--- Begin Message ---
Subject: |
Guix System installer does not set up passwords |
Date: |
Tue, 23 Apr 2019 18:05:12 +0200 |
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/26.2 (gnu/linux) |
Forwarding discussion from <https://issues.guix.info/issue/35341>.
I wrote:
> "pelzflorian (Florian Pelz)" <address@hidden> skribis:
>
> > I installed Guix System from a USB flash drive from the current git
> > master. The manual describes I should set up a password with passwd.
> > I think the installer should automate this, so users do not need to
> > know the passwd command.
>
> I think it’d be nice if the installer would initialize the user
> password, and also root’s password (which is empty by default).
>
> The obvious approach would be to add a dialog box in the installer and
> then set the ‘password’ field of each <user-account>, and also add a
> <user-account> for root itself with the ‘password’ field set.
>
> The problem with this approach is that password hashes would end
> world-readable in the store, so we would need to add warnings asking
> users to change passwords after logging in. Not great.
>
> Another option would be to have an activation snippet that runs when
> booting the newly installed system: if would check for a flag or
> something (it could check for uninitialized passwords), and if it
> determines it’s a first boot, open a dialog box asking for passwords.
> We’d need to add a “post-install” service in the OS config that would do
> just that.
>
> That would be the most robust approach, but it’s also a bit more work I
> guess. It’s also not so nice that users will see this extra service in
> their config.
>
> Thoughts?
To which Florian replied:
> Why can’t the installer just chroot into the new system and call
> passwd?
That makes a lot of sense, I feel silly for not thinking about it. :-)
(In fact, we don’t even have to chroot since we can directly use (gnu
build accounts) to write the shadow file in the right place.)
I’ll try to give it a spin if nobody beats me…
Ludo’.
--- End Message ---
--- Begin Message ---
Subject: |
Re: bug#35399: Guix System installer does not set up passwords |
Date: |
Thu, 25 Apr 2019 12:25:34 +0200 |
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/26.2 (gnu/linux) |
swedebugia <address@hidden> skribis:
> On 2019-04-25 00:51, Ludovic Courtès wrote:
>> Ludovic Courtès <address@hidden> skribis:
>>
>>>> Another option would be to have an activation snippet that runs when
>>>> booting the newly installed system: if would check for a flag or
>>>> something (it could check for uninitialized passwords), and if it
>>>> determines it’s a first boot, open a dialog box asking for passwords.
>>>> We’d need to add a “post-install” service in the OS config that would do
>>>> just that.
>>>>
>>>> That would be the most robust approach, but it’s also a bit more work I
>>>> guess. It’s also not so nice that users will see this extra service in
>>>> their config.
>>>>
>>>> Thoughts?
>>>
>>> To which Florian replied:
>>>
>>>> Why can’t the installer just chroot into the new system and call
>>>> passwd?
>>>
>>> That makes a lot of sense, I feel silly for not thinking about it. :-)
>>>
>>> (In fact, we don’t even have to chroot since we can directly use (gnu
>>> build accounts) to write the shadow file in the right place.)
>>
>> This is implemented by these commits:
>>
>> 91a7c4998f installer: Ask for the root account password.
>> 898677ed17 installer: Ask for user password and initialize /etc/shadow.
>>
>> I ran a full install and confirmed that it works as expected. You’re of
>> course welcome to try it out!
>>
>> I realized later that I forgot to add a password confirmation box. I
>> guess we should add one, right?
>
> Yes, that sounds like a good idea.
Done!
187122b902 installer: Ask for confirmation of the user passwords.
8f2b7e3cb4 installer: Ask for confirmation of the root password.
Ludo’.
--- End Message ---