From 4565103c8600ae4c09ecb80ec79bb143e46df54f Mon Sep 17 00:00:00 2001 From: Peter Bex Date: Mon, 22 Feb 2016 20:27:19 +0100 Subject: Ensure we set an empty (crypted!) password, so user can set it after logging in with a key --- vps-builder.scm | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) (limited to 'vps-builder.scm') diff --git a/vps-builder.scm b/vps-builder.scm index df63fec..845213c 100644 --- a/vps-builder.scm +++ b/vps-builder.scm @@ -254,7 +254,12 @@ (cs-groups (cadr user+cs-groups)) (~ (make-pathname `("/" "home") user)) (~/.ssh (make-pathname ~ ".ssh"))) - (run* (chroot ,root-dir useradd -m -G ,cs-groups ,user)) + ;; Use -p to set empty *crypted* password. This ensures the + ;; user has no password (which differs from having an empty one!) + ;; and can choose to set a password. If we didn't supply -p, the + ;; password would be *locked*, which means "passwd" will prompt + ;; for a password, but there's none, so it can't be changed. + (run* (chroot ,root-dir useradd -p "" -m -G ,cs-groups ,user)) (install-directory root-dir ~/.ssh user user #o700) (install-file root-dir pubkey (make-pathname ~/.ssh "authorized_keys") -- cgit v1.2.3