Bug 461656 - Require creating a user for systems without network auth and without existing users
Summary: Require creating a user for systems without network auth and without existing...
Keywords:
Status: CLOSED RAWHIDE
Alias: None
Product: Fedora
Classification: Fedora
Component: firstboot
Version: rawhide
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Chris Lumens
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
: 464026 (view as bug list)
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2008-09-09 19:01 UTC by jmccann
Modified: 2015-01-14 23:21 UTC (History)
4 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2008-09-09 22:23:13 UTC
Type: ---
Embargoed:

Attachments (Terms of Use)
patch (1.64 KB, patch)
2008-09-09 19:02 UTC, jmccann 		no flags Details | Diff
View All

Description jmccann 2008-09-09 19:01:28 UTC 
We'd like to be able to disable root logins from GDM.  However, this is difficult to do if it is possible to go through firstboot without creating a user.

So, I propose that we require creating a user unless a) there is already one uid above 500 on the system OR b) the user has configured authentication mechanisms.

Will attach a patch that seems to work from some light testing.
Comment 1 jmccann 2008-09-09 19:02:28 UTC 
Created attachment 316239 [details]
patch

Thoughts?
Comment 2 Chris Lumens 2008-09-09 22:23:13 UTC 
It seems to me that a simpler patch is to just check that self.admin.getFirstUnusedUid() > 500, since system users could also have the 65535 UID as well.  I've made this modification and pushed so it can be fixed in the next build of firstboot.  Thanks for the patch.
Comment 3 jmccann 2008-09-09 23:21:51 UTC 
I thought about that but I don't think it is correct.  For example, in my case I have one user uid=730.  This is often the case when someone wants to keep uids in sync across multiple machines.  Maybe a corner case though.
Comment 4 Chris Lumens 2008-09-25 23:10:33 UTC 
*** Bug 464026 has been marked as a duplicate of this bug. ***
Comment 5 Peter F. Patel-Schneider 2008-09-26 10:48:29 UTC 
The corner case from William McCann is one the I am in, as I use my Fedora machine to interface with machines at work and it is convenient to have the UIDs line up.  It is possible, of course, to create a temporary ID in firstboot and later remove it, but it would be rather annoying.
Comment 6 Jesse Keating 2008-10-16 19:05:19 UTC 
Setting release notes flag since this is a pretty visible (post beta) change, that people are going to notice.
Comment 7 Karsten Wade 2008-10-16 22:42:04 UTC 
Thanks for the heads up; I happen to be doing the final XML conversion on the release notes (still) so am able to slip this one in after the content freeze.  The following snippet appears at the end of the section "Installation notes":

  <section id="Firstboot_requires_creation_of_non-root_user">
    <title>Firstboot requires creation of non-root user</title>
    <para>The <application>Firstboot</application> application requires
      the creation of a non-root user for the system.  This is to
      support <systemitem class="daemon">gdm</systemitem> no longer
      allowing the root user to log in to the graphical desktop.</para>
    <para>If a network authentication mechanism is chosen during
      installation <application>Firstboot</application> does not require
      creating a that does not use local user.</para>
  </section>

Removing release notes flag.
Note You need to log in before you can comment on or make changes to this bug.