In bug #802211, Michael Biebl writes: > Systemd now provides a mechanism to set the desired behaviour. > It is now up to the installer or admin to set this up accordingly.
I think the mechanism he's referring to is to set an environment variable SYSTEMD_SULOGIN_FORCE=1, which will cause systemd to invoke sulogin with the --force option (i.e., if the root account is locked or has no password, then log in without asking for a password.) See <https://github.com/systemd/systemd/issues/7115>. Personally I'm not sure this is the best idea - it'd be better to ask for the username and password of somebody allowed to use sudo. But if that's too complicated/fragile to implement easily, then falling back to root access on the console without a password is probably better than making the system completely unusable (unless you can boot from an alternate device or modify the bootloader arguments.) So in the absence of a better solution, the installer probably ought to enable SYSTEMD_SULOGIN_FORCE=1 if the administrator chooses not to set a root password.
