Quoting Sebastian Unger (sebunger44@gmail.com): > Hi, > > So has anybody ever found a solution to this? I'm still in the same boat 7 > years later with 1.48 of user-setup on ubuntu 14.04. The work-around using > !! kind of works but means that the emergency recovery mode in Ubuntu > mistakenly thinks that root has a password set and prompts for one which > makes it rather useless in an emergency. Hello Sebastian, Thanks for bringing back this issue. I suspect that actually nobody felt like implementing this (which would indeed require another pressedable variable) mostly because (speculation here) we consider this to be a corner case that can be solved by alternative methods. And then the issue fell under the radar of everybody (the installer team desperately needs people to help triaging bugs) The documentation is indeed unclear more than wrong: it lets you think that you can preseed the locked root password *and* not have a regular user created,; which is not the case. Your (interesting) workaround could however be documented in the installation manual, though. > > Cheers, > Seb > > On Thu, 24 May 2007 16:29:05 +0100 Matthew Johnson < > mjj29-debbug@srcf.ucam.org> wrote: > > Package: user-setup > > Severity: minor > > > > > > I have been trying to preseed config files for a set of servers we have > > just bought. Since I do not want either the root password (even hashed) > > in the config file or any user-interaction on these (headless) machines, > > I would like to disable both the root password and not create a user. > > Access is enabled by late_command which installs an ssh public key to > > /root/.ssh/authorized_keys. > > > > The documentation (at > > http://www.debian.org/releases/stable/i386/apbs04.html.en) says: > > > > "The passwd/root-password-crypted and passwd/user-password-crypted > > variables can also be preseeded with ?!? as their value. In that > > case, the corresponding account is disabled. This may be convenient > > for the root account, provided of course that an alternative method > > is setup to allow administrative activities or root login (for > > instance by using SSH key authentication or sudo)" > > > > However, a preseed file containing: > > d-i passwd/make-user boolean false > > d-i passwd/root-password-crypted string ! > > or: > > d-i passwd/make-user boolean false > > d-i passwd/root-login boolean false > > > > still prompts for either the root password or creation of a user. This > > would appear to be deliberate because user-setup-ask contains: > > > > db_get passwd/root-login > > if [ "$RET" = false ]; then > > # always make non-root user; this user will be able > > # to sudo to root > > db_set passwd/make-user true > > > > and > > > > db_get passwd/root-password-crypted || true > > if ! test "$RET" || [ "x$RET" = "x!" ]; then > > # No preseed of the root password hash > > # we will prompt the user > > > > This, however, is not what the documentation claims or what would be > > useful in this case. > > > > I have currently solved the problem by using the following preseed: > > > > d-i passwd/make-user boolean false > > d-i passwd/root-password-crypted string !! > > > > but it would better if the actual implementation matched the > > documentation and if the situation I would like were supported. > > > > As an additional wishlist item; user-setup could do the preseeding of > > ssh public keys for users or root itself and therefore explicitly > > support this case. No patch yet; maybe if I have time. > > > > Matt --
Attachment:
signature.asc
Description: Digital signature