如何在 NixOS 中禁用 root 密码?

如何在 NixOS 中禁用 root 密码?

我尝试设置users.users.root.hashedPassword = "*";类似于sudo passwd -d root

user { 'root':
  password => '*',
  require  => Package[ruby-shadow],
}

木偶,但之后sudo nixos-rebuild switch我仍然可以su -使用旧密码。

答案1

您需要设置mutableUserstofalse用户密码

users = {

 #normal users declaration here

  mutableUsers = false;

  extraUsers = {

    root = {
      hashedPassword = "*";
    };
     user = {
      hashedPassword = "user-password";
    }; 
   };
};

联机帮助页:man configuration.nix

   users.users.<name?>.hashedPassword
       Specifies the hashed password for the user. The options
       hashedPassword, password and passwordFile controls what password is
       set for the user.  hashedPassword overrides both password and
       passwordFile.  password overrides passwordFile. If none of these
       three options are set, no password is assigned to the user, and the
       user will not be able to do password logins. If the option
       users.mutableUsers is true, the password defined in one of the
       three options will only be set when the user is created for the
       first time. After that, you are free to change the password with
       the ordinary user management commands. If users.mutableUsers is
       false, you cannot change user passwords, they will always be set
       according to the password options.

可以设置一个标签来测试新生代(labeld noroot):

nixos-rebuild switch -p noroot -I nixos-config=/etc/nixos/configuration.nix

相关内容