Howto disable the root & demo passwords, not wipe /var/log/nginx folder

Message

#11 Post by **a_freed_man** » Thu Feb 24, 2022 5:20 pm

#12 Post by **dolphin_oracle** » Sat Feb 26, 2022 9:14 am

ok try this set of "test" debs.

almost every field in mx-welcome now has some kind of configuration capability.

the default /usr/share/mx-welcome/mx-welcome.conf has the expanded parameters in it with comments describing them. copy that file to /etc/mx-welcome/mx-welcome.conf and make your edits there. /etc/mx-welcome/mx-welcome.conf will take precedence over the default one in /usr/share/mx-welcome. you do not have to edit all values, and you can also just have the values you want changed in the new file. the /etc version variables only are used if they are non-empty, otherwise the default file and/or some built-in app defaults are used.

let me know what you think. I'll be out for a while, but will check in later this weekend.

https://drive.google.com/file/d/1Se2BTS ... sp=sharing

#13 Post by **a_freed_man** » Sun Feb 27, 2022 1:36 am

OK thx very much. I was out all day & won't be able to get to this until Sunday afternoon or early evening, but I'll certainly let you know how it works for me Monday if not before.

#14 Post by **a_freed_man** » Sun Feb 27, 2022 10:20 pm

Thank you very much sir for your help. Only other thing I might want but don't need is to possibly show different default accounts & passwords. I'm perfectly fine with this tho!

Well done!

#15 Post by **dolphin_oracle** » Mon Feb 28, 2022 11:58 am

a_freed_man wrote: ↑Sun Feb 27, 2022 10:20 pm Thank you very much sir for your help. Only other thing I might want but don't need is to possibly show different default accounts & passwords. I'm perfectly fine with this tho!

Well done!

hmm, good suggestion. I'll probably implement that before actually releasing to the repo.

you can keep using the one linked here, my final one will update over it, but won't touch your /etc/mx-welcome/mx-welcome.conf file so that will be safe.

#16 Post by **figueroa** » Mon Feb 28, 2022 12:11 pm

Re: "different default accounts & passwords"
What are those? Showing an actual user's and non-default root's password on-screen and putting the same in a readable configuration file is a very bad security practice. That's why using persistence forces the creation of new passwords.

#17 Post by **a_freed_man** » Mon Feb 28, 2022 9:11 pm

Well, I have more testing to do, and I haven't rebooted in awhile. However my live USB will ship with p_static_root persistence set as a default, and as such I don't believe it does force a password change on live boot, just like the released versions of mx Live don't.

If you're at all security conscious you should change the live passwords before you put a live system online. This is what I have in my initial welcome screen.

However I don't disagree, there is no question that providing default passwords for any account, especially root, entails some risk

MX Linux Forum

Howto disable the root & demo passwords, not wipe /var/log/nginx folder [Solved]

Re: Howto disable the root & demo passwords, not wipe /var/log/nginx folder

Re: Howto disable the root & demo passwords, not wipe /var/log/nginx folder

Re: Howto disable the root & demo passwords, not wipe /var/log/nginx folder

Re: Howto disable the root & demo passwords, not wipe /var/log/nginx folder

Re: Howto disable the root & demo passwords, not wipe /var/log/nginx folder

Re: Howto disable the root & demo passwords, not wipe /var/log/nginx folder

Re: Howto disable the root & demo passwords, not wipe /var/log/nginx folder