Re: Bug#344873: should be a way to get a sudo-only root system
> I agree completely. Christian, please don't take the Ubuntu code as
> gospel here; it has a couple of design errors which have become evident
> over time.
Arf. Promise made. I won't take Ubuntu code as gospel (/me takes note
of this expression: I'll have to reuse it in other occasions).
> I think the clearest design would be to have a low-priority boolean
> question about whether you want to set a root password, and then later a
> low-priority boolean question about whether you want to set the initial
> user up with sudo privileges (which is skipped and set to true if you
> answered no to the first question, since otherwise you'd have no way to
> get root access).
>
> We should also check that a few Ubuntu patches elsewhere have been
> integrated. Notably, if the root password is unset sulogin (NOT su!
> "single-user login") needs to let you straight in without attempting to
> ask for a password you'll never be able to provide, so that you don't
> get stuck on a failed fsck or whatever (this isn't a major derogation of
> security since if you're presented with sulogin then you have physical
> access anyway). Desktop maintainers will also need to make some changes
> with regard to gksu vs. gksudo and so on.
Hmmm, this really means that these design choices have strong impacts
outside D-I....which in short means that we should delay them after
beta2.
I als think that implementing them by myself will again require a lot
of cleaning by you guys....it will probably better waiting for one of
you to have enough time to do this cleanly..:)
Reply to: