DevHeads.net

F28 System Wide Change: Reduce Initial Setup Redundancy

= System Wide Change: Reduce Initial Setup Redundancy =
<a href="https://fedoraproject.org/wiki/Changes/ReduceInitialSetupRedundancy" title="https://fedoraproject.org/wiki/Changes/ReduceInitialSetupRedundancy">https://fedoraproject.org/wiki/Changes/ReduceInitialSetupRedundancy</a>

Change owner(s):
* Michael Catanzaro <mcatanzaro AT gnome DOT org>

Currently there is a high level of redundancy between the Anaconda
installer and gnome-initial-setup. This change aims to eliminate these
redundancies and streamline the initial user experience in Fedora
Workstation.

== Detailed Description ==

Firstly, please note that the effects of this change will be
restricted to Fedora Workstation. We do not propose any changes that
affect alternative Fedora installers (e.g. Calamares) or initial setup
tools (e.g. the initial-setup package, not to be confused with
gnome-initial-setup).

A few years ago, Fedora Workstation developers discussed with Anaconda
developers the redundancy between many Anaconda settings and
gnome-initial-setup. The Anaconda developers responded by added a
configuration file mechanism, /etc/sysconfig/anaconda, which can be
used to suppress Anaconda spokes if written before Anaconda runs. This
file is also written by Anaconda to tell the initial-setup tool which
Anaconda spokes the user has visited, so that the initial-setup tool
can suppress specific spokes. Although this functionality has existed
for some time now, the Workstation developers until now failed to
follow up and begin using it. We now intend to make use of this
functionality to suppress Anaconda spokes that are redundant with
gnome-initial-setup. Meanwhile, our friends at Endless OS have added a
similar configuration file for gnome-initial-setup that allows us to
suppress some configuration that is best handled in Anaconda. Below,
we discuss what we plan to do with specific settings.

=== Language and Keyboard Layout ===

Although we do not propose it at this time, language and keyboard
layout selection should be presented to the user *before* entering the
live session, as it is currently too difficult for users to change
these settings unless they are already familiar with Fedora, and --
unless you speak English and use a US keyboard -- these settings must
be changed for the live session to be usable. Both Anaconda and
gnome-initial-setup are too late for configuring these settings. (An
exception would be for netinstalls of Fedora Workstation, where
Anaconda is the best place for this configuration.) In the meantime,
until we have a way to prompt users for these settings earlier than
Anaconda, these panels should be removed from gnome-initial-setup,
because Anaconda is clearly a better place than gnome-initial-setup
for this configuration. (This would affect gnome-initial-setup when
creating the first user account. Additional user accounts created
later would still receive these panels in gnome-initial-setup.)

=== Time and Date ===

We want to remove the time and date spoke from Anaconda, since it is
largely redundant with the timezone page in gnome-initial-setup.
However, it might be necessary to remove this page from
gnome-initial-setup instead, as previously there have been technical
concerns raised regarding the necessity of configuring the system
clock before running the installer. This choice will be based on
technical feedback from the Fedora developer community.

=== Network ===

We will remove the network configuration spoke from Anaconda.
Currently this spoke only allows configuring the system hostname, but
it places restrictions on the possible characters in the hostname that
do not match the restrictions used by Fedora Workstation. Fedora
Workstation uses systemd-hostnamed to allow "pretty" hostnames with
Unicode characters and spaces, which we expect to be displayed
properly and consistently in the user interface, but the Anaconda
configuration does not follow this pattern. Additionally, exposing the
hostname as network configuration is confusing. We may consider adding
a simpler "Computer Name" setting that allows "pretty" characters and
is not presented as a networking setting in the future, but it does
not seem necessary to prompt the user to set a hostname at all.

Note: this applies only to USB install, obviously not to netinstall.
We will need some way to differentiate between the two when writing
the Anaconda configuration file.

