Here is a patch that adds a debconf question. I haven't yet been able to test the patch, but it seems striaghtforward.
-- see shy jo
Index: user-setup-apply
===================================================================
--- user-setup-apply (revision 33314)
+++ user-setup-apply (working copy)
@@ -118,6 +118,23 @@
$log $chroot $ROOT adduser "$USER" $group >/dev/null
2>&1 || true
done
fi
+
+ db_get passwd/root-login
+ if [ "$RET" = false ] && [ -n "$USER" ]; then
+ # Ensure sudo is installed, and set up the user to be able
+ # to use it.
+ if [ ! -e $ROOT/etc/sudoers ]; then
+ # try to work in d-i and out; it's better to
+ # use apt-install in d-i
+ apt-install sudo 2>/dev/null || $log $chroot apt-get -q
-y install sudo || true
+ fi
+ if [ -e $ROOT/etc/sudoers ]; then
+ echo "$USER ALL=(ALL) ALL" >> $ROOT/etc/sudoers
+ else
+ # sudo failed to install, system won't be usable
+ exit 1
+ fi
+ fi
fi
exit 0
Index: debian/user-setup-udeb.templates
===================================================================
--- debian/user-setup-udeb.templates (revision 33306)
+++ debian/user-setup-udeb.templates (working copy)
@@ -16,6 +16,13 @@
Type: string
Description: For internal use only
+Template: passwd/root-login
+Type: boolean
+Default: true
+_Description: Allow login as root?
+ If you choose not to allow root to log in, then a user account will be
+ created and given the power to become root using the 'sudo' command.
+
Template: passwd/root-password
Type: password
_Description: Root password:
Index: debian/changelog
===================================================================
--- debian/changelog (revision 33314)
+++ debian/changelog (working copy)
@@ -14,8 +14,13 @@
[ Joey Hess ]
* Exit 10 on backup out of the program, to work properly with main-menu.
* Use -m flag of chpasswd rather than doing the md5 generation by hand.
+ * Add passwd/root-login question (asked at medium priority), currently
+ defaulting to true.
+ * If root-login is false, skip root password prompts, lock the root account,
+ always make a user account, install sudo, and configure /etc/sudoers to
+ allow the user to become root. Closes: #344873
- -- Joey Hess <[EMAIL PROTECTED]> Tue, 27 Dec 2005 00:59:50 -0500
+ -- Joey Hess <[EMAIL PROTECTED]> Wed, 28 Dec 2005 17:40:03 -0500
user-setup (0.03) unstable; urgency=low
Index: user-setup-ask
===================================================================
--- user-setup-ask (revision 33312)
+++ user-setup-ask (working copy)
@@ -21,10 +21,16 @@
0)
# Ask how the password files should be set up.
db_input low passwd/shadow || true
+ # Ask if root should be allowed to login.
+ db_input medium passwd/root-login || true
;;
1)
- # Prompt for a root password if there is none.
- if ! root_password; then
+ db_get passwd/root-login
+ if [ "$RET" = false ]; then
+ # root password will be locked
+ db_set passwd/root-password ""
+ db_set passwd/root-password-crypted "!"
+ elif ! root_password; then
# First check whether the root password was preseeded
crypted
db_get passwd/root-password-crypted || true
if ! test "$RET" ; then
@@ -41,8 +47,11 @@
fi
;;
2)
- # Verify and set a root password.
- if ! root_password; then
+ db_get passwd/root-login
+ if [ "$RET" = false ]; then
+ # root password will be locked
+ db_set passwd/root-password-again ""
+ elif ! root_password; then
# First check whether the root password was preseeded
crypted
db_get passwd/root-password-crypted || true
if ! test "$RET" ; then
@@ -74,7 +83,12 @@
3)
# Ask if a non-root user should be made, if there is not
# already one.
- if ! is_system_user; then
+ db_get passwd/root-login
+ if [ "$RET" = false ]; then
+ # always make non-root user; this user will be able
+ # to sudo to root
+ db_set passwd/make-user true
+ elif ! is_system_user; then
db_input medium passwd/make-user || true
fi
;;
signature.asc
Description: Digital signature
