On Tue, Jan 31, 2012 at 2:28 AM, Sergio Ballestrero
<[log in to unmask]> wrote:
> On 30 Jan 2012, at 23:39, Yasha Karant wrote:
>> Upon boot, automatic fsck failed, and a request was posted for root password.  However, no more than one character of the password would be accepted, causing an endless loop to this condition and not allowing me control of the system (run fsck manually).
>
> For the next time (because there's always one ;-) ), you can use
> init=/bin/bash
> as a boot option, it will completely skip the standard init and therefore the root password request.
>
> It's anyway interesting that you could not login as root. What do you have in nsswitch and pam.d/system-auth ?
>
> Cheers,
>  Sergio

Usually works well, but bot if you've got your grub password
protected. Such protection is common practice for high security
setups, especially now that grub supports encrypted passwords. It's
very advantageous for laptops, to prevent !@#$!@#$ smart alecks from
booting your laptop into single user mode and throwing a party with
your plain text stored data. (Subversion passwords and
un-password-protected SSH keys come to mind, in particular. I've done
this for workplace data recovery.)

It also raises the threshold for root access to virtualization guests.
I've had some.... fascinating discussions about system security for
these, especially for LabManager setups where people could freely
clone OS images and we *really* did not want our development users
running rampant with root access. It's a very handy feature for
slowing down people who should *not* have such automatic root access.