diff options
| author | Lily Foster <lily@lily.flowers> | 2023-01-07 20:42:11 -0500 |
|---|---|---|
| committer | Winter <winter@winter.cafe> | 2023-02-25 14:27:35 -0500 |
| commit | bfa0bff64474a528eb06a7f9e0a9f53f1b41af45 (patch) | |
| tree | 5d4ed2532440ef2bec9f515e6873cdf0345d0b87 /pkgs/development/python-modules/python-mapnik/python-mapnik_std_optional.patch | |
| parent | 2b268bacedee7a649bc8bdf6aeb37d46c57f97a9 (diff) | |
nixos/update-users-groups: let hashedPassword take precedence over initialHashedPassword
Without this change, users that have both `initialHashedPassword` and
`hashedPassword` set will have `initialHashedPassword` take precedence,
but only for the first time `/etc/passwd` is generated. After that,
`hashedPassword` takes precedence. This is surprising behavior as it
would generally be expected for `hashedPassword` to win if both are set.
This wouldn't be a noticeable problem (and an assert could just be made
instead) if the users-groups module did not default the
`root.intialHashedPassword` value to `!`, to prevent login by default.
That means that users who set `root.hashedPassword` and use an ephemeral
rootfs (i.e. `/etc/passwd` is created every boot) are not able to log in
to the root account by default, unless they switch to a new generation
during the same boot (i.e. `/etc/passwd` already exists and
`hashedPassword` is used instead of `initialHashedPassword`) or they set
`root.initialHashedPassword = null` (which is unintuitive and seems
redundant).
Diffstat (limited to 'pkgs/development/python-modules/python-mapnik/python-mapnik_std_optional.patch')
0 files changed, 0 insertions, 0 deletions