我尝试设置users.users.root.hashedPassword = "*";类似于sudo passwd -d root或
user { 'root':
password => '*',
require => Package[ruby-shadow],
}
在木偶,但之后sudo nixos-rebuild switch我仍然可以su -使用旧密码。
答案1
您需要设置mutableUserstofalse和用户密码。
users = {
#normal users declaration here
mutableUsers = false;
extraUsers = {
root = {
hashedPassword = "*";
};
user = {
hashedPassword = "user-password";
};
};
};
联机帮助页:man configuration.nix
users.users.<name?>.hashedPassword
Specifies the hashed password for the user. The options
hashedPassword, password and passwordFile controls what password is
set for the user. hashedPassword overrides both password and
passwordFile. password overrides passwordFile. If none of these
three options are set, no password is assigned to the user, and the
user will not be able to do password logins. If the option
users.mutableUsers is true, the password defined in one of the
three options will only be set when the user is created for the
first time. After that, you are free to change the password with
the ordinary user management commands. If users.mutableUsers is
false, you cannot change user passwords, they will always be set
according to the password options.
可以设置一个标签来测试新生代(labeld noroot):
nixos-rebuild switch -p noroot -I nixos-config=/etc/nixos/configuration.nix