low-hanging fruit
Jon Nettleton
jon.nettleton at gmail.com
Mon Aug 20 16:13:02 UTC 2007
On 8/20/07, Jeremy Katz <katzj at redhat.com> wrote:
>
> On Sat, 2007-08-18 at 12:14 -0400, Ray Strode wrote:
> > > I would prefer to just disable the root login in gdm.
> > It makes sense to do outside of the desktop livecd spin, too. Root
> > login has never really worked right. For instance, you can't lock your
> > screen.
> >
> > Anyway, building a gdm package into koji now to disable it.
>
> So if we're going to do this, we also should think a bit about the path
> how users get created to ensure that people don't end up in a situation
> where they've installed and only have a root account but end up at gdm.
>
> 1) No user got created in firstboot. We tell you that you should and we
> say "are you sure you want to" if you don't, but it's still quite easy
> not to
> 2) User gets text-mode firstboot (which doesn't ask you to create a
> user). This should only happen if a) you boot into runlevel 3 because
> of your install b) text mode installs might still imply text mode
> firstboot c) any other cases?
> 3) firstboot crashed. Simple answer, firstboot shouldn't crash :-) But
> maybe not that simple.
> 4) You set up network logins, but your network isn't working/you're
> using NetworkManager. Also maybe a "don't do this" type of thing.
>
> The first two are the ones that worry me the most. And I guess the
> third, too. We could be more certain that a user went through and was
> presented the "create a user" bit if we moved the user creation (back)
> into anaconda.
>
> That doesn't fix the "I chose not to create a user" case, though. So
> the bigger thing is how do we make it mandatory while still having
> things moderately reasonable for the users who choose to set up some
> form of network login[1]. Maybe we just punt and say if you're doing
> network login only, you're probably using kickstart? And I guess
> there's nothing which says you can't delete the user after you set up
> your network login stuff.
What if instead of disabling the root account in gdm, we change root's
default session. Rather than a feature complete gnome-session, we actually
run a fullscreen interface much like firstboot that gives access to common
administrator functionality, Setup Network, Add Users, Display config, etc
etc. Maybe give access to a terminal as well.
Hopefully, this would discourage normal users from just using root, but will
give a fall back gui to do super user tasks.
Jon
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/fedora-desktop-list/attachments/20070820/da1890a0/attachment.htm>
More information about the Fedora-desktop-list
mailing list