Golded

- RBERRYPI ---------------- < Пред. | След. > -- < @ > -- < Сообщ. > -- < Эхи > --

Nп/п : 24 из 100

От : Richard Kettlewell 3:633/10 25 мар 26 23:25:37

К : All 25 мар 26 03:08:02

Тема : Re: Why you need a root password

----------------------------------------------------------------------------------

@MSGID: 3:633/10 84d70547
@REPLY: 3:633/10 d1068965
@PID: PyGate 1.5.13
@TID: PyGate/Linux 1.5.13
@CHRS: CP1252 2
@TZUTC: 0000
@REPLYADDR: invalid@invalid.invalid
@REPLYTO: 3:633/10 UUCP
@RFC-Message-ID:
<wwv8qbfo5ji.fsf@LkoBDZeT.terraraq.uk>
not@telling.you.invalid (Computer Nerd Kev) writes:
> The Natural Philosopher <tnp@invalid.invalid> wrote:
>> ...if your system fails to boot and you end up in maintenance mode
>> there is no way out except use of the root login and password...
>
> Strange, if it can read the root password hash from storage, why
> can`t it read the other ones? Does RPi OS it store that password in
> the initrd but not the other ones? When they can`t mount the root
> filesystem, I remember other Linux distros going to a command prompt
> without asking for a password, though I haven`t seen what RPi OS
> does.

I think TNP is seeing the emergency.service unit, which is run under
certain boot failure conditions. The effect is to run sulogin, which
normally requests the root password.

AFAICT if there is no root password set, sulogin will give you a root
shell without requesting any authentication.

Even if that doesn?t go as expected, you can edit the kernel command
line to point init at a shell, which will then run without any tedious
business with passwords, as long as it actually exists. So, there?s
definitely another way.

On an x86 device running Grub you can do this easily in the boot-time
UI. I don?t know if there?s an interactive way to do it on any Pi models
but in the worst case you could mount the SD card with another computer
and edit the kernel command line.

If boot fails before / is mounted then I think you get an initramfs
shell, without any authentication. Certainly my initramfs doesn?t
include any password hashes. I don?t feel like doing the experiment l-)

References:

  https://man7.org/linux/man-pages/man7/systemd.special.7.html
  https://man7.org/linux/man-pages/man8/sulogin.8.html
  https://github.com/util-linux/util-linux/blob/master/login-utils/sulogin.c

--
https://www.greenend.org.uk/rjk/

--- PyGate Linux v1.5.13
* Origin: Dragon`s Lair, PyGate NNTP<>Fido Gate (3:633/10)
SEEN-BY: 19/10 50/109 153/757 218/840 840 220/70
221/1 6 360 226/17 100
SEEN-BY: 229/426 240/1120 267/800 301/1 113 812
310/31 335/364 341/66 463/68
SEEN-BY: 633/10 280 414 416 418 420 422 509 2744
712/848 770/1 3 100 340 350
SEEN-BY: 772/210 220 230 5019/40 5020/715 848 1042
4441 12000 5030/49 722
SEEN-BY: 5030/1081 1474 5053/55 5061/133 5075/128
@PATH: 633/10 280 770/1 218/840 221/6 301/1
5020/1042 4441

GoldED+ VK │ │ 09:55:30