diff options
author | nachoparker <nacho@ownyourbits.com> | 2018-03-04 14:55:44 +0300 |
---|---|---|
committer | nachoparker <nacho@ownyourbits.com> | 2018-03-04 18:59:08 +0300 |
commit | b346cbe89b24c6c62863cfcfd6e40078faba6098 (patch) | |
tree | a22d9b41d3774ea7e39db671e404af9dd222d514 | |
parent | 18e35dfdbb5a828c646a6c0e24a394840123cfbf (diff) |
disable ncp user loginv0.46.38
-rw-r--r-- | etc/nextcloudpi-config.d/SSH.sh | 16 | ||||
-rw-r--r-- | nextcloudpi.sh | 5 | ||||
-rwxr-xr-x | update.sh | 3 |
3 files changed, 6 insertions, 18 deletions
diff --git a/etc/nextcloudpi-config.d/SSH.sh b/etc/nextcloudpi-config.d/SSH.sh index 10d56747..d001ee38 100644 --- a/etc/nextcloudpi-config.d/SSH.sh +++ b/etc/nextcloudpi-config.d/SSH.sh @@ -58,22 +58,6 @@ configure() } } - # Check for insecure default ncp password ( taken from old jessie method ) - local SHADOW="$( grep -E '^ncp:' /etc/shadow )" - test -n "${SHADOW}" && { - local SALT=$(echo "${SHADOW}" | sed -n 's/ncp:\$6\$//;s/\$.*//p') - local HASH=$(mkpasswd -msha-512 ownyourbits "$SALT") - - grep -q "${HASH}" <<< "${SHADOW}" && { - systemctl stop ssh - systemctl disable ssh - echo "The user ncp is using the default password. Refusing to activate SSH" - echo "You can change this password from nc-passwd" - echo "SSH disabled" - return 1 - } - } - # Enable chage -d 0 "$USER_" systemctl enable ssh diff --git a/nextcloudpi.sh b/nextcloudpi.sh index b070b712..2d2af3da 100644 --- a/nextcloudpi.sh +++ b/nextcloudpi.sh @@ -94,8 +94,9 @@ EOF a2ensite ncp ## NCP USER FOR AUTHENTICATION - useradd $WEBADMIN - echo -e "$WEBPASSWD\n$WEBPASSWD" | passwd $WEBADMIN + useradd --home-dir /nonexistent "$WEBADMIN" + echo -e "$WEBPASSWD\n$WEBPASSWD" | passwd "$WEBADMIN" + chsh -s /usr/sbin/nologin "$WEBADMIN" ## NCP LAUNCHER mkdir -p /home/www @@ -244,6 +244,9 @@ EOF grep -q sleep "$F2BUNIT" || sed -i "/^ExecStart=/iExecStartPre=/bin/sleep 10" "$F2BUNIT" grep -q sleep "$SWPUNIT" || sed -i "/\<start)/asleep 30" "$SWPUNIT" + # disable ncp user login + chsh -s /usr/sbin/nologin ncp + } # end - only live updates exit 0 |