On 2017-09-20, solitone <solit...@mail.com> wrote: > When I boot in rescue mode, I get this message: > > Cannot open access to console, the root account is locked. See > sulogin(8) man page for more details > > When I press Enter to continue, it continues bootup in normal graphical > mode. > > Would it be wiser to unlock the root account, so that I can go into > single user mode? Or is there something I can do, without unlocking the > root account? >
It seems this a "bug." https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=802211 Michael Biebl says (to explain why careful deliberation is called for before it's "fixed"): Consider this: You have a laptop with a locked root account. By default the grub boot loader generates a boot entry for rescue mode. So, even if you lock down the bios to not allow booting from CD-Rom or USB, and you password protect grub, someone could easily get root access if you leave the laptop unattended for a moment. Marga Manterola created a "drop-in" fix: cat /etc/systemd/system/rescue.service.d/sulogin.conf [Service] ExecStart= ExecStart=-/bin/sh -c "/sbin/sulogin --force; /bin/systemctl --job-mode=fail --no-block default" the security implications of which ("/sbin/sulogin --force") are beyond my meager abilities to comment upon. -- "Time flies like an arrow. Fruit flies like a banana." Groucho
