[systemd-devel] systemd-nspawn and pam_securetty

Colin Guthrie gmane at colin.guthr.ie
Sat Dec 7 10:25:01 PST 2013


Hi,

So playing around a bit it seems our default pam config for pam.d/login
uses a pam_securetty to only allow root logins via "secure" seats.

The file /etc/securetty are tty0-6 and vc/1-6

When "booting" with nspawn, the tty is "console" and thus I cannot login
as root.

Can I ask people here a few questions:

1. Is pam_securetty worth it?
2. If so, is adding "console" to the default /etc/securetty safe?
3. And finally, if we should not add "console", could nspawn do
something clever with a temporary file + bind mount to temporarily allow
console logins in the /etc/securetty without actually modifying it.

Cheers!

Col

-- 

Colin Guthrie
gmane(at)colin.guthr.ie
http://colin.guthr.ie/

Day Job:
  Tribalogic Limited http://www.tribalogic.net/
Open Source:
  Mageia Contributor http://www.mageia.org/
  PulseAudio Hacker http://www.pulseaudio.org/
  Trac Hacker http://trac.edgewall.org/



More information about the systemd-devel mailing list