Hi,

This patch changes the instalation so that an initial user account
is created during the install which has the permission to use sudo.

Advantages:

- Users get educated from the beginning about safe
systemadministration.
- No remote ssh login to the rootaccount is required anymore.

Disadvantages:

- People will moan at the least.


I didn't test this patch so I might have missed something, but I
did read every line at least ten times so I hope I got it right in
one time.


Index: distrib/miniroot/install.sh
 ========================================
===========================
RCS file: /cvs/src/distrib/miniroot/install.sh,v
retrieving revision 1.150
diff -u -p -r1.150 install.sh
--- distrib/miniroot/install.sh	26 Mar 2005 01:40:21 -0000	1.150
+++ distrib/miniroot/install.sh	30 Mar 2005 06:13:38 -0000
@@ -337,13 +337,16 @@ __EOT
ask_yn "Configure the network?" yes
[[ $resp == y ]] && donetconfig

+ask_until "The initial useraccount?"
+_initial=$resp
+
_oifs=$IFS
IFS=
while :; do
-	askpass "Password for root account? (will not echo)"
+	askpass "Password for ${_initial}? (will not echo)"
_password=$resp

-	askpass "Password for root account? (again)"
+	askpass "Password for ${_initial}? (again)"
[[ $resp == $_password ]] && break

echo "Passwords do not match, try again."
@@ -398,9 +401,12 @@ for _f in fstab kbdtype my* *.conf *.tai
done )

_encr=`/mnt/usr/bin/encrypt -b 8 -- "$_password"`
-echo "1,s@^root::@root:${_encr}:@
-w
-q" | /mnt/bin/ed /mnt/etc/master.passwd 2> /dev/null
+echo "${_initial}:${_encr}:1000:10:default:0:0::/home/${_ini
tial}:/bin/ksh" >> /mnt/etc/master.passwd
+echo "${_initial}	ALL=(ALL)	ALL" >> /mnt/etc/sudoers
+
+cp -R /mnt/etc/skel /mnt/home/$_initial
+chown -R 1000:10 /mnt/home/$_initial
+
/mnt/usr/sbin/pwd_mkdb -p -d /mnt/etc /etc/master.passwd

echo -n "done.\nGenerating initial host.random file..."
Index: usr.bin/ssh/sshd_config
 ========================================
===========================
RCS file: /cvs/src/usr.bin/ssh/sshd_config,v
retrieving revision 1.70
diff -u -p -r1.70 sshd_config
--- usr.bin/ssh/sshd_config	23 Dec 2004 23:11:00 -0000	1.70
+++ usr.bin/ssh/sshd_config	30 Mar 2005 06:13:38 -0000
@@ -32,7 +32,7 @@
# Authentication:

#LoginGraceTime 2m
-#PermitRootLogin yes
+PermitRootLogin no
#StrictModes yes
#MaxAuthTries 6

Index: usr.bin/sudo/sudoers
 ========================================
===========================
RCS file: /cvs/src/usr.bin/sudo/sudoers,v
retrieving revision 1.5
diff -u -p -r1.5 sudoers
--- usr.bin/sudo/sudoers	28 Sep 2004 15:10:51 -0000	1.5
+++ usr.bin/sudo/sudoers	30 Mar 2005 06:13:39 -0000
@@ -27,3 +27,5 @@ root	ALL=(ALL) ALL
# Samples
# %users  ALL=/sbin/mount /cdrom,/sbin/umount /cdrom
# %users  localhost=/sbin/shutdown -h now
+
+# Initial user
Index: etc/master.passwd
 ========================================
===========================
RCS file: /cvs/src/etc/master.passwd,v
retrieving revision 1.46
diff -u -p -r1.46 master.passwd
--- etc/master.passwd	28 Mar 2005 06:55:11 -0000	1.46
+++ etc/master.passwd	30 Mar 2005 06:13:39 -0000
@@ -1,4 +1,4 @@
-root::0:0:daemon:0:0:Charlie &:/root:/bin/ksh
+root:*:0:0:daemon:0:0:Charlie &:/root:/bin/ksh
daemon:*:1:1::0:0:The devil himself:/root:/sbin/nologin
operator:*:2:5::0:0:System &:/operator:/sbin/nologin
bin:*:3:7::0:0:Binaries Commands and Source,,,:/:/sbin/nologin




# Han

[ Post a follow-up to this message ]

-#PermitRootLogin yes
+PermitRootLogin no


How many times do I have to say no to this diff?