=== User Account ===

Currently, users have the option of creating the initial user account
in Anaconda, or not. Anaconda does not require this if the user sets a
root password. Users who do not create a user account in Anaconda are
required to create a user account later, by gnome-initial-setup. This
means we currently have two different ways of creating the first user
account in Workstation, with (potentially) two different sets of bugs.
Since Anaconda allows configuring whether the initial user is added to
the wheel group, it also means some initial users will be in wheel and
others will not. We will remove the user account creation spoke in
Anaconda. All users will create the first user account using
gnome-initial-setup, and all initial users will be added to the wheel
group. Of course, this can be easily changed after installation if
desired.

=== Root Account ===

Currently, users have the option of setting a root password in
Anaconda, or not. Anaconda does not require this if the user creates
an initial user account and selects the option to add it to the wheel
group. We will remove the root password creation spoke. All
Workstation installs will have no root password set by default, as in
Ubuntu. Having a root password is not useful for nontechnical users,
and it is confusing to ask users to create multiple passwords. Because
the initial user created by gnome-initial-setup will be added to the
wheel group, all administrative functions will continue to be
available within the desktop environment via Polkit. Additionally, the
initial user will have sudo access to run commands as root. Of course,
a root password can be set after installation using `sudo passwd`.

== Scope ==
* Proposal owners:
Provide a default /etc/config/anaconda file for Fedora Workstation.
This could be e.g. shipped in the gnome-initial-setup package or
written by the firstboot tool before Anaconda runs.

* Other developers:
Anaconda developers to review UI. QA team to review installation tests.

* Release engineering: #6878 [ <a href="https://pagure.io/releng/issue/6878" title="https://pagure.io/releng/issue/6878">https://pagure.io/releng/issue/6878</a> ]
** List of deliverables: No changes needed

* Policies and guidelines:
No changes needed

* Trademark approval:
N/A (not needed for this Change)

Comments

Re: F28 System Wide Change: Reduce Initial Setup Redundancy

By Adam Williamson at 12/06/2017 - 21:41

On Mon, 2017-12-04 at 16:09 +0100, Jan Kurik wrote:
I very vaguely recall we actually used to boot live images to GDM
(rather than using the 'autologin' feature to boot directly to the
desktop) precisely for this reason (so you could change language /
keyboard settings there if you wanted to). IMBW, though.

Re: F28 System Wide Change: Reduce Initial Setup Redundancy

By Jan =?utf-8?Q?P... at 12/06/2017 - 10:02

On 04/12/17 16:09 +0100, Jan Kurik wrote:
Not directly related to F28 change, but when there's anything to be
done about the language/keyboard layout selection, it'd be desirable
to make the initial selection easily revertable at least from the
subsequent installation step to prevent the need to reboot needlessly
(IIRC the same usability issue was present with Redmond's OS in the
past, making it even more nasty in install-from-harddisk scenarios):

<a href="https://bugzilla.redhat.com/show_bug.cgi?id=1410599" title="https://bugzilla.redhat.com/show_bug.cgi?id=1410599">https://bugzilla.redhat.com/show_bug.cgi?id=1410599</a>

Re: F28 System Wide Change: Reduce Initial Setup Redundancy

By Richard W.M. Jones at 12/05/2017 - 10:38

On Mon, Dec 04, 2017 at 04:09:25PM +0100, Jan Kurik wrote:
Will this work for people who don't use GNOME?

Rich.

Re: F28 System Wide Change: Reduce Initial Setup Redundancy

By Michael Catanzaro at 12/05/2017 - 11:13

On 12/05/2017 08:38 AM, Richard W.M. Jones wrote:
This change only affects Fedora Workstation, and only live installs of
Workstation, so all affected users will be using GNOME.

Re: F28 System Wide Change: Reduce Initial Setup Redundancy

By Peter Robinson at 12/05/2017 - 10:42

On Tue, Dec 5, 2017 at 2:38 PM, Richard W.M. Jones < ... at redhat dot com> wrote:
Agreed, we also need to ensure the server use case doesn't regress,
including the text/console variant.

