Install should not depend on a remote login of user root

[bliekp]

Remote login as user root on Linux machines has been disabled by default on most distro's by years now. Please do not rely on this very insecure way.

We should be able to create an installer that is more generic and does not use root access. F.i. we could store the password of the deploy user in a hash-file (because on the cmd-line it could still be retrieved via 'history') and use that to sudo and get things done?

[javierm]

Hi, Pim :smile:.

Just adding what (if I remember correctly) we talked about two years ago in the tech-questions channel.

The installer itself only uses root access to create a user and give them permission to run sudo without a password; it can be used with any other user (see the No root access section in the README).

We default to the root user because it's the only user we're 100% is installed by default on any server and because many people don't know how to create a user and give that user permission to run sudo without a password. Maybe we could change the README so the "No root access" section is more prominent or is linked at the beginning :thinking:? Do you think that would be enough?