bfa0bff644
Without this change, users that have both `initialHashedPassword` and `hashedPassword` set will have `initialHashedPassword` take precedence, but only for the first time `/etc/passwd` is generated. After that, `hashedPassword` takes precedence. This is surprising behavior as it would generally be expected for `hashedPassword` to win if both are set. This wouldn't be a noticeable problem (and an assert could just be made instead) if the users-groups module did not default the `root.intialHashedPassword` value to `!`, to prevent login by default. That means that users who set `root.hashedPassword` and use an ephemeral rootfs (i.e. `/etc/passwd` is created every boot) are not able to log in to the root account by default, unless they switch to a new generation during the same boot (i.e. `/etc/passwd` already exists and `hashedPassword` is used instead of `initialHashedPassword`) or they set `root.initialHashedPassword = null` (which is unintuitive and seems redundant).
12 KiB
12 KiB