Peter

Re: F28 System Wide Change: Reduce Initial Setup Redundancy

By Michael Catanzaro at 12/05/2017 - 11:18

On 12/05/2017 08:42 AM, Peter Robinson wrote:
This change should only affect live installs of Workstation. Fedora
Server should not be affected in any way.

I think the change page is already clear that only Workstation should be
affected, but it is unclear about how netinstall should be handled.
Since we only have one netinstall installer and I believe it uses Server
branding, I will update the change page to specify that netinstall
should not be impacted.

Michael

Re: F28 System Wide Change: Reduce Initial Setup Redundancy

By Matthew Miller at 12/05/2017 - 12:42

On Tue, Dec 05, 2017 at 09:18:30AM -0600, Michael Catanzaro wrote:
This isn't correct -- there are separate netinstall images for
Workstation, Server, and a generic "everything".

* <a href="https://download.fedoraproject.org/pub/fedora/linux/releases/27/Workstation/x86_64/iso/Fedora-Workstation-netinst-x86_64-27-1.6.iso" title="https://download.fedoraproject.org/pub/fedora/linux/releases/27/Workstation/x86_64/iso/Fedora-Workstation-netinst-x86_64-27-1.6.iso">https://download.fedoraproject.org/pub/fedora/linux/releases/27/Workstat...</a>
* <a href="https://download.fedoraproject.org/pub/fedora/linux/releases/27/Server/x86_64/iso/Fedora-Server-netinst-x86_64-27-1.6.iso" title="https://download.fedoraproject.org/pub/fedora/linux/releases/27/Server/x86_64/iso/Fedora-Server-netinst-x86_64-27-1.6.iso">https://download.fedoraproject.org/pub/fedora/linux/releases/27/Server/x...</a>
* <a href="https://download.fedoraproject.org/pub/fedora/linux/releases/27/Everything/x86_64/iso/Fedora-Everything-netinst-x86_64-27-1.6.iso" title="https://download.fedoraproject.org/pub/fedora/linux/releases/27/Everything/x86_64/iso/Fedora-Everything-netinst-x86_64-27-1.6.iso">https://download.fedoraproject.org/pub/fedora/linux/releases/27/Everythi...</a>

I think the Workstation netinstall image should be consistent with the Live
Workstation install.

Re: F28 System Wide Change: Reduce Initial Setup Redundancy

By Michael Catanzaro at 12/05/2017 - 13:06

On 12/05/2017 10:42 AM, Matthew Miller wrote:
Oh wow. I did not know about this. I thought we had decided to produce
only a single netinstall image for Fedora.

OK, the impact on the Workstation netinstall will have to be considered.
Changing the netinstall would make this harder, as it means we can't use
the Workstation kickstart.

Michael

Re: F28 System Wide Change: Reduce Initial Setup Redundancy

By Matthew Miller at 12/05/2017 - 14:08

On Tue, Dec 05, 2017 at 11:06:06AM -0600, Michael Catanzaro wrote:
It's preferable to do things in the productimg overrides rather than in
the live media kickstart -- let's keep those things scoped to changes
necessary for the live environment.

Re: F28 System Wide Change: Reduce Initial Setup Redundancy

By Stephen Gallagher at 12/05/2017 - 14:36

On Tue, Dec 5, 2017 at 1:09 PM Matthew Miller < ... at fedoraproject dot org>
wrote:

Re: F28 System Wide Change: Reduce Initial Setup Redundancy

By Matthew Miller at 12/05/2017 - 14:41

On Tue, Dec 05, 2017 at 06:36:56PM +0000, Stephen Gallagher wrote:
Here, right?

