Permalink
Browse files

MacOS: tell the login screen not to pick Neubot user

As reported by many, when you install Neubot on MacOSX the new
user `Neubot` appears in the login screen.

The fix is to set its password to the literal *, so the login
screen knows that the user is disabled and does not pick it up.
For more info on that topic, please see::

	http://superuser.com/questions/70156

This patch actually does something more than setting the user
password.  Specifically, it:

1. makes sure that the code that sets/updates real user name,
   password and shell is run both when the user is created and
   during updates;

2. switches the shell from /sbin/nologin to /usr/bin/false,
   which is what is done e.g. for the _ssh user;

3. provides a more meaningful real user name, clarifying that
   _neubot and _neubot_update are for privilege separation.

This (and in particular 1) should fix the login screen problem
for users that have already installed Neubot.  I prefer this
solution than telling them to go fix the problem at hand using
the command line.
  • Loading branch information...
1 parent 17e9fe8 commit efa71735ae9af30edf5d7d9ff277aa06c023eaf3 @bassosimone bassosimone committed Nov 24, 2011
Showing with 10 additions and 4 deletions.
  1. +10 −4 MacOS/basedir-skel/versiondir-skel/prerun.sh
@@ -121,12 +121,15 @@ else
exit 1
fi
- dscl . -create /Users/_neubot UserShell /sbin/nologin
- dscl . -create /Users/_neubot RealName "Neubot"
dscl . -create /Users/_neubot UniqueID $MYUID
dscl . -create /Users/_neubot PrimaryGroupID $MYGID
fi
+ # Update these records in any case
+ dscl . -create /Users/_neubot UserShell /usr/bin/false
+ dscl . -create /Users/_neubot RealName "Neubot privilege separation user"
+ dscl . -create /Users/_neubot Password '*'
+
#
# Group `_neubot_update`
#
@@ -182,12 +185,15 @@ else
exit 1
fi
- dscl . -create /Users/_neubot_update UserShell /sbin/nologin
- dscl . -create /Users/_neubot_update RealName "Neubot"
dscl . -create /Users/_neubot_update UniqueID $MYUID
dscl . -create /Users/_neubot_update PrimaryGroupID $MYGID
fi
+ # Update these records in any case
+ dscl . -create /Users/_neubot_update UserShell /usr/bin/false
+ dscl . -create /Users/_neubot_update RealName "Neubot privilege separation user"
+ dscl . -create /Users/_neubot_update Password '*'
+
logger -p daemon.info -t $0 'Creating .skip-checks hint file'
touch $VERSIONDIR/.skip-checks

0 comments on commit efa7173

Please sign in to comment.