[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#425859: user-setup: Cannot preseed an installation with a locked (!) root password and no user account

Hi,

So has anybody ever found a solution to this? I'm still in the same boat 7 years later with 1.48 of user-setup on ubuntu 14.04. The work-around using !! kind of works but means that the emergency recovery mode in Ubuntu mistakenly thinks that root has a password set and prompts for one which makes it rather useless in an emergency.

Cheers,
Seb

On Thu, 24 May 2007 16:29:05 +0100 Matthew Johnson <mjj29-debbug@srcf.ucam.org> wrote:
> Package: user-setup
> Severity: minor
>
>
> I have been trying to preseed config files for a set of servers we have
> just bought. Since I do not want either the root password (even hashed)
> in the config file or any user-interaction on these (headless) machines,
> I would like to disable both the root password and not create a user.
> Access is enabled by late_command which installs an ssh public key to
> /root/.ssh/authorized_keys.
>
> The documentation (at
> http://www.debian.org/releases/stable/i386/apbs04.html.en) says:
>
>    "The passwd/root-password-crypted and passwd/user-password-crypted
>    variables can also be preseeded with ?!? as their value. In that
>    case, the corresponding account is disabled. This may be convenient
>    for the root account, provided of course that an alternative method
>    is setup to allow administrative activities or root login (for
>    instance by using SSH key authentication or sudo)"
>
> However, a preseed file containing:
>    d-i passwd/make-user boolean false
>    d-i passwd/root-password-crypted string !
> or:
>    d-i passwd/make-user boolean false
>    d-i passwd/root-login boolean false
>
> still prompts for either the root password or creation of a user. This
> would appear to be deliberate because user-setup-ask contains:
>
>       db_get passwd/root-login
>       if [ "$RET" = false ]; then
>          # always make non-root user; this user will be able
>          # to sudo to root
>          db_set passwd/make-user true
>
> and
>
>          db_get passwd/root-password-crypted || true
>          if ! test "$RET" || [ "x$RET" = "x!" ]; then
>             # No preseed of the root password hash
>             # we will prompt the user
>
> This, however, is not what the documentation claims or what would be
> useful in this case.
>
> I have currently solved the problem by using the following preseed:
>
>    d-i passwd/make-user boolean false
>    d-i passwd/root-password-crypted string !!
>
> but it would better if the actual implementation matched the
> documentation and if the situation I would like were supported.
>
> As an additional wishlist item; user-setup could do the preseeding of
> ssh public keys for users or root itself and therefore explicitly
> support this case. No patch yet; maybe if I have time.
>
> Matt
Reply to: