diff options
author | Sean Whitton <spwhitton@spwhitton.name> | 2021-05-25 13:10:20 -0700 |
---|---|---|
committer | Sean Whitton <spwhitton@spwhitton.name> | 2021-05-25 13:10:20 -0700 |
commit | 5ecad8f4c59a2908fc0c71e3be3324c088d7c1e7 (patch) | |
tree | 666e58e966c2511dfe2004cbf161a4d88df4ef89 | |
parent | 6f92d92e7b1b6a620f1ddd4bcfb080732cae3649 (diff) | |
download | consfigurator-5ecad8f4c59a2908fc0c71e3be3324c088d7c1e7.tar.gz |
add USER:HAS-ENABLED-PASSWORD
Signed-off-by: Sean Whitton <spwhitton@spwhitton.name>
-rw-r--r-- | src/package.lisp | 1 | ||||
-rw-r--r-- | src/property/user.lisp | 14 |
2 files changed, 15 insertions, 0 deletions
diff --git a/src/package.lisp b/src/package.lisp index 9b39949..9569cf6 100644 --- a/src/package.lisp +++ b/src/package.lisp @@ -354,6 +354,7 @@ (:local-nicknames (#:file #:consfigurator.property.file)) (:export #:has-account #:has-login-shell + #:has-enabled-password #:passwd-entry)) (defpackage :consfigurator.property.chroot diff --git a/src/property/user.lisp b/src/property/user.lisp index 9aab625..b10b258 100644 --- a/src/property/user.lisp +++ b/src/property/user.lisp @@ -39,6 +39,20 @@ Note that this uses getent(1) and so is not strictly POSIX-compatible." (file:contains-lines "/etc/shells" shell) (mrun "chsh" "--shell" shell username))) +(defprop has-enabled-password :posix (username initial-password) + "Ensures that it is possible to login as USERNAME; if this requires enabling +the account's password, also set it to INITIAL-PASSWORD. +The main purpose of this property is to ensure that in a freshly installed +system it will be possible to log in. The password should usually be changed +to something which is not stored in plain text in your consfig right after, +and then this property will do nothing." + (:desc #?"${username} has an enabled password") + (:check + (declare (ignore initial-password)) + (string= "P" (cadr (split-string (run "passwd" "-S" username))))) + (:apply + (mrun :input (format nil "~A:~A" username initial-password) "chpasswd"))) + (defun passwd-entry (n username-or-uid) "Get the nth entry in the getent(1) output for USERNAME-OR-UID. Note that getent(1) is not specified in POSIX so use of this function makes |