intrigeri:
> sajolida wrote (20 Mar 2012 12:20:53 GMT) :
>> How about a combination of both:
>
>> « Enter an administration password in case you need to perform
>> administration tasks. Otherwise it will be disabled for better security. »
>
> I like it. Done in Git.
>
>> I'm also worried about allowing a way to understand what's happening
>> once you booted, and before digging in the documentation. Especially
>> since that's a change from previous versions. I guess we could customize
>> /etc/sudoers for that.
>
>> We could replace the traditional first-time lecture when no root
>> password is set. That could be done with the 'lecture' and
>> 'lecture_file' options, see man sudoers. It could say something like:
>
>> « By default, the administration password is disabled for better
>> security. If you need to perform administration tasks you need to set up
>> an administration password at boot time. See the corresponding
>> documentation. »
>
> Agreed, would be nice. If you care enough about it, please create
> a todo/* ticket and/or provide a patch. I'm unlikely to work on this
> in time for 0.11.
Cool. Could something like this do the trick? There's one patch for
Tails greeter and another for the feature/tails-greeter branch. I didn't
test it though, and wanted your opinion first.
--
sajolida
From 3ec5a7e9b47086036be6a1e2365c40a531b4e4a6 Mon Sep 17 00:00:00 2001
From: Tails developers <amnesia@???>
Date: Tue, 20 Mar 2012 18:00:04 +0100
Subject: [PATCH] Add custom sudo lecture.
---
.../etc/sudoers.d/custom-lecture | 3 +++
.../usr/share/amnesia/custom-lecture.txt | 8 ++++++++
2 files changed, 11 insertions(+), 0 deletions(-)
create mode 100644 config/chroot_local-includes/etc/sudoers.d/custom-lecture
create mode 100644 config/chroot_local-includes/usr/share/amnesia/custom-lecture.txt
diff --git a/config/chroot_local-includes/etc/sudoers.d/custom-lecture b/config/chroot_local-includes/etc/sudoers.d/custom-lecture
new file mode 100644
index 0000000..4d06b8f
--- /dev/null
+++ b/config/chroot_local-includes/etc/sudoers.d/custom-lecture
@@ -0,0 +1,3 @@
+Defaults:amnesia lecture=always
+Defaults:amnesia lecture_file=/usr/share/amnesia/custom-lecture.txt
+Defaults:amnesia badpass_message="The administration password is disabled by default."
diff --git a/config/chroot_local-includes/usr/share/amnesia/custom-lecture.txt b/config/chroot_local-includes/usr/share/amnesia/custom-lecture.txt
new file mode 100644
index 0000000..dd6301d
--- /dev/null
+++ b/config/chroot_local-includes/usr/share/amnesia/custom-lecture.txt
@@ -0,0 +1,8 @@
+By default, the administration password is disabled for better security.
+
+In order to perform administration tasks, you need to setup an administration
+password when starting Tails.
+
+See the corresponding documentation:
+https://tails.boum.org/doc/first_steps/administration_password/.
+
--
1.7.9.1
From c051fd91cd755d6d45a9e5855af906b900372daf Mon Sep 17 00:00:00 2001
From: sajolida <sajolida@???>
Date: Tue, 20 Mar 2012 18:09:39 +0100
Subject: [PATCH] Remove the custom sudo lecture when a password is set.
---
PostLogin.default | 4 +++-
1 files changed, 3 insertions(+), 1 deletions(-)
diff --git a/PostLogin.default b/PostLogin.default
index 8e21ac0..82ba524 100755
--- a/PostLogin.default
+++ b/PostLogin.default
@@ -18,6 +18,7 @@ export PATH="/usr/sbin:${PATH}"
LIVE_PASSWORD=live
POLKIT=/etc/polkit-1/localauthority.conf.d/52-tails-greeter.conf
SUDOERS=/etc/sudoers.d/tails-greeter
+CUSTOM_LECTURE=/etc/sudoers.d/custom-lecture
KBDSET=/etc/default/keyboard
CONSET=/etc/default/console-setup
LOCALE_CFG=/etc/default/locale
@@ -111,7 +112,8 @@ rm --interactive=never -f /var/lib/gdm3/tails.password
# Check if password is actually set
if [ -z "${TAILS_USER_PASSWORD}" ] ; then
- rm -f "${POLKIT}" "${SUDOERS}"
+ rm -f "${POLKIT}" "${SUDOERS}" "${CUSTOM_LECTURE}"
+
deluser "${LIVE_USERNAME}" sudo
log_n_exit "Password variable not found."
fi
--
1.7.9.1
