diff options
author | Peter Bex <peter@more-magic.net> | 2016-02-22 20:27:19 +0100 |
---|---|---|
committer | Peter Bex <peter@more-magic.net> | 2016-02-22 20:27:19 +0100 |
commit | 4565103c8600ae4c09ecb80ec79bb143e46df54f (patch) | |
tree | 7785d30651a874f99269283d2d5b58074f1bfc4e | |
parent | b58059437b435d23f29ab0bd6e3395a86f413a36 (diff) | |
download | vps-builder-4565103c8600ae4c09ecb80ec79bb143e46df54f.tar.gz |
Ensure we set an empty (crypted!) password, so user can set it after logging in with a key
-rw-r--r-- | vps-builder.scm | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/vps-builder.scm b/vps-builder.scm index df63fec..845213c 100644 --- a/vps-builder.scm +++ b/vps-builder.scm @@ -254,7 +254,12 @@ (cs-groups (cadr user+cs-groups)) (~ (make-pathname `("/" "home") user)) (~/.ssh (make-pathname ~ ".ssh"))) - (run* (chroot ,root-dir useradd -m -G ,cs-groups ,user)) + ;; Use -p to set empty *crypted* password. This ensures the + ;; user has no password (which differs from having an empty one!) + ;; and can choose to set a password. If we didn't supply -p, the + ;; password would be *locked*, which means "passwd" will prompt + ;; for a password, but there's none, so it can't be changed. + (run* (chroot ,root-dir useradd -p "" -m -G ,cs-groups ,user)) (install-directory root-dir ~/.ssh user user #o700) (install-file root-dir pubkey (make-pathname ~/.ssh "authorized_keys") |