GNU bug report logs - #35399
Guix System installer does not set up passwords

Previous Next

Package: guix;

Reported by: Ludovic Courtès <ludo <at> gnu.org>

Date: Tue, 23 Apr 2019 16:06:02 UTC

Severity: important

Done: Ludovic Courtès <ludo <at> gnu.org>

Bug is archived. No further changes may be made.

Full log

View this message in rfc822 format

From: Ludovic Courtès <ludo <at> gnu.org>
To: 35399 <at> debbugs.gnu.org
Subject: bug#35399: Guix System installer does not set up passwords
Date: Tue, 23 Apr 2019 18:05:12 +0200

Forwarding discussion from <https://issues.guix.info/issue/35341>.

I wrote:

> "pelzflorian (Florian Pelz)" <pelzflorian <at> pelzflorian.de> skribis:
> 
> > I installed Guix System from a USB flash drive from the current git
> > master.  The manual describes I should set up a password with passwd.
> > I think the installer should automate this, so users do not need to
> > know the passwd command.
> 
> I think it’d be nice if the installer would initialize the user
> password, and also root’s password (which is empty by default).
> 
> The obvious approach would be to add a dialog box in the installer and
> then set the ‘password’ field of each <user-account>, and also add a
> <user-account> for root itself with the ‘password’ field set.
> 
> The problem with this approach is that password hashes would end
> world-readable in the store, so we would need to add warnings asking
> users to change passwords after logging in.  Not great.
> 
> Another option would be to have an activation snippet that runs when
> booting the newly installed system: if would check for a flag or
> something (it could check for uninitialized passwords), and if it
> determines it’s a first boot, open a dialog box asking for passwords.
> We’d need to add a “post-install” service in the OS config that would do
> just that.
> 
> That would be the most robust approach, but it’s also a bit more work I
> guess.  It’s also not so nice that users will see this extra service in
> their config.
> 
> Thoughts?

To which Florian replied:

> Why can’t the installer just chroot into the new system and call
> passwd?

That makes a lot of sense, I feel silly for not thinking about it.  :-)

(In fact, we don’t even have to chroot since we can directly use (gnu
build accounts) to write the shadow file in the right place.)

I’ll try to give it a spin if nobody beats me…

Ludo’.
This bug report was last modified 6 years and 26 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.