calamares/src/modules/users/users.conf

# Configuration for the one-user-system user module.
#
# Besides these settings, the user module also places the following
# keys into the globalconfig area, based on user input in the view step.
#
# - hostname
# - username
# - password (obscured)
# - autologinUser (if enabled, set to username)
#
# These globalconfig keys are set when the jobs for this module
# are created.
---
# Used as default groups for the created user.
# Adjust to your Distribution defaults.
defaultGroups:
    - users
    - lp
    - video
    - network
    - storage
    - wheel
    - audio

# Some Distributions require a 'autologin' group for the user.
# Autologin causes a user to become automatically logged in to
# the desktop environment on boot.
# Disable when your Distribution does not require such a group.
autologinGroup:  autologin
# You can control the initial state for the 'autologin checkbox' here.
# Possible values are: 
#  - true to check or 
#  - false to uncheck
# These set the **initial** state of the checkbox.
doAutologin:     true

# When *sudoersGroup* is set to a non-empty string, Calamares creates a 
# sudoers file for the user. This file is located at:
#     `/etc/sudoers.d/10-installer`
# Remember to add the (value of) *sudoersGroup* to *defaultGroups*.
#
# If your Distribution already sets up a group of sudoers in its packaging,
# remove this setting (delete or comment out the line below). Otherwise,
# the setting will be duplicated in the `/etc/sudoers.d/10-installer` file,
# potentially confusing users.
sudoersGroup:    wheel

# Setting this to false , causes the root account to be disabled.
setRootPassword: true
# You can control the initial state for the 'reuse password for root'
# checkbox here. Possible values are: 
#  - true to check or 
#  - false to uncheck
#
# When checked, the user password is used for the root account too.
#
# NOTE: *doReusePassword* requires *setRootPassword* to be enabled.
doReusePassword: true

# These are optional password-requirements that a distro can enforce
# on the user. The values given in this sample file disable each check,
# as if the check was not listed at all.
#
# Checks may be listed multiple times; each is checked separately,
# and no effort is done to ensure that the checks are consistent
# (e.g. specifying a maximum length less than the minimum length
# will annoy users).
#
# The libpwquality check relies on the (optional) libpwquality library.
# Its value is a list of configuration statements that could also
# be found in pwquality.conf, and these are handed off to the
# libpwquality parser for evaluation. The check is ignored if
# libpwquality is not available at build time (generates a warning in
# the log). The Calamares password check rejects passwords with a
# score of < 40 with the given libpwquality settings.
#
# (additional checks may be implemented in CheckPWQuality.cpp and
# wired into UsersPage.cpp)
#
#  - To disable specific password validations:
#    comment out the relevant 'passwordRequirements' keys below.
#  - To disable all password validations:
#    set both 'allowWeakPasswords' and 'allowWeakPasswordsDefault' to true.
#    (That will show the box *Allow weak passwords* in the user-
#    interface, and check it by default).
passwordRequirements:
    minLength: -1  # Password at least this many characters
    maxLength: -1  # Password at most this many characters
    libpwquality:
        - minlen=0
        - minclass=0
        
# You can control the visibility of the 'strong passwords' checkbox here.
# Possible values are: 
#  - true to show or 
#  - false to hide  (default)
# the checkbox. This checkbox allows the user to choose to disable
# password-strength-checks. By default the box is **hidden**, so
# that you have to pick a password that satisfies the checks.
allowWeakPasswords: false
# You can control the initial state for the 'strong passwords' checkbox here.
# Possible values are: 
#  - true to uncheck or 
#  - false to check (default)
# the checkbox by default. Since the box is labeled to enforce strong
# passwords, in order to **allow** weak ones by default, the box needs
# to be unchecked.
allowWeakPasswordsDefault: false

