Holger Wansing <hwansing@mailbox.org> writes: > Hi, > > Holger Wansing <hwansing@mailbox.org> wrote (Mon, 04 Mar 2024 10:43:59 +0100): >> Hi, >> >> Am 4. März 2024 06:17:31 MEZ schrieb Philip Hands <phil@hands.com>: >> >I found that there were some phrases that I was avoiding for various >> >reasons, a couple of which I see you've used, so I'll say why I was avoiding >> >them and see if I have a persuasive argument for doing so. >> > >> >"allow/deny login/access as root": >> > >> > The problem here is that not having a password for root only prevents >> > one from getting direct access to root by using a password. Indirect >> > access is still available via sudo, and direct access is still >> > available via key bassed ssh. I was also avoiding saying things like >> > "disable the root account" for the same reason. >> > >> > This is why I ended up with the phrasing: >> > >> > direct password-based logins to 'root'. >> >> Ok, seems fair. I would change to that then. >> >> > >> >"using the 'sudo' command": >> > >> > This I was avoiding becuase it might give the impression that one MUST >> > use sudo, whereas most people will actually get their root acces via a >> > GUI prompting them for their own pasword (because it's checked that >> > they're in the sudo group) when doing things like unlocking their >> > network or printer settings. I thought it was worth mentining the >> > 'sudo' group explicitly because that gives something to search for if >> > they want to find out more, but telling people they need to use the >> > sudo command seemed like a step too far. >> >> Correct so far. Maybe a bit more technical and therefore probably >> not the easiest choice for newbies, but I have no problem using that. >> >> >Regarding the password advice, I ended up concluding that it's pretty >> >unlikely that anything we say at this point will have any effect on >> >people's behaviour, but then I'm probably just an old cynic. Also, I >> >failed when trying to come up with a wording which I was happy with, >> >which is why I ended up discarding the advice entirely. >> > >> >If we want to keep the password advice in then I think what you wrote is >> >(mostly) OK, although I think it implies that one should be choosing a >> >single "password" (although, not a word in any normal sense), which >> >could be argued to steer people away from the perfectly decent xkcd >> >approach of using several dictionary words. Saying "Password or >> >Passphrase" at least once would probably address that. >> >> Ok, makes it a bit longer, but it could be worth it. >> >> I will prepare a new patch with above. > > Updated patch attached. > > Holger > > > -- > Holger Wansing <hwansing@mailbox.org> > PGP-Fingerprint: 496A C6E8 1442 4B34 8508 3529 59F1 87CA 156E B076 > diff --git a/debian/user-setup-udeb.templates b/debian/user-setup-udeb.templates > index cdb6d78..437b9d7 100644 > --- a/debian/user-setup-udeb.templates > +++ b/debian/user-setup-udeb.templates > @@ -33,22 +33,21 @@ _Description: Allow login as root? > Template: passwd/root-password > Type: password > # :sl1: > -_Description: Root password: > - You need to set a password for 'root', the system administrative > - account. A malicious or unqualified user with root access can have > - disastrous results, so you should take care to choose a root password > - that is not easy to guess. It should not be a word found in dictionaries, > - or a word that could be easily associated with you. > +_Description: Root password/passphrase: > + If you want to allow direct password-based login as root, you need to set a > + password for 'root', the system administrative account now. > + A malicious or unqualified user with root access can have > + disastrous results, so you should take care to choose a root > + password/passphrase that cannot be guessed. It should not be a word found in > + dictionaries, or something that could be easily associated with you. > . > - A good password will contain a mixture of letters, numbers and punctuation > - and should be changed at regular intervals. > + You can also leave the password for root empty here, to disable the root > + account; the system's initial user account (which will be set up in the next > + step) will then be given the power to become root via 'sudo' (by adding it to > + the 'sudo' group). > . > - The root user should not have an empty password. If you leave this > - empty, the root account will be disabled and the system's initial user > - account will be given the power to become root using the "sudo" > - command. > - . > - Note that you will not be able to see the password as you type it. > + Note that you will not be able to see the password as you type it (except if > + you choose to show it in clear text). > > Template: passwd/root-password-again > Type: password > @@ -109,9 +108,8 @@ _Description: Reserved username > Template: passwd/user-password > Type: password > # :sl1: > -_Description: Choose a password for the new user: > - A good password will contain a mixture of letters, numbers and punctuation > - and should be changed at regular intervals. > +_Description: Choose a password/passphrase for the new user: > + Make sure to select a strong password/passphrase, that cannot be guessed. > > Template: passwd/user-password-again > Type: password The result of applying this patch can be seen in the attached screenshots.
Attachment:
signature.asc
Description: PGP signature
I think the first block of text in the first screenshot is too much and should probably be split, the "now" that is associated with the "set" is tucked into a sub-clause and is too far away from its verb to make sense, and the quoting of 'root' is inconsistent and seems to imply some sort of meaning that's not really there. I don't actually like the advice about malicious users much, but I don't care enough to start a campaign against it -- if we have it I think it should be in a separate paragraph, probably the first paragraph, so that the next two paragraphs can stand as the valid choices one can make to provide a decent password/phrase. Leaving the password blank does not disable the root account, it prevents password-based access to the root account, so I think we shouldn't say that. The "via 'sudo'" strikes me as inaccurate and unnecessary -- one will be offered root permissions via various programs, and might cheerfully administer your system while never having run sudo. The Re-enter prompts need to be edited to match the Password/Passphrase prompt they go with. I think one could make the stuff about hidden passwords less clumsy -- how about: Note: what you type here will be hidden (unless you select to show it) (BTW I suspect this line might be something we could just not bother with, unless our blind users might otherwise be confused by the lack of feedback without this? Does anyone know if this is helpful, or whether it actually just gets in the way?) Anyway, I'll knock up a patch to address the above points and push that once I get into the MiniDebCamp Hamburg when I get there in about an hour. BTW The branch that produced those screenshots is here: https://salsa.debian.org/philh/user-setup/-/commits/password-holger Cheers, Phil. -- Philip Hands -- https://hands.com/~phil