diff options
Diffstat (limited to 'src/property/user.lisp')
-rw-r--r-- | src/property/user.lisp | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/src/property/user.lisp b/src/property/user.lisp index 516b809..84ddc43 100644 --- a/src/property/user.lisp +++ b/src/property/user.lisp @@ -109,6 +109,17 @@ and then this property will do nothing." (:apply (mrun :input (format nil "~A:~A" username initial-password) "chpasswd"))) +(defprop has-locked-password :posix (username) + "Ensure that USERNAME cannot login via a password." + (:desc #?"${username} has a locked password") + (:hostattrs (os:required 'os:debianlike)) + (:check + (assert-euid-root) + (string= "L" (cadr (split-string (run "passwd" "-S" username))))) + (:apply + (assert-euid-root) + (mrun "passwd" "--lock" username))) + (defun %getent-entry (n name-or-id &optional (database "passwd")) "Get the nth entry in the getent(1) output for NAME-OR-ID in DATABASE." (let ((u (etypecase name-or-id |