No.

No, No, No.

[ Post a follow-up to this message ]

On Wed, 30 Mar 2005 08:50:07 +0200, Han Boetes <han@mijncomputer.nl> wrote:
> Advantages:
>  - No remote ssh login to the rootaccount is required anymore.

I've never understood why people think this is advantageous.

[ Post a follow-up to this message ]

Theo de Raadt wrote:
> -#PermitRootLogin yes
> +PermitRootLogin no
>
>
> How many times do I have to say no to this diff?

Han counts on his fingers...

> No.
>
> No, No, No.

Please? :-)



# Han

[ Post a follow-up to this message ]

Aaron Glenn wrote:
> Han Boetes <han@mijncomputer.nl> wrote: 
>
> I've never understood why people think this is advantageous.

And that while it's so obvious. :-)



# Han

[ Post a follow-up to this message ]

On Wed, Mar 30, 2005 at 08:50:07AM +0200, Han Boetes wrote:
| Hi,
|
| This patch changes the instalation so that an initial user account
| is created during the install which has the permission to use sudo.
|
| Advantages:
|
|  - Users get educated from the beginning about safe
|    systemadministration.
|  - No remote ssh login to the rootaccount is required anymore.
|
| Disadvantages:
|
|  - People will moan at the least.
|
|
| I didn't test this patch so I might have missed something, but I
| did read every line at least ten times so I hope I got it right in
| one time.

Simply /mnt/usr/sbin/chroot /mnt after install and do your thing. Don't
force me into creating users on my specialized systems.

Cheers,

Paul 'WEiRD' de Weerd

--
>++++++++[<++++++++++>-]<+++++++.>+++[<------>-]<.>+++[<+
+++++++++++>-]<.>++[<------------>-]<+.--------------.[-]
http://www.weirdnet.nl/

[ Post a follow-up to this message ]

On Wed, 30 Mar 2005, Han Boetes wrote:

> Hi,
>
> This patch changes the instalation so that an initial user account
> is created during the install which has the permission to use sudo.
>
> Advantages:
>
>  - Users get educated from the beginning about safe
>    systemadministration.
>  - No remote ssh login to the rootaccount is required anymore.
>
> Disadvantages:
>
>  - People will moan at the least.

More than that. Your diff is unusable in a YP environment. Almost none of
my machines have regular user accounts, and I'd hate to be forced to
create local user accounts.

