mirror of
https://github.com/fleetdm/fleet
synced 2026-05-09 02:01:09 +00:00
feb32a274a
#20370
Part 2 to #20699. Apparently `systemd` now automatically deletes
`/etc/nologin` on startup. In the previous PR, rebooting the machine
would remove the nologin file and allow users to login. This PR masks
the service that performs the deletion, preventing it from running.
The message displayed to the user will be what is specified in [this
file](7767896d12/tmpfiles.d/systemd-nologin.conf (L10)).
It's not the best, but I suspect messing with too many systemd files
could come back to bite us in the future if things change, so I'll leave
it as-is.
31 lines
1 KiB
Bash
31 lines
1 KiB
Bash
#!/bin/sh
|
|
|
|
# Unlock password for all non-root users
|
|
awk -F':' '{ if ($3 >= 1000 && $3 < 60000) print $1 }' /etc/passwd | while read user
|
|
do
|
|
echo "$user"
|
|
if [ "$user" != "root" ]; then
|
|
echo "Unlocking password for $user"
|
|
STDERR=$(passwd -u "$user" 2>&1 >/dev/null)
|
|
if [ $? -eq 3 ]; then
|
|
# possibly due to the user not having a password
|
|
# use this convoluted case approach to avoid bashisms (POSIX portable)
|
|
case "$STDERR" in
|
|
*"unlocking the password would result in a passwordless account"* )
|
|
# unlock and delete password to set it back to empty
|
|
passwd -ud "$user"
|
|
;;
|
|
esac
|
|
fi
|
|
fi
|
|
done
|
|
|
|
# Remove the pam_nologin file
|
|
[ -f /etc/nologin ] && rm /etc/nologin
|
|
|
|
# Enable systemd-user-sessions, a service that deletes /etc/nologin
|
|
if [ -f /usr/lib/systemd/system/systemd-user-sessions.service ]; then
|
|
systemctl unmask systemd-user-sessions
|
|
systemctl daemon-reload
|
|
/usr/lib/systemd/systemd-user-sessions start
|
|
fi
|