[systemd-devel] Emergency mode if non-critical /etc/fstab entries are missing
Lennart Poettering
lennart at poettering.net
Thu Nov 3 21:55:35 UTC 2016
On Mon, 26.09.16 07:02, Marc Haber (mh+systemd-devel at zugschlus.de) wrote:
> On Mon, Sep 26, 2016 at 10:52:50AM +1300, Sergei Franco wrote:
> > The emergency mode assumes console access, which requires physical access,
> > which is quiet difficult if the machine is remote.
>
> It does also assume knowledge of the root password, which is in
> enterprise environments not often the case. Enterprises usually have
> root passwords stowed away in a safe, behind a three-headed guard dog,
> requiring management approval, and > 2 eyes mechanisms, and usually
> have password-changing processes attached that touch other machines
> sharign the same root password as well (for example because the root
> password hash is stamped into the golden image).
>
> Many enterprise environments that I know have their processes geared
> in a way that the root password is not needed in daily operation.
> Login via ssh key, privilege escalation via sudo.
>
> systemd requiring the root password because some tertiary file system
> doesn't mount is a nuisance for those environments.
>
> Some sites have resorted to adding "nofail" to all fstab lines just to
> find themselves with the next issue since the initramfs of some
> distributions doesn't know this option yet.
"nofail" has been around as long as fstab has been around really. It's
not a systemd invention.
Lennart
--
Lennart Poettering, Red Hat
More information about the systemd-devel
mailing list