https://fedoraproject.org/wiki/Changes/FixRescueMode
== Summary == Fedora defaults to locking the root account, which is needed by single-user mode. This Change uses `sulogin --force` so the password request is bypassed under this circumstance. == Owner == * Name: [[User:Salimma|Michel Alexandre Salim]] * Email: mic...@michel-slm.name * Name: [[User:Ngompa|Neal Gompa]] * Email: ngomp...@gmail.com * Name: [[User:Davdunc|David Duncan]] * Email: davd...@amazon.com == Detailed Description == Users typically only use single-user mode in case the normal boot is not working. In the unfortunate situation that it happens, under the current setup they cannot recover without booting from a Fedora live image or another image, or by overriding `init=`, because our single-user mode requires a root password, and by default we lock the root account. A more user-friendly setup is to allow the password to be bypassed in case it's not set. This does not pose an increased security risk: - you can already boot with `init=/sysroot/bin/bash` anyway - anyone with physical access to a machine can probably compromise it - you can enforce the need for a root password in single-user mode by setting it This change will be implemented by pre-installing an RPM containing systemd overrides for `emergency.service` and `rescue.service`, similar to the [https://github.com/coreos/fedora-coreos-config/commit/eb74f2ea3e9b453902315539e4f327481162c4f8 CoreOS implementation], so users and editions/variants can opt out by removing this or omitting it from their default installation. == Benefit to Fedora == This Change provides a better out-of-the-box user experience in case they need to rescue their system, by making the rescue option presented in the bootloader actually work. == Scope == * Proposal owners: Ship the needed configuration change in a systemd subpackage. Test and verify that it works, then work with editions and spins to test and enable this by default by making `systemd` `Recommends: (systemd-rescue-defaults if dracut-config-rescue)` * Other developers: Test this and opt-out if necessary (eg cloud doesn't have a rescue initramfs so the package is deadweight). On variants where dracut-config-rescue is installed but an opt out is desired, excluding the package from installation will prevent it being installed on systemd upgrades * Release engineering: [https://pagure.io/releng/issue/10422 #10422] * Policies and guidelines: N/A (not needed for this Change) * Trademark approval: N/A (not needed for this Change) * Alignment with Objectives: N/A == Upgrade/compatibility impact == Upgrades would pull in this automatically, see [https://fedoraproject.org/wiki/Changes/ExcludeFromWeakAutodetect] == How To Test == - `dnf install systemd-rescue-defaults` - reboot and verify rescue mode works == User Experience == Rescue mode works out of the box, without resorting to overriding init= or using a live media. == Dependencies == - most changes will be done in the `systemd` package - for variants that need to opt out we'll need to modify their kickstart files == Contingency Plan == * Contingency mechanism: if the `Recommends` have been added to systemd, remove it and potentially add an `Obsoletes:` to remove older known-bad versions of `rescue-defaults` * Contingency deadline: Beta freeze * Blocks release? No == Documentation == The built-in rescue mode now works out of the box without needing to use a live image. For added security you can set a root password. -- Ben Cotton He / Him / His Fedora Program Manager Red Hat TZ=America/Indiana/Indianapolis _______________________________________________ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
