Bug 869675
Summary: | RFE: Anaconda should warn user when disabling root account in certain situations | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Ladislav Jozsa <ljozsa> |
Component: | anaconda | Assignee: | David Cantrell <dcantrell> |
Status: | CLOSED CURRENTRELEASE | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
Severity: | unspecified | Docs Contact: | |
Priority: | unspecified | ||
Version: | 18 | CC: | awilliam, g.kaviyarasu, jonathan, mbanas, reklov, vanmeeuwen+fedora |
Target Milestone: | --- | Keywords: | Reopened |
Target Release: | --- | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | AcceptedNTH | ||
Fixed In Version: | anaconda-18.15-1 | Doc Type: | Bug Fix |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2012-11-07 16:39:47 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | |||
Bug Blocks: | 752664 |
Description
Ladislav Jozsa
2012-10-24 14:29:43 UTC
You must be looking at an old tree. As of anaconda-18.15, a root password is required. See also bug 859069. I'm actually testing recent F18b TC6 (anaconda 18.19) where as you said root password is required but if you don't set any, anaconda will gracefully accept that. Then it tells user that root account is disabled. Note that I really don't think there's a good way to tell people this sort of thing. They're just going to skip right over the dialog, and we are not interested in displaying lots of pop ups. So, the root password should just be required like the bug says it is. OK, I agree with you. It's perfectly OK for me to fix anaconda in the way you describe it. at which we point we're effectively back to oldui behaviour and the whole 'root account locked by default' thing has been thoroughly defenestrated, right? I don't mind that, at all, but it all seems to be a bit piecemeal. (In reply to comment #5) > at which we point we're effectively back to oldui behaviour and the whole > 'root account locked by default' thing has been thoroughly defenestrated, > right? I think the point here is to require a root password *only* if the software selection you have chosen will leave you without firstboot after reboot. A root password would not be required if you chose a DE. If we're going to make another change to the behaviour, we should do this before the beta. Proposing as NTH. volker: ah, yeah. That seems reasonable. IIRC we saw problems with the 'positive' case - where we try to detect when firstboot *will* run, and not require you to enter a password in that case - but I don't see a problem with the 'negative' case, where we force you to enter a password when we think firstboot *won't* run. Off the top of my head I can't envisage a case where firstboot won't be present but the admin would want to not enter a root password. For NTH this is a bit tricky as it's sensitive behaviour but it's hard to see how adding a test that forces you to enter a root password could be catastrophic. The worst way I can see for it to go wrong which we wouldn't immediately catch is if, in some case, it forces you to create a root password when you don't really need one. But that would not be a disaster. It's nowhere near as bad as *not* forcing you to create a root password when you *do* really need one. So I'm a light +1 NTH on this, as it should improve the 'safety' of the minimal case and I can't see how it can really negatively affect any other case. Even the worst case scenario isn't terrible here. Discussed at 2012-10-31 NTH review meeting: http://meetbot.fedoraproject.org/fedora-qa/2012-10-31/f18beta-blocker-review-6.2012-10-31-16.00.log.txt . Note that the proposed fix for this is not as Volker suggested in comment #6 and I elaborated in comment #8. The proposed fix is simply to go back to requiring a root password to be set on all installs. This was accepted as NTH. The agreement is that anaconda team has effectively decided 'look, there's all sorts of landmines with this whole idea of not requiring a root password any more, so let's wave the white flag, go back to the pre-F18 behaviour of always requiring a root password to be set, and stop fiddling with it'. We think that's a sensible and safe decision, and if it's going to be done that way, it should be implemented for the Beta release, not between Beta and Final. So the change is accepted as NTH. anaconda-18.22-1.fc18 has been submitted as an update for Fedora 18. https://admin.fedoraproject.org/updates/anaconda-18.22-1.fc18 Package anaconda-18.22-1.fc18: * should fix your issue, * was pushed to the Fedora 18 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing anaconda-18.22-1.fc18' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2012-17432/anaconda-18.22-1.fc18 then log in and leave karma (feedback). anaconda-18.23-1.fc18 has been submitted as an update for Fedora 18. https://admin.fedoraproject.org/updates/anaconda-18.23-1.fc18 anaconda-18.24-1.fc18 has been submitted as an update for Fedora 18. https://admin.fedoraproject.org/updates/anaconda-18.24-1.fc18 anaconda-18.25-1.fc18 has been submitted as an update for Fedora 18. https://admin.fedoraproject.org/updates/anaconda-18.25-1.fc18 Verified on F18b-TC7, anaconda 18.24. The root password must be set. An attempt to enter empty root password, effectively disabling it now fails. Package anaconda-18.25-1.fc18: * should fix your issue, * was pushed to the Fedora 18 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing anaconda-18.25-1.fc18' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-2012-17691/anaconda-18.25-1.fc18 then log in and leave karma (feedback). anaconda-18.26-1.fc18 has been submitted as an update for Fedora 18. https://admin.fedoraproject.org/updates/anaconda-18.26-1.fc18 |