summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorPeter Bex <peter@more-magic.net>2016-02-22 20:27:19 +0100
committerPeter Bex <peter@more-magic.net>2016-02-22 20:27:19 +0100
commit4565103c8600ae4c09ecb80ec79bb143e46df54f (patch)
tree7785d30651a874f99269283d2d5b58074f1bfc4e
parentb58059437b435d23f29ab0bd6e3395a86f413a36 (diff)
downloadvps-builder-4565103c8600ae4c09ecb80ec79bb143e46df54f.tar.gz
Ensure we set an empty (crypted!) password, so user can set it after logging in with a key
-rw-r--r--vps-builder.scm7
1 files changed, 6 insertions, 1 deletions
diff --git a/vps-builder.scm b/vps-builder.scm
index df63fec..845213c 100644
--- a/vps-builder.scm
+++ b/vps-builder.scm
@@ -254,7 +254,12 @@
(cs-groups (cadr user+cs-groups))
(~ (make-pathname `("/" "home") user))
(~/.ssh (make-pathname ~ ".ssh")))
- (run* (chroot ,root-dir useradd -m -G ,cs-groups ,user))
+ ;; Use -p to set empty *crypted* password. This ensures the
+ ;; user has no password (which differs from having an empty one!)
+ ;; and can choose to set a password. If we didn't supply -p, the
+ ;; password would be *locked*, which means "passwd" will prompt
+ ;; for a password, but there's none, so it can't be changed.
+ (run* (chroot ,root-dir useradd -p "" -m -G ,cs-groups ,user))
(install-directory root-dir ~/.ssh user user #o700)
(install-file root-dir pubkey
(make-pathname ~/.ssh "authorized_keys")