Re: Bug#344873: should be a way to get a sudo-only root system
On Wed, Dec 28, 2005 at 02:13:53AM -0500, Joey Hess wrote:
> Christian Perrier wrote:
> > Instead of a preseedable question, we could setup a sudo account when
> > the root password is set to NULL.
>
> The issue I see with that is that a user may be suprised when they
> accidentially hit enter at the root password prompt and it goes off and
> configures some strange sudo setup.
I agree completely. Christian, please don't take the Ubuntu code as
gospel here; it has a couple of design errors which have become evident
over time.
My experience has been that different people want each of these three
options: root password set, no sudo (default in Debian, optional
non-default in Ubuntu); root password unset, sudo (default in Ubuntu);
root password set, sudo (not offered by either Debian or Ubuntu yet).
Having the choice be implicit in whether you enter a blank root password
or not turns out to confuse a lot of users, insufficiently explain
what's going to happen, and generate a lot of bug reports.
I think the clearest design would be to have a low-priority boolean
question about whether you want to set a root password, and then later a
low-priority boolean question about whether you want to set the initial
user up with sudo privileges (which is skipped and set to true if you
answered no to the first question, since otherwise you'd have no way to
get root access).
We should also check that a few Ubuntu patches elsewhere have been
integrated. Notably, if the root password is unset sulogin (NOT su!
"single-user login") needs to let you straight in without attempting to
ask for a password you'll never be able to provide, so that you don't
get stuck on a failed fsck or whatever (this isn't a major derogation of
security since if you're presented with sulogin then you have physical
access anyway). Desktop maintainers will also need to make some changes
with regard to gksu vs. gksudo and so on.
Cheers,
--
Colin Watson [cjwatson@debian.org]
Reply to: