UNTESTED: Use sulogin --force when locking root account
Some users have found the new behaviour really surprising and unconvenient, since we switched from using the src:sysvinit to using the src:util-linux sulogin implementation. The src:sysvinit implementation used to have a patch that allowed passwordless root shell when the root account was locked. The src:util-linux had no such functionality initially, but then later added it under the --force flag which needs to be passed explicitly. Since systemd 240 there's now a simple way to enable passing the flag if desired. This commit restores the previous Debian behaviour for new installs which disables the root account. Since debian by default doesn't have a locked down secure boot, it's trivial to just pass init=/bin/bash on the kernel command line in the bootloader. Someone might however want to manually secure and lock down their system so by using the overrides hopefully it should be discoverable enough (via systemd-delta) while also making it possible to avoid sulogin using --force if desired. See comments committed in the code for more verbose explanation. !!!!! BEWARE THIS CHANGE IS COMPLETELY UNTESTED !!!!! TODO: maybe db_input passwd/sulogin-force should only be run if db_get passwd/root-locked is TRUE? The question mostly exists to make it possible for people to disable via preseeding though.
Showing with 43 additions and 0 deletions