fleet/scripts/mdm/linux/linux-unlock.sh

#!/bin/sh

# Unlock password for all non-root users
awk -F':' '{ if ($3 >= 1000 && $3 < 60000) print $1 }' /etc/passwd | while read user
do
    echo "$user"
    if [ "$user" != "root" ]; then
        echo "Unlocking password for $user"
        STDERR=$(passwd -u "$user" 2>&1 >/dev/null)
        if [ $? -eq 3 ]; then
          # possibly due to the user not having a password
          # use this convoluted case approach to avoid bashisms (POSIX portable)
          case "$STDERR" in
            *"unlocking the password would result in a passwordless account"* )
              # unlock and delete password to set it back to empty
              passwd -ud "$user"
            ;;
          esac
        fi
    fi
done

# Remove the pam_nologin file
[ -f /etc/nologin ] && rm /etc/nologin

# Enable systemd-user-sessions, a service that deletes /etc/nologin
if [ -f /usr/lib/systemd/system/systemd-user-sessions.service ]; then
    systemctl unmask systemd-user-sessions
    systemctl daemon-reload
    /usr/lib/systemd/systemd-user-sessions start
fi
Linux and Windows MDM scripts (#15501) 2023-12-12 20:52:27 +00:00			`#!/bin/sh`

			`# Unlock password for all non-root users`
			`awk -F':' '{ if ($3 >= 1000 && $3 < 60000) print $1 }' /etc/passwd \| while read user`
			`do`
			`echo "$user"`
			`if [ "$user" != "root" ]; then`
			`echo "Unlocking password for $user"`
Fix the unlock linux host script to support users without password (#19665) 2024-06-12 13:49:37 +00:00			`STDERR=$(passwd -u "$user" 2>&1 >/dev/null)`
			`if [ $? -eq 3 ]; then`
			`# possibly due to the user not having a password`
			`# use this convoluted case approach to avoid bashisms (POSIX portable)`
			`case "$STDERR" in`
			`"unlocking the password would result in a passwordless account" )`
			`# unlock and delete password to set it back to empty`
			`passwd -ud "$user"`
			`;;`
			`esac`
			`fi`
Linux and Windows MDM scripts (#15501) 2023-12-12 20:52:27 +00:00			`fi`
			`done`
Use PAM nologin to disable Linux Logins (#20699) #20370 2024-07-29 14:00:48 +00:00
			`# Remove the pam_nologin file`
Linux Mask `systemd-user-sessions` (#20877) #20370 Part 2 to #20699. Apparently `systemd` now automatically deletes `/etc/nologin` on startup. In the previous PR, rebooting the machine would remove the nologin file and allow users to login. This PR masks the service that performs the deletion, preventing it from running. The message displayed to the user will be what is specified in [this file](https://github.com/systemd/systemd/blob/7767896d127264f660e1e8a714e5cd760840921f/tmpfiles.d/systemd-nologin.conf#L10). It's not the best, but I suspect messing with too many systemd files could come back to bite us in the future if things change, so I'll leave it as-is. 2024-08-01 14:27:17 +00:00			`[ -f /etc/nologin ] && rm /etc/nologin`

			`# Enable systemd-user-sessions, a service that deletes /etc/nologin`
			`if [ -f /usr/lib/systemd/system/systemd-user-sessions.service ]; then`
			`systemctl unmask systemd-user-sessions`
			`systemctl daemon-reload`
			`/usr/lib/systemd/systemd-user-sessions start`
			`fi`