sulogin

sulogin [options] [tty]

-e
    Do not require a password for single-user mode. This can be useful when the root account has no password set.

-f
    Force login even if /var/run/utmp cannot be opened for writing.

-h
    Display help and exit.

-p
    Preserve environment variables.

-t timeout
    Set the timeout (in seconds) after which sulogin will exit if no password is provided. Defaults to 60 seconds.

The sulogin command provides a mechanism to access the system in single-user mode or emergency mode. When the system boots to single-user mode, sulogin is typically the first interactive program started by init or systemd. It prompts the user for the root password (if configured) to authenticate before allowing access to a root shell.

sulogin is designed to provide a secure and controlled entry point for system maintenance and recovery. It ensures that only authorized users (those who know the root password) can make changes in this privileged mode. It offers some protection by checking if the console is secure and using PAM for authentication.

sulogin can also be used to launch a shell as root in a chroot environment.

sulogin relies on PAM (Pluggable Authentication Modules) for authentication. Incorrect PAM configuration can prevent successful login. Also, bypassing password authentication entirely with '-e' might pose security risks.

Important: Single-user mode provides unrestricted access to the system. Ensure that the root password is secure and that the console is protected. Avoid enabling password-less login unless absolutely necessary and understand the implications.

sulogin uses PAM.
The PAM configuration file is typically found at /etc/pam.d/sulogin. Consult the PAM documentation for details on how to configure authentication policies.

sulogin is a standard Unix/Linux utility for entering single-user mode. It's been a part of system initialization procedures for a long time. The tool is provided as a part of util-linux package.

login(1), passwd(1), init(8), systemd(1)