Bug#931911: user-setup: Fails to present no-root-password_first-user-sudoer option as a reasonable choice
On Fri, 12 Jul 2019 11:11:09 +0200 Philip Hands wrote: > I've just pushed a branch to salsa: > > > https://salsa.debian.org/installer-team/user-setup/tree/bug-931911-empty-root-password-OK > > that is an attempt to make this better. Comments welcome. That looks like an improvement. But could we go a step further, please? In order, from least to most controversial: 1) Let's *always* install sudo, and *always* add the initial user to the appropriate group to use sudo, with a low-priority expert-only debconf question for preseeders to use to disable. 2) Let's fix anything that still asks for the root password to do something compatible with a sudoer and no root password. 3) Let's ask for the root password as a medium-priority or lower question, defaulting to not asking at all. If you actually need a root password, it seems trivial to `sudo passwd root` later, or use preseeding (ideally with a hashed password). In an ideal world, I'd suggest a single prompt that asks: User full name: __ Username:__ (with guess from full name, as we do now) Password:__ Repeat password: __ [ ] Advanced options And "Advanced options" could support configurations like "set a root password" and "don't create a user at all". (I'd also like to see an easy way to configure almost nothing, and install a system that boots up into a desktop "initial setup" application, but that only applies if installing a system that'll boot an interactive desktop environment (and have a local console), so we still need the ability to completely set up the system from the installer.)
Bug#931911: user-setup: Fails to present no-root-password_first-user-sudoer option as a reasonable choice
I've just pushed a branch to salsa: https://salsa.debian.org/installer-team/user-setup/tree/bug-931911-empty-root-password-OK that is an attempt to make this better. Comments welcome. Cheers, Phil. -- |)| Philip Hands [+44 (0)20 8530 9560] HANDS.COM Ltd. |-| http://www.hands.com/http://ftp.uk.debian.org/ |(| Hugo-Klemm-Strasse 34, 21075 Hamburg,GERMANY signature.asc Description: PGP signature
Bug#931911: user-setup: Fails to present no-root-password_first-user-sudoer option as a reasonable choice
Package: user-setup Severity: normal Prompted by this LWN comment relating to installing buster: https://lwn.net/Articles/792960/ "The installer text specifically said that not setting a root password was a Very Bad Idea" looking at the text in question, I was surprised at how negative it is about the completely reasonable choice of selecting no root password in order to provoke the first-user-is-sudoer setup. https://salsa.debian.org/installer-team/user-setup/blob/master/debian/user-setup-udeb.templates#L37 I presume that this text is as it is because there is a previously defined question about whether one wants a root login enabled, that explains the way things will work with sudo if one chooses 'no': https://salsa.debian.org/installer-team/user-setup/blob/master/debian/user-setup-udeb.templates#L25 however, that question is no longer presented to users by default, so they get dropped into the rather scary sounding text about why one needs to set a root password. It seems to me that we need to reword this completely, so that choosing to leave the password blank is described as a reasonable thing to do, which will result in a perfectly decent, and often desired, sudo setup. Cheers, Phil. -- |)| Philip Hands [+44 (0)20 8530 9560] HANDS.COM Ltd. |-| http://www.hands.com/http://ftp.uk.debian.org/ |(| Hugo-Klemm-Strasse 34, 21075 Hamburg,GERMANY