<a href="https://github.com/rhinstaller/anaconda/tree/master/pyanaconda/installclasses" title="https://github.com/rhinstaller/anaconda/tree/master/pyanaconda/installclasses">https://github.com/rhinstaller/anaconda/tree/master/pyanaconda/installcl...</a>

Re: F28 System Wide Change: Reduce Initial Setup Redundancy

By Stephen Gallagher at 12/05/2017 - 14:43

On Tue, Dec 5, 2017 at 1:42 PM Matthew Miller < ... at fedoraproject dot org>
wrote:

Re: F28 System Wide Change: Reduce Initial Setup Redundancy

By King InuYasha at 12/05/2017 - 12:51

On Tue, Dec 5, 2017 at 11:42 AM, Matthew Miller
< ... at fedoraproject dot org> wrote:
I'm of the opinion that g-i-s should be the one disabling things,
rather than Anaconda. That makes for a more consistent codepath and
prevents an increase in complexity for ensuring everything is sane.

I'm also concerned that if we disable aspects of Anaconda, the quality
and support of those features will degrade rapidly.

We've already had issues like that with disk/partitioning and package
selection since primarily moving to live media, so I loathe the
thought of this happening to more parts of the installer.

Re: F28 System Wide Change: Reduce Initial Setup Redundancy

By Zbigniew =?utf-... at 12/05/2017 - 03:18

On Mon, Dec 04, 2017 at 04:09:25PM +0100, Jan Kurik wrote:
Hi,

apart from some more technical issues that people are raising, I find
this text generally hard to read. Not sure to what extent it's the
early hour or the lack of coffee or the text, so see some suggestions
below:

Also, please consider reworking the text to have in each section
first a short summary of what the decision is, and then the justification
below. This text is long and it's hard to "scan".

Zbyszek

Re: F28 System Wide Change: Reduce Initial Setup Redundancy

By Michael Catanzaro at 12/05/2017 - 11:44

On 12/05/2017 01:18 AM, Zbigniew Jędrzejewski-Szmek wrote:
Just visiting a spoke (already) causes that to be written to
/etc/sysconfig/anaconda, yes. But there are no plans for g-i-s to
actually read this file, as was envisioned by Anaconda developers.
Instead, the plan is to unconditionally skip the language and keyboard
layout selection pages in g-i-s using the g-i-s configuration file
mentioned below. Visiting the language spoke in Anaconda is mandatory,
and if setting keyboard layout were required, that would surely have
already been done in Anaconda.

I will delete this sentence, since it is clearly causing confusion. The
detail that the initial setup tool can read the Anaconda configuration
file seemed like relevant background information when I was writing this
proposal, but since the plan is to not do that, it really does not need
to be described here.

I'll just remove it from the page, since it does not describe the
current plan.

I've shortened the text in some of the sections, and reversed the flow
of a couple others to present the proposal first, followed by
justification. Hope that makes it easier to skim.

That would be nice to do.

However, I don't think we would want to display the network setup page
even if it was adapted to use hostnamectl, since network configuration
belongs in g-i-s instead, and since it's weird to have a network
configuration page that allows setting only the computer's hostname. (It
allows configuring more than that in netinstall mode, but we're not
talking about netinstall mode.) Now, if the page were renamed to
"Computer Name" or something like that, then I think it would be fine.

Michael

Re: F28 System Wide Change: Reduce Initial Setup Redundancy

By Martin Kolman at 12/05/2017 - 08:35

On Tue, 2017-12-05 at 07:18 +0000, Zbigniew Jędrzejewski-Szmek wrote:
Is there a way to tell hostnamectl/hostnamed to set the hosname for the installation chroot ?
Then we would be able to use it for both.

[0] <a href="https://github.com/rhinstaller/anaconda/blob/master/pyanaconda/network.py#L1287" title="https://github.com/rhinstaller/anaconda/blob/master/pyanaconda/network.py#L1287">https://github.com/rhinstaller/anaconda/blob/master/pyanaconda/network.p...</a>
[1] <a href="https://github.com/rhinstaller/anaconda/blob/master/pyanaconda/network.py#L1292" title="https://github.com/rhinstaller/anaconda/blob/master/pyanaconda/network.py#L1292">https://github.com/rhinstaller/anaconda/blob/master/pyanaconda/network.p...</a>

Re: F28 System Wide Change: Reduce Initial Setup Redundancy

By Zbigniew =?utf-... at 12/05/2017 - 09:17

On Tue, Dec 05, 2017 at 01:35:03PM +0100, Martin Kolman wrote:
Unfortunately no. But it shouldn't be hard to add a --root option to hostnamectl,
similarly to systemctl, systemd-sysuser, systemd-tmpfiles and so on. Please
open a bug upstream if that'd be useful.

