sysusers: properly mark generated accounts as locked
Previously, we'd only set the shell to /usr/bin/nologin and lock the password for system users. Let's go one step further and also lock the whole account. This is a paranoid safety precaution, since neither disabling the shell like this nor disabling the password is sufficient to lock an account, since remote shell tools generally allow passing different shells, and logins into ftp or similar protocols don't know the shell concept anyway. Moreover, in times of ssh authentication by password is just one option of authentication among many. Takes inspiration from the recommendations in usermod(8)'s -L switch: "Note: if you wish to lock the account (not only access with a password), you should also set the EXPIRE_DATE to 1."
This commit is contained in:
parent
5d9bc22ac0
commit
636e72bce6
|
@ -428,7 +428,7 @@ static int write_temporary_passwd(const char *passwd_path, FILE **tmpfile, char
|
|||
.pw_passwd = (char*) "x",
|
||||
|
||||
/* We default to the root directory as home */
|
||||
.pw_dir = i->home ? i->home : (char*) "/",
|
||||
.pw_dir = i->home ?: (char*) "/",
|
||||
|
||||
/* Initialize the shell to nologin, with one exception:
|
||||
* for root we patch in something special */
|
||||
|
@ -522,13 +522,13 @@ static int write_temporary_shadow(const char *shadow_path, FILE **tmpfile, char
|
|||
ORDERED_HASHMAP_FOREACH(i, todo_uids, iterator) {
|
||||
struct spwd n = {
|
||||
.sp_namp = i->name,
|
||||
.sp_pwdp = (char*) "!!",
|
||||
.sp_pwdp = (char*) "!!", /* lock this password, and make it invalid */
|
||||
.sp_lstchg = lstchg,
|
||||
.sp_min = -1,
|
||||
.sp_max = -1,
|
||||
.sp_warn = -1,
|
||||
.sp_inact = -1,
|
||||
.sp_expire = -1,
|
||||
.sp_expire = i->uid == 0 ? -1 : 1, /* lock account as a whole, unless this is root */
|
||||
.sp_flag = (unsigned long) -1, /* this appears to be what everybody does ... */
|
||||
};
|
||||
|
||||
|
|
Loading…
Reference in New Issue