3
0
Fork 0
forked from mirrors/nixpkgs

Obsolete security.initialPassword

You can now set users.extraUsers.root.initialHashedPassword instead.
This commit is contained in:
Eelco Dolstra 2014-11-03 12:30:54 +01:00
parent f8f787b800
commit f496c3cbe4
5 changed files with 11 additions and 28 deletions

View file

@ -426,24 +426,12 @@ in {
options = [ groupOpts ]; options = [ groupOpts ];
}; };
# FIXME: obsolete - will remove.
security.initialRootPassword = mkOption { security.initialRootPassword = mkOption {
type = types.str; type = types.str;
default = "!"; default = "!";
example = ""; example = "";
description = '' visible = false;
The (hashed) password for the root account set on initial
installation. The empty string denotes that root can login
locally without a password (but not via remote services such
as SSH, or indirectly via <command>su</command> or
<command>sudo</command>). The string <literal>!</literal>
prevents root from logging in using a password.
Note that setting this option sets
<literal>users.extraUsers.root.hashedPassword</literal>.
Also, if <literal>users.mutableUsers</literal> is false
you cannot change the root password manually, so in that case
the name of this option is a bit misleading, since it will define
the root password beyond the user initialisation phase.
'';
}; };
}; };
@ -461,7 +449,7 @@ in {
shell = mkDefault cfg.defaultUserShell; shell = mkDefault cfg.defaultUserShell;
group = "root"; group = "root";
extraGroups = [ "grsecurity" ]; extraGroups = [ "grsecurity" ];
hashedPassword = mkDefault config.security.initialRootPassword; initialHashedPassword = mkDefault config.security.initialRootPassword;
}; };
nobody = { nobody = {
uid = ids.uids.nobody; uid = ids.uids.nobody;

View file

@ -49,5 +49,5 @@ with lib;
boot.supportedFilesystems = [ "zfs" "btrfs" ]; boot.supportedFilesystems = [ "zfs" "btrfs" ];
# Allow the user to log in as root without a password. # Allow the user to log in as root without a password.
security.initialRootPassword = ""; users.extraUsers.root.initialHashedPassword = "";
} }

View file

@ -98,7 +98,7 @@ let kernel = config.boot.kernelPackages.kernel; in
networking.usePredictableInterfaceNames = false; networking.usePredictableInterfaceNames = false;
# Make it easy to log in as root when running the test interactively. # Make it easy to log in as root when running the test interactively.
security.initialRootPassword = mkDefault ""; users.extraUsers.root.initialHashedPassword = mkDefault "";
}; };

View file

@ -191,10 +191,5 @@ in
environment.systemPackages = [ pkgs.cryptsetup ]; environment.systemPackages = [ pkgs.cryptsetup ];
boot.initrd.supportedFilesystems = [ "unionfs-fuse" ]; boot.initrd.supportedFilesystems = [ "unionfs-fuse" ];
# Prevent logging in as root without a password. This doesn't really matter,
# since the only PAM services that allow logging in with a null
# password are local ones that are inaccessible on EC2 machines.
security.initialRootPassword = mkDefault "!";
}; };
} }

View file

@ -38,8 +38,8 @@ in {
''; '';
# docker image config # Docker image config.
require = [ imports = [
../installer/cd-dvd/channel.nix ../installer/cd-dvd/channel.nix
../profiles/minimal.nix ../profiles/minimal.nix
../profiles/clone-config.nix ../profiles/clone-config.nix
@ -47,16 +47,16 @@ in {
boot.isContainer = true; boot.isContainer = true;
# Iptables do not work in docker # Iptables do not work in Docker.
networking.firewall.enable = false; networking.firewall.enable = false;
services.openssh.enable = true; services.openssh.enable = true;
# Socket activated ssh presents problem in docker # Socket activated ssh presents problem in Docker.
services.openssh.startWhenNeeded = false; services.openssh.startWhenNeeded = false;
# Allow the user to login as root without password # Allow the user to login as root without password.
security.initialRootPassword = ""; users.extraUsers.root.initialHashedPassword = mkDefault "";
# Some more help text. # Some more help text.
services.mingetty.helpLine = services.mingetty.helpLine =