← Back to team overview

ubuntu-phone team mailing list archive

  1. ubuntu-phone team
  2. Mailing list archive
  3. Message #08873

Re: User password heads up, RFC

  Thread PreviousDate PreviousThread Next 
On Fri, Jul 4, 2014 at 8:44 AM, Alan Pope <alan.pope@xxxxxxxxxxxxx> wrote:

> How will a user of the Terminal app, directly on the device (i.e. not
> over adb/ssh/phablet-shell) use sudo?


If the user has a password, they can use sudo just fine.  If they don't
have a password, Ubuntu denies access to sudo from any pts/ tty.  Which
includes terminals in X and Mir.  I'm talking with security about whether
Touch can/should be treated differently.

But I'm not sure that users that have swipe-to-unlock really want to enable
sudo anyway.  Seems risky.  Though I guess swipe-to-unlock is risky in
plenty of ways.  :)


On Fri, Jul 4, 2014 at 9:19 AM, Sergio Schvezov <
sergio.schvezov@xxxxxxxxxxxxx> wrote:

> You safest bet to making sure nothing breaks is to have Andy run a full ci
> test from the silo (with the updated tools).
>
> There's a lot of sudo going on there; from root, but I'm not sure if they
> have something that goes the other way around.


Yes, I've had a quick glance at some CI tools and they seem to all be
reducing privileges, not gaining them.

That said, I'm told "adb shell" will soon provide a "phablet" user shell
instead of a root shell.  So I may need to change phablet-tools to add a
sudoers.d file for the phablet user when flashing with --developer-mode so
that CI tools can gain privileges right out of the gate.


On Fri, Jul 4, 2014 at 11:43 PM, Felipe De La Puente <fdelapuente@xxxxxxxxx>
 wrote:

> Why does the phablet use a different user password strategy compared to
> the desktop?
>
> I expected something like the oem installation of the desktop where the
> final user can customize basic user settings on the first startup.
>
We do have some basic first-run customization steps in Touch that let you
pick the language and connect to Wi-Fi.  But they do not include setting a
password.  The default security is swipe to unlock without a password, and
that's by design.

I'm not sure exactly what you mean by a different user password strategy,
but if you mean that Touch doesn't use PAM yet, that's just a convergence
gap that we are trying to close.  Touch really hasn't had a user password
strategy at all up to now.

-mt

References

  Thread PreviousDate PreviousThread Next