Bug 21877 - systemsettings5 sddm auto login dialogue is too dangerous for non-savvy users, as it defaults to breaking the system
Summary: systemsettings5 sddm auto login dialogue is too dangerous for non-savvy users...
Status: NEW
Alias: None
Product: Mageia
Classification: Unclassified
Component: RPM Packages (show other bugs)
Version: 6
Hardware: All Linux
Priority: Normal major
Target Milestone: ---
Assignee: KDE maintainers
QA Contact:
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2017-10-15 17:25 CEST by Barry Jackson
Modified: 2018-04-19 13:09 CEST (History)
3 users (show)

See Also:
Source RPM: systemsettings-5.8.7-1.mga6.src.rpm
CVE:
Status comment:


Attachments

Description Barry Jackson 2017-10-15 17:25:24 CEST
Description of problem:
I am reporting this as I have just had to fix a system broken by my brother-in-law who was trying to solve an issue he had.

His initial problem was that the screen locker was popping up a login dialogue every 5 minutes while he was trying to watch a video. Easily solved by disabling the screen locker, you may say.

He went into systemsettings5 and eventually found auto-login which seemed to him to be a reasonable solution. He found this in:
Startup and shutdown -> Login Screen(SDDM) -> Advanced Tab and checked the Box for auto-login. Not understanding anything else in the box he left it as it was.
Here lies the problem, the 'user' that is displayed by default at the top of the spin wheel combo box is 'messagebus'.

He was then asked for root password which he gave, after which the system failed to boot to anything he could use.

It also took me some time to fix as when I got the machine the above chain of events had not been unravelled.

I really think that the 'user' field should default to the currently logged in normal user and this 'trap' for the unwary should not be left wide open. 

Version-Release number of selected component (if applicable):


How reproducible:
Always

Steps to Reproduce: As in para 3 above.
1.
2.
3.
Marja Van Waes 2017-10-15 17:41:30 CEST

Assignee: bugsquad => kde
Severity: normal => major
CC: (none) => marja11

Comment 1 nikos papadopoulos 2017-11-21 03:33:18 CET
Shouldn't SDDM filter out non "real" users? 
Is there a reasons SDDM displays users like "ftp", "apache", etc ?

Also, a user in the Greek forum of Mageia, reported that he checked autologing from Plasma's system settings. Then, in the drop down menu, he selected the right user. But when he restarted the system, it defaulted to user "messagebus". Got a black screen and couldn't login. Had to use "recovery mode". Finally, had to, manually, edit the file 
   /etc/sddm.conf
The mentioned user, runs Mageia on a virtual machine (if I understood correctly).

(
*link to the Greek forum: 
 upgrade mageia 5 to 6 (32 bit)
 http://mageia-gr.org/forum/viewtopic.php?f=2&t=443&start=10#p2981
*link to image displaying the "extra" users:
 https://ibb.co/nvY5TR
)

That sounds very similar, almost identical, with this bug.

CC: (none) => 231036448

Comment 2 Florian Hubold 2018-04-19 13:09:37 CEST
(In reply to nikos papadopoulos from comment #1)
> Shouldn't SDDM filter out non "real" users? 
> Is there a reasons SDDM displays users like "ftp", "apache", etc ?

SDDM does already, see the [Users] section in /etc/sddm.conf.
But the systemsettings dialog needs to do the same thing, and it seems the logic is there, check https://github.com/KDE/sddm-kcm/blob/master/src/usersmodel.cpp
Our KDE guys would have to take a look why this is not working.

CC: (none) => doktor5000


Note You need to log in before you can comment on or make changes to this bug.