Package: util-linux Severity: normal The D-I team are just about to reword the root password prompt in a way that will likely lead to more people taking the chance to lock root and rely upon sudo from the initial user. This is something that's already possible, so this wording change is at most going to increase the popularity of this option.
At present, this results in sulogin becoming useless (unless one reconfigures it), because it prompts the user for a password that does not exist. This situation prompted this MR against user-setup (in D-I): https://salsa.debian.org/installer-team/user-setup/-/merge_requests/6 however it occurs to me that even if we adopt this, it does nothing to address existing installs. BTW That MR offers to configure things so that a locked root account will cause sulogin to fail open, dropping the user into a root shell without asking for a password. While thinking about this, it occurs to me that one might be able to add an option to sudo (-g perhaps) that would allow one to specify a group that should be treated as a proxy for root when root's password is locked. Then, if that option were specified, the users in the specified group ('sudo' on Debian) could be allowed to specify their password instead, and if the password were correct, be only then given root on the system. I guess one could either just check against all group members for a match, or add a prompt for the username too. This bug is therefore in two parts: 1) ask users how they want this configured, if they have a locked root account, and have not been asked about it yet. 2) implement the mentioned -g option, or come up with some other way of enabling the user to login during a single/emergency boot, without simply dropping the user straight into a root shell. Cheers, Phil.
