Derp Ops -- The blog of Jesse Keating

A computer, bike, and climb nerd living in the Pacific Northwest. I do cloudy things with computers, currently at GitHub.

View on GitHub
11 October 2012

Root password in Fedora 18

by Jesse Keating

As part of the Anaconda UI redesign, we had hoped to offload root password setting to the installed host.  We had envisioned a scenario where the installer locked the root account and post-install software such as Firstboot or Gnome Initial Experience would take care of adding a user to the system and marking that user as a "super" user.  This would obviate the need for a root password, as the super user could use sudo to accomplish admin tasks.

That's how things looked prior to Fedora 18 Alpha, but in testing it became apparent that we couldn't always count on Firstboot or GIE to set things up right, or even be present. 

This was particularly true of text mode, where the only packages installed was the bare minimal set.  So first text mode grew a password spoke, and we made it mandatory.

Then I wrote a password spoke for GUI mode which lived in the main setup hub.  For Alpha this was an optional spoke and it defaulted to a locked root account.  Some thought was put into flipping the optional vs mandatory state based on install data, such as whether or not Firstboot was selected for install.  Part of being able to do that was moving the spoke from the main setup hub to the install (or configuration) hub.   If it lives in this hub we should have finalized data about what packages were selected for install.  However doubts arose as to whether "part of the payload" was enough data to ensure that Firstboot or GIE actually ran and we were worried we could still lead users into being locked out of their freshly installed system.

So, for Beta, I've just pushed a set of changes that will make the password spoke a mandatory spoke.  You must visit the spoke before you can complete the install.  You can still mark the root account as disabled, just by leaving the password fields blank, but you do so at your own risk.  This configuration is likely to remain for Fedora 18.

tags: