Bug 297695

Summary: Installation Live CD: no need to ask for password of root
Product: [openSUSE] openSUSE 10.3 Reporter: Nikolay Derkach <nderkach>
Component: InstallationAssignee: Christoph Thiel <cthiel>
Status: RESOLVED FIXED QA Contact: Jiri Srain <jsrain>
Severity: Major    
Priority: P5 - None CC: coolo, francis
Version: Beta 3   
Target Milestone: ---   
Hardware: Other   
OS: Other   
Whiteboard: LiveCD
Found By: --- Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Nikolay Derkach 2007-08-06 09:59:19 UTC 
Asking a user for root password in live cd is rather confusing. At least when starting yast live install module this demand should likely go away.
Comment 1 Jiri Srain 2007-08-08 13:07:27 UTC 
I strongly disagree.

It is important that the installer asks for the root password and sets it accordingly. Otherwise, most of the users would keep the old one, which would result in using a public known password.
Comment 2 Nikolay Derkach 2007-08-08 13:29:40 UTC 
You just completely missunderstood me. I'm not talking that user shouldn't been asked for password during installation!

I was just considering disable of asking pasword "linux" _within_ live cd environment, for example in starting installation module.
Comment 3 Jiri Srain 2007-08-09 11:00:07 UTC 
This should be partly solved by /etc/sudoers - then user "linux" is able to run commands with root permission without knowing root password.

Anyway, this is issue of the live media creation...
Comment 4 Jan-Christoph Bornschlegel 2007-08-09 12:40:28 UTC 
Did I understand correctly that you'd like to have an empty root password?
This may be a valid approach for Live CDs, but how about USB devices then?
Jiri, what do you think?

There are several possible solutions:
- add a file/patch that includes sudoers
- make the root passwd empty
(- users can provide a template passwd/shadow file if desired under ./root/etc)
- make the root passwd configurable through config.xml (in the same manner than the default users')

I will add a method to use patches in the <configdir>/root/... files anyway -- WIP --, so patching passwd/shadow is one solution.
Comment 5 Stephan Binner 2007-09-14 08:58:05 UTC 
With the Beta3plus-Live-KDE-CD.iso a dialog shows up asking for the root password. Just clicking OK continues the installation but the user has no hint given that root has no password. Better find a solution which doesn't invoke the live-installer for "/sbin/yast2 live-installer" at all.
Comment 6 Francis Giannaros 2007-09-14 21:13:09 UTC 
As we've just been discussing in #opensuse-kiwi, since that module is started up (like all other GUI apps in KDE) through kdesu, it would be sufficient to edit /etc/sudoers to have something like:

Defaults targetpw
ALL ALL=(ALL) NOPASSWD: ALL

...and kdesu (or gksu) will never prompt for a root password. The only other problem is that when you explicitly type 'su' in a terminal it will. There are probably many hacky ways to get around this problem, but perhaps the best one is to have bashrc echo a message along the lines of "Welcome to the openSUSE terminal. The root password is root" or whatever.
Comment 7 Christoph Thiel 2007-09-18 13:49:29 UTC 
*** Bug 310756 has been marked as a duplicate of this bug. ***
Comment 8 Christoph Thiel 2007-09-19 21:40:05 UTC 
Fixed in SVN.