disable ncp user login

nachoparker · nachoparker · commit b346cbe89b24 · 2018-03-04T16:59:08.000+01:00
diff --git a/etc/nextcloudpi-config.d/SSH.sh b/etc/nextcloudpi-config.d/SSH.sh
@@ -58,22 +58,6 @@ configure()
     }
   }
 
-  # Check for insecure default ncp password ( taken from old jessie method )
-  local SHADOW="$( grep -E '^ncp:' /etc/shadow )"
-  test -n "${SHADOW}" && {
-    local SALT=$(echo "${SHADOW}" | sed -n 's/ncp:\$6\$//;s/\$.*//p')
-    local HASH=$(mkpasswd -msha-512 ownyourbits "$SALT")
-
-    grep -q "${HASH}" <<< "${SHADOW}" && {
-      systemctl stop    ssh
-      systemctl disable ssh
-      echo "The user ncp is using the default password. Refusing to activate SSH"
-      echo "You can change this password from nc-passwd"
-      echo "SSH disabled"
-      return 1
-    }
-  }
-
   # Enable
   chage -d 0 "$USER_"
   systemctl enable ssh
diff --git a/nextcloudpi.sh b/nextcloudpi.sh
@@ -94,8 +94,9 @@ EOF
   a2ensite ncp
 
   ## NCP USER FOR AUTHENTICATION
-  useradd $WEBADMIN
-  echo -e "$WEBPASSWD\n$WEBPASSWD" | passwd $WEBADMIN
+  useradd --home-dir /nonexistent "$WEBADMIN"
+  echo -e "$WEBPASSWD\n$WEBPASSWD" | passwd "$WEBADMIN"
+  chsh -s /usr/sbin/nologin "$WEBADMIN"
 
   ## NCP LAUNCHER
   mkdir -p /home/www
diff --git a/update.sh b/update.sh
@@ -244,6 +244,9 @@ EOF
   grep -q sleep "$F2BUNIT" || sed -i "/^ExecStart=/iExecStartPre=/bin/sleep 10" "$F2BUNIT"
   grep -q sleep "$SWPUNIT" || sed -i "/\<start)/asleep 30" "$SWPUNIT"
 
+  # disable ncp user login
+  chsh -s /usr/sbin/nologin ncp
+
 } # end - only live updates
 
 exit 0
