On 8/20/07, <b class="gmail_sendername">Jeremy Katz</b> &lt;<a href="mailto:katzj@redhat.com">katzj@redhat.com</a>&gt; wrote:<div><span class="gmail_quote"></span><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
On Sat, 2007-08-18 at 12:14 -0400, Ray Strode wrote:<br>&gt; &gt; I would prefer to just disable the root login in gdm.<br>&gt; It makes sense to do outside of the desktop livecd spin, too.&nbsp;&nbsp;Root<br>&gt; login has never really worked right.&nbsp;&nbsp;For instance, you can&#39;t lock your
<br>&gt; screen.<br>&gt;<br>&gt; Anyway, building a gdm package into koji now to disable it.<br><br>So if we&#39;re going to do this, we also should think a bit about the path<br>how users get created to ensure that people don&#39;t end up in a situation
<br>where they&#39;ve installed and only have a root account but end up at gdm.<br><br>1) No user got created in firstboot.&nbsp;&nbsp;We tell you that you should and we<br>say &quot;are you sure you want to&quot; if you don&#39;t, but it&#39;s still quite easy
<br>not to<br>2) User gets text-mode firstboot (which doesn&#39;t ask you to create a<br>user).&nbsp;&nbsp;This should only happen if a) you boot into runlevel 3 because<br>of your install b) text mode installs might still imply text mode
<br>firstboot c) any other cases?<br>3) firstboot crashed.&nbsp;&nbsp;Simple answer, firstboot shouldn&#39;t crash :-)&nbsp;&nbsp;But<br>maybe not that simple.<br>4) You set up network logins, but your network isn&#39;t working/you&#39;re<br>
using NetworkManager.&nbsp;&nbsp;Also maybe a &quot;don&#39;t do this&quot; type of thing.<br><br>The first two are the ones that worry me the most.&nbsp;&nbsp;And I guess the<br>third, too.&nbsp;&nbsp;We could be more certain that a user went through and was
<br>presented the &quot;create a user&quot; bit if we moved the user creation (back)<br>into anaconda.<br><br>That doesn&#39;t fix the &quot;I chose not to create a user&quot; case, though.&nbsp;&nbsp;So<br>the bigger thing is how do we make it mandatory while still having
<br>things moderately reasonable for the users who choose to set up some<br>form of network login[1].&nbsp;&nbsp;Maybe we just punt and say if you&#39;re doing<br>network login only, you&#39;re probably using kickstart?&nbsp;&nbsp;And I guess
<br>there&#39;s nothing which says you can&#39;t delete the user after you set up<br>your network login stuff.</blockquote><div><br>What if instead of disabling the root account in gdm, we change root&#39;s default session.&nbsp; Rather than a feature complete gnome-session, we actually run a fullscreen interface much like firstboot that gives access to common administrator functionality,&nbsp; Setup Network, Add Users, Display config, etc etc.&nbsp; Maybe give access to a terminal as well.
<br><br>Hopefully, this would discourage normal users from just using root, but will give a fall back gui to do super user tasks.<br><br>Jon<br></div></div>