On 07/02/2009 04:18 PM, Seewer Philippe wrote:
Hans de Goede wrote:3) chmod /proc/cmdline 400, so that it cannot be read by ordinary users, plugging the passwork leak problemThis does not really plug the leak. Just boot until initramfs is loaded, pull the network plug and wait until dracut drops us to a (root-)shell.
Ah, which reminds me, that we should have an option to turn that off.
Now the remaining question is how to implement the adding of the needed cmdline options to grub.conf.Question: Is it really necessary to provide username/password to dracut? Wouldn't it be better to ask the user? I mean if a mount is password protected, be it cryptroot, nfs4 or whatever, shouldn't the user enter the data?
username/password for iSCSI disks entered by a normal user every day he boots his diskless client?