Hi Andreas, Andreas Henriksson <andr...@fatal.se> writes:
> On Thu, Nov 15, 2018 at 05:47:03PM +0800, Benda Xu wrote: > [...] >> I think it a common Debian practice to set root passwords. Disabling >> root login and put everything on `sudo` feels very Ubuntu. > > The debian-installer supports both things out of the box equally. > (Although very few people seem to pay any attention to the root > password prompt and thus it's quite common people don't know this.) > Ubuntu only does locked-root-account, and I think there are well > established reasons to do so and wish it would be more obvious to > Debian users how d-i works. I don't really see the point in comparing > to others though. Debian should do what's best for Debian. > >> Therefore I think you are right saying "it was 'closed' by moving to >> util-linux sulogin". > [...] > > I'm personally absolutely not an advocate of passwordless root shells, > but in my view for sysvinit it's very important to not break legacy > setups. Specially when most users will not realize until they're > doing disaster recovery and will get a not obvious situation that's > just a dead end for them. > > If you think breaking this decades worth of how it has worked is ok, > then I guess that's up to you. > I personally mostly want to avoid being blamed for having broken it > myself, through the move to util-linux sulogin. I've offered my > assistance in getting it fixed, but if you opt out then I'm ok > with your decision. > OTOH this absolutely doesn't make sysvinit secure to use in a kiosk > setup, so I don't see anything won by breaking the old setup. Thank you for your patience and nice explanation. I do not think we should impose surprises to the long-term Debian users. Therefore, I reserve my view and don't object to adding `--force` to `sulogin`. I will chop that option off my setup locally instead. Cheers, Benda
