Make Rescue Mode Work With Locked Root
Fedora defaults to locking the root account, which is needed by single-user mode. This Change uses
sulogin --force so the password request is bypassed under this circumstance.
- Name: Michel Alexandre Salim, Neal Gompa, David Duncan
- Email: firstname.lastname@example.org, email@example.com, firstname.lastname@example.org
- Targeted release: Fedora Linux 37
- Last updated: 2022-05-17
- devel thread
- FESCo issue: #2713
- Tracker bug: <will be assigned by the Wrangler>
- Release notes tracker: <will be assigned by the Wrangler>
Users typically only use single-user mode in case the normal boot is not working. In the unfortunate situation that it happens, under the current setup they cannot recover without booting from a Fedora live image or another image, or by overriding
init=, because our single-user mode requires a root password, and by default we lock the root account.
A more user-friendly setup is to allow the password to be bypassed in case it's not set.
This does not pose an increased security risk:
- you can already boot with
- anyone with physical access to a machine can probably compromise it
- you can enforce the need for a root password in single-user mode by setting it
This change will be implemented by pre-installing an RPM containing systemd overrides for
rescue.service, similar to the CoreOS implementation, so users and editions/variants can opt out by removing this or omitting it from their default installation.
Benefit to Fedora
This Change provides a better out-of-the-box user experience in case they need to rescue their system, by making the rescue option presented in the bootloader actually work.
- Proposal owners: Ship the needed configuration change in a systemd subpackage. Test and verify that it works, then work with editions and spins to test and enable this by default by making
Recommends: (systemd-rescue-defaults if dracut-config-rescue)
- Other developers: Test this and opt-out if necessary (eg cloud doesn't have a rescue initramfs so the package is deadweight). On variants where dracut-config-rescue is installed but an opt out is desired, excluding the package from installation will prevent it being installed on systemd upgrades
- Release engineering: #10422
- Policies and guidelines: N/A (not needed for this Change)
- Trademark approval: N/A (not needed for this Change)
- Alignment with Objectives: N/A
Upgrades would pull in this automatically, see 
How To Test
dnf install systemd-rescue-defaults
- reboot and verify rescue mode works
Rescue mode works out of the box, without resorting to overriding init= or using a live media.
- most changes will be done in the
- for variants that need to opt out we'll need to modify their kickstart files
- Contingency mechanism: if the
Recommendshave been added to systemd, remove it and potentially add an
Obsoletes:to remove older known-bad versions of
- Contingency deadline: Beta freeze
- Blocks release? No
The built-in rescue mode now works out of the box without needing to use a live image. For added security you can set a root password.