On Fri, Nov 15, 2013 at 10:05 AM, Ismael Bouya <ismael.bouya@normalesup.org>wrote:
(Fri, Nov 15, 2013 at 09:45:15AM +0100) Rodrigo Rivas :
On Fri, Nov 15, 2013 at 1:55 AM, Ismael Bouya <ismael.bouya@normalesup.org>wrote:
However when we need to boot into "fallback mode", initramfs asks for root password! Is there a standard/automated way to ask/permit another user via initramfs in Archlinux?
...because you should only do that when your boot console is secure. The argument is that if anyone has physical access to your computer, they can boot from a LiveCD or USB anyway...
Well, that's how I dealt with my problem, I was lucky that I had one, but...
If not, how do you deal with that usually?
Let's go to the point! The pasword is asked by the systemd services "emergency.service" or "rescue.service", that run "/sbin/sulogin".
So your easiest solution is to modify these services to use the argument "--force", that according to "man sulogin" will do what you want:
For that create the directory "/etc/systemd/system/emergency.service.d"
and
in it the file "10-nopasswd.conf" with this content:
[Service] ExecStart=-/sbin/sulogin --force
And the same repacing rescue for emergency.
Hum that will accept passwordless login wont it? I was telling of accepting a specific (trusted) user's password instead of root's
Yes, I thought that was the point. But you want to use the user password... the same as with "sudo", makes sense. You could using "login" instead of "sulogin". Or if you feel brave enough you could even add a link to "getty@tty2.service" or "getty@tty1.service" into "/etc/systemd/system/{rescue,emergency}.target.wants" and see what happens (you may have to manually switch to VT2, though).
But at least I know now which direction to look at, I'll test it next time I have physical access to my computer, and report..
Thanks!
-- Ismael
Best regards! -- Rodrigo