I work in a lab environment. The BIOS is locked not to boot from CD, and grub has a password for recovery mode. Several gnome settings are locked down, etc.
Though in my lab boxes are not physically locked, most students do not know that taking out the motherboard battery will often reset the password to clear. In any case, when a root fsck fails in checkroot.sh (and I don't think in checkfs.sh, but maybe), students are presented with a password-less root shell. That's really just asking for it. I suggest /etc/default/rsS variable to set the option to 0) not drop to a root shell 1) shutdown (not reboot) after a specified period, perhaps infinite 2) have a customized message My /etc/init.d/checkroot.sh, on a up-to-date feisty, looks like this on line 183 and 318, instead of running sulogin $CONSOLE at all: log_failure_msg "Sorry, will not start a password-less maintenance shell here. Have the network administrator check the root filesystem." sleep 6000 shutdown -h now The default behaviour can then be discussed at length, probably it is OK to drop to a root shell since everyone has recovery option by default anyway, and by default BIOS/GRUB/recovery does not prompt, right? -- on fscheck a root shell is presented without password https://bugs.launchpad.net/bugs/66001 You received this bug notification because you are a member of Ubuntu Bugs, which is the bug contact for Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
