Bug#477092: [PATCH] add support for setting a username + password in grub-installer for GRUB 2
Christian Perrier wrote:
> Quoting Felix Zielcke (fzielcke@z-51.de):
[...]
>> +Template: grub-installer/superuser
>> +Type: string
>> +# :sl2:
>> +_Description: GRUB superuser:
>> + The GRUB boot loader offers many powerful interactive features, which could
>> + be used to compromise your system if unauthorized users have access to the
>> + machine when it is starting up. To defend against this, you may choose a
>> + username and password which will be required before editing menu entries or
>> + entering the GRUB command-line interface. By default, any user will still be
>> + able to start any menu entry without entering a username and password.
>> + .
>> + If you do not wish to set a GRUB username, leave this field blank.
>> +
>
> "s/your system/the system"
>
> maybe s/starting up/booting up"
>
> I'm not sure about "To defend against this"
No strong opinion on any of these (even the "you might not be the
owner" quibble is weak here).
> "username" or "user name"?
One word. "Christian Perrier" and "Justin B Rye" are user names,
but not their usernames.
>> +Template: grub-installer/grub2-password
[...]
>
> Another option is somethign similar to the root password prompt:
>
> _Description: GRUB password:
> You need to set a password for GRUB. A malicious or unqualified user
> with GRUB access can have disastrous results, so you should take care
> to choose a GRUB password that is not easy to guess. It should not be
> a word found in dictionaries, or a word that could be easily
> associated with you.
Looks good to me.
>> +Template: grub-installer/empty-password
>> +Type: error
>> +# :sl2:
>> +_Description: Empty password
>> + You have given a username but no password. If you don't want authorization
>> + please don't specify an username, else you have to give a password.
Looks bad to me: s/an username/a username/; s/, else/; otherwise/;
and you don't want (to get) authorization, you want there to be
authentication.
> You may want to use the same wording than the similar template in
> user-setup:
>
> _Description: Empty password
> You entered an empty password, which is not allowed.
> Please choose a non-empty password.
This loses the advice on what to do if you're not trying to set up a
password. On the other hand, how would I apply that advice if I
didn't already know about dpkg-reconfigure? Is there a "back"
button?
--
JBR with qualifications in linguistics, experience as a Debian
sysadmin, and probably no clue about this particular package
Reply to: