On Mon, 4 Dec 2017, Chris Murphy wrote:
> >> === Root Account ===
>>> group. We will remove the root password creation spoke.
>>> All Workstation installs will have no root password set by
>>> default, as in Ubuntu. Having a root password is not
>>> useful for nontechnical users, and it is confusing to ask
>>> users to create multiple passwords
If this is a communication problem, why remove a password,
just remove the spoke?
Set _some_ DRP password, deterministically to an unguessible
value, and save that value in a well-named file on the root
volume
# umask 077
# date +%s > /root-passwd.txt ; ( head -n 1 /root-passwd.txt ; \
lvdisplay | grep -i UUID | rev | awk {'print $1'} | rev | \
sort | head -n 1 ) | md5sum >> /root-passwd.txt
... and set the root password to the value of the last line of
/root-passwd.txt
An interested user may:
1. note it for a rainy day
2. change it to taste and rm the file
A disinterested user may ignore it
A person to whom the user takes a 'sick box' can use recovery
media tool, loop moount a balky drive, and read the file to
note the credential, and then boot down into a recovery mode
with the needed credential
> Also, for any kind of early boot troubleshooting even once a user is
> created, systemd emergency and rescue targets only accept root user
> login. If root user is disabled, it's impossible to do such early boot
> troubleshooting. So I think systemd needs a way to accept an admin
> user (wheel group) as an alternative login rather than only root.
I really dislike adding a new 'secret way to crack into a box'
and the complexity it would add to systemd, and auditting the
same, a lot more than I dislike leaving a cleartext file with
a complex password.
And of course this does not come anywhere a secured grub
bootloader discussion, nor LUKS, and clevis and tang ;)
-- Russ herrold
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
