Tue, Aug 04, 2020 at 07:39:53AM -0400, Greg Wooledge wrote:
> On Tue, Aug 04, 2020 at 11:44:04AM +0200, Marco Möller wrote:
> > As my root account is disabled, I do all administration as the "normal" user
> > with the help of sudo for running administrative commands. The user "root"
> > shall not login nowhere, not at the physical console and not by ssh, never.
>
> Remember that this also means you can never boot in single-user ("rescue")
> mode.
Right. As someone who actually likes and uses sudo (not everyone does,
and there are good reasons to dislike it), this was one of my main
critiques of that "root-less" scheme. Sitting in front of a console
telling you that / is mounted ro and to enter your root password when
you haven't one can be... frustrating :-)
OTOH practice has shown: if you're doing sudo, you will have forgotten
your root password anyway when you need it (I have, it's some horrible
"pwgen -n 16" or something), and it' back to...
> If you ever need to boot in quasi-rescue mode, you'll have to
> go down even lower and override the init= kernel parameter.
... or to some rescue image.
Cheers
- t
Attachment:
signature.asc
Description: Digital signature