Setting up an early debug shell

In case of e.g. boot-time problems with systemd, it is useful to have as root a debug-shell available. CTRL+ALT+F9 will immediately switch to the debug-shell ("bash") without prompting for the password, saving precious time.

This debug-shell requires no authentication and provides root privileges to anyone who has physical access to the machine hitting CTRL+ALT+F9 keys. Hence, turn in it on only as needed and disable it afterwards.

• Enable using systemctl enable debug-shell

Manual enabling
If you find yourself in a situation where you can neither edit e.g. in grub2 the kernel parameters nor use systemctl (e.g. when setting this up remotely from a different system), you could enable the service manually:

cd $PATH_TO_FEDORA_ROOT/etc/systemd/system
mkdir sysinit.target.wants
ln -s /usr/lib/systemd/system/debug-shell.service sysinit.target.wants/

• Next time after booting, you will be able to switch to tty9 by pressing the 3 key combo CTRL+ALT+F9 and have a bash debug-shell available from an early stage in the booting process.

Use the debug-shell e.g. for checking the status of services, reading logs, looking for stuck jobs with systemctl list-jobs, htop , killall etc..

• When done, disable with systemctl disable debug-shell to keep others from obtaining passwordless root access.
• You may also want to consider alternative troubleshooting techniques available as kernel parameters. Edit e.g. GRUB2 vmlinuz line, adding

   debug   rescue   emergency  1    

or a combination of those for example. Those will limit the processes being launched by systemd.

Use this shell only while actually debugging!
Do not forget to disable debug-shell.service after you've finished debugging your boot problems. Leaving the root shell always available would be a security risk since anybody in presence could just press Ctrl+Alt+F9 to obtain root privilege.