Zbyszek

Re: F28 System Wide Change: Reduce Initial Setup Redundancy

By Samuel Sieb at 12/04/2017 - 16:55

On 12/04/2017 07:09 AM, Jan Kurik wrote:
This can be a problem if the graphical interface doesn't work on the
first boot for some reason. The user is now left with no way to login
to fix things.

Re: F28 System Wide Change: Reduce Initial Setup Redundancy

By Michael Catanzaro at 12/04/2017 - 19:51

On Mon, Dec 4, 2017 at 2:55 PM, Samuel Sieb < ... at sieb dot net> wrote:
Since the first account will always be an administrator, you can log in
to that account and use sudo -i to get a root prompt (after first boot).

If graphical interface is not working for the live session, that's no
different from before this change.

Michael

Re: F28 System Wide Change: Reduce Initial Setup Redundancy

By Samuel Sieb at 12/05/2017 - 04:03

On 12/04/2017 03:51 PM, Michael Catanzaro wrote:
Sure, but I'm referring to that first boot here.

Re: F28 System Wide Change: Reduce Initial Setup Redundancy

By Michael Catanzaro at 12/05/2017 - 11:02

On 12/05/2017 02:03 AM, Samuel Sieb wrote:
Sorry, you are correct. If the first boot does not work, then you will
indeed be out of luck. You would need to reinstall, manually enabling
the root password spoke in the configuration file before starting the
Anaconda.

Of course, the first boot is not expected to fail, and if it does, few
users will have any chance of recovery. I would just give up at that
point. If you wind up debugging such a problem, I presume installing
again with root enabled will be a mild inconvenience relative to the
inconvenience of Fedora being broken.

Michael

Re: F28 System Wide Change: Reduce Initial Setup Redundancy

By Chris Murphy at 12/04/2017 - 17:11

On Mon, Dec 4, 2017 at 1:55 PM, Samuel Sieb < ... at sieb dot net> wrote:
Also, for any kind of early boot troubleshooting even once a user is
created, systemd emergency and rescue targets only accept root user
login. If root user is disabled, it's impossible to do such early boot
troubleshooting. So I think systemd needs a way to accept an admin
user (wheel group) as an alternative login rather than only root.

Re: F28 System Wide Change: Reduce Initial Setup Redundancy

By Michael Catanzaro at 12/04/2017 - 20:03

On 12/04/2017 03:11 PM, Chris Murphy wrote:
Yes, good point. This is a longstanding problem. Hopefully making
disabled root the default behavior for Fedora Workstation might nudge
the systemd developers into fixing it.

Of course, Ubuntu has managed to survive the past year and a half with
the same nonfuctional rescue prompt, so I don't think it should block
this change.

Michael

Re: F28 System Wide Change: Reduce Initial Setup Redundancy

By Michael Watters at 12/06/2017 - 22:02

On 12/4/17 7:03 PM, Michael Catanzaro wrote:
Just because Ubuntu likes to shoot themselves in the foot doesn't mean
that Fedora should do the same thing.

Re: F28 System Wide Change: Reduce Initial Setup Redundancy

By Chris Murphy at 12/06/2017 - 22:53

On Wed, Dec 6, 2017 at 7:02 PM, Michael Watters < ... at watters dot ws> wrote:

Well they might have a revolver with fewer bullets in it than Fedora,
just because ostensibly they're farther behind upstream.

The question is whether any Fedora testing depends on single user boot
(single, rescue.target, emergency.target), which with the proposed
feature to disable root, will render single user boot something of a
brick wall with a root login.

