Hi Chris, On Fri, 2010-11-19 at 14:33 +0000, clumens@xxxxxxxxxx wrote: > > Root Password > > ============= > > - It will warn you after you hit Next if your password fails for various > > reasons (length, strength, type of characters, etc.). We could do that as > > you type as well. That already exists in firstboot so doing it in anaconda > > is consistent. > > - This screen is also a whole lot of grey and is just asking to be merged or > > killed. > > Okay, fine, I'll go ahead and suggest it. > > Why don't we remove this screen entirely? Lock the root account by > default, force creation of a new user, and set that user up with sudo > access. We can preserve the root password command in kickstart. That sounds great to me and I feel it's the right direction. My only worry is that currently the PolicyKit GUI prompts for the root password and it doesn't seem to recognize if an account has sudo access. A couple of scenarios: Scenario 1: =========== I install Fedora - I'm the first user and have sudo access. Some time passes, and I get an alert that there's security updates. PackageKit offers to update for me. I click to tell it to go ahead, and it asks me for the root password. This scenario isn't the end-of-the-world - I can go into a terminal, sudo su -, and set a password for root, but that's annoying, and not really obvious to a substantial number of users who are computer literate and maybe even savvy but relatively new to Linux and/or the command line. Scenario 2: =========== I've got Fedora set up and my uncle has an account on the machine. I'm in the living room watching the latest dancing with the stars, when my uncle calls me over. He's trying to install this awesome app he heard about - Inkscape - but the install window is asking him for the root password. Again, not the end-of-the-world, but annoying. My major problem with these two scenarios is that it's really hard for someone to use the computer in a useful manner without installing updates and/or installing new software, so it's pretty much guaranteed users are going to be prompted for the root password on the desktop at some point. That they need to know a magical incantation only possible via console or command line I think is a bit much. Ideas to solve this: ==================== - Can we talk to the policykit maintainer(s) to see if they would be willing to have policykit recognize sudo access and accept the password of users with sudo access for these dialogs? This is the ideal solution I think, because you can keep the root password unset, which I think might make the system maybe less vulnerable to attack. - If not, can we create some kind of GUI to set the root password so at least the PITA process to get one isn't command-line only? ~m _______________________________________________ Anaconda-devel-list mailing list Anaconda-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/anaconda-devel-list
