From 900ae9756902e4a3c53f32d4dee9ba1d995722df Mon Sep 17 00:00:00 2001 From: rnhmjoj Date: Sun, 21 Jun 2020 16:55:45 +0200 Subject: [PATCH] nixos/users-groups: clearly document special hash values This explanation was contained in the description of security.initialRootPassword but got lost when it was deprecated a long ago (f496c3c) and removed. --- nixos/modules/config/users-groups.nix | 18 ++++++++++-------- 1 file changed, 10 insertions(+), 8 deletions(-) diff --git a/nixos/modules/config/users-groups.nix b/nixos/modules/config/users-groups.nix index 83296a54bc4..c2b8b6b3163 100644 --- a/nixos/modules/config/users-groups.nix +++ b/nixos/modules/config/users-groups.nix @@ -25,17 +25,19 @@ let ''; hashedPasswordDescription = '' - To generate hashed password install mkpasswd + To generate a hashed password install the mkpasswd package and run mkpasswd -m sha-512. - For password-less logins without password prompt, use - the empty string "". + If set to an empty string (""), this user will + be able to log in without being asked for a password (but not via remote + services such as SSH, or indirectly via su or + sudo). This should only be used for e.g. bootable + live systems. Note: this is different from setting an empty password, + which ca be achieved using . - For logins with a fixed password (including the empty-string password with - prompt), use one of the un-hashed password options instead, such as - . - - Such unprotected logins should only be used for e.g. bootable live systems. + If set to null (default) this user will not + be able to log in using a password (i.e. via login + command). ''; userOpts = { name, config, ... }: {