diff options
-rw-r--r-- | src/package.lisp | 1 | ||||
-rw-r--r-- | src/property/user.lisp | 14 |
2 files changed, 15 insertions, 0 deletions
diff --git a/src/package.lisp b/src/package.lisp index 9b39949..9569cf6 100644 --- a/src/package.lisp +++ b/src/package.lisp @@ -354,6 +354,7 @@ (:local-nicknames (#:file #:consfigurator.property.file)) (:export #:has-account #:has-login-shell + #:has-enabled-password #:passwd-entry)) (defpackage :consfigurator.property.chroot diff --git a/src/property/user.lisp b/src/property/user.lisp index 9aab625..b10b258 100644 --- a/src/property/user.lisp +++ b/src/property/user.lisp @@ -39,6 +39,20 @@ Note that this uses getent(1) and so is not strictly POSIX-compatible." (file:contains-lines "/etc/shells" shell) (mrun "chsh" "--shell" shell username))) +(defprop has-enabled-password :posix (username initial-password) + "Ensures that it is possible to login as USERNAME; if this requires enabling +the account's password, also set it to INITIAL-PASSWORD. +The main purpose of this property is to ensure that in a freshly installed +system it will be possible to log in. The password should usually be changed +to something which is not stored in plain text in your consfig right after, +and then this property will do nothing." + (:desc #?"${username} has an enabled password") + (:check + (declare (ignore initial-password)) + (string= "P" (cadr (split-string (run "passwd" "-S" username))))) + (:apply + (mrun :input (format nil "~A:~A" username initial-password) "chpasswd"))) + (defun passwd-entry (n username-or-uid) "Get the nth entry in the getent(1) output for USERNAME-OR-UID. Note that getent(1) is not specified in POSIX so use of this function makes |