Feature #16998

Persistence feature: administration password

Added by sajolida 2019-08-28 09:04:26 . Updated 2020-03-24 18:22:52 .

Status:
In Progress
Priority:
Normal
Assignee:
Category:
Persistence
Target version:
Start date:
Due date:
% Done:

0%

Feature Branch:
Type of work:
Discuss
Blueprint:

Starter:
Affected tool:
Deliverable for:

Description

From the discussion on Bug #15641, I felt the need to clarify whether having a persistence preset for the administration password is something we might want to do.

Bug #15641 is about the screen locking password, which is the same as the administration password only when an administration password has been set. Otherwise, the screen locking password is chosen by the user on first use.

It’s not clear to me whether we want a Persistence preset for the administration password as it means that either:

  • The user will have an administration password configured every time once they activated this feature. This goes against our advice of only setting up an administration password when needed as having an administration password set all the time might be a security risk.
  • The password is saved in the Persistence but the user still has to activate it in Tails Greeter every time they need it. This might not be worth the extra work.

Subtasks


Related issues

Related to Tails - Bug #15641: Persistence preset: screen locking password Rejected 2018-06-08

History

#1 Updated by sajolida 2019-08-28 09:04:50

  • Category set to Persistence

#2 Updated by sajolida 2019-08-28 09:05:13

  • related to Bug #15641: Persistence preset: screen locking password added

#3 Updated by intrigeri 2019-08-28 09:14:58

> It’s not clear to me whether we want a Persistence preset for the administration password

I can think of use cases where this would be useful but I don’t think it’s worth the cost of the code (implementation, maintenance) + the slight UX regression for the vast majority of our users, who won’t use this new option.

#4 Updated by op_mb 2019-08-28 20:01:38

// you can get rid of the user boot assigned password anytime after completing a sudo task:

sudo rm -i /etc/sudoers.d/tails-greeter

// it will delete the file, effectively as if you started without specifying it
// so if sudo is needed for installing something, just run the line after, and its all good

#5 Updated by op_mb 2019-08-28 20:06:19

also,

leaving tails with screen lock is just asking for Over the Shoulder Attacks

#6 Updated by sajolida 2019-10-29 14:48:54

  • related to Bug #17136: Persistence preset: Greeter settings added

#7 Updated by sajolida 2020-03-24 18:22:52

  • Status changed from New to In Progress
  • Priority changed from Low to Normal
  • Parent task set to Bug #17136

From Bug #17136#note-20 and follows up, we’re fine with that.

It will be part of Bug #17136, so I’m marking this ticket as a subtask.