Bug 461656 - Require creating a user for systems without network auth and without existing users
Require creating a user for systems without network auth and without existing...
Product: Fedora
Classification: Fedora
Component: firstboot (Show other bugs)
All Linux
medium Severity medium
: ---
: ---
Assigned To: Chris Lumens
Fedora Extras Quality Assurance
: 464026 (view as bug list)
Depends On:
  Show dependency treegraph
Reported: 2008-09-09 15:01 EDT by jmccann
Modified: 2015-01-14 18:21 EST (History)
4 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2008-09-09 18:23:13 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
patch (1.64 KB, patch)
2008-09-09 15:02 EDT, jmccann
no flags Details | Diff

  None (edit)
Description jmccann 2008-09-09 15:01:28 EDT
We'd like to be able to disable root logins from GDM.  However, this is difficult to do if it is possible to go through firstboot without creating a user.

So, I propose that we require creating a user unless a) there is already one uid above 500 on the system OR b) the user has configured authentication mechanisms.

Will attach a patch that seems to work from some light testing.
Comment 1 jmccann 2008-09-09 15:02:28 EDT
Created attachment 316239 [details]

Comment 2 Chris Lumens 2008-09-09 18:23:13 EDT
It seems to me that a simpler patch is to just check that self.admin.getFirstUnusedUid() > 500, since system users could also have the 65535 UID as well.  I've made this modification and pushed so it can be fixed in the next build of firstboot.  Thanks for the patch.
Comment 3 jmccann 2008-09-09 19:21:51 EDT
I thought about that but I don't think it is correct.  For example, in my case I have one user uid=730.  This is often the case when someone wants to keep uids in sync across multiple machines.  Maybe a corner case though.
Comment 4 Chris Lumens 2008-09-25 19:10:33 EDT
*** Bug 464026 has been marked as a duplicate of this bug. ***
Comment 5 Peter F. Patel-Schneider 2008-09-26 06:48:29 EDT
The corner case from William McCann is one the I am in, as I use my Fedora machine to interface with machines at work and it is convenient to have the UIDs line up.  It is possible, of course, to create a temporary ID in firstboot and later remove it, but it would be rather annoying.
Comment 6 Jesse Keating 2008-10-16 15:05:19 EDT
Setting release notes flag since this is a pretty visible (post beta) change, that people are going to notice.
Comment 7 Karsten Wade 2008-10-16 18:42:04 EDT
Thanks for the heads up; I happen to be doing the final XML conversion on the release notes (still) so am able to slip this one in after the content freeze.  The following snippet appears at the end of the section "Installation notes":

  <section id="Firstboot_requires_creation_of_non-root_user">
    <title>Firstboot requires creation of non-root user</title>
    <para>The <application>Firstboot</application> application requires
      the creation of a non-root user for the system.  This is to
      support <systemitem class="daemon">gdm</systemitem> no longer
      allowing the root user to log in to the graphical desktop.</para>
    <para>If a network authentication mechanism is chosen during
      installation <application>Firstboot</application> does not require
      creating a that does not use local user.</para>

Removing release notes flag.

Note You need to log in before you can comment on or make changes to this bug.