Holger Wansing <hwans...@mailbox.org> writes: > Hi, > > Am 2. März 2024 21:07:34 MEZ schrieb Philip Hands <p...@hands.com>: >> >>This sentence is the thing that prompted me to change things in the >>first place, because it is not true. One does not _need_ to set a root >>password. > > It should be understood as > "If you want to enable login as root, you have to set a root password now." > > And in expert mode it is in fact working this way: > At first, you are asked if you want to enable login as root. If you answer > yes > here, you are prompted to set a root password. > And at that point it is indeed required to set a root password, since you > chose to enable root login in the first question and the installer does not > allow an empty password for root. > > To make it work in default install, we could change the question as > in above citation. > >>I don't actually care very much whether we encourage sudo use. My >>wording ended up (after many variations) quite strongly encouraging it >>mostly as an antidote to the implication that comes from having a >>question dedicated to setting the root password, but I'd be happy with >>any wording that makes sure that people understand that both options are >>totally fine. > > The sudo possibility is also mentioned: > > 'The root user should not have an empty password. If you leave this > empty, the root account will be disabled and the system's initial user > account will be given the power to become root using the "sudo" > command.' > > I have rephrased that a bit, see below. > >>The other thing that I was trying to ensure is that people are reassured >>that they'll get to specify a password that will get them root access even if >>they decide to leave the root password unset. This is because I've seen >>people become quite uncertain about what to expect at this point in the >>install. >> >>I've found that it is not easy to come up with things that include much >>nuance about this, while still fitting in the space available, which is >>why I decided to try a more opinionated approach. >> >>One could soften what I wrote by replacing "generally recommended" with >>something like "often appropriate" -- how does that seem to people? > > Your proposal too much focusses on the sudo way IMO. > We risk getting complains from people, who miss advise regarding the > enabled root login. > > I have rephrased the dialog a bit, to make the sudo way more visible and > better understandable. > >>One can of course tinker with this stuff indefinitely. I actually spent >>a fair amount of time wondering how best to describe not setting a root >>password for instance -- should one say "leave the password unset", "set >>an empty password", "enter no password", or something like "just hit >><RETURN>"? (and does that last one actually apply to all the available >>UIs?). >> >>The same goes for how you say that the password is not going to get >>shown (unless you ask for it to be shown), which in the GTK UI gets >>characters replaced with dots, IIRC in the text UI its with asterisks, >>and I'd guess it just gets completely hidden in the speech install. > > I think that's not much of a problem. People are used to the situation, > that passwords are not shown, but replaced by asterisks or similar. > And we have the checkbox for showing it in clear text, that should be > enough. > > > Updated patch attached. > > > Holger > > > > diff --git a/debian/user-setup-udeb.templates > b/debian/user-setup-udeb.templates > index cdb6d78..7393511 100644 > --- a/debian/user-setup-udeb.templates > +++ b/debian/user-setup-udeb.templates > @@ -34,21 +34,19 @@ Template: passwd/root-password > Type: password > # :sl1: > _Description: Root password: > - You need to set a password for 'root', the system administrative > - account. A malicious or unqualified user with root access can have > + If you want to allow login as root, you need to set a password for 'root', > + the system administrative account now. > + A malicious or unqualified user with root access can have > disastrous results, so you should take care to choose a root password > - that is not easy to guess. It should not be a word found in dictionaries, > - or a word that could be easily associated with you. > + that cannot be guessed. It should not be a word found in dictionaries, > + or something that could be easily associated with you. > . > - A good password will contain a mixture of letters, numbers and punctuation > - and should be changed at regular intervals. > + You can also leave the password for root empty here, to disable the root > + account; the system's initial user account (which will be set up in the next > + step) will then be given the power to become root using the "sudo" command. > . > - The root user should not have an empty password. If you leave this > - empty, the root account will be disabled and the system's initial user > - account will be given the power to become root using the "sudo" > - command. > - . > - Note that you will not be able to see the password as you type it. > + Note that you will not be able to see the password as you type it (except if > + you choose to show it in clear text). > > Template: passwd/root-password-again > Type: password > @@ -110,8 +108,7 @@ Template: passwd/user-password > Type: password > # :sl1: > _Description: Choose a password for the new user: > - A good password will contain a mixture of letters, numbers and punctuation > - and should be changed at regular intervals. > + Make sure to select a strong password, that cannot be guessed. > > Template: passwd/user-password-again > Type: password
I found that there were some phrases that I was avoiding for various
reasons, a couple of which I see you've used, so I'll say why I was avoiding
them and see if I have a persuasive argument for doing so.
"allow/deny login/access as root":
The problem here is that not having a password for root only prevents
one from getting direct access to root by using a password. Indirect
access is still available via sudo, and direct access is still
available via key bassed ssh. I was also avoiding saying things like
"disable the root account" for the same reason.
This is why I ended up with the phrasing:
direct password-based logins to 'root'.
"using the 'sudo' command":
This I was avoiding becuase it might give the impression that one MUST
use sudo, whereas most people will actually get their root acces via a
GUI prompting them for their own pasword (because it's checked that
they're in the sudo group) when doing things like unlocking their
network or printer settings. I thought it was worth mentining the
'sudo' group explicitly because that gives something to search for if
they want to find out more, but telling people they need to use the
sudo command seemed like a step too far.
Regarding the password advice, I ended up concluding that it's pretty
unlikely that anything we say at this point will have any effect on
people's behaviour, but then I'm probably just an old cynic. Also, I
failed when trying to come up with a wording which I was happy with,
which is why I ended up discarding the advice entirely.
If we want to keep the password advice in then I think what you wrote is
(mostly) OK, although I think it implies that one should be choosing a
single "password" (although, not a word in any normal sense), which
could be argued to steer people away from the perfectly decent xkcd
approach of using several dictionary words. Saying "Password or
Passphrase" at least once would probably address that.
Cheers, Phil.
--
Philip Hands -- https://hands.com/~phil
signature.asc
Description: PGP signature
