Bug 869675

Summary: RFE: Anaconda should warn user when disabling root account in certain situations
Product: [Fedora] Fedora Reporter: Ladislav Jozsa <ljozsa>
Component: anacondaAssignee: David Cantrell <dcantrell>
Status: CLOSED CURRENTRELEASE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 18CC: awilliam, g.kaviyarasu, jonathan, mbanas, reklov, vanmeeuwen+fedora
Target Milestone: ---Keywords: Reopened
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard: AcceptedNTH
Fixed In Version: anaconda-18.15-1 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2012-11-07 16:39:47 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 752664    

Description Ladislav Jozsa 2012-10-24 14:29:43 UTC 
When disabling root password during Minimal installation, the user effectively cuts itself from normal login to the system after the installation finishes. Anaconda should at least warn (if not forbid) that user won't be able to login.

The same applies for default installation, if add user dialog in firstboot screen is skipped.
Comment 1 Chris Lumens 2012-10-24 14:33:02 UTC 
You must be looking at an old tree.  As of anaconda-18.15, a root password is required.  See also bug 859069.
Comment 2 Ladislav Jozsa 2012-10-24 14:40:55 UTC 
I'm actually testing recent F18b TC6 (anaconda 18.19) where as you said root password is required but if you don't set any, anaconda will gracefully accept that. Then it tells user that root account is disabled.
Comment 3 Chris Lumens 2012-10-24 14:46:02 UTC 
Note that I really don't think there's a good way to tell people this sort of thing.  They're just going to skip right over the dialog, and we are not interested in displaying lots of pop ups.  So, the root password should just be required like the bug says it is.
Comment 4 Ladislav Jozsa 2012-10-24 14:59:32 UTC 
OK, I agree with you. It's perfectly OK for me to fix anaconda in the way you describe it.
Comment 5 Adam Williamson 2012-10-26 05:48:39 UTC 
at which we point we're effectively back to oldui behaviour and the whole 'root account locked by default' thing has been thoroughly defenestrated, right?

I don't mind that, at all, but it all seems to be a bit piecemeal.
Comment 6 Volker Sobek 2012-10-26 23:42:23 UTC 
(In reply to comment #5)
> at which we point we're effectively back to oldui behaviour and the whole
> 'root account locked by default' thing has been thoroughly defenestrated,
> right?

I think the point here is to require a root password *only* if the software selection you have chosen will leave you without firstboot after reboot. A root password would not be required if you chose a DE.
Comment 7 Jesse Keating 2012-10-29 23:08:10 UTC 
If we're going to make another change to the behaviour, we should do this before the beta.  Proposing as NTH.
Comment 8 Adam Williamson 2012-10-29 23:33:17 UTC 
volker: ah, yeah. That seems reasonable. IIRC we saw problems with the 'positive' case - where we try to detect when firstboot *will* run, and not require you to enter a password in that case - but I don't see a problem with the 'negative' case, where we force you to enter a password when we think firstboot *won't* run. Off the top of my head I can't envisage a case where firstboot won't be present but the admin would want to not enter a root password.
Comment 9 Adam Williamson 2012-10-29 23:35:03 UTC 
For NTH this is a bit tricky as it's sensitive behaviour but it's hard to see how adding a test that forces you to enter a root password could be catastrophic. The worst way I can see for it to go wrong which we wouldn't immediately catch is if, in some case, it forces you to create a root password when you don't really need one. But that would not be a disaster. It's nowhere near as bad as *not* forcing you to create a root password when you *do* really need one.

So I'm a light +1 NTH on this, as it should improve the 'safety' of the minimal case and I can't see how it can really negatively affect any other case. Even the worst case scenario isn't terrible here.
Comment 10 Adam Williamson 2012-10-31 18:47:52 UTC 
Discussed at 2012-10-31 NTH review meeting: http://meetbot.fedoraproject.org/fedora-qa/2012-10-31/f18beta-blocker-review-6.2012-10-31-16.00.log.txt .

Note that the proposed fix for this is not as Volker suggested in comment #6 and I elaborated in comment #8. The proposed fix is simply to go back to requiring a root password to be set on all installs.

This was accepted as NTH. The agreement is that anaconda team has effectively decided 'look, there's all sorts of landmines with this whole idea of not requiring a root password any more, so let's wave the white flag, go back to the pre-F18 behaviour of always requiring a root password to be set, and stop fiddling with it'.

We think that's a sensible and safe decision, and if it's going to be done that way, it should be implemented for the Beta release, not between Beta and Final. So the change is accepted as NTH.
Comment 11 Fedora Update System 2012-11-01 02:51:17 UTC 
anaconda-18.22-1.fc18 has been submitted as an update for Fedora 18.
https://admin.fedoraproject.org/updates/anaconda-18.22-1.fc18
Comment 12 Fedora Update System 2012-11-01 18:26:50 UTC 
Package anaconda-18.22-1.fc18:
* should fix your issue,
* was pushed to the Fedora 18 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing anaconda-18.22-1.fc18'
as soon as you are able to.
Please go to the following url:
https://admin.fedoraproject.org/updates/FEDORA-2012-17432/anaconda-18.22-1.fc18
then log in and leave karma (feedback).
Comment 13 Fedora Update System 2012-11-02 04:05:46 UTC 
anaconda-18.23-1.fc18 has been submitted as an update for Fedora 18.
https://admin.fedoraproject.org/updates/anaconda-18.23-1.fc18
Comment 14 Fedora Update System 2012-11-03 01:05:13 UTC 
anaconda-18.24-1.fc18 has been submitted as an update for Fedora 18.
https://admin.fedoraproject.org/updates/anaconda-18.24-1.fc18
Comment 15 Fedora Update System 2012-11-06 01:40:23 UTC 
anaconda-18.25-1.fc18 has been submitted as an update for Fedora 18.
https://admin.fedoraproject.org/updates/anaconda-18.25-1.fc18
Comment 16 Ladislav Jozsa 2012-11-06 09:58:47 UTC 
Verified on F18b-TC7, anaconda 18.24. The root password must be set. An attempt to enter empty root password, effectively disabling it now fails.
Comment 17 Fedora Update System 2012-11-06 18:51:11 UTC 
Package anaconda-18.25-1.fc18:
* should fix your issue,
* was pushed to the Fedora 18 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing anaconda-18.25-1.fc18'
as soon as you are able to.
Please go to the following url:
https://admin.fedoraproject.org/updates/FEDORA-2012-17691/anaconda-18.25-1.fc18
then log in and leave karma (feedback).
Comment 18 Fedora Update System 2012-11-07 02:12:22 UTC 
anaconda-18.26-1.fc18 has been submitted as an update for Fedora 18.
https://admin.fedoraproject.org/updates/anaconda-18.26-1.fc18