Persistence feature: administration password
From the discussion on #15641, I felt the need to clarify whether having a persistence preset for the administration password is something we might want to do.
#15641 is about the screen locking password, which is the same as the administration password only when an administration password has been set. Otherwise, the screen locking password is chosen by the user on first use.
It's not clear to me whether we want a Persistence preset for the administration password as it means that either:
- The user will have an administration password configured every time once they activated this feature. This goes against our advice of only setting up an administration password when needed as having an administration password set all the time might be a security risk.
- The password is saved in the Persistence but the user still has to activate it in Tails Greeter every time they need it. This might not be worth the extra work.
It's not clear to me whether we want a Persistence preset for the administration password
I can think of use cases where this would be useful but I don't think it's worth the cost of the code (implementation, maintenance) + the slight UX regression for the vast majority of our users, who won't use this new option.
// you can get rid of the user boot assigned password anytime after completing a sudo task:
sudo rm -i /etc/sudoers.d/tails-greeter
// it will delete the file, effectively as if you started without specifying it
// so if sudo is needed for installing something, just run the line after, and its all good