Choose WordPress admin username at install

[jeroenpeters1986]

In the light of security-common-sense (see articles like http://wpresstic.com/how-to-change-wordpress-admin-username/) it is desirable to be able to set the WordPress username during the installation. Users should be able to maintain 'admin' as a username, we will not be blocking. Though, users can also just use their own username. This way, bruteforcing into our TurnkeyLinux WordPress appliances will become a tiny step harder.

[jeroenpeters1986]

Hi @alonswartz, I already made code for this and tested it. Can I just reapply the pullrequest? it was denied the last time because the 14.0 release was coming :)

[JedMeister]

Hi @jeroenpeters1986 - apologies on the radio silence. I've been busy working on the optimised builds... TBH I'm not sure why Alon closed your original PR (rather than just leaving it unmerged for now).

I have reopened but I see that there are now conflicts (I didn't look at what they are).

[JedMeister]

@jeroenpeters1986 - I spoke with Alon about this last night. Bottom line is that while it would be cool, adding this functionality will require backend work for all of our hosting partners (that use preseeding to integrate TurnKey into their hosting platforms) so introducing this to just one appliance has a big overhead for a relatively small change. When we introduce this we'd like to make it as uniform as possible (i.e. apply it to as many appliances as possible).

Another possibility is that at some point we would like to extend confconsole to provide additional configuration options and this might be one of them?

So that means this will have to be shelved for now. In the meantime I suggest that we document the process of changing the admin username (or perhaps even write a small helper script) so end users can do it themselves if they wish.

[jeroenpeters1986]

hey @JedMeister that's allright. I can document the changes, what will be a good place to do that? Writing a small helper script would also work, but would we be documenting this as part of all TLK appliances?

Also, I had to checkout what preseeding was (https://www.turnkeylinux.org/docs/inithooks, nice! Hadn't read it before). That looks good, we don't want this feature ruining that.
What I did in the patch I made (on v13), was supplying a default 'admin' username, would that also break preseeding?

[JedMeister]

We have individual (wiki) documentation pages for each appliance on our website (actually only some of them, but you get the idea). So in this case it'd be the WordPress page, create a "child page" with an appropriate title (actually I think that the multisite docs are probably really out of date). IIRC you'll need to be logged in to edit it. If you don't already have a website account and/or you have any issues ping me and I'll fix it for you.

Yeah inithooks are pretty cool. You could create an inithook and make it have a default value when preseeded (so it didn't make it interactive). However another concern Alon raised was that it adds another screen to the inithooks. Ideally the inithooks should be as minimal as possible and already they are getting a bit bloated. Whilst being able to set the admin name is cool and adds value, it would be better as an option rather than another screen users have to fill in on firstboot. Also if available as an option then it could be changed later if desired.

The problem there is that our confconsole is quite tired and isn't really extendible. So to be able to do all the cool extra config stuff we'd love to be able to easily do (such as this one, set keyboard, timezone, hostname, install updates, config a proxy, etc) we're going to need to rewrite confconsole from the ground up. The bonus of doing that would be that we'd separate the backend and frontend; so basically you could have a text or web front end (or even a desktop GUI). We'd also design it so additional plugins could be easily added at any point (e.g. this one). It's something that we'd like to do but at this point it's not a priority.

[aaronkempf]

I just think it is ridiculous to rename the account.

I wish that login failures and hacks were a thing of the past.

It SEEMS that password strength should be enough.

In truth.. I wish that ALL linux could be more easily configured to log
stuff like login failures to a relational database.

Only when people can draw some graphs, and LOOK through the data.. I mean
patterns in data like this are important to look for.

Our lives would be easier if EVERYTHING could be configured to write more
data, better filters, better summaries.

The world was simpler ten years ago and we successfully logged almost a
terabyte of logging information about web traffic to a friggin Pentium 3.
Yes, at Microsoft a dozen years ago.. We logged almost a billion log
records PER DAY into a single RDBMS server.

I think it's sad.. That your ecosystem has been starved of useful reporting
metrics like login failures.. And I claim linux logging today sucks
PRIMARILY because Mysql is such a retarded database.

I wish, hope and pray for the day that MS SQL is released for Linux.

Mysql ain't free. It ain't fast. Its just not good enough for Enterprise
usage.

You can retort that Facebook and an army of ewoks (who spend two thirds of
their time reinventing the wheel ) got Mysql to WORK.. ILL COUNTER:

HELL NO, FACEBOOK DIDNT GET MYSQL TO WORK RIGHT, because if they had.. Then
you FREETARDS wouldn't NEED 137 different caching engines for Mysql.

I mean seriously. If Mysql had better ETL and better indexing and
competent reporting and a better more predictable query engine with
modern features.. Then maybe Mysql could compete a dozen years ago OR
today.

As it is.. MySql and its crappy performance has SOOOO many obnoxious work
arounds.

Date Validation? The database engine shouldn't HAVE TO DO THAT?!?

I just root for anyone that is NOT running MySQL.

I honestly think that crappy databases are stunting your whole industry.

(Gag.. Reinvent yet another 'BIG DATA' tool.)

When I showed up on that project, the UNINDEXED relational database took an
hour to query a single daily partition..

If I built the SAME caliber of strategic architecture today.. I'd still use
MS SQL Server.

And you would still use MySQL.

What has changed ?
MSSql has blossomed into a beautiful product over these past twelve years.

And meanwhile you guys come out with SOME crazy new system about twice a
month.

I just wish that y'all didn't have so much complexity in managing a modern
Operating System.. And I claim that WHEN SQL Server AND IIS come to Linux,
I think that you guys will learn to love the modern features.

Like filtered indexes. Covered indexes. The INCLUDE clause for crying out
loud?! The include clause can make MOST queries a dozen times faster (when
and where you WANT that type of scalability ).
On Dec 21, 2015 6:22 PM, "Jeremy Davis" notifications@github.com wrote:

@jeroenpeters1986 https://github.com/jeroenpeters1986 - I spoke with
Alon about this last night. Bottom line is that while it would be cool,
adding this functionality will require backend work for all of our hosting
partners (that use preseeding to integrate TurnKey into their hosting
platforms) so introducing this to just one appliance has a big overhead for
a relatively small change. When we introduce this we'd like to make it as
uniform as possible (i.e. apply it to as many appliances as possible).

Another possibility is that at some point we would like to extend
confconsole to provide additional configuration options and this might be
one of them?

So that means this will have to be shelved for now. In the meantime I
suggest that we document the process of changing the admin username (or
perhaps even write a small helper script) so end users can do it themselves
if they wish.

—
Reply to this email directly or view it on GitHub
#444 (comment)
.