On 14 Jan 2015, at 12:34, Miloslav Trmač wrote:
I'd request all(those who are opposing) too describe their
requirements in the etherpad page above.
Being able to authenticate as root right after installation would be
the requirement for me.
Let’s be precise here; “able to authenticate as root” is an
implementation detail; the underlying requirement is something
else. “Able to set up IPA”? “Able to run administrative
commands in shell?” (e.g. we could just, as a part of firstboot,
open a root shell without any authentication
It seems that the boxes affected by this proposal are either
"product=server" or "product=nonproduct". For servers, immediately
after installing, I log in as root and run a set-up or configuration
script which, among other things, sets the box to a non-graphical
target and prevents firstboot from ever running. I'm not sure why
one would run firstboot on a server.
I also do something similar and prevent firstboot from running on
boxes set up as general desktops for office workers, etc., as I don't
want the first random user who logs into a box to be able to become
part of the wheel group and have access to sudo.
As far as I can see, firstboot is only useful on one's personal box.
--
Mike Pinkerton
--
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
