Package: user-setup Severity: minor
I have been trying to preseed config files for a set of servers we have just bought. Since I do not want either the root password (even hashed) in the config file or any user-interaction on these (headless) machines, I would like to disable both the root password and not create a user. Access is enabled by late_command which installs an ssh public key to /root/.ssh/authorized_keys. The documentation (at http://www.debian.org/releases/stable/i386/apbs04.html.en) says: "The passwd/root-password-crypted and passwd/user-password-crypted variables can also be preseeded with ?!? as their value. In that case, the corresponding account is disabled. This may be convenient for the root account, provided of course that an alternative method is setup to allow administrative activities or root login (for instance by using SSH key authentication or sudo)" However, a preseed file containing: d-i passwd/make-user boolean false d-i passwd/root-password-crypted string ! or: d-i passwd/make-user boolean false d-i passwd/root-login boolean false still prompts for either the root password or creation of a user. This would appear to be deliberate because user-setup-ask contains: db_get passwd/root-login if [ "$RET" = false ]; then # always make non-root user; this user will be able # to sudo to root db_set passwd/make-user true and db_get passwd/root-password-crypted || true if ! test "$RET" || [ "x$RET" = "x!" ]; then # No preseed of the root password hash # we will prompt the user This, however, is not what the documentation claims or what would be useful in this case. I have currently solved the problem by using the following preseed: d-i passwd/make-user boolean false d-i passwd/root-password-crypted string !! but it would better if the actual implementation matched the documentation and if the situation I would like were supported. As an additional wishlist item; user-setup could do the preseeding of ssh public keys for users or root itself and therefore explicitly support this case. No patch yet; maybe if I have time. Matt -- System Information: Debian Release: 4.0 APT prefers stable APT policy: (500, 'stable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.18-4-k7 Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
