On 08/16/2017 12:04 PM, Donald Russell wrote: > Our security model does not allow sudo. Instead we use something called > pmrun which requires authentication across a network. (Don't get me started > on the pitfalls of that)
PBRUN at least fits the model of "don't sign on as root - sign on as yourself and then do root as appropriate". So at 30000ft they provide the same service, which I recommend. Objectively, PBRUN has the exposure that when the network is down you're stuck. (Conflicting requirements between your security people and your business continuity people. Lock them in a room together and let them fight it out.) > sudo nor pmrun address the issue of the "*Enter root password for > maintenance, or CTL-D to continue*" prompt when the system has problems > starting up. Indeed. And that prompt is driven by the INITRD phase, before /sbin/init (or SystemD) gets control and could spawn your console shell. > I've convinced our security people that the zLinux console is acceptably > protected by the "logon by" option, especially after pointing out how the > typed zLinux password is displayed, and the console is spooled. Awesome! Progress. > So, now I just want to get all this auto-login working properly. :-) Should be just a question of getting a shell spawned directly (either via inittab or from SystemD). Call or send email off-list if I can help. -- R; <>< ---------------------------------------------------------------------- For LINUX-390 subscribe / signoff / archive access instructions, send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit http://www.marist.edu/htbin/wlvindex?LINUX-390 ---------------------------------------------------------------------- For more information on Linux on System z, visit http://wiki.linuxvm.org/
