initscripts: Restore locked root account access by using sulogin --force

Benda Xu heroxbd at
Thu Nov 15 04:13:26 GMT 2018

Hi Andreas,

Dmitry Bogatov <KAction at> writes:

> [2016-05-07 11:12] Andreas Henriksson <andreas at>
>> [...]
>> The initscripts package (src:sysvinit) needs equivalent changes to
>> restore the old status quo (and thus ignoring potential kiosk mode usecase
>> problems -- kiosk mode users should alter their init scripts and remove
>> the --force flag to be secure).
> Sounds convincing to me. So I prepared commit wip/bug-823660.  Dear
> co-maintainers, any objections?

@Andreas, what do you mean by "kiosk mode"?  Could you please define it

I don't think sysvinit should blindly follow behaviors of systemd.
Entering the system as root without password prompt is a severe security

You may argue that if a cracker gets physical access to the machine, the
system is actually compromised.  Well, a cracker, sometimes a thief,
usually has a limited time penetrating a computer physically, while a
system administrator has virtually infinite amount of time.  Therefore,
the ease of not entering root password for sysadmin, does not shift the
risk that the system gets compromised quickly.

> Andreas Henriksson <andreas at>
> The systemd package has been updated to pass the --force flag.

As the sulogin(8) says,

> Only use the -e option if you are sure the console is physically
> protected against unauthorized access.

Systemd imposes a big security risk to all the ignorant users without
telling them they need to make sure their console is physically
protected against unauthorized access, which is a harmful move we should
not follow.


More information about the Debian-init-diversity mailing list