bfa0bff644
Without this change, users that have both `initialHashedPassword` and `hashedPassword` set will have `initialHashedPassword` take precedence, but only for the first time `/etc/passwd` is generated. After that, `hashedPassword` takes precedence. This is surprising behavior as it would generally be expected for `hashedPassword` to win if both are set. This wouldn't be a noticeable problem (and an assert could just be made instead) if the users-groups module did not default the `root.intialHashedPassword` value to `!`, to prevent login by default. That means that users who set `root.hashedPassword` and use an ephemeral rootfs (i.e. `/etc/passwd` is created every boot) are not able to log in to the root account by default, unless they switch to a new generation during the same boot (i.e. `/etc/passwd` already exists and `hashedPassword` is used instead of `initialHashedPassword`) or they set `root.initialHashedPassword = null` (which is unintuitive and seems redundant). |
||
|---|---|---|
| .. | ||
| doc/manual | ||
| lib | ||
| maintainers | ||
| modules | ||
| tests | ||
| COPYING | ||
| default.nix | ||
| README | ||
| release-combined.nix | ||
| release-small.nix | ||
| release.nix | ||
*** NixOS *** NixOS is a Linux distribution based on the purely functional package management system Nix. More information can be found at https://nixos.org/nixos and in the manual in doc/manual.