[arch-general] Initramfs fallback render
Rodrigo Rivas
rodrigorivascosta at gmail.com
Fri Nov 15 08:52:33 EST 2013
On Fri, Nov 15, 2013 at 10:05 AM, Ismael Bouya
<ismael.bouya at normalesup.org>wrote:
> (Fri, Nov 15, 2013 at 09:45:15AM +0100) Rodrigo Rivas :
> > On Fri, Nov 15, 2013 at 1:55 AM, Ismael Bouya
> > <ismael.bouya at normalesup.org>wrote:
> > > However when we need to boot into "fallback mode", initramfs asks for
> root
> > > password! Is there a standard/automated way to ask/permit another user
> via
> > > initramfs in Archlinux?
> >
> >
> > ...because you should only do that when your boot console is secure. The
> > argument is that if anyone has physical access to your computer, they can
> > boot from a LiveCD or USB anyway...
>
>
> Well, that's how I dealt with my problem, I was lucky that I had one,
> but...
>
>
> >
> > > If not, how do you deal with that usually?
> > >
> >
> > Let's go to the point! The pasword is asked by the systemd services
> > "emergency.service" or "rescue.service", that run "/sbin/sulogin".
> >
> > So your easiest solution is to modify these services to use the argument
> > "--force", that according to "man sulogin" will do what you want:
> >
> > For that create the directory "/etc/systemd/system/emergency.service.d"
> and
> > in it the file "10-nopasswd.conf" with this content:
> >
> > [Service]
> > ExecStart=-/sbin/sulogin --force
> >
> > And the same repacing rescue for emergency.
>
> Hum that will accept passwordless login wont it? I was telling of accepting
> a specific (trusted) user's password instead of root's
Yes, I thought that was the point. But you want to use the user password...
the same as with "sudo", makes sense.
You could using "login" instead of "sulogin". Or if you feel brave enough
you could even add a link to "getty at tty2.service" or "getty at tty1.service"
into "/etc/systemd/system/{rescue,emergency}.target.wants" and see what
happens (you may have to manually switch to VT2, though).
> But at least I know now which direction to look at, I'll test it next time
> I have physical access to my computer, and report..
>
> Thanks!
>
> --
> Ismael
>
Best regards!
--
Rodrigo
More information about the arch-general
mailing list