shaba/systemd
1
0
Fork 0
mirror of https://github.com/systemd/systemd.git synced 2025-09-10 21:45:06 +03:00
Code Activity

sulogin-shell: Use force if SYSTEMD_SULOGIN_FORCE set

Browse Source 
When the root account is locked sulogin will either inform you of
this and not allow you in or if --force is used it will hand
you passwordless root (if using a recent enough version of util-linux).

Not being allowed a shell is ofcourse inconvenient, but at the same
time handing out passwordless root unconditionally is probably not
a good idea everywhere.

This patch thus allows to control which behaviour you want by
setting the SYSTEMD_SULOGIN_FORCE environment variable to true
or false to control the behaviour, eg. via adding this to
'systemctl edit rescue.service' (or emergency.service):

[Service]
Environment=SYSTEMD_SULOGIN_FORCE=1

Distributions who used locked root accounts and want the passwordless
behaviour could thus simply drop in the override file in
/etc/systemd/system/rescue.service.d/override.conf

Fixes: #7115
Addresses: https://bugs.debian.org/802211
This commit is contained in:
Andreas Henriksson
2018-10-14 14:53:09 +02:00
committed by Lennart Poettering
parent d86c8a6cdb
commit 33eb44fe4a
2 changed files with 16 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
docs/ENVIRONMENT.md
View File

@@ -112,6 +112,12 @@ systemd-timedated:
first existing unit listed in the environment variable, and first existing unit listed in the environment variable, and
`timedatectl set-ntp off` disables and stops all listed units. `timedatectl set-ntp off` disables and stops all listed units.
systemd-sulogin-shell:
* `$SYSTEMD_SULOGIN_FORCE=1` — This skips asking for the root password if the
root password is not available (such as when the root account is locked).
See `sulogin(8)` for more details.
bootctl and other tools that access the EFI System Partition (ESP): bootctl and other tools that access the EFI System Partition (ESP):
* `$SYSTEMD_RELAX_ESP_CHECKS=1` — if set, the ESP validation checks are * `$SYSTEMD_RELAX_ESP_CHECKS=1` — if set, the ESP validation checks are

11
src/sulogin-shell/sulogin-shell.c
View File

@@ -9,6 +9,7 @@
#include "bus-util.h" #include "bus-util.h"
#include "bus-error.h" #include "bus-error.h"
#include "def.h" #include "def.h"
#include "env-util.h"
#include "log.h" #include "log.h"
#include "process-util.h" #include "process-util.h"
#include "sd-bus.h" #include "sd-bus.h"
@@ -89,7 +90,11 @@ static void print_mode(const char* mode) {
} }
int main(int argc, char *argv[]) { int main(int argc, char *argv[]) {
static const char* const sulogin_cmdline[] = {SULOGIN, NULL}; const char* sulogin_cmdline[] = {
SULOGIN,
NULL, /* --force */
NULL
};
_cleanup_(sd_bus_flush_close_unrefp) sd_bus *bus = NULL; _cleanup_(sd_bus_flush_close_unrefp) sd_bus *bus = NULL;
int r; int r;
@@ -99,6 +104,10 @@ int main(int argc, char *argv[]) {
print_mode(argc > 1 ? argv[1] : ""); print_mode(argc > 1 ? argv[1] : "");
if (getenv_bool("SYSTEMD_SULOGIN_FORCE") > 0)
/* allows passwordless logins if root account is locked. */
sulogin_cmdline[1] = "--force";
(void) fork_wait(sulogin_cmdline); (void) fork_wait(sulogin_cmdline);
r = bus_connect_system_systemd(&bus); r = bus_connect_system_systemd(&bus);