# Shell to be used for the regular user of the target system.
# There are three possible kinds of settings:
#  - unset (i.e. commented out, the default), act as if set to /bin/bash
#  - empty (explicit), don't pass shell information to useradd at all
#    and rely on a correct configuration file in /etc/default/useradd
#  - set, non-empty, use that path as shell. No validation is done
#    that the shell actually exists or is executable.
# userShell: /bin/bash
Modules: docs for users.conf 2017-08-09 16:59:14 +02:00			`# Configuration for the one-user-system user module.`
			`#`
			`# Besides these settings, the user module also places the following`
			`# keys into the globalconfig area, based on user input in the view step.`
			`#`
			`# - hostname`
			`# - username`
			`# - password (obscured)`
			`# - autologinUser (if enabled, set to username)`
			`#`
			`# These globalconfig keys are set when the jobs for this module`
			`# are created.`
New config file for users module. 2014-10-08 15:02:27 +02:00			`---`
modules/users: warn when fallback groups is used - Warn here since it may not be what the Distributor want. Having wrong groups may result in broken permissions for created user. - explain what defaultGroups is for in users.conf 2017-10-30 20:44:51 +01:00			`# Used as default groups for the created user.`
			`# Adjust to your Distribution defaults.`
New config file for users module. 2014-10-08 15:02:27 +02:00			`defaultGroups:`
don't set default "users" group on home dirs Fixes CAL-345. Changing group of home dir to the default "users" group might be a security risk because every user which belongs to the default "users" group might be able to access private data on home dirs of other users. 2015-11-17 21:55:50 +01:00			`- users`
New config file for users module. 2014-10-08 15:02:27 +02:00			`- lp`
			`- video`
			`- network`
			`- storage`
			`- wheel`
			`- audio`
modules/users: warn when fallback groups is used - Warn here since it may not be what the Distributor want. Having wrong groups may result in broken permissions for created user. - explain what defaultGroups is for in users.conf 2017-10-30 20:44:51 +01:00
users.conf: document some things 2017-10-30 23:20:43 +01:00			`# Some Distributions require a 'autologin' group for the user.`
			`# Autologin causes a user to become automatically logged in to`
			`# the desktop environment on boot.`
			`# Disable when your Distribution does not require such a group.`
Add setRootPassword option to the Users module. If set to true, the user must set a root password. Otherwise, the user won't be asked and a root password will not be set. 2015-06-11 04:02:06 +02:00			`autologinGroup: autologin`
[users] Polish the documentation for the various checkboxes 2019-10-22 15:32:42 +02:00			`# You can control the initial state for the 'autologin checkbox' here.`
			`# Possible values are:`
			`# - true to check or`
			`# - false to uncheck`
			`# These set the initial state of the checkbox.`
Update defaults. 2015-08-19 12:51:40 +02:00			`doAutologin: true`
Document /etc/sudoers.d/10-installer 2017-02-02 18:20:12 +01:00
[users] Polish the documentation for the various checkboxes 2019-10-22 15:32:42 +02:00			`# When sudoersGroup is set to a non-empty string, Calamares creates a`
			`# sudoers file for the user. This file is located at:`
			# `/etc/sudoers.d/10-installer`
			`# Remember to add the (value of) sudoersGroup to defaultGroups.`
users.conf: made requested changes 2017-10-31 13:09:34 +01:00			`#`
			`# If your Distribution already sets up a group of sudoers in its packaging,`
			`# remove this setting (delete or comment out the line below). Otherwise,`
[users] Polish the documentation for the various checkboxes 2019-10-22 15:32:42 +02:00			# the setting will be duplicated in the `/etc/sudoers.d/10-installer` file,
users.conf: made requested changes 2017-10-31 13:09:34 +01:00			`# potentially confusing users.`
Add setRootPassword option to the Users module. If set to true, the user must set a root password. Otherwise, the user won't be asked and a root password will not be set. 2015-06-11 04:02:06 +02:00			`sudoersGroup: wheel`
Document /etc/sudoers.d/10-installer 2017-02-02 18:20:12 +01:00
users.conf: document some things 2017-10-30 23:20:43 +01:00			`# Setting this to false , causes the root account to be disabled.`
Add setRootPassword option to the Users module. If set to true, the user must set a root password. Otherwise, the user won't be asked and a root password will not be set. 2015-06-11 04:02:06 +02:00			`setRootPassword: true`
[users] Polish the documentation for the various checkboxes 2019-10-22 15:32:42 +02:00			`# You can control the initial state for the 'reuse password for root'`
			`# checkbox here. Possible values are:`
			`# - true to check or`
			`# - false to uncheck`
			`#`
			`# When checked, the user password is used for the root account too.`
			`#`
			`# NOTE: doReusePassword requires setRootPassword to be enabled.`
implement https://calamares.io/bugs/browse/CAL-341 2015-11-09 01:53:11 +01:00			`doReusePassword: true`
Passwords: introduce password-checking - Introduce a map 'passwordRequirements' in users.conf, which is a list of named requirements. There are only two settings right now, min and max length, but additional checks can easily be added in UsersPage.cpp by defining additional lambda's to check the given password string. - Add PasswordCheck instances as needed, with functions to check acceptability and to produce messages on rejection. - Documentation in the users.conf file itself. - In passing, refactor setting of pixmaps on labels. FIXES #790 2017-09-18 16:08:21 +02:00
			`# These are optional password-requirements that a distro can enforce`
