low-hanging fruit

Jon Nettleton jon.nettleton at gmail.com
Mon Aug 20 16:13:02 UTC 2007 

On 8/20/07, Jeremy Katz <katzj at redhat.com> wrote:
>
> On Sat, 2007-08-18 at 12:14 -0400, Ray Strode wrote:
> > > I would prefer to just disable the root login in gdm.
> > It makes sense to do outside of the desktop livecd spin, too.  Root
> > login has never really worked right.  For instance, you can't lock your
> > screen.
> >
> > Anyway, building a gdm package into koji now to disable it.
>
> So if we're going to do this, we also should think a bit about the path
> how users get created to ensure that people don't end up in a situation
> where they've installed and only have a root account but end up at gdm.
>
> 1) No user got created in firstboot.  We tell you that you should and we
> say "are you sure you want to" if you don't, but it's still quite easy
> not to
> 2) User gets text-mode firstboot (which doesn't ask you to create a
> user).  This should only happen if a) you boot into runlevel 3 because
> of your install b) text mode installs might still imply text mode
> firstboot c) any other cases?
> 3) firstboot crashed.  Simple answer, firstboot shouldn't crash :-)  But
> maybe not that simple.
> 4) You set up network logins, but your network isn't working/you're
> using NetworkManager.  Also maybe a "don't do this" type of thing.
>
> The first two are the ones that worry me the most.  And I guess the
> third, too.  We could be more certain that a user went through and was
> presented the "create a user" bit if we moved the user creation (back)
> into anaconda.
>
> That doesn't fix the "I chose not to create a user" case, though.  So
> the bigger thing is how do we make it mandatory while still having
> things moderately reasonable for the users who choose to set up some
> form of network login[1].  Maybe we just punt and say if you're doing
> network login only, you're probably using kickstart?  And I guess
> there's nothing which says you can't delete the user after you set up
> your network login stuff.


What if instead of disabling the root account in gdm, we change root's
default session.  Rather than a feature complete gnome-session, we actually
run a fullscreen interface much like firstboot that gives access to common
administrator functionality,  Setup Network, Add Users, Display config, etc
etc.  Maybe give access to a terminal as well.

Hopefully, this would discourage normal users from just using root, but will
give a fall back gui to do super user tasks.

Jon
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/fedora-desktop-list/attachments/20070820/da1890a0/attachment.htm>

More information about the Fedora-desktop-list mailing list