Re: F28 System Wide Change: Reduce Initial Setup Redundancy

By Zbigniew =?utf-... at 12/05/2017 - 03:28

On Mon, Dec 04, 2017 at 06:03:42PM -0600, Michael Catanzaro wrote:
This has been under discussion for a while [at least 1,2,3].
We currently only allow root to log in emergency or rescue mode,
following what sysvinit systems did traditionally. We simply call
sulogin, and that's the only thing it allows. I'd like to see this
changed to allow either
a) any user to log in, or
b) only users from a specific group like wheel.
Option b) would possibly be more palatable to some people but would
allow additional support in the login programs and/or pam configuration.
So yeah, it's something that should be fixed, but it's not as trivial
as it would seem at first.

[1] <a href="https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=802211#31" title="https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=802211#31">https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=802211#31</a>
[2] <a href="https://github.com/systemd/systemd/issues/7115" title="https://github.com/systemd/systemd/issues/7115">https://github.com/systemd/systemd/issues/7115</a>
[3] <a href="https://github.com/systemd/systemd/pull/7116" title="https://github.com/systemd/systemd/pull/7116">https://github.com/systemd/systemd/pull/7116</a>

Zbyszek

Re: F28 System Wide Change: Reduce Initial Setup Redundancy

By Matthew Miller at 12/05/2017 - 17:27

On Tue, Dec 05, 2017 at 07:28:54AM +0000, Zbigniew Jędrzejewski-Szmek wrote:

This is probably one of those phrases that should never be uttered
aloud, but... "Hey, that's not very complicated PAM configuration."

Re: F28 System Wide Change: Reduce Initial Setup Redundancy

By Dominik 'Rathan... at 12/05/2017 - 09:30

On Tuesday, 05 December 2017 at 08:28, Zbigniew Jędrzejewski-Szmek wrote:
[...]
Then why disable root at all? What if there are no local user accounts,
only via a directory service and network is down? This change is clearly
not well thought-out. If anything, the redundancy should be reduced on
the GNOME side, not anaconda side, as removing stuff from anaconda
forces alternative desktop environments to reimplement what GNOME does.

Regards,
Dominik

Re: F28 System Wide Change: Reduce Initial Setup Redundancy

By Michael Catanzaro at 12/05/2017 - 11:12

On 12/05/2017 07:30 AM, Dominik 'Rathann' Mierzejewski wrote:
We've spend a fair amount of time discussing this change for the past
two years (including just a few months ago on this list), so I don't
think it's fair to say it is not well thought-out. Setting up such an
environment requires significant custom configuration. If you know how
to enable a directory service for logins, which is not supported by any
graphical tools, then you surely know how to set a root password using
passwd. The default Workstation configuration is not relevant in this
scenario for that reason alone. Also consider that computers in such an
environment are probably installed via kickstart or netinstall anyway,
which are unaffected by this change, or at least by a system
administrator who can set a root password if desired. Not by end users.

The default install in Fedora Workstation should be optimized for a
single, local, administrator user. Having a separate root account
enabled is not useful and only leads to confusion. Users do not
understand the difference between their administrator password and their
separate root password. Prompting users to set two different passwords
at install time is confusing and problematic.

Michael

Re: F28 System Wide Change: Reduce Initial Setup Redundancy

By Chris Murphy at 12/05/2017 - 19:14

On Tue, Dec 5, 2017 at 8:12 AM, Michael Catanzaro < ... at gnome dot org> wrote:

I agree with all of this. But there is that nitpicky "what if" that
becomes problematic.

At the moment I'm finding the enforcement of root login in systemd to
be kinda specious because literally anyone trying to compromise a
system they have physical access to, can do this trivially. You can
rd.break=pre-mount and you're dumped to a prompt with root access. You
can likewise do the same with init=/bin/bash. So?? What's the security
advantage of rescue and emergency targets putting up a login at all?

I do keep root user enabled on my laptop but I think that's
antiquated, I usually use 'sudo -i' rather than literally logging in
as root user. On my Fedora Server, root user is locked (/etc/shadow
passphrase is !). So my only concern is the single user startup
scenario where systemd enforces a root login for reasons that I'm
uncertain about.