-Otto

>
>
> I didn't test this patch so I might have missed something, but I
> did read every line at least ten times so I hope I got it right in
> one time.
>
>
> Index: distrib/miniroot/install.sh
>  ========================================
===========================
> RCS file: /cvs/src/distrib/miniroot/install.sh,v
> retrieving revision 1.150
> diff -u -p -r1.150 install.sh
> --- distrib/miniroot/install.sh	26 Mar 2005 01:40:21 -0000	1.150
> +++ distrib/miniroot/install.sh	30 Mar 2005 06:13:38 -0000
> @@ -337,13 +337,16 @@ __EOT
>  ask_yn "Configure the network?" yes
>  [[ $resp == y ]] && donetconfig
>
> +ask_until "The initial useraccount?"
> +_initial=$resp
> +
>  _oifs=$IFS
>  IFS=
>  while :; do
> -	askpass "Password for root account? (will not echo)"
> +	askpass "Password for ${_initial}? (will not echo)"
>  	_password=$resp
>
> -	askpass "Password for root account? (again)"
> +	askpass "Password for ${_initial}? (again)"
>  	[[ $resp == $_password ]] && break
>
>  	echo "Passwords do not match, try again."
> @@ -398,9 +401,12 @@ for _f in fstab kbdtype my* *.conf *.tai
>  done )
>
>  _encr=`/mnt/usr/bin/encrypt -b 8 -- "$_password"`
> -echo "1,s@^root::@root:${_encr}:@
> -w
> -q" | /mnt/bin/ed /mnt/etc/master.passwd 2> /dev/null
> +echo "${_initial}:${_encr}:1000:10:default:0:0::/home/${_i
nitial}:/bin/ksh" >> /mnt/etc/master.passwd
> +echo "${_initial}	ALL=(ALL)	ALL" >> /mnt/etc/sudoers
> +
> +cp -R /mnt/etc/skel /mnt/home/$_initial
> +chown -R 1000:10 /mnt/home/$_initial
> +
>  /mnt/usr/sbin/pwd_mkdb -p -d /mnt/etc /etc/master.passwd
>
>  echo -n "done.\nGenerating initial host.random file..."
> Index: usr.bin/ssh/sshd_config
>  ========================================
===========================
> RCS file: /cvs/src/usr.bin/ssh/sshd_config,v
> retrieving revision 1.70
> diff -u -p -r1.70 sshd_config
> --- usr.bin/ssh/sshd_config	23 Dec 2004 23:11:00 -0000	1.70
> +++ usr.bin/ssh/sshd_config	30 Mar 2005 06:13:38 -0000
> @@ -32,7 +32,7 @@
>  # Authentication:
>
>  #LoginGraceTime 2m
> -#PermitRootLogin yes
> +PermitRootLogin no
>  #StrictModes yes
>  #MaxAuthTries 6
>
> Index: usr.bin/sudo/sudoers
>  ========================================
===========================
> RCS file: /cvs/src/usr.bin/sudo/sudoers,v
> retrieving revision 1.5
> diff -u -p -r1.5 sudoers
> --- usr.bin/sudo/sudoers	28 Sep 2004 15:10:51 -0000	1.5
> +++ usr.bin/sudo/sudoers	30 Mar 2005 06:13:39 -0000
> @@ -27,3 +27,5 @@ root	ALL=(ALL) ALL
>  # Samples
>  # %users  ALL=/sbin/mount /cdrom,/sbin/umount /cdrom
>  # %users  localhost=/sbin/shutdown -h now
> +
> +# Initial user
> Index: etc/master.passwd
>  ========================================
===========================
> RCS file: /cvs/src/etc/master.passwd,v
> retrieving revision 1.46
> diff -u -p -r1.46 master.passwd
> --- etc/master.passwd	28 Mar 2005 06:55:11 -0000	1.46
> +++ etc/master.passwd	30 Mar 2005 06:13:39 -0000
> @@ -1,4 +1,4 @@
> -root::0:0:daemon:0:0:Charlie &:/root:/bin/ksh
> +root:*:0:0:daemon:0:0:Charlie &:/root:/bin/ksh
>  daemon:*:1:1::0:0:The devil himself:/root:/sbin/nologin
>  operator:*:2:5::0:0:System &:/operator:/sbin/nologin
>  bin:*:3:7::0:0:Binaries Commands and Source,,,:/:/sbin/nologin
>
>
>
>
> # Han

[ Post a follow-up to this message ]

Paul de Weerd wrote:
> Simply /mnt/usr/sbin/chroot /mnt after install and do your
> thing.

For me it's a piece of pie, I know what to change. And I'll do it
afterwards.

> Don't force me into creating users on my specialized
> systems.

The idea behind this patch is to improve the security for the
default install for new users. Advanced users can undo these
defaults in two minutes. But setting up and getting used to this
method of logging is can take month. And I have to explain it
again and again while lots of people don't even care, since they
asume the default is OK.



# Han

[ Post a follow-up to this message ]

Otto Moerbeek wrote:
> More than that. Your diff is unusable in a YP environment.
> Almost none of my machines have regular user accounts, and I'd
> hate to be forced to create local user accounts.

OK, you got a good point there.


I visuallize a compromize, something like:


ask_yesno "Setup a local user with permission to use sudo? (recommended) " "
y"

etc.. etc..



# Han

[ Post a follow-up to this message ]

On Wed, Mar 30, 2005 at 10:32:21AM +0200, Han Boetes wrote:
| Paul de Weerd wrote:
| > Simply /mnt/usr/sbin/chroot /mnt after install and do your
| > thing.
|
| For me it's a piece of pie, I know what to change. And I'll do it
| afterwards.

Then do your changes, proposed in your diff, afterwards. You can
prohibit root to log in via ssh afterwards. Quite easy. Less then the
two minutes you talk about.

| > Don't force me into creating users on my specialized
| > systems.
|
| The idea behind this patch is to improve the security for the
| default install for new users. Advanced users can undo these
| defaults in two minutes. But setting up and getting used to this
| method of logging is can take month. And I have to explain it
| again and again while lots of people don't even care, since they
| asume the default is OK.

The default *IS* OK.

Cheers,

Paul 'WEiRD' de Weerd

--
>++++++++[<++++++++++>-]<+++++++.>+++[<------>-]<.>+++[<+
+++++++++++>-]<.>++[<------------>-]<+.--------------.[-]
http://www.weirdnet.nl/

[ Post a follow-up to this message ]