diff --git a/debian/changelog b/debian/changelog index 454c434..0011960 100644 --- a/debian/changelog +++ b/debian/changelog @@ -2,6 +2,7 @@ calamares-settings-ubuntu (1:25.04.11) UNRELEASED; urgency=medium * Rearrange the Lubuntu module order to account for packages with new stuff to put in the initramfs. + * Make forbidden_names much stronger (LP: #2088576). -- Simon Quigley Mon, 25 Nov 2024 03:02:04 -0600 diff --git a/kubuntu/modules/users.conf b/kubuntu/modules/users.conf index cc11f7f..0eb6cf2 100644 --- a/kubuntu/modules/users.conf +++ b/kubuntu/modules/users.conf @@ -19,4 +19,50 @@ passwordRequirements: # expectation derived from Ubuntu here. user: shell: /bin/bash - forbidden_names: [ root ] + forbidden_names: + - root + - nginx + - www-data + - daemon + - bin + - sys + - sync + - games + - man + - lp + - mail + - news + - uucp + - proxy + - www-data + - backup + - list + - irc + - apt + - nobody + - systemd-network + - systemd-timesync + - dhcpcd + - messagebus + - syslog + - systemd-resolve + - usbmux + - tss + - uuidd + - whoopsie + - dnsmasq + - avahi + - nm-openvpn + - tcpdump + - speech-dispatcher + - cups-pk-helper + - fwupd-refresh + - sddm + - saned + - cups-browsed + - hplip + - polkitd + - rtkit + - colord + - geoclue + - installer diff --git a/lubuntu/modules/users.conf b/lubuntu/modules/users.conf index d541d3c..2070d86 100644 --- a/lubuntu/modules/users.conf +++ b/lubuntu/modules/users.conf @@ -17,7 +17,57 @@ passwordRequirements: maxLength: -1 # Explicitly set the shell instead of deferring to Calamares. We have a platform # expectation derived from Ubuntu here. +# +# The forbidden_names list is grabbed from `awk -F: '{print $1}' /etc/passwd` +# on a live ISO. _apt was changed to apt, lubuntu was removed, and nginx and +# www-data were added user: shell: /bin/bash - forbidden_names: [ root ] + forbidden_names: + - root + - nginx + - www-data + - daemon + - bin + - sys + - sync + - games + - man + - lp + - mail + - news + - uucp + - proxy + - www-data + - backup + - list + - irc + - apt + - nobody + - systemd-network + - systemd-timesync + - dhcpcd + - messagebus + - syslog + - systemd-resolve + - usbmux + - tss + - uuidd + - whoopsie + - dnsmasq + - avahi + - nm-openvpn + - tcpdump + - speech-dispatcher + - cups-pk-helper + - fwupd-refresh + - sddm + - saned + - cups-browsed + - hplip + - polkitd + - rtkit + - colord + - geoclue + - installer allowActiveDirectory: true diff --git a/ubuntuunity/modules/users.conf b/ubuntuunity/modules/users.conf index cc11f7f..0eb6cf2 100644 --- a/ubuntuunity/modules/users.conf +++ b/ubuntuunity/modules/users.conf @@ -19,4 +19,50 @@ passwordRequirements: # expectation derived from Ubuntu here. user: shell: /bin/bash - forbidden_names: [ root ] + forbidden_names: + - root + - nginx + - www-data + - daemon + - bin + - sys + - sync + - games + - man + - lp + - mail + - news + - uucp + - proxy + - www-data + - backup + - list + - irc + - apt + - nobody + - systemd-network + - systemd-timesync + - dhcpcd + - messagebus + - syslog + - systemd-resolve + - usbmux + - tss + - uuidd + - whoopsie + - dnsmasq + - avahi + - nm-openvpn + - tcpdump + - speech-dispatcher + - cups-pk-helper + - fwupd-refresh + - sddm + - saned + - cups-browsed + - hplip + - polkitd + - rtkit + - colord + - geoclue + - installer