Possible alternative behaviours for user creation at install time (was Re: anaconda / initial-setup / gnome-initial-setup: can we do this better?)

Tue May 21 21:22:48 UTC 2013

On Tue, 2013-05-21 at 14:09 -0700, Adam Williamson wrote:
> On Tue, 2013-05-21 at 16:56 -0400, Simo Sorce wrote:
> 
> > > The other 'mandate user creation' option would be simply to do it in
> > > (interactive) anaconda, and tell people who want to do installs without
> > > a user account to use a kickstart or lump it. This has the advantage of
> > > being one of the simplest possible approaches: all we'd have to do is
> > > make user creation mandatory in anaconda and we could ditch
> > > initial-setup and the pre-GDM bit of gnome-initial-setup. The
> > > disadvantage of this approach, obviously, is it makes it harder for
> > > those who have some kind of valid reason for doing an install with no
> > > user account. Frankly, I quite like this option, the advantage of
> > > simplicity is attractive. But I think it might be harder to get people
> > > behind, cos people sure do love their choice!
> > 
> > I have a FreeIPA server at home, I have no reason to create a user
> > account. Why should you force me ?
> 
> The reason for forcing you would be that it was considered a greater
> benefit to keep the install/first boot code paths simple than to make it
> relatively easy to do installs with no user accounts. Remember, in this
> mail, I was considering and presenting the pros and cons of all the
> possible approaches. Please don't skim read and assume I'm advocating
> one specific option. I did not in fact say I wanted to go ahead with
> this option.

It was a generic 'you', I was not accusing you personally :)

> > > The other possible alternative behaviour, of course, is to go precisely
> > > the other way, and not try and force the user into doing anything at
> > > all. Again in this case it would make sense to ditch the 'firstboot'
> > > stage. We'd simply leave anaconda alone, and kill initial-setup (and the
> > > pre-GDM bit of gnome-initial-setup). This is again a nice and simple
> > > approach. Its disadvantage is that it makes it nice and simple for a
> > > 'regular' user to shoot herself in the foot. Experienced users can be
> > > assumed to know the consequences of not creating a user account, sure.
> > > But for the newbie who didn't do it and then pitched up at a GDM prompt
> > > with no users, things would kind of suck. I am not a fan of this option.
> > 
> > What's wrong with giving an option in anaconda and letting the user skip
> > it ?
> 
> Nothing much, and if you actually read both my mails fully, that is
> precisely the path I proposed.

Yeah I got that, I was just asking why we consider mandating something
when the current behavior seem, to work just fine.

> > > It's very likely that the behaviour will differ somewhat between GNOME
> > > and all the other desktops for F19. This kind of inconsistency could be
> > > viewed as a bit of a pity, but I don't think it's a huge practical
> > > problem, and it may be that we can't get GNOME and the distro as a whole
> > > to agree on whether user creation should be mandatory.
> > 
> > It's unclear to me why Gnome should mandate user creation at all, since
> > when Gnome is the OS Identity Management system/enforcer ?
> 
> Desktops and spins are considered to own their own destiny to at least
> some extent. Effectively what is happening here is that the GNOME
> desktop/spin believes that a user account should be mandatory to use
> their desktop, and so they are enforcing the creation of one.

Well if you allow me this is a non-sequitur. Of course you need a user
account to login into a desktop environment, that doesn't mean you need
to force people to create a user account at install time. Some people
actually know what they are doing when they skip its creation.

> If people think this is terrible and want to make a fuss about it, there
> are various avenues for doing so. Personally it doesn't bother me
> overmuch.
> 
> Both g-i-s and anaconda/i-s appear to offer at least some mechanism for
> configuring remote user accounts. I don't know in detail what
> technologies they support; the g-i-s one looks like it supports at least
> AD, I don't know what else. The anaconda/i-s "Use network login..."
> button appears to do nothing in F19 Beta RC2. I'll file a bug on that.

It used to 'support' ldap and krb5 for auth and even a freeipa option,
but didn't really work in F18.

If someone wants to make user creation mandatory I think they should
first provide a working method to select external account providers in
anaconda. If that can't be done they should leave account creation
optional. Although it being a default and requiring an explicit and
noisy opt-out is fine by me.

Simo.

-- 
Simo Sorce * Red Hat, Inc * New York