			`# on the user. The values given in this sample file disable each check,`
			`# as if the check was not listed at all.`
			`#`
			`# Checks may be listed multiple times; each is checked separately,`
			`# and no effort is done to ensure that the checks are consistent`
			`# (e.g. specifying a maximum length less than the minimum length`
			`# will annoy users).`
			`#`
[users] sample config and stub function for libpwquality 2018-01-23 15:28:49 +01:00			`# The libpwquality check relies on the (optional) libpwquality library.`
			`# Its value is a list of configuration statements that could also`
			`# be found in pwquality.conf, and these are handed off to the`
			`# libpwquality parser for evaluation. The check is ignored if`
			`# libpwquality is not available at build time (generates a warning in`
			`# the log). The Calamares password check rejects passwords with a`
			`# score of < 40 with the given libpwquality settings.`
			`#`
			`# (additional checks may be implemented in CheckPWQuality.cpp and`
			`# wired into UsersPage.cpp)`
add checkbox to disable password validations 2019-08-28 17:14:00 +02:00			`#`
[users] Polish the documentation for the various checkboxes 2019-10-22 15:32:42 +02:00			`# - To disable specific password validations:`
			`# comment out the relevant 'passwordRequirements' keys below.`
			`# - To disable all password validations:`
			`# set both 'allowWeakPasswords' and 'allowWeakPasswordsDefault' to true.`
[users] Massage the weak-passwords settings - since the wording of the checkbox itself (and the functionality) is to enforce strong passwords, need to switch out some logic and fix the wording of the documentation. 2019-10-22 16:08:21 +02:00			`# (That will show the box Allow weak passwords in the user-`
[users] Polish the documentation for the various checkboxes 2019-10-22 15:32:42 +02:00			`# interface, and check it by default).`
Passwords: introduce password-checking - Introduce a map 'passwordRequirements' in users.conf, which is a list of named requirements. There are only two settings right now, min and max length, but additional checks can easily be added in UsersPage.cpp by defining additional lambda's to check the given password string. - Add PasswordCheck instances as needed, with functions to check acceptability and to produce messages on rejection. - Documentation in the users.conf file itself. - In passing, refactor setting of pixmaps on labels. FIXES #790 2017-09-18 16:08:21 +02:00			`passwordRequirements:`
			`minLength: -1 # Password at least this many characters`
			`maxLength: -1 # Password at most this many characters`
[users] sample config and stub function for libpwquality 2018-01-23 15:28:49 +01:00			`libpwquality:`
[users] Document passwordRequirements and code 2018-05-23 09:30:51 +02:00			`- minlen=0`
			`- minclass=0`
[users] Polish the documentation for the various checkboxes 2019-10-22 15:32:42 +02:00
[users] Massage the weak-passwords settings - since the wording of the checkbox itself (and the functionality) is to enforce strong passwords, need to switch out some logic and fix the wording of the documentation. 2019-10-22 16:08:21 +02:00			`# You can control the visibility of the 'strong passwords' checkbox here.`
[users] Polish the documentation for the various checkboxes 2019-10-22 15:32:42 +02:00			`# Possible values are:`
			`# - true to show or`
[users] Massage the weak-passwords settings - since the wording of the checkbox itself (and the functionality) is to enforce strong passwords, need to switch out some logic and fix the wording of the documentation. 2019-10-22 16:08:21 +02:00			`# - false to hide (default)`
[users] Polish the documentation for the various checkboxes 2019-10-22 15:32:42 +02:00			`# the checkbox. This checkbox allows the user to choose to disable`
[users] Massage the weak-passwords settings - since the wording of the checkbox itself (and the functionality) is to enforce strong passwords, need to switch out some logic and fix the wording of the documentation. 2019-10-22 16:08:21 +02:00			`# password-strength-checks. By default the box is hidden, so`
			`# that you have to pick a password that satisfies the checks.`
			`allowWeakPasswords: false`
			`# You can control the initial state for the 'strong passwords' checkbox here.`
[users] Polish the documentation for the various checkboxes 2019-10-22 15:32:42 +02:00			`# Possible values are:`
[users] Massage the weak-passwords settings - since the wording of the checkbox itself (and the functionality) is to enforce strong passwords, need to switch out some logic and fix the wording of the documentation. 2019-10-22 16:08:21 +02:00			`# - true to uncheck or`
			`# - false to check (default)`
			`# the checkbox by default. Since the box is labeled to enforce strong`
			`# passwords, in order to allow weak ones by default, the box needs`
			`# to be unchecked.`
			`allowWeakPasswordsDefault: false`
[users] Introduce userShell setting - Add a userShell key, which can be left out (default, backwards- compatible) to retain the old /bin/bash behavior, or explicitly set to empty to defer to useradd-configuration, or explicitly set to something non-empty to use that shell. 2018-05-23 11:23:46 +02:00
			`# Shell to be used for the regular user of the target system.`
			`# There are three possible kinds of settings:`
			`# - unset (i.e. commented out, the default), act as if set to /bin/bash`
			`# - empty (explicit), don't pass shell information to useradd at all`
			`# and rely on a correct configuration file in /etc/default/useradd`
			`# - set, non-empty, use that path as shell. No validation is done`
			`# that the shell actually exists or is executable.`
			`# userShell: /bin/bash`