Re: F28 System Wide Change: Reduce Initial Setup Redundancy

By Zbigniew =?utf-... at 12/06/2017 - 03:58

On Tue, Dec 05, 2017 at 04:14:54PM -0700, Chris Murphy wrote:
To achieve some semblance of security, bios and bootloader have to be
protected — this is well understood and documented and some percentage
of our users do this. From inside of the system we cannot know if such
steps were taken, so we have no choice but to assume that the machine
was set up properly and do our part.

Please note that there _are_ systems which are suitably protected
despite users having physical access: any machine in an university lab,
various kiosks, etc.

Another scenario where the root password matters is if you have a
fully encrypted system. The system might enter emergency mode _after_
the root password has been entered, for example as a result of fsck.

Status quo is to require authentication. The way to disabling the root
password check would be to consider various installation scenarios and
show that there's no additional exposure from disabling it. I'd love for
this to be true, because it can be a pain in the ass in the single-user
unprotected-laptop case, but as my examples above show, there are
nontrivial installation scenarios which would be broken so we cannot do
this.

OTOH, in the end, the (common) ability to "break" into the system from the
bootloader prompt actually means that the password protections are not
a big issue: if you have access in this way, this can be used to fix a
broken system.

Zbyszek

Re: F28 System Wide Change: Reduce Initial Setup Redundancy

By Tomasz Torcz at 12/05/2017 - 14:58

On Tue, Dec 05, 2017 at 09:12:41AM -0600, Michael Catanzaro wrote:
This is not really true. First boot certainly allowed to configure (in GUI)
access to directory services. It was hidden in a bit misleading “Enterprise
login” button, see for example this screenshot:

<a href="https://www.linuxtechi.com/wp-content/uploads/2016/11/User-enterprise-login-fedora25.jpg" title="https://www.linuxtechi.com/wp-content/uploads/2016/11/User-enterprise-login-fedora25.jpg">https://www.linuxtechi.com/wp-content/uploads/2016/11/User-enterprise-lo...</a>

Re: F28 System Wide Change: Reduce Initial Setup Redundancy

By Michael Catanzaro at 12/05/2017 - 16:45

On 12/05/2017 12:58 PM, Tomasz Torcz

Re: F28 System Wide Change: Reduce Initial Setup Redundancy

By R P Herrold at 12/04/2017 - 17:36

If this is a communication problem, why remove a password,
just remove the spoke?

Set _some_ DRP password, deterministically to an unguessible
value, and save that value in a well-named file on the root
volume

# umask 077
# date +%s > /root-passwd.txt ; ( head -n 1 /root-passwd.txt ; \
lvdisplay | grep -i UUID | rev | awk {'print $1'} | rev | \
sort | head -n 1 ) | md5sum >> /root-passwd.txt

... and set the root password to the value of the last line of
/root-passwd.txt

An interested user may:
1. note it for a rainy day

2. change it to taste and rm the file

A disinterested user may ignore it

A person to whom the user takes a 'sick box' can use recovery
media tool, loop moount a balky drive, and read the file to
note the credential, and then boot down into a recovery mode
with the needed credential

I really dislike adding a new 'secret way to crack into a box'
and the complexity it would add to systemd, and auditting the
same, a lot more than I dislike leaving a cleartext file with
a complex password.

And of course this does not come anywhere a secured grub
bootloader discussion, nor LUKS, and clevis and tang ;)

-- Russ herrold

Re: F28 System Wide Change: Reduce Initial Setup Redundancy

By Chris Murphy at 12/04/2017 - 19:37

On Mon, Dec 4, 2017 at 2:36 PM, R P Herrold < ... at owlriver dot com> wrote:
Sounds like a new secret and non-standard way to lock the root
account. Setting the root user's 2nd field in /etc/shadow to ! is a
well understood way of disabling the account.

Uhh yeah no way. That's like exposing /etc/shadow there except without
a hashed passphrase.