Project

General

Profile

Feature #16998

Bug #17136: Persistence preset: Greeter settings

Persistence feature: administration password

Added by sajolida 7 months ago. Updated 11 days ago.

Status:
In Progress
Priority:
Normal
Assignee:
-
Category:
Persistence
Target version:
-
Start date:
Due date:
% Done:

0%

Feature Branch:
Type of work:
Discuss
Blueprint:
Starter:
Affected tool:

Description

From the discussion on #15641, I felt the need to clarify whether having a persistence preset for the administration password is something we might want to do.

#15641 is about the screen locking password, which is the same as the administration password only when an administration password has been set. Otherwise, the screen locking password is chosen by the user on first use.

It's not clear to me whether we want a Persistence preset for the administration password as it means that either:

  • The user will have an administration password configured every time once they activated this feature. This goes against our advice of only setting up an administration password when needed as having an administration password set all the time might be a security risk.
  • The password is saved in the Persistence but the user still has to activate it in Tails Greeter every time they need it. This might not be worth the extra work.

Related issues

Related to Tails - Bug #15641: Persistence preset: screen locking password Rejected 06/08/2018

History

#1 Updated by sajolida 7 months ago

  • Category set to Persistence

#2 Updated by sajolida 7 months ago

  • Related to Bug #15641: Persistence preset: screen locking password added

#3 Updated by intrigeri 7 months ago

It's not clear to me whether we want a Persistence preset for the administration password

I can think of use cases where this would be useful but I don't think it's worth the cost of the code (implementation, maintenance) + the slight UX regression for the vast majority of our users, who won't use this new option.

#4 Updated by op_mb 7 months ago

// you can get rid of the user boot assigned password anytime after completing a sudo task:

sudo rm -i /etc/sudoers.d/tails-greeter

// it will delete the file, effectively as if you started without specifying it
// so if sudo is needed for installing something, just run the line after, and its all good

#5 Updated by op_mb 7 months ago

also,

leaving tails with screen lock is just asking for Over the Shoulder Attacks

#6 Updated by sajolida 5 months ago

  • Related to Bug #17136: Persistence preset: Greeter settings added

#7 Updated by sajolida 11 days ago

  • Status changed from New to In Progress
  • Priority changed from Low to Normal
  • Parent task set to #17136

From #17136#note-20 and follows up, we're fine with that.

It will be part of #17136, so I'm marking this ticket as a subtask.

Also available in: Atom PDF