Bug#931911: user-setup: Fails to present no-root-password_first-user-sudoer option as a reasonable choice
On Fri, 12 Jul 2019 11:11:09 +0200 Philip Hands <phil@hands.com> wrote:
> I've just pushed a branch to salsa:
>
> https://salsa.debian.org/installer-team/user-setup/tree/bug-931911-empty-root-password-OK
>
> that is an attempt to make this better. Comments welcome.
That looks like an improvement. But could we go a step further, please?
In order, from least to most controversial:
1) Let's *always* install sudo, and *always* add the initial user to the
appropriate group to use sudo, with a low-priority expert-only debconf
question for preseeders to use to disable.
2) Let's fix anything that still asks for the root password to do
something compatible with a sudoer and no root password.
3) Let's ask for the root password as a medium-priority or lower
question, defaulting to not asking at all. If you actually need a root
password, it seems trivial to `sudo passwd root` later, or use
preseeding (ideally with a hashed password).
In an ideal world, I'd suggest a single prompt that asks:
User full name: __________
Username: __________ (with guess from full name, as we do now)
Password: __________
Repeat password: __________
[ ] Advanced options
And "Advanced options" could support configurations like "set a root
password" and "don't create a user at all".
(I'd also like to see an easy way to configure almost nothing, and
install a system that boots up into a desktop "initial setup"
application, but that only applies if installing a system that'll boot
an interactive desktop environment (and have a local console), so we
still need the ability to completely set up the system from the
installer.)
Reply to: