The current setup of the system is to use the same password for the we user and the WPA and SMB passwords, and a future maiden browser console login gate is also proposed to use the same password.
Right now the we user is in the sudoers group, so it can execute commands with root privileges by entering the we password. It would be helpful to reduce the consequences of having this password compromised.
It would be better if a second password was added to the root user, and the rootpw option is set in /etc/sudoers. The downside is that this will slightly increase friction for people doing admin commands (but as I think we want to encourage more development of lua APIs and less reliance on manual or script installation of extra packages, that friction is also a good thing.) Some thought will also need to go into how the root password is set and changed (does it need on-device UI, or is a known default + ssh access enough?)
The current setup of the system is to use the same password for the
weuser and the WPA and SMB passwords, and a future maiden browser console login gate is also proposed to use the same password.Right now the
weuser is in the sudoers group, so it can execute commands with root privileges by entering thewepassword. It would be helpful to reduce the consequences of having this password compromised.It would be better if a second password was added to the root user, and the
rootpwoption is set in/etc/sudoers. The downside is that this will slightly increase friction for people doing admin commands (but as I think we want to encourage more development of lua APIs and less reliance on manual or script installation of extra packages, that friction is also a good thing.) Some thought will also need to go into how the root password is set and changed (does it need on-device UI, or is a known default + ssh access enough?)