sulogin-shell: Use force if SYSTEMD_SULOGIN_FORCE set

When the root account is locked sulogin will either inform you of this and not allow you in or if --force is used it will hand you passwordless root (if using a recent enough version of util-linux). Not being allowed a shell is ofcourse inconvenient, but at the same time handing out passwordless root unconditionally is probably not a good idea everywhere. This patch thus allows to control which behaviour you want by setting the SYSTEMD_SULOGIN_FORCE environment variable to true or false to control the behaviour, eg. via adding this to 'systemctl edit rescue.service' (or emergency.service): [Service] Environment=SYSTEMD_SULOGIN_FORCE=1 Distributions who used locked root accounts and want the passwordless behaviour could thus simply drop in the override file in /etc/systemd/system/rescue.service.d/override.conf Fixes: #7115 Addresses: https://bugs.debian.org/802211
2026-04-14 00:14:32 +09:00 · 2018-10-14 14:53:09 +02:00
parent d86c8a6cdb
commit 33eb44fe4a
2 changed files with 16 additions and 1 deletions
--- a/docs/ENVIRONMENT.md
+++ b/docs/ENVIRONMENT.md
@@ -112,6 +112,12 @@ systemd-timedated:
  first existing unit listed in the environment variable, and
  `timedatectl set-ntp off` disables and stops all listed units.

+systemd-sulogin-shell:
+
+* `$SYSTEMD_SULOGIN_FORCE=1` — This skips asking for the root password if the
+  root password is not available (such as when the root account is locked).
+  See `sulogin(8)` for more details.
+
 bootctl and other tools that access the EFI System Partition (ESP):

 * `$SYSTEMD_RELAX_ESP_CHECKS=1` — if set, the ESP validation checks are