From Fedora Project Wiki
(use sushell for SELinux) |
(/etc/grub.d/12_menu_auto_hide) |
||
| (13 intermediate revisions by 4 users not shown) | |||
| Line 1: | Line 1: | ||
= | = enable debug-shell for Ctrl-Alt-F9 = | ||
In case of boot-time problems with systemd, it is useful to have a | In case of e.g. boot-time problems with '''systemd''', it is useful to have as root a debug-shell early available. | ||
'''CTRL+ALT+F9''' will immediately switch to the debug-shell ("bash") without prompting for the password, saving precious time. | |||
{{admon/warning|This debug-shell requires no authentication and provides root privileges to anyone who has '''physical access''' to the machine hitting '''CTRL+ALT+F9''' keys. Hence, turn it on only as needed and disable it afterwards.}} | |||
* Enable using <code>systemctl enable debug-shell</code> | |||
{{admon/tip|Manual enabling|If you find yourself in a situation where you can neither edit e.g. in grub2 the kernel parameters nor use '''systemctl''' (e.g. when setting this up remotely from a different system), you could enable the service manually: | |||
* Enable | |||
{{admon/tip|Manual enabling|If you find yourself in a situation where you | |||
<pre>cd $PATH_TO_FEDORA_ROOT/etc/systemd/system | <pre>cd $PATH_TO_FEDORA_ROOT/etc/systemd/system | ||
mkdir sysinit.target.wants | mkdir sysinit.target.wants | ||
ln -s | ln -s /usr/lib/systemd/system/debug-shell.service sysinit.target.wants/</pre>}} | ||
* Next time | * Next time after booting, you will be able to switch to '''tty9''' by pressing the 3 key combo '''CTRL+ALT+F9''' and have a '''bash''' debug-shell available from an early stage in the booting process. | ||
Use the debug-shell e.g. for checking the status of services, reading logs, looking for stuck jobs with <code>systemctl list-jobs</code>, '''htop''' , '''killall''' etc.. | |||
* When done, disable with <code>systemctl disable debug-shell</code> to keep others from obtaining passwordless root access. | |||
* You may also want to consider alternative troubleshooting techniques available as kernel parameters. Edit e.g. GRUB2 vmlinuz line, adding | |||
'''debug rescue emergency 1 ''' | |||
or a combination of those for example. Those will limit the processes being launched by '''systemd'''. | |||
* To enable the debug-shell on a legacy-BIOS based PC with '''grub2''' for every boot henceforth, type in '''bash''': | |||
grubby --args=systemd.debug-shell --update-kernel=ALL | |||
and when done debugging, | |||
grubby --remove-args=systemd.debug-shell --update-kernel=ALL | |||
to disable it via [[GRUB_2]] for better security. | |||
* '''sudo grub2-editenv - unset menu_auto_hide''' will make the grub2 menu permanently visible via '''/etc/grub.d/12_menu_auto_hide''' if pressing the SHIFT or ESC key during boot for visibility once is not enough. | |||
{{admon/warning|Use | {{admon/warning|Use the debug-shell only while actually debugging!|Do not forget to disable '''debug-shell.service''' after you've finished debugging your boot problems. Leaving the root debug-shell always available would be a security risk since anybody in presence could just press '''Ctrl+Alt+F9''' to obtain root privilege.}} | ||
Latest revision as of 08:47, 4 June 2021
enable debug-shell for Ctrl-Alt-F9
In case of e.g. boot-time problems with systemd, it is useful to have as root a debug-shell early available. CTRL+ALT+F9 will immediately switch to the debug-shell ("bash") without prompting for the password, saving precious time.
This debug-shell requires no authentication and provides root privileges to anyone who has physical access to the machine hitting CTRL+ALT+F9 keys. Hence, turn it on only as needed and disable it afterwards.
- Enable using
systemctl enable debug-shell
Manual enabling
If you find yourself in a situation where you can neither edit e.g. in grub2 the kernel parameters nor use systemctl (e.g. when setting this up remotely from a different system), you could enable the service manually:
If you find yourself in a situation where you can neither edit e.g. in grub2 the kernel parameters nor use systemctl (e.g. when setting this up remotely from a different system), you could enable the service manually:
cd $PATH_TO_FEDORA_ROOT/etc/systemd/system mkdir sysinit.target.wants ln -s /usr/lib/systemd/system/debug-shell.service sysinit.target.wants/
- Next time after booting, you will be able to switch to tty9 by pressing the 3 key combo CTRL+ALT+F9 and have a bash debug-shell available from an early stage in the booting process.
Use the debug-shell e.g. for checking the status of services, reading logs, looking for stuck jobs with systemctl list-jobs, htop , killall etc..
- When done, disable with
systemctl disable debug-shellto keep others from obtaining passwordless root access. - You may also want to consider alternative troubleshooting techniques available as kernel parameters. Edit e.g. GRUB2 vmlinuz line, adding
debug rescue emergency 1
or a combination of those for example. Those will limit the processes being launched by systemd.
- To enable the debug-shell on a legacy-BIOS based PC with grub2 for every boot henceforth, type in bash:
grubby --args=systemd.debug-shell --update-kernel=ALL
and when done debugging,
grubby --remove-args=systemd.debug-shell --update-kernel=ALL
to disable it via GRUB_2 for better security.
- sudo grub2-editenv - unset menu_auto_hide will make the grub2 menu permanently visible via /etc/grub.d/12_menu_auto_hide if pressing the SHIFT or ESC key during boot for visibility once is not enough.
Use the debug-shell only while actually debugging!
Do not forget to disable debug-shell.service after you've finished debugging your boot problems. Leaving the root debug-shell always available would be a security risk since anybody in presence could just press Ctrl+Alt+F9 to obtain root privilege.
Do not forget to disable debug-shell.service after you've finished debugging your boot problems. Leaving the root debug-shell always available would be a security risk since anybody in presence could just press Ctrl+Alt+F9 to obtain root privilege.