Faillock question

It is fixed by running faillock --reset (without sudo). It looks buggy that system gets locked for sudo but can be unlocked without sudo. I am not sure why it gets locked in the first place.

:mag: “faillock”

(Wisdom lies in reading :wink: )

Hi @siavoshkc,

As @andreas85 said, wisdom lies in reading. Knowledge also.

sudo only locks you out on too many login attempts. Typically something like:

examplesystem login: baeldung
The account is locked due to 3 failed logins.
(10 minutes left to unlock)

This is not a Manjaro thing.

Your command us for (an I qquote the man page:

faillock - Tool for displaying and modifying the authentication failure record files

and the parameter --reset, specifically:

Instead of displaying the user's failure records, clear them.

So that is the intended behaviour.


Try being sure of the password you’re typing. And that the keyboard isn’t at fault.

Someone rename the topic TITLE, because the problem as posted has nothing todo with sudo :woman_facepalming:

I’d do it. If I knew what to change it to.

I changed it :innocent:

What I asked for is that if it locks for security reasons why it can so easily gets bypassed.

Wisdom lies in reading :pensive:

Unlocking the ability to TRY to login is something unrelated to being able to use sudo…

In other words, you’re not bypassing sudo at all.

If can only unlock your own account without a password. And if you can do that, then you’re already logged on to the computer in some way.

Any other user would need to be either unlocked by itself or with sudo/root privileges.

Sorry I didn’t get your point. Locking the account after a number of attempts is usually done to prevent someone from guessing the password or to use brute forcing to find it. If the lock mechanism can be bypassed it is useless. Now if for any reason it is ok to bypass locking mechanism then locking would be pointless in the first place.
I didn’t mean we are bypassing sudo.

Relying on login locking in this context is useless anyway, because it is only temporary PLUS the human with physical access will always be able to gain access anyhow.

Keep in mind the lock is only temporary anyhow, it’s not permanent, you need to manually lock the account if you want that…

That kind of locking being useless was my original point. But I am not sure about your second statement. If you are using a Linux machine and don’t have the root password and you are not a sudoer, how are you able to gain access? If you don’t mean taking out the hard disk or boot another OS to gain access of course as those methods are circumstantial and there exists countermeasures for each.

Sorry I forgot to add, about ‘It is not a Manjaro thing’, well an ordinary user does not have the knowledge to distinguish which problem lies in Kernel config, which one is about Xorg and which is an Arch thing. Nor is required to have such a knowledge. So it is naturally the distro’s forum task to help him find the right place to find the solution.

If your root filesystem is not encrypted:

  • You could boot into rescue/emergency mode to get root access instantly.
  • You could boot from a Live-USB, chroot into the system and change the root/sudoer-user’s password, to gain root access.
  • etc…
1 Like