Re: Bug#931911: user-setup: Fails to present no-root-password_first-user-sudoer option as a reasonable choice
On Fri 12 Jul 2019 at 10:22:59 +0200, Philip Hands wrote:
> Package: user-setup
> Severity: normal
>
> Prompted by this LWN comment relating to installing buster:
>
> https://lwn.net/Articles/792960/
>
> "The installer text specifically said that not setting a root password
> was a Very Bad Idea"
>
> looking at the text in question, I was surprised at how negative it is
> about the completely reasonable choice of selecting no root password in
> order to provoke the first-user-is-sudoer setup.
>
> https://salsa.debian.org/installer-team/user-setup/blob/master/debian/user-setup-udeb.templates#L37
>
> I presume that this text is as it is because there is a previously
> defined question about whether one wants a root login enabled, that
> explains the way things will work with sudo if one chooses 'no':
>
> https://salsa.debian.org/installer-team/user-setup/blob/master/debian/user-setup-udeb.templates#L25
>
> however, that question is no longer presented to users by default, so
> they get dropped into the rather scary sounding text about why one needs
> to set a root password.
>
> It seems to me that we need to reword this completely, so that choosing
> to leave the password blank is described as a reasonable thing to do,
> which will result in a perfectly decent, and often desired, sudo setup.
Although I do not see the text as "scary", it might be better to present
the two options on equal standing. OTOH, the question seems to me simply
to say that a user can choose to login as root or with sudo.
It is noted that you leave the advice that the password "...should be
changed at regular intervals" untouched. There is a short discussion in
#868869 about this issue:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=%23868869
#656509 received short shrift.
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=656509
Not in your proposal - but how about killing two birds with one stone?
--
Brian.
Reply to: