Here is a patch that adds a debconf question. I haven't yet been able to test the patch, but it seems striaghtforward. -- see shy jo
Index: user-setup-apply =================================================================== --- user-setup-apply (revision 33314) +++ user-setup-apply (working copy) @@ -118,6 +118,23 @@ $log $chroot $ROOT adduser "$USER" $group >/dev/null 2>&1 || true done fi + + db_get passwd/root-login + if [ "$RET" = false ] && [ -n "$USER" ]; then + # Ensure sudo is installed, and set up the user to be able + # to use it. + if [ ! -e $ROOT/etc/sudoers ]; then + # try to work in d-i and out; it's better to + # use apt-install in d-i + apt-install sudo 2>/dev/null || $log $chroot apt-get -q -y install sudo || true + fi + if [ -e $ROOT/etc/sudoers ]; then + echo "$USER ALL=(ALL) ALL" >> $ROOT/etc/sudoers + else + # sudo failed to install, system won't be usable + exit 1 + fi + fi fi exit 0 Index: debian/user-setup-udeb.templates =================================================================== --- debian/user-setup-udeb.templates (revision 33306) +++ debian/user-setup-udeb.templates (working copy) @@ -16,6 +16,13 @@ Type: string Description: For internal use only +Template: passwd/root-login +Type: boolean +Default: true +_Description: Allow login as root? + If you choose not to allow root to log in, then a user account will be + created and given the power to become root using the 'sudo' command. + Template: passwd/root-password Type: password _Description: Root password: Index: debian/changelog =================================================================== --- debian/changelog (revision 33314) +++ debian/changelog (working copy) @@ -14,8 +14,13 @@ [ Joey Hess ] * Exit 10 on backup out of the program, to work properly with main-menu. * Use -m flag of chpasswd rather than doing the md5 generation by hand. + * Add passwd/root-login question (asked at medium priority), currently + defaulting to true. + * If root-login is false, skip root password prompts, lock the root account, + always make a user account, install sudo, and configure /etc/sudoers to + allow the user to become root. Closes: #344873 - -- Joey Hess <joeyh@debian.org> Tue, 27 Dec 2005 00:59:50 -0500 + -- Joey Hess <joeyh@debian.org> Wed, 28 Dec 2005 17:40:03 -0500 user-setup (0.03) unstable; urgency=low Index: user-setup-ask =================================================================== --- user-setup-ask (revision 33312) +++ user-setup-ask (working copy) @@ -21,10 +21,16 @@ 0) # Ask how the password files should be set up. db_input low passwd/shadow || true + # Ask if root should be allowed to login. + db_input medium passwd/root-login || true ;; 1) - # Prompt for a root password if there is none. - if ! root_password; then + db_get passwd/root-login + if [ "$RET" = false ]; then + # root password will be locked + db_set passwd/root-password "" + db_set passwd/root-password-crypted "!" + elif ! root_password; then # First check whether the root password was preseeded crypted db_get passwd/root-password-crypted || true if ! test "$RET" ; then @@ -41,8 +47,11 @@ fi ;; 2) - # Verify and set a root password. - if ! root_password; then + db_get passwd/root-login + if [ "$RET" = false ]; then + # root password will be locked + db_set passwd/root-password-again "" + elif ! root_password; then # First check whether the root password was preseeded crypted db_get passwd/root-password-crypted || true if ! test "$RET" ; then @@ -74,7 +83,12 @@ 3) # Ask if a non-root user should be made, if there is not # already one. - if ! is_system_user; then + db_get passwd/root-login + if [ "$RET" = false ]; then + # always make non-root user; this user will be able + # to sudo to root + db_set passwd/make-user true + elif ! is_system_user; then db_input medium passwd/make-user || true fi ;;
Attachment:
signature.asc
Description: Digital signature