* bug#35399: Guix System installer does not set up passwords
@ 2019-04-23 16:05 Ludovic Courtès
2019-04-24 22:51 ` Ludovic Courtès
0 siblings, 1 reply; 4+ messages in thread
From: Ludovic Courtès @ 2019-04-23 16:05 UTC (permalink / raw)
To: 35399
Forwarding discussion from <https://issues.guix.info/issue/35341>.
I wrote:
> "pelzflorian (Florian Pelz)" <pelzflorian@pelzflorian.de> skribis:
>
> > I installed Guix System from a USB flash drive from the current git
> > master. The manual describes I should set up a password with passwd.
> > I think the installer should automate this, so users do not need to
> > know the passwd command.
>
> I think it’d be nice if the installer would initialize the user
> password, and also root’s password (which is empty by default).
>
> The obvious approach would be to add a dialog box in the installer and
> then set the ‘password’ field of each <user-account>, and also add a
> <user-account> for root itself with the ‘password’ field set.
>
> The problem with this approach is that password hashes would end
> world-readable in the store, so we would need to add warnings asking
> users to change passwords after logging in. Not great.
>
> Another option would be to have an activation snippet that runs when
> booting the newly installed system: if would check for a flag or
> something (it could check for uninitialized passwords), and if it
> determines it’s a first boot, open a dialog box asking for passwords.
> We’d need to add a “post-install” service in the OS config that would do
> just that.
>
> That would be the most robust approach, but it’s also a bit more work I
> guess. It’s also not so nice that users will see this extra service in
> their config.
>
> Thoughts?
To which Florian replied:
> Why can’t the installer just chroot into the new system and call
> passwd?
That makes a lot of sense, I feel silly for not thinking about it. :-)
(In fact, we don’t even have to chroot since we can directly use (gnu
build accounts) to write the shadow file in the right place.)
I’ll try to give it a spin if nobody beats me…
Ludo’.
^ permalink raw reply [flat|nested] 4+ messages in thread
* bug#35399: Guix System installer does not set up passwords
2019-04-23 16:05 bug#35399: Guix System installer does not set up passwords Ludovic Courtès
@ 2019-04-24 22:51 ` Ludovic Courtès
2019-04-25 7:44 ` swedebugia
0 siblings, 1 reply; 4+ messages in thread
From: Ludovic Courtès @ 2019-04-24 22:51 UTC (permalink / raw)
To: 35399
Ludovic Courtès <ludo@gnu.org> skribis:
>> Another option would be to have an activation snippet that runs when
>> booting the newly installed system: if would check for a flag or
>> something (it could check for uninitialized passwords), and if it
>> determines it’s a first boot, open a dialog box asking for passwords.
>> We’d need to add a “post-install” service in the OS config that would do
>> just that.
>>
>> That would be the most robust approach, but it’s also a bit more work I
>> guess. It’s also not so nice that users will see this extra service in
>> their config.
>>
>> Thoughts?
>
> To which Florian replied:
>
>> Why can’t the installer just chroot into the new system and call
>> passwd?
>
> That makes a lot of sense, I feel silly for not thinking about it. :-)
>
> (In fact, we don’t even have to chroot since we can directly use (gnu
> build accounts) to write the shadow file in the right place.)
This is implemented by these commits:
91a7c4998f installer: Ask for the root account password.
898677ed17 installer: Ask for user password and initialize /etc/shadow.
I ran a full install and confirmed that it works as expected. You’re of
course welcome to try it out!
I realized later that I forgot to add a password confirmation box. I
guess we should add one, right?
Thanks,
Ludo’.
