[arch-commits] Commit in filesystem/trunk (PKGBUILD shadow)
Sébastien Luttringer
seblu at archlinux.org
Thu May 7 15:25:25 UTC 2020
Date: Thursday, May 7, 2020 @ 15:25:25
Author: seblu
Revision: 382685
Set a default root password.
This will prevent root login with an empty password on a fresh Arch Linux
installation.
This is only about the default behaviour, you could restore the previous one by
running `passwd -d root'.
Please note, this is not recommended and behave inconsistenly between
applications.
We use a trick in the shadow file to set a default password which never allow
login by using this password.
The special value '*' is used in the shadow file.
We don't use '!', '!!', '!*' on purpose.
The special '!' char, which should mean password locked (and not account locked)
is interpreted by some applications (e.g. sshd) as an account locked and will
prevent root login.
This change was suggested by Lennart Poettering and Zbigniew Jedrzejewski-Szmek
to security at archlinux.org.
Modified:
filesystem/trunk/PKGBUILD
filesystem/trunk/shadow
----------+
PKGBUILD | 2 +-
shadow | 2 +-
2 files changed, 2 insertions(+), 2 deletions(-)
Modified: PKGBUILD
===================================================================
--- PKGBUILD 2020-05-07 15:04:17 UTC (rev 382684)
+++ PKGBUILD 2020-05-07 15:25:25 UTC (rev 382685)
@@ -34,7 +34,7 @@
'7b208a630a548740e0f4cd368badae23'
'0ee015fad07732676d9488ae498eed41'
'f04bcb2803afc4dcb95670fe87343b4d'
- 'f64466dd77c7bec37a8b47681468211a'
+ '815652599be54fd3607cf276e89a0a19'
'a78cd8d7f8240a8448edee82f503c34e'
'a51847c012555c843dbdf8df0da171d3'
'af7832eabaac9804c22f1f2b53816a49'
Modified: shadow
===================================================================
--- shadow 2020-05-07 15:04:17 UTC (rev 382684)
+++ shadow 2020-05-07 15:25:25 UTC (rev 382685)
@@ -1 +1 @@
-root::14871::::::
+root:*:14871::::::
More information about the arch-commits
mailing list