Set a default root password.

seblu · svntogit · commit 0320c909f386 · 2020-05-07T15:25:25.000Z
This will prevent root login with an empty password on a fresh Arch Linux
installation.

This is only about the default behaviour, you could restore the previous one by
running `passwd -d root'.
Please note, this is not recommended and behave inconsistenly between
applications.

We use a trick in the shadow file to set a default password which never allow
login by using this password.

The special value '*' is used in the shadow file.
We don't use '!', '!!', '!*' on purpose.
The special '!' char, which should mean password locked (and not account locked)
is interpreted by some applications (e.g. sshd) as an account locked and will
prevent root login.

This change was suggested by Lennart Poettering and Zbigniew Jedrzejewski-Szmek
to security@archlinux.org.

git-svn-id: file:///srv/repos/svn-packages/svn@382685 eb2447ed-0c53-47e4-bac8-5bc4a241df78
diff --git a/trunk/PKGBUILD b/trunk/PKGBUILD
@@ -34,7 +34,7 @@ md5sums=('5fa6674df7645d7f5895f2d12b4ef4e9'
          '7b208a630a548740e0f4cd368badae23'
          '0ee015fad07732676d9488ae498eed41'
          'f04bcb2803afc4dcb95670fe87343b4d'
-         'f64466dd77c7bec37a8b47681468211a'
+         '815652599be54fd3607cf276e89a0a19'
          'a78cd8d7f8240a8448edee82f503c34e'
          'a51847c012555c843dbdf8df0da171d3'
          'af7832eabaac9804c22f1f2b53816a49'
diff --git a/trunk/shadow b/trunk/shadow
@@ -1 +1 @@
-root::14871::::::
+root:*:14871::::::

Original file line number	Diff line number	Diff line change
`@@ -1 +1 @@`
`1`		`-root::14871::::::`
	`1`	`+root:*:14871::::::`