^ permalink raw reply [flat|nested] 4+ messages in thread
* bug#35399: Guix System installer does not set up passwords
2019-04-24 22:51 ` Ludovic Courtès
@ 2019-04-25 7:44 ` swedebugia
2019-04-25 10:25 ` Ludovic Courtès
0 siblings, 1 reply; 4+ messages in thread
From: swedebugia @ 2019-04-25 7:44 UTC (permalink / raw)
To: 35399
On 2019-04-25 00:51, Ludovic Courtès wrote:
> Ludovic Courtès <ludo@gnu.org> skribis:
>
>>> Another option would be to have an activation snippet that runs when
>>> booting the newly installed system: if would check for a flag or
>>> something (it could check for uninitialized passwords), and if it
>>> determines it’s a first boot, open a dialog box asking for passwords.
>>> We’d need to add a “post-install” service in the OS config that would do
>>> just that.
>>>
>>> That would be the most robust approach, but it’s also a bit more work I
>>> guess. It’s also not so nice that users will see this extra service in
>>> their config.
>>>
>>> Thoughts?
>>
>> To which Florian replied:
>>
>>> Why can’t the installer just chroot into the new system and call
>>> passwd?
>>
>> That makes a lot of sense, I feel silly for not thinking about it. :-)
>>
>> (In fact, we don’t even have to chroot since we can directly use (gnu
>> build accounts) to write the shadow file in the right place.)
>
> This is implemented by these commits:
>
> 91a7c4998f installer: Ask for the root account password.
> 898677ed17 installer: Ask for user password and initialize /etc/shadow.
>
> I ran a full install and confirmed that it works as expected. You’re of
> course welcome to try it out!
>
> I realized later that I forgot to add a password confirmation box. I
> guess we should add one, right?
Yes, that sounds like a good idea.
--
Cheers
Swedebugia
^ permalink raw reply [flat|nested] 4+ messages in thread
* bug#35399: Guix System installer does not set up passwords
2019-04-25 7:44 ` swedebugia
@ 2019-04-25 10:25 ` Ludovic Courtès
0 siblings, 0 replies; 4+ messages in thread
From: Ludovic Courtès @ 2019-04-25 10:25 UTC (permalink / raw)
To: swedebugia; +Cc: 35399-done
swedebugia <swedebugia@riseup.net> skribis:
> On 2019-04-25 00:51, Ludovic Courtès wrote:
>> Ludovic Courtès <ludo@gnu.org> skribis:
>>
>>>> Another option would be to have an activation snippet that runs when
>>>> booting the newly installed system: if would check for a flag or
>>>> something (it could check for uninitialized passwords), and if it
>>>> determines it’s a first boot, open a dialog box asking for passwords.
>>>> We’d need to add a “post-install” service in the OS config that would do
>>>> just that.
>>>>
>>>> That would be the most robust approach, but it’s also a bit more work I
>>>> guess. It’s also not so nice that users will see this extra service in
>>>> their config.
>>>>
>>>> Thoughts?
>>>
>>> To which Florian replied:
>>>
>>>> Why can’t the installer just chroot into the new system and call
>>>> passwd?
>>>
>>> That makes a lot of sense, I feel silly for not thinking about it. :-)
>>>
>>> (In fact, we don’t even have to chroot since we can directly use (gnu
>>> build accounts) to write the shadow file in the right place.)
>>
>> This is implemented by these commits:
>>
>> 91a7c4998f installer: Ask for the root account password.
>> 898677ed17 installer: Ask for user password and initialize /etc/shadow.
>>
>> I ran a full install and confirmed that it works as expected. You’re of
>> course welcome to try it out!
>>
>> I realized later that I forgot to add a password confirmation box. I
>> guess we should add one, right?
>
> Yes, that sounds like a good idea.
Done!
187122b902 installer: Ask for confirmation of the user passwords.
8f2b7e3cb4 installer: Ask for confirmation of the root password.
Ludo’.
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2019-04-25 10:26 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2019-04-23 16:05 bug#35399: Guix System installer does not set up passwords Ludovic Courtès
2019-04-24 22:51 ` Ludovic Courtès
2019-04-25 7:44 ` swedebugia
2019-04-25 10:25 ` Ludovic Courtès
Code repositories for project(s) associated with this external index
https://git.savannah.gnu.org/cgit/guix.git
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.