30-security.sh
24 lines
| 687 B
| application/x-sh
|
BashLexer
/ bootstrap.d / 30-security.sh
Filip Pytloun
|
r56 | # | ||
# Setup users and security settings | ||||
# | ||||
Jan Wagner
|
r67 | # Load utility functions | ||
Filip Pytloun
|
r56 | . ./functions.sh | ||
# Generate crypt(3) password string | ||||
burnbabyburn
|
r312 | ENCRYPTED_PASSWORD=$(mkpasswd -m sha-512 "${PASSWORD}") | ||
ENCRYPTED_USER_PASSWORD=$(mkpasswd -m sha-512 "${USER_PASSWORD}") | ||||
Filip Pytloun
|
r56 | |||
Jan Wagner
|
r71 | # Setup default user | ||
Filip Pytloun
|
r56 | if [ "$ENABLE_USER" = true ] ; then | ||
Unknown
|
r382 | chroot_exec adduser --gecos "$USER_NAME" --add_extra_groups --disabled-password "$USER_NAME" | ||
chroot_exec usermod -a -G sudo -p "${ENCRYPTED_USER_PASSWORD}" "$USER_NAME" | ||||
Filip Pytloun
|
r56 | fi | ||
Jan Wagner
|
r71 | # Setup root password or not | ||
Jan Wagner
|
r72 | if [ "$ENABLE_ROOT" = true ] ; then | ||
Filip Pytloun
|
r56 | chroot_exec usermod -p "${ENCRYPTED_PASSWORD}" root | ||
else | ||||
Jan Wagner
|
r70 | # Set no root password to disable root login | ||
Filip Pytloun
|
r56 | chroot_exec usermod -p \'!\' root | ||
fi | ||||