[Mageia-dev] bug, omission or feature

Colin Guthrie mageia at colin.guthr.ie
Sun Jun 3 17:52:47 CEST 2012

'Twas brillig, and Richard Couture at 03/06/12 12:27 did gyre and gimble:
> I notice that when, at the end of the installation of MGA2, I select the
> level of security as HIGH, that I am permitted entry into the system in
> Linux Single mode without a challenge password, which is a new, and IMHO
> undesirable, behavior from previous versions.
> Is this a new feature, or have I stumbled upon a bug?
> The /etc/inittab does have ~~:S:wait:/sbin/sulogin in it but I can get
> in without a password... Must be something new in system D

/etc/inittab is no longer used or read.

For single user mode now-a-days we boot to rescue.target (this is done
automatically if you just put a 1 at the end of the kernel command line
to support "runlevel 1").

Ultimately this pulls in rescue.service

This file should source the contents of /etc/sysconfig/init and then

/bin/bash -c "exec ${SINGLE}"

So please check /etc/sysconfig/init and make sure SINGLE is set to
/sbin/sulogin rather than /sbin/sushell.

However you will see from previous threads that I'm not convinced
sulogin is actually working all that well just now and it some
pre-release testing it didn't run properly for me.

On the whole, this kind of "security" is basically bullshit anyway. It
might make things a tiny bit harder, but if you can get into the
bootloader to append a 1 on the command line, you can also append
init=/bin/bash too which totally bypasses everything too. So while it's
maybe a nice idea, for all practical purposes, it's not any kind of real
security anyway, so don't rely on it!



Colin Guthrie

Day Job:
  Tribalogic Limited http://www.tribalogic.net/
Open Source:
  Mageia Contributor http://www.mageia.org/
  PulseAudio Hacker http://www.pulseaudio.org/
  Trac Hacker http://trac.edgewall.org/

More information about the Mageia-dev mailing list