From Fedora Project Wiki

Problem statement

The root password setting dialog seems out-of-place in the Anaconda screenflow and isn't 100% necessary. Systems without a root password can be more secure against attacks. We would like to consider not setting a root password by default and instead setting the first user created in first boot to have sudo access.

Considerations

  • Some users prefer to not create any local users, set a root password, and set up NIS. See thread starting here: https://www.redhat.com/archives/anaconda-devel-list/2010-November/msg00191.html We must accommodate these users.
  • Should we state somewhere that the first account will have sudo privileges? Have checkbox to opt out of this permissions grant or not? (and if you don't grant it you're forced to set a root password? Maybe way too complex...)
  • Here is a proposed redesign of the user creation dialog that didn't happen from pre-F13: https://fedoraproject.org/w/uploads/9/9a/Sysconfig-auth-mockups-draft2-firstboot.svg
  • We might want to ask for additional details for users intending to use this as a desktop. E.g., email address, location, im accounts? Maybe overkill...
  • Need to talk to Jon McCAnn re: his first user ideas.

Mockups

Idea #1: First user can be root

This could be a bit more hidden, but... what if you type in 'root' as your username for the first user? Could we handle setting the root password with the same form? Is the Full Name field then a little weird & awkward? (Maybe grey it out if username=root?

First-user canberoot.png

Download Inkscape SVG Source


Idea #2: Root password creation opt-in

Opt-in to entering root password. Basically this adds a screen into the flow that has the space to explain why you don't want to do it. :)

First-user opt-in-root.png

Download Inkscape SVG Source