FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > CentOS > CentOS

 
 
LinkBack Thread Tools
 
Old 05-11-2010, 12:36 PM
Steffen Maier
 
Default Removing the number of installation screens (F-14)

On 05/11/2010 01:43 PM, Hans de Goede wrote:
> For F-14, I would like to see the number of
> installation screens reduced, thus making the installer more
> friendly for less experienced users.

> 2) There is no need to configure the root password during installation,
> move this to firstboot preferably to the user configuration screen.

As far as I understood firstboot for s390x, one needs to login as root
over the network to even start firstboot. So s390x needs a root password
before firstboot can be executed.

Steffen

Linux on System z Development

IBM Deutschland Research & Development GmbH
Vorsitzender des Aufsichtsrats: Martin Jetter
Geschftsfhrung: Dirk Wittkopp
Sitz der Gesellschaft: Bblingen
Registergericht: Amtsgericht Stuttgart, HRB 243294


_______________________________________________
Anaconda-devel-list mailing list
Anaconda-devel-list@redhat.com
https://www.redhat.com/mailman/listinfo/anaconda-devel-list
 
Old 05-11-2010, 01:53 PM
Ales Kozumplik
 
Default Removing the number of installation screens (F-14)

On 05/11/2010 01:43 PM, Hans de Goede wrote:


2) There is no need to configure the root password during installation,
move
this to firstboot preferably to the user configuration screen.



That screen is so annoying! It always says my password is weak.

But wouldn't what you suggest create a security problem? An evil guy
could try to ssh to your machine after sshd is up and before firstboot
sets the root password.


Ales

_______________________________________________
Anaconda-devel-list mailing list
Anaconda-devel-list@redhat.com
https://www.redhat.com/mailman/listinfo/anaconda-devel-list
 
Old 05-11-2010, 02:02 PM
Hans de Goede
 
Default Removing the number of installation screens (F-14)

Hi,

On 05/11/2010 03:53 PM, Ales Kozumplik wrote:

On 05/11/2010 01:43 PM, Hans de Goede wrote:


2) There is no need to configure the root password during installation,
move
this to firstboot preferably to the user configuration screen.



That screen is so annoying! It always says my password is weak.

But wouldn't what you suggest create a security problem? An evil guy
could try to ssh to your machine after sshd is up and before firstboot
sets the root password.



If the root password is empty ssh does not allow a root login.

Regards,

Hans

_______________________________________________
Anaconda-devel-list mailing list
Anaconda-devel-list@redhat.com
https://www.redhat.com/mailman/listinfo/anaconda-devel-list
 
Old 05-11-2010, 02:12 PM
David Cantrell
 
Default Removing the number of installation screens (F-14)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Tue, 11 May 2010, Hans de Goede wrote:


Hi,

For F-14, I would like to see the number of
installation screens reduced, thus making the installer more
friendly for less experienced users.

Some ideas:

1) Add an "advanced" cmdline option, and when this is not present:
* Do not ask for advanced storage use
* Do not ask what sort of installation (workstation / development machine /
server) to do, simply do a default install
* Maybe hide "review partitioning" and "custom layout" partitioning options

I know people don't like this, but since we target a rather wide audience
from beginning users to people who want to use SAN's, I really believe we
need to differentiate between the two, and as has been argued before adding
a UI to differentiate between the two will only lead to everyone simply
selecting advanced as they are afraid they will miss out on some choices, so
moving this to the cmdline where power users will be able to find it, seems
like a possible answer to me.


I think you are correct in that we need to differentiate between the types of
users. I am not a big fan of adding command line options to enable/disable
screens in the installer, so maybe we could do a variation on the command line
option.

We could configure what screens are shown or skipped in the installclass. Do
we still have 'expert' as a boot option? If so, we could key on that to
enable the screens we hide by default in the installclass. The fedora
installclass could skip the ones you mention and the rhel one could show them
by default.

Of course, this would probably require some work on the installclass design.


2) There is no need to configure the root password during installation, move
this to firstboot preferably to the user configuration screen.


I am not opposed to moving this screen to firstboot, but I think this is more
of a policy decision for Fedora rather than a technical decision. In which
case, I guess we should ask FESCo.

- --
David Cantrell <dcantrell@redhat.com>

Red Hat / Honolulu, HI

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.14 (GNU/Linux)

iEYEARECAAYFAkvpZdEACgkQ5hsjjIy1VknfxACfSeB3HuBjoB 6xEKATGI2nnRD6
ZH4AoLnnpHXsZs/6FsqPO+Ko4xPCQpMz
=JIKX
-----END PGP SIGNATURE-----

_______________________________________________
Anaconda-devel-list mailing list
Anaconda-devel-list@redhat.com
https://www.redhat.com/mailman/listinfo/anaconda-devel-list
 
Old 05-11-2010, 02:12 PM
Ales Kozumplik
 
Default Removing the number of installation screens (F-14)

On 05/11/2010 04:02 PM, Hans de Goede wrote:

Hi,

On 05/11/2010 03:53 PM, Ales Kozumplik wrote:

On 05/11/2010 01:43 PM, Hans de Goede wrote:


2) There is no need to configure the root password during installation,
move
this to firstboot preferably to the user configuration screen.



That screen is so annoying! It always says my password is weak.

But wouldn't what you suggest create a security problem? An evil guy
could try to ssh to your machine after sshd is up and before firstboot
sets the root password.



If the root password is empty ssh does not allow a root login.

Regards,

Hans



Isn't it enabled by default:
man sshd_config

PermitRootLogin
Specifies whether root can log in using ssh(1). The
argument must be “yes”, “without-password”, “forced-commands-only”, or
“no”. The default is

“yes”.

Ales

_______________________________________________
Anaconda-devel-list mailing list
Anaconda-devel-list@redhat.com
https://www.redhat.com/mailman/listinfo/anaconda-devel-list
 
Old 05-11-2010, 02:28 PM
Hans de Goede
 
Default Removing the number of installation screens (F-14)

Hi,

On 05/11/2010 04:12 PM, Ales Kozumplik wrote:

On 05/11/2010 04:02 PM, Hans de Goede wrote:

Hi,

On 05/11/2010 03:53 PM, Ales Kozumplik wrote:

On 05/11/2010 01:43 PM, Hans de Goede wrote:


2) There is no need to configure the root password during installation,
move
this to firstboot preferably to the user configuration screen.



That screen is so annoying! It always says my password is weak.

But wouldn't what you suggest create a security problem? An evil guy
could try to ssh to your machine after sshd is up and before firstboot
sets the root password.



If the root password is empty ssh does not allow a root login.

Regards,

Hans



Isn't it enabled by default:
man sshd_config

PermitRootLogin
Specifies whether root can log in using ssh(1). The argument must be
“yes”, “without-password”, “forced-commands-only”, or “no”. The default is
“yes”.



Read again, the default is yes, iow the default is to not allow empty. The meaning
of this setting is:
no -> never
yes -> allow if a password is set
without-password -> allow even if the password is empty

So the default is to disallow logins with an empty password. Note we could also
make really sure and write a disabled password (iow a "*" in /etc/shadow). But
that becomes sort of nasty when someone does a textmode install and forgets
to set the root password in firstboot (textmode firstboot does not mandate on
to go through all the steps).

Regards,

Hans

_______________________________________________
Anaconda-devel-list mailing list
Anaconda-devel-list@redhat.com
https://www.redhat.com/mailman/listinfo/anaconda-devel-list
 
Old 05-11-2010, 03:06 PM
Bill Nottingham
 
Default Removing the number of installation screens (F-14)

Hans de Goede (hdegoede@redhat.com) said:
> Some ideas:
>
> 1) Add an "advanced" cmdline option, and when this is not present:

We had 'expert' in the past. Everyone passed it, because, well, we're all
experts, aren't we? People would pass it just becuase they figured that
there might be something useful there, long after it was an option that
did anything.

> * Do not ask what sort of installation (workstation / development machine /
> server) to do, simply do a default install

The command line is the wrong place to do this; the right place to do
this is in the install class, probably. Especially if we want to move to
a more generic installer that can install an arbitrarly composed product.

Bill

_______________________________________________
Anaconda-devel-list mailing list
Anaconda-devel-list@redhat.com
https://www.redhat.com/mailman/listinfo/anaconda-devel-list
 
Old 05-11-2010, 03:06 PM
Bill Nottingham
 
Default Removing the number of installation screens (F-14)

Hans de Goede (hdegoede@redhat.com) said:
> So the default is to disallow logins with an empty password. Note we could also
> make really sure and write a disabled password (iow a "*" in /etc/shadow). But
> that becomes sort of nasty when someone does a textmode install and forgets
> to set the root password in firstboot (textmode firstboot does not mandate on
> to go through all the steps).

text-mode firstboot doesn't even *have* a user creation/modification step.

Bill

_______________________________________________
Anaconda-devel-list mailing list
Anaconda-devel-list@redhat.com
https://www.redhat.com/mailman/listinfo/anaconda-devel-list
 
Old 05-11-2010, 03:52 PM
James Laska
 
Default Removing the number of installation screens (F-14)

On Tue, 2010-05-11 at 13:43 +0200, Hans de Goede wrote:
> Hi,
>
> For F-14, I would like to see the number of
> installation screens reduced, thus making the installer more
> friendly for less experienced users.

Continuing this idea, please remove the telnet option. Specifically, I
mean support for telneting into loader to drive the installation. I'm
not referring to s390x support for telneting into init to start loader.
I *think* those are different use cases.

Thanks,
James
_______________________________________________
Anaconda-devel-list mailing list
Anaconda-devel-list@redhat.com
https://www.redhat.com/mailman/listinfo/anaconda-devel-list
 
Old 05-11-2010, 06:16 PM
David Cantrell
 
Default Removing the number of installation screens (F-14)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Tue, 11 May 2010, Bill Nottingham wrote:


Hans de Goede (hdegoede@redhat.com) said:

Some ideas:

1) Add an "advanced" cmdline option, and when this is not present:


We had 'expert' in the past. Everyone passed it, because, well, we're all
experts, aren't we? People would pass it just becuase they figured that
there might be something useful there, long after it was an option that
did anything.


That's true, and I remember hating seeing that on every single QA bug report
that would come in. "You guys realize it's a no-op now, right?"

Just to continue the ideas though, I do think Hans has a point of dealing with
Fedora and RHEL as different products and the installation screens could
probably be different. Would be nice if we could figure out if we should
display the advanced storage screens or not.


* Do not ask what sort of installation (workstation / development machine /
server) to do, simply do a default install


The command line is the wrong place to do this; the right place to do
this is in the install class, probably. Especially if we want to move to
a more generic installer that can install an arbitrarly composed product.


With some more work to the installclass.

- --
David Cantrell <dcantrell@redhat.com>

Red Hat / Honolulu, HI

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.14 (GNU/Linux)

iEYEARECAAYFAkvpnwMACgkQ5hsjjIy1VkklPgCfUb2VqVldaO eHIPl7IHHv37lt
pesAn061EhVqCX4zSxxDDf7w3BqOy3D6
=43Hj
-----END PGP SIGNATURE-----

_______________________________________________
Anaconda-devel-list mailing list
Anaconda-devel-list@redhat.com
https://www.redhat.com/mailman/listinfo/anaconda-devel-list
 

Thread Tools




All times are GMT. The time now is 06:51 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org