[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: User Experience improvements for Anaconda



Hi Chris,

On Fri, 2010-11-19 at 14:33 +0000, clumens redhat com wrote:
> > Root Password
> > =============
> > - It will warn you after you hit Next if your password fails for various
> >   reasons (length, strength, type of characters, etc.).  We could do that as
> >   you type as well.  That already exists in firstboot so doing it in anaconda
> >   is consistent.
> > - This screen is also a whole lot of grey and is just asking to be merged or
> >   killed.
> 
> Okay, fine, I'll go ahead and suggest it.
> 
> Why don't we remove this screen entirely?  Lock the root account by
> default, force creation of a new user, and set that user up with sudo
> access.  We can preserve the root password command in kickstart.

That sounds great to me and I feel it's the right direction. My only
worry is that currently the PolicyKit GUI prompts for the root password
and it doesn't seem to recognize if an account has sudo access. A couple
of scenarios:

Scenario 1:
===========
I install Fedora - I'm the first user and have sudo access. Some time
passes, and I get an alert that there's security updates. PackageKit
offers to update for me. I click to tell it to go ahead, and it asks me
for the root password.

This scenario isn't the end-of-the-world - I can go into a terminal,
sudo su -, and set a password for root, but that's annoying, and not
really obvious to a substantial number of users who are computer
literate and maybe even savvy but relatively new to Linux and/or the
command line. 

Scenario 2:
===========
I've got Fedora set up and my uncle has an account on the machine. I'm
in the living room watching the latest dancing with the stars, when my
uncle calls me over. He's trying to install this awesome app he heard
about - Inkscape - but the install window is asking him for the root
password. 

Again, not the end-of-the-world, but annoying.

My major problem with these two scenarios is that it's really hard for
someone to use the computer in a useful manner without installing
updates and/or installing new software, so it's pretty much guaranteed
users are going to be prompted for the root password on the desktop at
some point. That they need to know a magical incantation only possible
via console or command line I think is a bit much. 

Ideas to solve this:
====================

- Can we talk to the policykit maintainer(s) to see if they would be
willing to have policykit recognize sudo access and accept the password
of users with sudo access for these dialogs? This is the ideal solution
I think, because you can keep the root password unset, which I think
might make the system maybe less vulnerable to attack.

- If not, can we create some kind of GUI to set the root password so at
least the PITA process to get one isn't command-line only?

~m


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]