-
-
Notifications
You must be signed in to change notification settings - Fork 14.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
nixos/systemd-sysusers: silently ignores password and hashedPassword #307159
Comments
Also, the default UID of users does not start at 1000 and often results in an UID < 1000. One option is to run systemd-sysusers twice; once for "normal" users and once for "system" users. In each call set the range of allowed UID/GID values via the |
@Princemachiavelli Hi do you mind creating a separate issue for the UID issue? These are orthogonal and I think are better off tracked separately. |
#318365 for cross-reference. |
This affects even manually specified uids: They are ignored and instead a random uid <1000 is assigned. |
Describe the bug
If
systemd.sysusers.enable
is used with users having passwords set byhashedPassword
, the defined password is ignored and the users are provisioned as password-less (i.e "disabled").Steps To Reproduce
Steps to reproduce the behavior:
systemd.sysusers.enable
users.mutableUsers
or enablesystem.etc.overlay.enable
. (I only tested viamutableUsers=false
).Expected behavior
Users should retain existing password configured via
hashedPassword
.The existing
users-groups
module (./nixos/modules/config/users-groups.nix
) actually sets the default opposite of what the new systemd-sysusers module expects.users-groups
setshashedPassword
andpassword
based on theinitialHashedPassword
andinitialPassword
values whilesystemd-sysusers
only looks in theinitial*
values.systemd-sysfiles
should just look athasedPassword
andpassword
.The assertions that prevent building a config without any login-able user (locally or via SSH) should be reviewed. I believe they were not triggered because while I did have an SSH public key configured via Nix - the config does not have an SSH server enabled.
The text was updated successfully, but these errors were encountered: