From mboxrd@z Thu Jan 1 00:00:00 1970 From: Giovanni Biscuolo Subject: Re: Passwords inside System Configuration Date: Mon, 20 Jan 2020 10:31:13 -0000 (UTC) Message-ID: <87zheipghw.fsf@roquette.mug.biscuolo.net> References: Mime-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha512; protocol="application/pgp-signature" Return-path: Received: from eggs.gnu.org ([2001:470:142:3::10]:36452) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1itUKX-0000Of-OR for help-guix@gnu.org; Mon, 20 Jan 2020 05:30:51 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1itUKW-0007zq-8k for help-guix@gnu.org; Mon, 20 Jan 2020 05:30:49 -0500 Received: from ns13.heimat.it ([46.4.214.66]:44808) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1itUKV-0007yG-Uy for help-guix@gnu.org; Mon, 20 Jan 2020 05:30:48 -0500 In-Reply-To: Date: lun, 20 gen 2020 11:30:19 +0100 List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: help-guix-bounces+gcggh-help-guix=m.gmane-mx.org@gnu.org Sender: "Help-Guix" To: Raghav Gururajan , help-guix@gnu.org --=-=-= Content-Type: text/plain Content-Transfer-Encoding: quoted-printable Hello Raghav,=20 "Raghav Gururajan" writes: > Hello Guix! > > I would like to insert/set password for the following, inside system conf= iguration (config.scm): > 1) Roor User > 2) Regular User =2D-8<---------------cut here---------------start------------->8--- (user-account (name "charlie") (group "users") ;; Specify a SHA-512-hashed initial password. (password (crypt "InitialPassword!" "$6$abc"))) =2D-8<---------------cut here---------------end--------------->8--- but please read https://guix.gnu.org/manual/en/html_node/User-Accounts.html#user_002daccoun= t_002dpassword =2D-8<---------------cut here---------------start------------->8--- You would normally leave this field to #f, initialize user passwords as root with the passwd command, and then let users change it with passwd. Passwords set with passwd are of course preserved across reboot and reconfiguration. [...] Note: The hash of this initial password will be available in a file in /gnu/store, readable by all the users, so this method must be used with care. =2D-8<---------------cut here---------------end--------------->8--- > 3) LUKS Device AFAIK it's not possible to provide the passphrase in the system configuration, and it's by design :-) I mean: you set the LUKS passphrase "imperatively" when encrypting the device (e.g. during installation) or to change it later, storing it in config.scm would mean to make it available in /gnu/store, readeable by all users... and you should avoid it [...] HTH! Gio' =2D-=20 Giovanni Biscuolo Xelera IT Infrastructures --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEERcxjuFJYydVfNLI5030Op87MORIFAl4lgTwACgkQ030Op87M ORKSQw/9GclxttnCtA6LnSu7RzaJSDhkLkSE9LJFMcH86ipC38wfZIT5jdx12f8l qcCmH/pfz9/ua+jvwtmI98A4Ev8q87RIxK4FhsDGPi7GJ45niFBGEh8s6kdddlLv kn7B/EUK5TX1fHu7D2c+Sy5j0cIThwyex7I/yAsO9sRLIvPIKxcwEaTkx9YxfiYW KDrxGF4/NmgE+u2zjbmV6h+XM7cvKuvscwnd52WPE+00ChQdr47c/BqeI8E2Dv1n /tB5uGfuBLdsbYPM/g36C9Gv/avn7GbNn4vhGzLXxSOjTpBjc9NOzyFWnC89yBpG LmwM1smqrQbmunCcuSAX+q+40GGyAZydp4+uRne/fYnRI9UG4mPi1z9f8VQLilgC E22t08SDy09VyMVbICmZ2Uv2vRSX4oUGeIBAIf3jwfiKYz1C5CHLXyITmJdILRjQ h9gDCFdeFSsJ3ZDa6qyRnd7av3BBjqBTlasvbzqhScdJ3VSaOTfCuwrDQCTYOJ7G n7OaQGNawn8Diu5b2n6bNIiaYMD/YqFoqUynzfSiZ5wFINp265lU84yNzqEZUn0v n/7QtAPxK8Fm0GEQmgoPdYicN4mho8KOz+neNvsADF/5/XhXzj2Ytxou3qbubdPW gfbjkknR3UwPx+pQ5ybprNJ94bn/TofcYzovqYOIQC8W5rikYIk= =dK54 -----END PGP SIGNATURE----- --=-=-=--