Lubuntu/livecd-rootfs
3
0
Fork 0
mirror of https://git.launchpad.net/livecd-rootfs synced 2025-02-14 22:58:23 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge lp:~mterry/livecd-rootfs/no-password

Browse Source
This commit is contained in:
Steve Langasek 2014-07-24 15:49:46 -07:00
commit edbb9763c7
2 changed files with 34 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
debian/changelog vendored
View File

@ -1,3 +1,14 @@
livecd-rootfs (2.228ubuntu1) UNRELEASED; urgency=medium
[ Michael Terry ]
* Don't set an arbitrary password for the phablet user. As we transition
to using PAM as the storage medium for the user's password, we can't
expect the user to know about the 'phablet' password.
* And configure libnss-extrausers to store user password information
instead of /etc/shadow.
-- Steve Langasek <steve.langasek@ubuntu.com> Thu, 24 Jul 2014 15:48:31 -0700
livecd-rootfs (2.228) utopic; urgency=medium
* Pass --mirror-binary in the ubuntu-rtm case too; this isn't inherited

28
live-build/ubuntu-touch/hooks/01-setup_user.chroot
View File

@ -6,15 +6,33 @@ UGID=32011
echo "I: creating default user $USER"
adduser --gecos $USER --disabled-login $USER --uid $UGID
echo "I: set user $USER password to $USER"
echo "$USER:$USER" | chpasswd
echo "I: allowing user to log in without password"
gpasswd -a $USER nopasswdlogin
echo "I: set user $USER password to blank"
passwd -d $USER
adduser --gecos system --no-create-home --disabled-login --disabled-password system --uid 1000
adduser --gecos radio --no-create-home --disabled-login --disabled-password radio --uid 1001
# Enable libnss-extrusers
sed -i 's/^group:.*compat/\0 extrausers/' /etc/nsswitch.conf
sed -i 's/^passwd:.*compat/\0 extrausers/' /etc/nsswitch.conf
sed -i 's/^shadow:.*compat/\0 extrausers/' /etc/nsswitch.conf
# Allow using pam_extrausers, with relatively weak passwords (no obscure keyword, and with minlen=4)
sed -i '/Primary/a password [success=2 default=ignore] pam_extrausers.so minlen=4 sha512' /etc/pam.d/common-password
sed -i '/Primary/a auth [success=2 authinfo_unavail=ignore default=1] pam_extrausers.so nullok' /etc/pam.d/common-auth
# Move user from /etc to extrausers location
grep "^$USER" /etc/group >> /var/lib/extrausers/group
grep "^$USER" /etc/passwd >> /var/lib/extrausers/passwd
grep "^$USER" /etc/shadow >> /var/lib/extrausers/shadow
chmod 0644 /var/lib/extrausers/group
chmod 0644 /var/lib/extrausers/passwd
chmod 0640 /var/lib/extrausers/shadow
chown root:shadow /var/lib/extrausers/shadow
sed -i "/^$USER/d" /etc/group
sed -i "/^$USER/d" /etc/passwd
sed -i "/^$USER/d" /etc/shadow
# Prevent the system user from being presented in the greeter by bumping MIN_UID
sed -i 's/^\(UID_MIN\s\+\).*/\11002/g' /etc/login.defs