diff options
author | rnhmjoj <rnhmjoj@inventati.org> | 2020-06-21 16:55:45 +0200 |
---|---|---|
committer | rnhmjoj <rnhmjoj@inventati.org> | 2020-07-04 12:21:48 +0200 |
commit | 900ae9756902e4a3c53f32d4dee9ba1d995722df (patch) | |
tree | b0a4059d1326501177d6e1d4559e06903e66a225 /nixos | |
parent | a6ed7d4845f1142f36b2c461d5a721bc68eb7d48 (diff) | |
download | nixpkgs-900ae9756902e4a3c53f32d4dee9ba1d995722df.tar nixpkgs-900ae9756902e4a3c53f32d4dee9ba1d995722df.tar.gz nixpkgs-900ae9756902e4a3c53f32d4dee9ba1d995722df.tar.bz2 nixpkgs-900ae9756902e4a3c53f32d4dee9ba1d995722df.tar.lz nixpkgs-900ae9756902e4a3c53f32d4dee9ba1d995722df.tar.xz nixpkgs-900ae9756902e4a3c53f32d4dee9ba1d995722df.tar.zst nixpkgs-900ae9756902e4a3c53f32d4dee9ba1d995722df.zip |
nixos/users-groups: clearly document special hash values
This explanation was contained in the description of security.initialRootPassword but got lost when it was deprecated a long ago (f496c3c) and removed.
Diffstat (limited to 'nixos')
-rw-r--r-- | nixos/modules/config/users-groups.nix | 18 |
1 files changed, 10 insertions, 8 deletions
diff --git a/nixos/modules/config/users-groups.nix b/nixos/modules/config/users-groups.nix index 83296a54bc4..c2b8b6b3163 100644 --- a/nixos/modules/config/users-groups.nix +++ b/nixos/modules/config/users-groups.nix @@ -25,17 +25,19 @@ let ''; hashedPasswordDescription = '' - To generate hashed password install <literal>mkpasswd</literal> + To generate a hashed password install the <literal>mkpasswd</literal> package and run <literal>mkpasswd -m sha-512</literal>. - For password-less logins without password prompt, use - the empty string <literal>""</literal>. + If set to an empty string (<literal>""</literal>), this user will + be able to log in without being asked for a password (but not via remote + services such as SSH, or indirectly via <command>su</command> or + <command>sudo</command>). This should only be used for e.g. bootable + live systems. Note: this is different from setting an empty password, + which ca be achieved using <option>users.users.<name?>.password</option>. - For logins with a fixed password (including the empty-string password with - prompt), use one of the un-hashed password options instead, such as - <option>users.users.<name?>.password</option>. - - Such unprotected logins should only be used for e.g. bootable live systems. + If set to <literal>null</literal> (default) this user will not + be able to log in using a password (i.e. via <command>login</command> + command). ''; userOpts = { name, config, ... }: { |