[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Passwords inside System Configuration
From: |
Giovanni Biscuolo |
Subject: |
Re: Passwords inside System Configuration |
Date: |
Mon, 20 Jan 2020 10:30:51 -0000 |
Hello Raghav,
"Raghav Gururajan" <address@hidden> writes:
> Hello Guix!
>
> I would like to insert/set password for the following, inside system
> configuration (config.scm):
> 1) Roor User
> 2) Regular User
--8<---------------cut here---------------start------------->8---
(user-account
(name "charlie")
(group "users")
;; Specify a SHA-512-hashed initial password.
(password (crypt "InitialPassword!" "$6$abc")))
--8<---------------cut here---------------end--------------->8---
but please read
https://guix.gnu.org/manual/en/html_node/User-Accounts.html#user_002daccount_002dpassword
--8<---------------cut here---------------start------------->8---
You would normally leave this field to #f, initialize user passwords as
root with the passwd command, and then let users change it with
passwd. Passwords set with passwd are of course preserved across reboot
and reconfiguration.
[...]
Note: The hash of this initial password will be available in a file in
/gnu/store, readable by all the users, so this method must be used with
care.
--8<---------------cut here---------------end--------------->8---
> 3) LUKS Device
AFAIK it's not possible to provide the passphrase in the system
configuration, and it's by design :-)
I mean: you set the LUKS passphrase "imperatively" when encrypting the
device (e.g. during installation) or to change it later, storing it in
config.scm would mean to make it available in /gnu/store, readeable by
all users... and you should avoid it
[...]
HTH! Gio'
--
Giovanni Biscuolo
Xelera IT Infrastructures
signature.asc
Description: PGP signature