[systemd-devel] systemd-nspawn and pam_securetty

Kay Sievers kay at vrfy.org
Sat Dec 7 11:00:30 PST 2013


On Sat, Dec 7, 2013 at 7:25 PM, Colin Guthrie <gmane at colin.guthr.ie> wrote:
> So playing around a bit it seems our default pam config for pam.d/login
> uses a pam_securetty to only allow root logins via "secure" seats.
>
> The file /etc/securetty are tty0-6 and vc/1-6
>
> When "booting" with nspawn, the tty is "console" and thus I cannot login
> as root.
>
> Can I ask people here a few questions:
>
> 1. Is pam_securetty worth it?
> 2. If so, is adding "console" to the default /etc/securetty safe?
> 3. And finally, if we should not add "console", could nspawn do
> something clever with a temporary file + bind mount to temporarily allow
> console logins in the /etc/securetty without actually modifying it.

I never really understood what securetty was good for, it is usually
nothing but annoying. I don't think it makes much sense in a default
setup.

Kay


More information about the systemd-devel mailing list