deflogin: explicit ROOTPW_EMPTY

This relates to commit f2892ad3e4
as there's an obvious need to be able to set empty root password
for LiveCDs but previous implementation was very fragile (and is
going to stay that way) -- so clear and separate knob for making
an image defenseless looks better.
This commit is contained in:
Michael Shigorin 2014-04-12 18:24:31 +04:00
parent b9dffe2101
commit 0650f6d42d
3 changed files with 12 additions and 4 deletions

View File

@ -1,6 +1,8 @@
Эта фича конфигурирует root login и пользователей по умолчанию.
Если ROOTPW не задан, то подходящий пароль не существует.
Различить пустой и незаданный при текущей реализации xport() невозможно.
При необходимости задать пустой пароль root (например, на LiveCD)
выставьте переменную ROOTPW_EMPTY.
ВНИМАНИЕ: применяйте разумно, т.к. крайне легко создать и оставить
дыру в безопасности!

View File

@ -2,6 +2,7 @@
use/deflogin:
@$(call add_feature)
@$(call add,THE_PACKAGES,shadow-utils passwd)
@$(call xport,ROOTPW_EMPTY)
@$(call xport,ROOTPW)
@$(call xport,USERS)
@$(call xport,GROUPS)
@ -12,8 +13,7 @@ use/deflogin:
# livecd: root and altlinux users with no password at all
use/deflogin/empty: use/deflogin use/deflogin/altlinux
@$(call set,ROOTPW,)
@$(call add,USERS,altlinux::1:1)
@$(call set,ROOTPW_EMPTY,1)
# mostly used to allow access to videocard and desktop related hardware
use/deflogin/xgrp: use/deflogin

View File

@ -1,6 +1,12 @@
#!/bin/sh
# set root password if any; no-op if it is empty
# explicitly requested empty root password
if [ -n "$GLOBAL_ROOTPW_EMPTY" ]; then
usermod -p "" root
exit 0
fi
# set root password if any; no-op if it is empty
if [ -z "$GLOBAL_ROOTPW" ]; then
echo "** warning: no root password provided, skipping" >&2
else