[neon/neon/calamares-settings/Neon/unstable] /: document user modules to be kept in sync

Carlos De Maine null at kde.org
Thu Feb 19 03:05:55 GMT 2026 

Git commit 37cdb0728407edf2e03642562d44cd91a216e9df by Carlos De Maine.
Committed on 19/02/2026 at 02:34.
Pushed by carlosdem into branch 'Neon/unstable'.

document user modules to be kept in sync

M  +5    -1    desktop/calamares/desktop/modules/users.conf
M  +11   -1    oem-prepare/calamares/oem-prepare/modules/users.conf

https://invent.kde.org/neon/neon/calamares-settings/-/commit/37cdb0728407edf2e03642562d44cd91a216e9df

diff --git a/desktop/calamares/desktop/modules/users.conf b/desktop/calamares/desktop/modules/users.conf
index 1ac9bcc..3dd20ce 100644
--- a/desktop/calamares/desktop/modules/users.conf
+++ b/desktop/calamares/desktop/modules/users.conf
@@ -2,6 +2,7 @@
 # SPDX-FileCopyrightText: 2018-2021 Harald Sitter <sitter at kde.org>
 # SPDX-FileCopyrightText: 2015-2016 Rohan Garg <rohan at kde.org>
 ---
+# keep in options available in sync with oem user module
 setRootPassword: false
 sudoersGroup: sudo
 defaultGroups:
@@ -19,6 +20,9 @@ defaultGroups:
       system: true
     - name: sudo
       must_exist: true
+# These are requirements the try to follow the suggestions from
+# https://pages.nist.gov/800-63-3/sp800-63b.html , "Digital Identity Guidelines".
+# but we allow it to be overridden
 passwordRequirements:
       minLength: 8
       maxLength: 64
@@ -32,7 +36,7 @@ passwordRequirements:
       allowWeakPasswordsDefault: false
 displayAutologin: true
 doAutologin: false
-# Explicitly set the shell instead of defering to calamares. We have a platform
+# Explicitly set the shell instead of deferring to calamares. We have a platform
 # expectation derived from ubuntu here.
 user:
   shell: /bin/bash
diff --git a/oem-prepare/calamares/oem-prepare/modules/users.conf b/oem-prepare/calamares/oem-prepare/modules/users.conf
index f914c38..2750de7 100644
--- a/oem-prepare/calamares/oem-prepare/modules/users.conf
+++ b/oem-prepare/calamares/oem-prepare/modules/users.conf
@@ -2,7 +2,7 @@
 # SPDX-FileCopyrightText: 2018-2021 Harald Sitter <sitter at kde.org>
 # SPDX-FileCopyrightText: 2015-2016 Rohan Garg <rohan at kde.org>
 ---
-doAutologin: false
+# keep in options available in sync with oem user module
 setRootPassword: false
 sudoersGroup: sudo
 defaultGroups:
@@ -20,6 +20,9 @@ defaultGroups:
       system: true
     - name: sudo
       must_exist: true
+# These are requirements the try to follow the suggestions from
+# https://pages.nist.gov/800-63-3/sp800-63b.html , "Digital Identity Guidelines".
+# but we allow it to be overridden
 #passwordRequirements:
 #     minLength: 8
 #     maxLength: 64
@@ -33,6 +36,13 @@ defaultGroups:
 #     allowWeakPasswordsDefault: false
 displayAutologin: true
 doAutologin: false
+# Explicitly set the shell instead of deferring to calamares. We have a platform
+# expectation derived from ubuntu here.
+user:
+  shell: /bin/bash
+  forbidden_names: [ root ]
+displayAutologin: true
+doAutologin: false
 # Explicitly set the shell instead of defering to calamares. We have a platform
 # expectation derived from ubuntu here.
 user:

More information about the Neon-commits mailing list