[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Request for lh_config switch to set default password

On Thu, Feb 21, 2008 at 12:18 PM, Jordi Pujol <jordipujolp at gmail.com> wrote:

> El Wednesday 20 February 2008 22:38:50 maybeway36 va escriure:
> > How do I install the live-initramfs mod in to the live image?
> >
>
> If you want to test it, debuild will create a package to install on a
> Debian
> Live,
>
> debuild -us -uc -b
>
> In this version is essential to create a live.conf with all the variable
> values needed,
> take care with that because default values for some important variables
> are
> not assumed internally, i.e. persistent
>
> if someone is interested, I can post an updated file with some minor
> changes
> and fixes,
>
> > On Wed, Feb 20, 2008 at 11:06 AM, Jordi Pujol <jordipujolp at gmail.com>
> wrote:
> > > El Wednesday 20 February 2008 14:52:09 Michael Creel va escriure:
> > > > Hello all,
> > > >
> > >  > This has been discussed on IRC a little, but I wanted to summarize
> why
> > >  > I think that a means of letting the user set the password at the
> time
> > >  > the bootable image is created (or booted) would be good. Right now,
> > >  > the default password is "live", and sudo is enabled. This might
> pose a
> > >  > security risk. Suppose that
> > >  > * people know that Debian Live is being used on a system
> > >  > * the password has been left at the default
> > >  > * the system ordinarily gets its IP by dhcp
> > >  > * this IP is known to people
> > >  > * the DL user activates ssh
> > >  > If this is the case, then I believe that an outsider could log in
> and
> > >  > then have access to sudo, without the DL user being aware of what
> is
> > >  > going on.
> > >  >
> > >  > There was a "Headless Knoppix"
> > >  > (http://www.knoppix.net/wiki/Headless_Knoppix) that might be useful
> as
> > >  > a reference. In my opinion, a solution that allows the password to
> be
> > >  > specified using a switch to lh_config would be ideal.
> > >
> > >  Hello all,
> > >
> > >  let's go to action,
> > >
> > >  that idea is already done in my live-initramfs mod,
> > >
> > >
> > >
> http://lists.alioth.debian.org/pipermail/debian-live-devel/2008-January/0
> > >03044.html
> > >
> > >  where in the live.conf file we can specify the username,
> userfullname,
> > > user uid, user password, and , using the instruccions from the
> following
> > > post, also the user groups
> > >
> > >
> > >
> http://lists.alioth.debian.org/pipermail/debian-live-devel/2008-February/
> > >003101.html
> > >
> > >  Use my live-initramfs mod to solve this problem,
> > >
> > >  Best Regards,
> > >
> > >  Jordi
> > >
> > >  > Michael
> > >
>

Dear Jordi and list,
I have had a look at this, and it certainly seems to do what I need for my
own purposes. However, for the PelicanHPC project, my intention is to allow
users to make their own version of  PelicanHPC by modifying a single script,
with the only requirement being that a recent version of live-helper be
installed. I don't want to burden them with the need to do any special
configurations/installations. So I really hope that some of this can find
its way into the mainstream live-initramfs. The part for the password looks
to be a reasonable simple modification to  the 10adduser script.
Cheers, Michael
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.alioth.debian.org/pipermail/debian-live-devel/attachments/20080221/77fe535a/attachment.htm
Reply to: