Delete the password for the live session on all flavors

Bug #1761644 reported by Simon Quigley on 2018-04-06
16
This bug affects 1 person
Affects Status Importance Assigned to Milestone
casper (Ubuntu)
High
Tim Lunn

Bug Description

A historical Ubuntu GNOME bug fix deleted the password for the live user. To get around auto-login bugs in gdm. These later carried over to Ubuntu when they switched back to GNOME.

Now seems like the other flavors want this behavior also. It avoids the password prompts when logging into a TTY for example.

My previous hack from a few years ago of injecting a systemd unit is no longer required, lets just delete the "blank" password when we add the live session user in casper.

[Test Case]
1. Login to a tty should not require you to press "enter" at the password: prompt (for blank password)
2. Under gnome-shell you should not be able to lock the screen with <super+L> or through the user menu

Simon Quigley (tsimonq2) wrote :

Here's a debdiff which fixes this.

Changed in casper (Ubuntu):
assignee: nobody → Simon Quigley (tsimonq2)
importance: Undecided → High
status: New → Confirmed
Steve Langasek (vorlon) wrote :

-if [ -d /root/etc/gdm3 ]; then
- sed -i '/^[UG]ID_MIN/s/\<1000$/ 999/' /root/etc/login.defs
+# Delete the password for the live user on volatile systems
+sed -i '/^[UG]ID_MIN/s/\<1000$/ 999/' /root/etc/login.defs

This is unrelated to the stated purpose of blanking the password; and should probably remain gdm-specific?

+#inject a systemd unit to update AccountsService properties during boot

Per Adam's comment, there's no obvious reason why this should be done via a systemd unit, vs simply calling 'chroot passwd -d' from the initramfs. Have you tried that?

Tim Lunn (darkxst) wrote :

- sed -i '/^[UG]ID_MIN/s/\<1000$/ 999/' /root/etc/login.defs
That ensures the gdm greeter will display the live user, it should remain gdm specific.

tags: added: patch
Tim Lunn (darkxst) wrote :

I have manually tested this editing initramfs and it seems to work.

[Test Case]
1. Login to a tty should not require you to press "enter" at the password: prompt (for blank password)
2. Under gnome-shell you should not be able to lock the screen with <super+L> or through the user menu

Simon Quigley (tsimonq2) on 2018-04-07
Changed in casper (Ubuntu):
assignee: Simon Quigley (tsimonq2) → Tim Lunn (darkxst)
Tim Lunn (darkxst) on 2018-04-07
description: updated
summary: - Delete the password for the live session on all flavors
+ [FFe] Delete the password for the live session on all flavors
description: updated
description: updated
Tim Lunn (darkxst) on 2018-04-07
summary: - [FFe] Delete the password for the live session on all flavors
+ [UIFe] Delete the password for the live session on all flavors
description: updated

I don't think this is anything that requires a UIFe.

Changed in casper (Ubuntu):
status: Confirmed → Triaged
Tim Lunn (darkxst) on 2018-04-08
summary: - [UIFe] Delete the password for the live session on all flavors
+ Delete the password for the live session on all flavors
description: updated
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package casper - 1.395

---------------
casper (1.395) cosmic; urgency=medium

  * scripts/casper-bottom/25adduser:
    Set empty live user password on all flavours, this was previously
    gdm specific. Also drop systemd unit hack as it wasnt actually
    needed (LP: #1761644)

 -- Tim Lunn <email address hidden> Sat, 07 Apr 2018 14:38:10 +1000

Changed in casper (Ubuntu):
status: Triaged → Fix Released
Rik Mills (rikmills) wrote :

This change results in not being able to log in to the live session again with sddm, should you log out or restart X.

sddm does not support passwordless login it seems:

https://github.com/sddm/sddm/issues/751

Rik Mills (rikmills) wrote :

Regression: Live session login via sddm (emtpy password) fails

https://bugs.launchpad.net/ubuntu/+source/casper/+bug/1788797

To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.