Commit 8d972df1 authored May 23, 2015 by James Knight Committed by Thomas Petazzoni Jun 09, 2015

scripts/mkusers: allow users with no password value set

The following allows a user definition to specify that a created user
entry should not have a password value set. Original implementation
allowed a user definition to provide a password value of "=" (no quotes)
to generate a crypt-encoded empty string value. In some cases, it may be
desired to have no value specified for a user's password. By using a
value "-" for a password, no value will be set in the shadow value.

An example when this can be used is when logging into a terminal.
Logging into a session with an encoded empty password will prompt a user
to enter a password since it does not know the password is empty. If the
password field blank, a login session will not prompt for a password.

Signed-off-by: James Knight <james.knight@rockwellcollins.com>
Acked-by: "Yann E. MORIN" <yann.morin.1998@free.fr>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>

parent e6c57b58

docs/manual/makeusers-syntax.txt

+2 −1

Original line number	Diff line number	Diff line
		@@ -31,7 +31,8 @@ Where:
		then login is disabled. If prefixed with +=+, then it is interpreted
		as clear-text, and will be crypt-encoded (using MD5). If prefixed with
		+!=+, then the password will be crypt-encoded (using MD5) and login
		will be disabled. If set to +*+, then login is not allowed.
		will be disabled. If set to +*+, then login is not allowed. If set to
		+-+, then no password value will be set.
		- +home+ is the desired home directory for the user. If set to '-', no
		home directory will be created, and the user's home will be +/+.
		Explicitly setting +home+ to +/+ is not allowed.

support/scripts/mkusers

+3 −0

Original line number	Diff line number	Diff line
		@@ -318,6 +318,9 @@ add_one_user() {
		*) fail "home must be an absolute path\n";;
		esac
		case "${passwd}" in
		-)
		_passwd=""
		;;
		!=*)
		_passwd='!'"$( encode_password "${passwd#!=}" )"
		;;