From Fedora Project Wiki

m (typo)
(/etc/grub.d/12_menu_auto_hide)
 
(One intermediate revision by the same user not shown)
Line 17: Line 17:
     '''debug  rescue  emergency  1 '''   
     '''debug  rescue  emergency  1 '''   
or a combination of those for example. Those will limit the processes being launched by '''systemd'''.
or a combination of those for example. Those will limit the processes being launched by '''systemd'''.
* To enable the debug-shell on a legacy-BIOS based PC with '''grub2''' for every boot henceforth, type in '''bash''':
    grubby --args=systemd.debug-shell --update-kernel=ALL   
and when done debugging,
    grubby --remove-args=systemd.debug-shell --update-kernel=ALL 
to disable it via [[GRUB_2]] for better security.
* '''sudo grub2-editenv - unset menu_auto_hide''' will make the grub2 menu permanently visible via '''/etc/grub.d/12_menu_auto_hide''' if pressing the SHIFT  or ESC key during boot for visibility once is not enough.


{{admon/warning|Use the debug-shell only while actually debugging!|Do not forget to disable '''debug-shell.service''' after you've finished debugging your boot problems. Leaving the root debug-shell always available would be a security risk since anybody in presence could just press '''Ctrl+Alt+F9''' to obtain root privilege.}}
{{admon/warning|Use the debug-shell only while actually debugging!|Do not forget to disable '''debug-shell.service''' after you've finished debugging your boot problems. Leaving the root debug-shell always available would be a security risk since anybody in presence could just press '''Ctrl+Alt+F9''' to obtain root privilege.}}

Latest revision as of 08:47, 4 June 2021

enable debug-shell for Ctrl-Alt-F9

In case of e.g. boot-time problems with systemd, it is useful to have as root a debug-shell early available. CTRL+ALT+F9 will immediately switch to the debug-shell ("bash") without prompting for the password, saving precious time.

This debug-shell requires no authentication and provides root privileges to anyone who has physical access to the machine hitting CTRL+ALT+F9 keys. Hence, turn it on only as needed and disable it afterwards.
  • Enable using systemctl enable debug-shell
Manual enabling
If you find yourself in a situation where you can neither edit e.g. in grub2 the kernel parameters nor use systemctl (e.g. when setting this up remotely from a different system), you could enable the service manually:
cd $PATH_TO_FEDORA_ROOT/etc/systemd/system
mkdir sysinit.target.wants
ln -s /usr/lib/systemd/system/debug-shell.service sysinit.target.wants/
  • Next time after booting, you will be able to switch to tty9 by pressing the 3 key combo CTRL+ALT+F9 and have a bash debug-shell available from an early stage in the booting process.

Use the debug-shell e.g. for checking the status of services, reading logs, looking for stuck jobs with systemctl list-jobs, htop , killall etc..

  • When done, disable with systemctl disable debug-shell to keep others from obtaining passwordless root access.
  • You may also want to consider alternative troubleshooting techniques available as kernel parameters. Edit e.g. GRUB2 vmlinuz line, adding
   debug   rescue   emergency  1    

or a combination of those for example. Those will limit the processes being launched by systemd.

  • To enable the debug-shell on a legacy-BIOS based PC with grub2 for every boot henceforth, type in bash:
   grubby --args=systemd.debug-shell --update-kernel=ALL    

and when done debugging,

   grubby --remove-args=systemd.debug-shell --update-kernel=ALL   

to disable it via GRUB_2 for better security.

  • sudo grub2-editenv - unset menu_auto_hide will make the grub2 menu permanently visible via /etc/grub.d/12_menu_auto_hide if pressing the SHIFT or ESC key during boot for visibility once is not enough.
Use the debug-shell only while actually debugging!
Do not forget to disable debug-shell.service after you've finished debugging your boot problems. Leaving the root debug-shell always available would be a security risk since anybody in presence could just press Ctrl+Alt+F9 to obtain root privilege.